Will UEFI boot Linux?
I saw this article mentioning signed boot loaders float down the BLUG.org news stream. The highlight pullquote:
A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
I’m sure someone is already busy working on proper support for this, it will be interesting to learn what it will take to boot off of future PCs.
Programming with peoples names is tuff
Falsehoods programmers believe about names. Yeah, the simplest things can be the most difficult.
Win your election using a MITM attack
Electronic voting has very little to do with computers as we use them today, that is, our web-sites are porous and our networks are fungible, our browsers are petri dishes for crime to grow spores in. So when using conventional networking and typical corporate policies, of course, you just design in the backdoor in plain sight. http://www.truth-out.org/print/4465 A real electronic election system would look nothing like what we use today, and we will not see a good electronic voting system until we are brave enough to actually build something as fundamentally independent from the Internet as our water or gas mains are.
Eccentricity + Random Chance = Eccendipity?
Cmdln has a recent monolog up that will delight the philospher in you, exploring the notion of serendipty, and his compliment to it–the exploration of those ideas perpendicular to your interests, or even opposite them to find those intersections of wisdom or delight that help us relate to those parties normally “across the isle.”
NFC description reminds me of RFID, plus environmental consequences?
This is a rah-rah article about NFC, provides a nice introduction to the topic, and explores other possible applications.
My thoughts range the map: is technology like this going to impact people who lack smart phones and online payment creds in an unfair way? Will default identity setting on these devices drill into your email, facebook, or phone provider profile? And even if you have a preview of the transacted data, you still have dialog-box-fatigue (think UAC).
RFID tags are not, to my knowledge, recyclable. NFC tags…another bit of disposable trash? That’s pretty insulting, there will be a billion of these things printed in no time at all. And like used hard drives, NFC tags are going to be brimming with personal information. Take the healthcare example in the article – what do you think a bitter hospItal janitor could get for ten of those tags? A hundred?
The thin profile of these makes them effortlessly transportable.
Other security implications would probably come in the form of proxy tags: someone is going to come up with a man-in-the-middle tag, and hide it as a transparent vinyl sticker or a strip magnetic picture frame they walk up to once a day and glean the stolen data by swiping their phone over it. Or they mod an RFID tag and just walk by it with a bluetooth RFID tag reader on their pocket.
Much scrutiny needs to be applied to these NFC interactions, as RFID enabled passports has already taught us.
Linuxfest Northwest 2011 Prize
Here’s the Bruce Schneier doll that Modwest donated to the Linuxfest Northwest world famous raffle. What a great prize! Bruce is decked out Matrix style to defeat all your security-thru-obscurity talk and send you packing back to your world of security theater. I wonder what Modwest will donate next year…I know a Leo LaPorte doll would not fly with this crowd ;-) A steampunk Ada doll would rock!
jed and bruce, tag team!
Great interview on hacker spaces, responsible disclosure (TCLP)
Thomas interviews Tiffany Rad in this episode of The Commandline Podcast. I appreciated this interview because, as a father, I am interested in all the ways I can expose my kids to learning opportunities, and while I might not end up with little net-running hellions, it sounds like public schools are often becoming less and less places where hands-on experience in engineering and science can occur.
I also appreciated how the discussion verged into responsible disclosure. As contractor in my past, one encounters clients that might be in violation of laws, or vulnerable to attack, but just broaching the topic with them might get you sued. This is an aspect of responsible disclosure that I’d be interested in hearing more about.
There is also good discussion about how the auto industry is using the DMCA as a legal claymore to keep people from modding their car computers. This is particularly frustrating to any mechanic. It makes me wonder if there are other examples of “trading down” technologies so that one can use less sophisticated vehicles, computers, appliances, just for the ability to treat them in a more fungible manner. Phones and cameras come to mind.
Makes me wonder if the Sustainable Connections people in Bellingham have heard of hacker spaces?
Mighty Good Story: Shannon’s Law (Escape Pod)
Episode 291 of Escape Pod is Mur reading Shannon’s Law, by Cory Doctorow, a chapter from the Bordertown anthology. I love the idea of actually building a TCP/IP network using carrier pidgeon, ogre’s laundry lines and the dust on the wings of a butterfly.
Copy Protection for Our Identities
Another idea sprouted: I love the concept that Doc Searls discusses about the Intention Oriented Economy. This is the reverse of the identity oriented economy where we supplicate our commercial oligarchy with our percious identifiable information for free stuff so they can better advertise to us. Rather–it makes much more sense to develop an anonymous identity and then publish intentions (I want to buy a bicycle) and then grant permission to commercial supplicants to market to us based upon our published desires.
I was listening to the latest ep of Triangulation with Daniel Briskin and he mentioned having a non-copy protected version of Visicalc, one of the few left that could run on any PC. Duh! Our *identities* need to be copy protected.
Please tell me that TPM and remote attestation, with our own private identities being the attestors, is what unlocks degrees of our identifying information for marketers? We provide some binary blob of our intention, to read it, they supplicate to our attestation, they decrypt that shard of our identity, but that encrypted shard expires because we provide it through our publicly administered perishible anonymous identity administration.
Ok, enough of the crack cocaine, time for bed.
Tiny Computers: 4 for $100
This would be an awesome exhibit for LinuxFest Northwest 2012: small usb computer kit.
Quick thot on MySQL
Had a good question in my MySQL talk about how to monitor performance, and of course I suggested turning on the MySQL slow query log. What I neglected to mention, however, was mytop. This little utility is found in the rpmforge repo and it’s like a top(1) for your mysql queries.
The basis for it is the SHOW PROCESSLIST command, of course. Mytop collects, sorts and colors the output and adds the system summary of key-hits-ratio, query count, etc at the top.
@lfnw #bike #gps sunday noon
Interested in doing a short ride with GPS and uploading to OpenStreetMap.org?
LinuxFest Northwest 2011: Traffic Control in Apache
Here are my slides for traffic control in Apache. I decided that last years presentation about Apache rewrites actually sat in a much bigger context of information architecture, performance and caching. So I’ve generalized the discussion and reduced the number of mouse-print code examples.
Slides:2011-apache
LinuxFest Northwest 2011: MySQL Overview
These are the slides I’ll be presenting with for my MySQL Overview talk. Last year I called it the “MySQL Buffet”…and I prolly have more slides up here than time window.
Slides:2011-mysql-buffet
You’ll find a surprise slide, “boring” in there. And this is pretty much my take on the Oracle acquisition of Sun thus of MySQL AB. Any we trolls of why “MySQL Sucks” aside, are you really all that interested about what features and bug fixes Oracle management approves of…in an overview talk. My take: the griping, if you want to dig, is in the askmonty.org wiki. There they are discussing how they are trying to keep feature parity with the MySQL features and fixes.
MySQL and it’s sisters are not about to disappear, esp not with how promising Drizzle and Maria look, and that there are commercial consulting services like Percona that could resell services around both Drizzle and Maria.
LinuxFest Northwest 2011…comin’ round the mountain!
I’m looking forward to LinuxFest Northwest 2011 this year! I’ll be presenting on the MySQL database and how to control web traffic in Apache. I’ll even be presenting in the Linux Action Room and will get to show my evil grin to Chris and Bryan :-) I’ll be posting my slides ahead of time, I have one ready to post tonight.
Don’t forget the sunday bike ride! I’m guessing a ride to Hovander is what we agreed on, but let me know if you’d rather bike closer to somewhere that has more of Bellingham Bay, or closer to the pub…or whatever.
on the usability of passphrases
Ok, finally had a moment to fully read the articlepassword usability and digest. My first thot is, there are some places this logic should not apply, like in situations where offline brute forcing is possible (like theft of password hashes), and not applicable to wifi routers, and cases where sites take only small (8-char) passwords. In these cases using a password manager like Lastpass is super efficient, it manages highly random passwords for you. The second thot I had was, is the authors presumption of attack criteria accurate enough? I battery of common phrases is as easy to use as a dictionary, and most people only know a few memorable phrases. The attack rate is also presumptuous, and the article mixes points of view with user suggestions and developer suggestions, thus an attack rate of 3000 attempts or better is easily possible againt a well provisioned but insecurely designed web site. Can you remember 15 different phrases if you have 15 different logins? We really should just be using password managers. And the last thot I had was: what does a security pro say on this? I tweeted @SGgrc and Steve Gibson of the Security Now podcast will cover this in an upcoming episode! (www.twit.tv/sn)
Computing in a Post Peak Oil World?
I’ve been paying some attention to the notions of community, local economy and self reliance in the face of rising gas prices. Oil shortages and actually, any resource shortage, can also affect how we use computers. High energy prices makes computing more precious. Lack of resources to construct platic, rare earths for constructing magnetic componentry, all of these things can make the cost of computers, and our use of them, spin on a dime. This episode of The Commandline podcast takes a sharp look at post peak resource computing. I think it’s a great episode, and Thomas really pulled together some topics I had not considered related.
Maybe time to convert to a standing workstation? (NYTimes)
IT workers beware: sitting!
Inactivity Is Harmful, Even With Trips to the Gym – NYTimes.com.
More Discussion About MapQuest Bike Directions (Commute by Bike)
It would appear that many MapQuest developers are not only enthusiastic about Open Street Maps because the data set is admirably developed, they are also cyclists. They also look forward to incorporating elevation directions. I hope to see this in the public MapQuest application.
MapQuest Bike Directions: Answers from the Inside | Commute by Bike.
Kathy Sierra talks about making better users (IT Conversations Gov 2.0)
I like this talk about how making passionate users. “Don’t make a better [widget], make a better USER of [widget].” This distinction enables enthusiasm and engagement.
IT Conversations | Gov 2.0 Summit from O’Reilly Media | Kathy Sierra.
Is Living Simply Anti-Modern?
My wife was tentatively offered a Kindle for Christmas, with the added note that, there are plenty of public-domain works you can download for it.
“Why would I want a Kindle when all the books I do read are in the library?” was her response.
Walking to the library is a healthy activity. It keeps the kids active and occupied. It supports and validates our right to have libraries in general. A Kindle keeps you at home, distracts you from the kids, and teaches your kids that owning a gadget is more important than visiting the library or going for a walk.
A decade ago, I would have loved to have a Kindle, because I read avidly, especially technical publications that I really now should give away to people and resent having to store on my book shelves. A lot of these technical books are not appropriate for libraries or even book stores because they are essentially obese technical periodicals typically lacking enduring value. I’d rather not buy technical books any more, I’d rather be part of an online technical community like StackOverflow that maintained living knowledge of these technologies.
Is refusing a Kindle being a Luddite? Luddites objected to textile industrialization and its exploitative child labor practices. Modern Luddites refuse to give up the value of traditional means where gadgets rear up. Do Kindles, iPads, and other electronic book substitutes erode literacy? Probably not. Erode community? If you consider that if e-books are cheap enough to lull people into not to funding their libraries…yes. Did we see the same with cars? The value of parks, sidewalks, and downtowns across America all changed when we started driving every where, and considered that convenience more important than funding the simple safety of sidewalks.
People who live with gadgets end up throwing the gadgets away. People who have Internet tend to stay home instead of go out, or get less sleep to use it. Cars are an example of a gadget that people make you fat, pollute and kill people regularly. Most of us own lots of gadgets and they probably don’t make us healthier. They also tend to isolate you from your community. We are fools for technology. I know I’m one. As I age, I find that technology shows me what a sucker I have been, too. Staying healthy and living more simply does not require much technology. Biotechnology isn’t necessary for simple food.
If we don’t end up with a Kindle, that’s fine with me. Some gadgets are pretty handy, I admit: smart phones rank in my book…I appreciate those technologies which allows me to be active and social.
Highlighting with Wordlight (Visual Studio)
I love being able to double click on a word and seeing all occurances of it highlighted in my editor. I think the Highlighter plugin for jEdit, and I’m disappointed that there are no free plugins of that quality for VS. Wordlight comes close, tho.
