Thursday, June 22nd, 2017
11:32 pm - Trust architecture
Inventing technologies that allow us to change behavior at scale in populations for the better - TED talk Nicholas Christakis

I've been working on an extension of the idea behind the PGP web of trust model for some time, we need to allow user control of anonymity while allowing for reputation and differing levels of identity proofing. Our system of freedoms in speech and thought require that identity not be centrally controlled and monitored by any single entity, not even a trusted government, but the social contract between human beings requires that people have reputation and repercussions for unacceptable actions. In modern cities as well as modern online fora there can be severe negative behaviors because of relative anonymity and lack of repercussions. Some rating services and even some legal systems now encourage deletion of negative records, a "right to have sins forgotten". This is the opposite of the sort of social contract technologies we need to enable to change social behavior in a positive way. Immediate benefit could be seen for security researchers, exploit writers, systems crackers, white, grey, and black hats, users of online dating services, and those purporting to offer opportunities for artistic or professional careers. Benefits to society as a whole could be much greater, if it gains wide currency.

The other meaning of currency brings us around to bitcoin. Adi Shamir recently discussed what interactions absolutely require strong identity proofing for society to work, and what interactions require anonymity. The decision should not be driven by fear of bad actors, "The only thing we can't make is something we can't think about." as Charlie Sorenson so aptly put it, so we can build a system that drives bad actors out, whether they are criminals, attackers, or politicians... while not only allowing but encouraging freedom of thought, expression, and creativity. I'd like to go back to Steven Levy's definition of a hacker as a particularly gifted and creative programmer or maker, the pursuit of elegant hacks and the hacker ethic at MIT in the 50s, the goal is still no less than improving the world.

(comment on this)

Monday, May 1st, 2017
1:59 pm - Travel advisories for Russia
Canada says: exercise a high degree of caution due to crime, explosions on the St Petersburg metro on 3 April 2017. Crime against foreigners is a serious problem. Some victims have died. Kidnapping for ransom is also common. Exercise extreme caution in crowds and places frequented by skinhead groups, including open markets. Violent crime is common. Pickpocketing, assaults and robberies occur frequently and are often committed by groups of children and teenagers. Criminals may also pose as police officers, particularly in St. Petersburg.

US State Dept says: High-profile armed robberies are an almost daily occurrence. Criminal gangs collude with the local police and operate with near impunity. Foreigners have become victims of harassment, mistreatment, and extortion by law-enforcement. Anyone entering Russia who has claim to Russian citizen, regardless of any other citizenship held, is fully accountable to the Russian authorities for all obligations of a citizen, including the required military service.

Anyone have personal, recent experiences traveling there from US?

(comment on this)

Tuesday, February 10th, 2015
1:29 pm - Forbes: car hacking hype?
A good article on Forbes, Congress, '60 Minutes' Exaggerate Threat Of Car Hacking brings together the Markey report with a lot more information from Jalopnik etc.

(1 comment | comment on this)

Monday, February 2nd, 2015
5:55 pm - RSA Conference 2015
The RSA Security Conference has accepted my talk on Rapid Threat Modeling Techniques, April 20 - 24, 2015, in San Francisco! This will be my first time speaking at RSA, but I always enjoyed it back in the days when I used to go as an attendee.

(4 comments | comment on this)

Thursday, November 14th, 2013
12:05 pm - Surveillance and Espionage in a Free Society

We are concerned with the survival of individual freedom in the United States. We are concerned with the freedom of the United States to survive. The problem we address is the maintenance of the two simultaneously and harmoniously, for a critical paradox can exist whereby the effort to maintain the one may jeopardize the other. Today’s threat, which may be tomorrow’s everlasting sorrow, is that there are within our nation, as outside it, those who are acting simultaneously to diminish both our individual freedom and our national security.
It is the purpose of this Report to offer proposals for the conduct of domestic security practices and the intelligence community.  Our goal is explicit: to preserve and enhance the freedom of Americans and America by establishing policies and procedures that protect the citizen from the loss of his privacy, privileges, and constitutional rights through improper security practices at the hands of his own government.

These quotes are from Surveillance and Espionage in a Free Society, a Report by the Planning Group on Intelligence and Security to the Policy Council of the Democratic National Committee, 1972, Richard H. Blum, foreword by Adlai Stevenson. This was an admittedly partisan issue because the FBI under the Nixon administration was actively targeting his opponents.  The Pentagon Papers, proving that LBJ and Nixon had lied about Vietnam, came out the previous year, and then Nixon had his men break into the DNC Watergate offices.

We must be specific, however, in our attention because with burgeoning technology, bureaucracies, and budgets, it is now the case that methods devised for our protection - or claimed to be - threaten this land and us, the American people.

 A group calling themselves The Citizens' Commission to Investigate the FBI (never caught) had just broken into an FBI office and discovered that era's version of the Snowden papers, proof that the FBI worked 40% on political surveillance of the DNC, attacks on Black Panthers, antiwar groups, and the like, 30% bureaucratic and procedural stuff, 14% chasing draft dodgers, 1% organized crime, and 15% real crime that the average citizen would have thought the FBI was working on.

Domestic security includes much of the work of the FBI... it includes the central computer files that hold information on millions of citizens. It affects the classification of governmental documents including those which hold no information of use to a foreign power but can be useful to, but are denied, to U.S. citizens themselves... "no more than one half of one percent of the classified documents in the Department of Defense contain information requiring security protection."
Because the security cloak is cast so wide and embraces that vital stuff on which democracies depend for life - information by which citizens may make judgments about the world they live in and their government's work in that world - it is inevitable that the cost of any security system is a less well-informed press and public. The cost of the expanding apparatus which is now under development is a stifled press and citizens and political leaders unable to make reasoned decisions.

(comment on this)

Monday, March 5th, 2012
3:14 pm - Marcus Ranum's take on Mein Kloudf
I asked you if it was SECURE! You told me we could save a lot of money but I asked if it was SECURE! You said, 'even Mussolini is going to the cloud with his MP3 collection'. Risk Assessment... your 'Risk Assessment' is toilet paper! Your 'compensating controls' couldn't even stop Stalin's script kiddies! You said there was a '.4 risk'!! What does that even mean?!

Cloud Computing killed the Reich. I wish we had kept the mainframe. Goering and I used to code in COBOL... we were good programmers, once. I could be coding this 'Web2.0' stuff in a weekend. I have to go update my Facebook page....

(comment on this)

Monday, January 23rd, 2012
4:28 pm - Adventures in Contentment
Theology possesses a vain-gloriousness which places its faith in human theories; but science, at its best, is humble before nature herself. It has no thesis to defend: it is content to kneel upon the earth, in the way of my friend, the old professor, and ask the simplest questions, hoping for some true reply.

...[the professor quotes Job 11:7-8] "Canst thou by searching find God? Canst thou find out the Almighty unto perfection? It is as high as heaven: what canst thou do? deeper than hell, what canst thou know?"

I have been a botanist for fifty-four years. When I was a boy I believed implicitly in God. I prayed to him, having a vision of him—a person—before my eyes. As I grew older I concluded that there was no God. I dismissed him from the universe. I believed only in what I could see, or hear, or feel. I talked about Nature and Reality.
And now — it seems to me — there is nothing but God.

(comment on this)

Saturday, February 5th, 2011
5:09 pm - My son the chicken
Looking at the Detroit Science Center website to decide if the dinosaur exhibit will be any good, read "Ask your young child what they want to be when they grow up. Although this may seem a silly question to ask a 3 year old, reinforcing the expression of individual interests helps your child develop a healthy sense of self."

So, what do you want to be when you grow up?

- A chicken.

Questions you can ask:
Do you know anyone right now who does this job?

- (silence)

What are some things you think a person who does this job has to do?

- Lay eggs!

What would you wear if you were going to do this job?

- (more silence)

Okay, this is just too good, I have to share this with the world... (type type type)

- What are you doing, daddy?

I'm telling everyone you want to be a chicken.

- Oh no no no I want to be a rooster!

(5 comments | comment on this)

Thursday, February 4th, 2010
12:10 pm - Sears Grills for Cannibals
Last August Sears was using URL data to define categories on their website (explanation for web programmers and security geeks here) and some customers who were probably trying to figure out ways to game the cart/checkout system and get cheap prices (a very common attack) figured out that they could get it to show a page with a funny category title... and whether the customers knew it or not, the Sears website cache was badly implemented, so it would show it to other customers in order to speed up website response time. Worse yet, if a large number of amused Internet geeks went to an example URL link to see a funny title, I'm guessing it would appear as a "top pick" for all customers to see.

The result: Baby-roasting BBQ pulled from Sears site

I wouldn't call the people who messed with the Sears website hackers, crackers, or even script kiddies, any curious user who edited the "address" line on their web browser could do it, whether accidentally or in the course of trying to do something malicious.

(3 comments | comment on this)

Tuesday, November 24th, 2009
12:16 pm - Manage sexy projects

- Seek out projects with any of the following words in its description:

o Multimedia, Worldwide, Advance, Strategic, Revenue, Market, Technology, Rapid, Competitive.

- Avoid projects with any of the following words in its description:

o Accounting, Operations, Reduction, Budget, Quality, Analysis.

The worth of any project is based on how it will sound on your resume. Don't get caught up in the propaganda about how important something is for the stockholders. The stockholdders are people you'll never meet. And since most projects fail or turn into something you never intended, the only lasting impact of your work is the impact on your resume. Keep your priorities straight.

- Scott Adams

(comment on this)

Wednesday, September 2nd, 2009
4:20 pm - Ben Franklin didn't say "Beer is proof that God loves us..."
As a matter of fact, he said something similar about wine, but wrote at length on how detestable it was to "guzzle" beer. Letter to André Morellet, circa 1779:
We hear of the conversion of water into wine at the marriage in Cana as of a miracle. But this conversion is, through the goodness of God, made every day before our eyes. Behold the rain which descends from heaven upon our vineyards; there it enters the roots of the vines, to be changed into wine; a constant proof that God loves us, and loves to see us happy.
From his autobiography about working as an apprentice typesetter:
I thought it a detestable custom; but it was necessary, he suppos'd, to drink strong beer, that he might be strong to labor. I endeavored to convince him that the bodily strength afforded by beer could only be in proportion to the grain or flour of the barley dissolved in the water of which it was made; that there was more flour in a pennyworth of bread; and therefore, if he would eat that with a pint of water, it would give him more strength than a quart of beer. He drank on, however, and had four or five shillings to pay out of his wages every Saturday night for that muddling liquor; an expense I was free from. And thus these poor devils keep themselves always under…

(comment on this)

Saturday, May 23rd, 2009
9:50 pm - bike trailer stroller ad
There's such a thing as TMI when you write an ad on craigslist:
We bought the trailer to haul our dog around up north, but she did not like it at all. [she peed in it] It has been used less than ten minutes. [we pulled her out before she finished pooping] It is brand new. [we cleaned it] I bought it from D&D Bikes in Berkley for 269.00. [that's less than I paid for my dog's designer sweater] I will sell it for 225.00.
In other words, it wasn't good enough for my dog, but I'll give you 15% off to use it for your kid!

(comment on this)

Wednesday, April 29th, 2009
10:05 am - Test drive a Ford for the Cure
Now through June 1, Ford will donate $20 for every test drive taken at a participating Ford, Lincoln and Mercury dealership to your local Race for the Cure. Dealers around the country are joining in to match the company's donation.

To participate, log on to, sign up for a registration number, then visit a dealership and take a test drive. You'll need to go back to again with information from the dealer to validate your drive so the donation is made in your name.

To help out, they're giving me two additional X Plan discounts for Friends and Family to buy cars in 2009. It's easy, all I need is your name and email to get you a PIN, and when you tell the dealer you have X-plan, they have to show you the invoice price.

Over the past 15 years, Ford, along with its employees and family, have contributed more than $100 million to the fight against breast cancer. My wife, thelifeofbrian, and I will be running and/or walking in the Detroit Race for the Cure on May 30th - ask me if you want to join us and sign up for Team Ford!

(1 comment | comment on this)

Tuesday, April 28th, 2009
3:19 pm - Fusion Hybrid goes 1445.7 miles on a tank of gas
That's 81.5 mpg, almost exactly the distance from New York to Key West on one tank of gas.

For the Ford Fusion Hybrid JDRF Challenge, a team of Ford engineers in Virginia with help from hypermiling world record holder Wayne Gerdes and NASCAR driver Carl Edwards (who came in the day after his wreck to drive the 1000th mile) ran a production Fusion to empty, driving in shifts over three days.

JDRF gets $8004 in donations from Ford and BP employees trying to guess the final mileage... I was too low, I guessed 1230 miles, which is about the best I could get with normal city driving and air conditioning. for videos of the event.

(1 comment | comment on this)

Tuesday, April 14th, 2009
8:48 pm - More book questions
Select as many answers as you want.
Poll #1383776 more questions

How much would you pay for book club hardcover editions?

$2 or more
50 cents
less than 50 cents
the same price as paperbacks, by the box

For a book sale eleven minutes away from the convention hotel, what days would you prefer?


(comment on this)

previous 15 entries