therning.org/ magnus

Here’s another post about a paper I’ve read recently. This time it’s not entirely for fun, but I still thought I’d write about this one, Adventures with a certain Xen vulnerability (in the PVFB backend). I’ve read a few security-related papers and articles. In general I’ve found that there’s a huge gap in quality (and sometimes rigor) between the practitioners and academia. This however is a paper that I found to be of good quality, while still being produced by a member of the former camp. Hopefully it will start a trend

I thought I’d start posting little notes about papers I read, especially if I find them interesting and worth reading. So here we go!

I read this paper on the bus this morning. I suspect I got it off Lambda the Ultimate a while back, printed it and then kept it in my bag for several months.

Evaluating High-Level Distributed Language Constructs

It’s been a while but my list of links to put out there is starting to get a bit too long.

Here’s another example of how wrong the patent system is. We really don’t need software patents in Europe! There seems to be some hope for the situation in the States though. We need more stories like that!

Some Linux related things. I suppose “military intelligence” isn’t such an oxymoron after all, at least not in Sweden. If you want to learn Linux, here are some tips. If you are so unfortunate as to be a Linux user forced to work on Windows then here are some tips for you.

There’s always some interesting things going on in the DRM world. How’s this for a story? Large music company sticks dodgy software from small company on CDs so that their customers’ unwittingly installs said software when trying to play the CD on their computer. Then it turns out that the software is dodgy and the large company is taken to court in class action suits all over the world. Now, who’s to blame? The large company that made the amazingly bad decision to treat their customers like criminals? Not if you’re Sony! Here’s a bonus article on DRM, a bit of scare mongering surrounding Microsoft’s use of “trusted computing”. Yes, technology can be used in bad ways, but I doubt even Microsoft would be able to stick to such a bad use of technology for long. Call me an optimist! I’m hopelessly late. Here’s an excellent explanation of why DRM is so hard from a technical POV.

I’ve been hoarding links on how to opt out of the NHS database here in the UK. They could turn out to be useful.

I doubt I’ll ever need this.

Looking to become a maintainer of some free software? Look no further.

If you live in the UK and shop online you should know your rights.

A funny story about security.

How’s this for ending on a funny/happy note? It seems the RFID tags in passports can be used to crash the RFID readers.

I realised I hadn’t put in one of these posts in a while. The level in my “To Blog” bookmark tag was dangerously high… here we go!

I really enjoy this, rather old article on superstitions in relation to computers. I never bothered counting my superstitions on Windows, but given that I’ve given up on understanding Microsoft’s products I suspect they run in the thousands.

Every developer needs Cenqua’s Commentator. I’m getting it as soon as I’ve saved the money. It’ll be the first piece of software that I pay for myself in years. Worth every penny though.

libgfshare. Please, go off and write some cool software using it. Please! If I were a FirefoxIceWeasel user I would use the Python sidebar. It looks so useful I might look into creating one for epiphany. If you’re considering doing something cool with PDF docs, have a look at extendedPDF. I think I’ve mentioned Rob Bradford’s GConf difftool in another post, or maybe not. Anyway, I’m hoping that’s the first step towards a tool that lets you export GConf settings between machines. Are you a Python web developer, Python Paste is yet another framework.

If you still believe that “do no evil” is enough then you won’t be interested in Google Watch. I however thing they should upgrade their slogan to “do good”, so I am interested.

I found the following post funny, but I’m probably the only one. Havoc doesn’t understand why distributed VCS is better then Subversion. I suppose that’s what happens when you are a famous FLOSS person that immediately gain submit access to any project one shows an interest in. For the rest of us; thank goodness for distributed VCS.

Old news, but Firefly fans are bloody brilliant.

More old news, I don’t really see why I should worry about “identity theft” from someone rummaging through the rubbish in my wheely bins while the UK banks are so careless with client information.

With great power comes great responsibility. It’s sad when language designers don’t believe the developers deserve the responsibility. Here’s a post on the difference in attitude between C# and Python when it comes to empowering the developer.

I had fun reading about the evolution of a Haskell programmer, even though I didn’t understand all the code.

Well, I actually do believe in the cheerleader defense for wireless networks. Anyone who has looked at software security knows that plausable deniability is much easier to achieve than locking down a system. IANAL but I still believe in the phrase “beyond reasonable doubt”.

Now, I wasn’t planning on running Vista on any of my private machines. After reading this, rather long, article on Vista’s EULA I’m absolutely certain of that. I’m almost thinking Microsoft is taking a piss out of their users. However, evidence is mounting that they aren’t. I can’t help but wonder how their “de-activation” will hold up in legal systems outside of the US. I also wonder how much further this distrust-your-user craziness in EULAs can be taken before users start reacting negatively.

Yes, hpodder is awesome.

Theo de Raadt sometimes has some very good things to say. His way of saying it is always entertaining though.

The US politicians have been busy. First they claim space. I predict it’s only a matter of time before DHS is given jurisdiction over space, effectively making the US an intergalactic power. At the same time they’ve been busy signing away the single most important idea in the US body of law, separation of powers, making US the Fourth Reich. It seems Constitution 2.0 is now a reality.

The UK can’t afford to be any worse. At least there is some discussion of our loss of liberty. Get yourself a suspected terrorist badge, or order a t-shirt:

I wonder how long it’ll take until the message reaches the media and the politicians. Solve the basic problem rather than patching up the symptoms. Identity fraud will remain a growing problem as long as it’s possible easy to “become someone” by using documents that are sent regularly through the mail (i.e. bills).

Am I the only one who finds this absolutely terrifying?

If you haven’t seen DCLugi’s Snakes On A Plane auditions on YouTube you need to!

Bruce Schneier reported on this a while ago, I need to keep the link around. What to do when your neighbour is using your internet.

Our “honourable” EU politicians are finally worrying about the right things when it comes to Microsoft. Microsoft is all about lock-in, they’ll use security to achieve it if they can. Microsoft is of course responding. I wonder if they’re ever going to inhabit the same world as I am? Vista creating 100000 new jobs? Only if changing the title of a position from “Windows XP Developer/Administrator/Shithead” to “Windows Vista Developer/Administrator/Shithead” counts as “creating a new job”. I think Linux Journal is too kind when they call it Microsoft’s Masterpiece FUD. I think it only shows just how desperate Microsoft is to get Vista out the door.

Digital Rights Ireland are challenging the Data Retention Directive. I hope they are successful, I don’t there are many citizens in Europe who would be sad to see that invasive directive go away.

A good article on “open vs. closed” from the Financial Times—A closed mind about an open world. FT is increasingly “getting it”.

I couldn’t help but laugh out loud when reading this article trusted computing—Trusted computing a shield against worst attacks?. Let me see if I got it right. Phoneix Technologies, who happen to make a TPM module, pays analyst firm Trusted Strategies to have a report on digital attacks done. Then, surprisingly, the analysts come back and say that a TPM would have stopped most of those attacks. Who would ever read and put any faith in a report like this? Besides other analysts of course. I can’t help but think that the computer analyst firms are locked in a circle-jerk that’s paid for by computer companies. It is a very strange world we live in.

Thinking of writing a media app in Python? This seems like a good place to start.

Elmo is right, Britain really is the 51st state. I’ve noticed the very strange and one-sided relationship with the US before but this article on Britain’s nuclear weapons put that in a whole new light.

Britain has just been blessed with a system of threat levels. Bruce Schneier isn’t impressed and I can’t help but wonder what should we do now that the threat level is SEVERE?

RFID seems to be the rave at the moment for securing things, which means it’s the rave in circles that break stuff. Here’s an interesting story on how secure signal-emitting chips in car keys are. It seems the RFID in passports has been cracked as well.

To end on a lighter note, you can now get your computer to do useful stuff by hitting it.

There seems to be some intelligence in North America. In Canada to be more specific. This is only the last article of quite a few on Canadian artists worrying about copyright. This is a little old, but still hilarious. Go CEA!

Here’s an article on Britain’s anti-terrorism policy. It pretty much confirms the worries I’ve had but haven’t been able to put my finger on.

You can always trust El Reg to report on the silliest things ever. Here’s an article on a futurologist’s prediction that men will lose out to robots. This can be shot down on so many levels it isn’t even funny. Except it is

Ending with some funny stuff. A map of the Software Wars. I’ve recently discovered Humorix, this announcement on Microsoft’s plans for a DRM-oriented language had me laughing out loud.

Some interesting articles on Net Neutrality by David Ernst and Andy Kessler. I’m slowly starting to lean towards letting the market sort this out without government intervention. The idea of labelling is especially appealing.

That something’s wrong in Microsoft is rather obvious given the amazing delay in releasing Vista/Longhorn (whatever it’s called this week). After listening to the LQ podcast I tracked down the MSDN blog entry mentioned in it, Broken Windows Theory. It’s an interesting look behind the curtain.

Look here to have a good laugh at RIAA and MPAA.