Saturday, June 13, 2015

Stuff to read

Happy middle-of-June, or, viewed from a different perspective, happy last-week-of-being-53-years-old (give or take a (leap-)second)...

  • Second OPM Hack Revealed: Even Worse Than The First
    things are looking even worse. That's because, late today, it was revealed that there was likely a separate hack, also by Chinese state actors, accessing even more sensitive information
  • Hack Of Federal Gov't Employee Info Is Much, Much Worse Than Originally Stated: Unencrypted Social Security Numbers Leaked
    Both of these organizations strongly support "cybersecurity" legislation, claiming that it's necessary so that the US government can "help" companies dealing with "critical infrastructure." And yet, here we are, with the government's own personnel files being held in a system without encryption that was hacked and copied by (likely) foreign hackers. And we're supposed to trust two government agencies who have been going around cursing encryption, that we should give them more access to "protect us" when another government agency's attack likely could have been prevented if they'd just used encryption?
  • Some thoughts on recent industry events
    There are two business models: sell something in advance using promises, and persuade a lot of people who might not like a product a lot; or give the product cheaply and charge after the fact.

    Here are some basic facts of life regarding these two models.

  • Game Developers Wary Of Steam Refund Policy Because Customers Are Using It
    If you're getting a 72% return rate on your game under those conditions, it sounds like nobody liked the first 2 hours of your game. I guess you can blame the refund policy for that, if you want, or you can simply make better games.
  • Why nerd culture must die
    When I look around, I see the culture we’ve built turning from a liberating revolution into a repressive incumbency. We’ve built magical devices, but we don’t care enough about protecting ordinary people from harm when they use them. We don’t care that a lot of the children out there with the potential to become amazing hackers are driven away at every stage in the larval process. We don’t care about the people who lose out when we disrupt the world, just the winners (who tend to look a lot like us).
  • The 7 Habits of Highly Overrated People
    I’ve paid attention to people in groups and collaborating on projects. I’ve had occasion to do this as a team member and a team lead, as a boss and a line employee, as a consultant and as a team member collaborating with consultants, and just about everything else you can think of. And what I’ve observed is that this phenomenon is not a function of the people who have been fooled but the person doing the fooling. When you look at people who wind up being highly overrated, they share certain common habits.
  • On ethics in information technology
    Now is the time we in IT need to think about some kind of code of conduct. We desperately need something we can refer to when we are not sure what should be happening, how we should be responding to some event in the world. But for that to work, we also need to accept that we are a political group with some real power and not just a bunch of kids playing with bytes.

    I'm not arguing for legally enforced rules and I don't want the debate to go in this direction. We are not lawyers, we are hackers, and we know that any kind of rules can, and will, be bypassed. It is our job.

    The laws are comparable to the technical limitations that a developer puts on a web page to forbid you to read it without entering your email address: disable JavaScript and it just works. Our job, and most of the time also our hobby, is to bypass those limitations. Not to do anything bad, but because it is fun. Sometimes we even tell developers that they should do it differently, to be safer.

  • Duqu 2.0
    There's a lot of details, and I recommend reading them. There was probably a Kerberos zero-day vulnerability involved, allowing the attackers to send updates to Kaspersky's clients. There's code specifically targeting anti-virus software, both Kaspersky and others. The system includes anti-sniffer defense, and packet-injection code. It's designed to reside in RAM so that it better avoids detection. This is all very sophisticated.
  • Humanity’s Most Problematic Attempts to Get All the Water
    From the moment humans discovered the benefit of staying in one spot, growing plants and raising animals, they started to devise ways of bringing water to the settlement. They developed wells and rainwater channels, dug irrigation ditches, and created aqueducts to pull water a long way from its sources. Their engineering paid off; villages, towns, cities flourished; eventually, complex, urban civilizations dominated. It smacked of success.

    Except that great solutions to water needs also begat great problems. When water is drawn more quickly than it is replenished naturally, a water source can dry out, endangering people who based their lives around it. Some of our engineered structures, like lead pipes, have led to serious health problems. And when more than one nation draws from a single water source—as in the case of the Jordan River, which feeds into Israel, Jordan, and Syria—tensions can escalate into conflict.

    We need water to survive. But the ways we get it have changed our ways of life, driven us from our homelands, and in some cases, poisoned those who’ve stayed. Here are some examples of problems we’ve created by being too good at what we do: surviving.

  • The precision — or lack thereof — of time
    You can’t actually pin down real-world time, because you can’t measure an actual instant in time. We like to think that we talk about an instant of time, but what we’re really talking about is a duration. 6:14 PM isn’t an instant, it’s a duration of time between 6:14 PM and 6:15 PM. Increasing your precision doesn’t change this. A second is always a second long. A nanosecond is still just a duration. No matter how finely you slice it, multiple events can happen within a single second, nanosecond, femtosecond, and so forth.

No comments:

Post a Comment