An apology

Dear blog friends,

I've experienced so little (as in, none that I recall) spam on this blog that I had forgotten its existence - except in commiserating with some of you who have lamented your own spam problems. I'm getting my come-uppance! The TypePad spam filter had been working so efficiently that I was oblivious. Until recently!

Recently, I've had a problem trying to comment on my own blog. And...I've heard from Stu that his comment had disappeared. The TypePad people had to remind me that there was a spam filter. Having checked the filter a few minutes ago, I find that many of you have been subjected to the bad manners of my spam filter.

Please forgive me!

TypePad and I are working on the problem. Hopefully, we'll soon be back to normal. In the meantime, this blog will operate as if I had activated comment verification rules. I will have to publish each comment that gets caught in the filter. It is interesting that Bogie & Buffy are seemingly golden. Their comments don't get caught up in the filter!

Cop Car

P.S. As the time span that comments are retained in the spam filter is only a few weeks long, I note that the recoveries that I've made this morning go only as far back as Technical postings from Slashdot.org!

P.P.S. If you wish to compare notes: From 3/21/2013 until the current time, there have been 108 truly spammy comments that were caught by the spam filter - nearly 2.25/day.

For fans of touch screens, from Slashdot.org:

$5 Sensor Turns LCD Monitors Into Touchscreens53

Posted by timothyon Friday April 26, 2013 @01:33PM
from the later-comes-the-voice-control dept.

An anonymous reader writes with this snippet from ExtremeTech: "Researchers at the University of Washington's aptly named Ubiquitous Computing Lab can turn any LCD monitor in your house into a touchscreen, with nothing more than a $5 sensor that plugs into the wall and some clever software."  The system works by measuring changes that your hand creates in the electromagnetic signature of the monitor. Surprisingly, it offers some pretty fine-grained detection, too: "full-hand touch, five-finger touch, hovering above the screen, pushing, and pulling." The "$5 sensor" part is mostly theoretical for now to those of us who don't live in a lab, though; on the other hand, "co-author Sidhant Gupta tells Technology Review that the $5 sensor uses off-the-shelf parts, and the algorithms are included in the paper, so it would be fairly easy for you — or a commercial entity — to recreate the uTouch system."

There is more than one way to skin a cat! (Added 5/2/2013)

TypePad is being cruel by losing the comments that I've tried to post. Thrice!

Kay--I would come nearer to believing you had you written, "...I'm pretty unassuming about my own technical skills."

Rain--Thanks! I had forgotten about that photo (cropped from a group photo) until scrounging around in my digital files for a photo of Hunky Husband to use on a flyer concerning a disaster training institute at which HH will be teaching for two days (two courses).

I have "essential tremors" (don't know  how they compare/relate to "familial") which is one of the reasons I don't use/like the little buttons on my SmartPhone. I use the touch screen on the phone most of the time, for most input. HH just bought a new SmartPhone that, unlike his old one (like mine), has only the touchscreen for input. He misses the buttons. I doubt that I would on a phone; but, in a larger screen format, I might prefer the buttons. Who knows? I might giggle myself to death because the screen reminds me of the "idiot screens" used at food service establishments these days. It's hard to take touch screens as serious computing.

EXCEPT: It occurs to me that I used a version of a screen with a wand as early as 1983 in working on a classified aerospace project. That was serious enough! I'm not sure, but I think that the wand may have emitted a light beam onto the screen when the wand was pressed against the screen, rather than the screen's being touch sensitive.

 

Technical postings from Slashdot.org

Crowdsourced Effort May Have Found Soviet Mars Mission's Remains11

Posted by timothyon Saturday April 13, @07:20AM
from the crispy-on-the-outside dept.

A story at Slashgear says that the remains of a Soviet mission to Mars may have been spotted — on Mars — by enthusiasts poring over old photos taken by a NASA orbiter. The article points out that the find must be confirmed by further imaging, but matches the seekers' expectations. From the article: "The community at VK.com/Curiosity_Live crowdsourced a mission to find the Soviet Union’s long-lost Mars 3 spacecraft, with the site’s leader, Vitali Egorov of St. Petersburg, Russia, creating models of what hardware from the spacecraft should look like. With this reference, the community combed through a large image taken five years ago by NASA’s MRO, identifying what is believed to be the craft’s parachute, lander, terminal retrorocket, and heat shield."

 

Stephen Hawking Warns Against Confining Ourselves To Earth165

Posted by Soulskillon Saturday April 13, @09:30AM
from the universe-won't-mourn-a-mote-of-dust dept.

alancronin writes with this excerpt from CNet:"Stephen Hawking, one of the world's greatest physicists and cosmologists, is once again warning his fellow humans that our extinction is on the horizon unless we figure out a way to live in space. Not known for conspiracy theories, Hawking's rationale is that the Earth is far too delicate a planet to continue to withstand the barrage of human battering. 'We must continue to go into space for humanity,' Hawking said today, according to the Los Angeles Times. 'We won't survive another 1,000 years without escaping our fragile planet.'"

 

Ask Slashdot: What Should Happen To Your Data After You Die?111

Posted by Soulskillon Friday April 12, @05:17PM
from the it-is-your-solemn-duty-to-clear-your-departed-best-friend's-browsing-history dept.

Nerval's Lobster writes "Death is Nature's way of telling you it's time to get off the Internet. But when you finally shuffle off this mortal coil, you leave something behind: all your email and other digital assets. That's a huge problem not only for the deceased — once you're on the wrong side of the Great Beyond, there's no way to delete those incriminating messages — but also any relatives who might want to access your (former) life. And it's a problem Google's seeking to solve with the new Inactive Account Manager. (In an April 11 blog posting, Google product manager Andreas Tuerk suggested that Inactive Account Manager wasn't a 'great name' for the product, but maybe the company shouldn't be so hard on itself: it's a way better name than, say, Google Death Dashboard.) Inactive Account Manager will delete your Google-related data (Gmail, etc.) after a set amount of time, or else send that data to 'trusted contacts' you set up before your untimely demise. Which raises an interesting, semi-Google-related question: What do you want to have happen to your data after you die? Give it to loved ones, or have an automated system nuke it all? Should more companies that host email and data offer plans like Inactive Account Manager?"

 

From the third (last) article, "...Google product manager Andreas Tuerk suggested that Inactive Account Manager wasn't a 'great name' for the product, but maybe the company shouldn't be so hard on itself: it's a way better name than, say, Google Death Dashboard."

I disagree. I think that "Google Death Dashboard" has a certain flair!

Douglas Adams Google Doodle

Yesterday, some of my friends missed the most amazing Google Doodle that I've ever seen. Here, through the magic of YouTube are two videos of the doodle. I don't know if the sound track has been added; but, there was no sound to the doodle that I was watching, yesterday. Note, too, that, in the upper video, the whole doodle is not displayed in the video - only the PDA and its surrounds. Enjoy!

 

Another example of taking personal responsibility

Well...in this case, it was a matter of taking corporate responsibility. The excerpts below are from an article on Slashdot.org, How CoreSite Survived Sandy.

When Hurricane Sandy hit the East Coast, the combination of high winds, rain, and storm surges wreaked havoc on homes and businesses alike. SlashDataCenter paid close attention to New York City, where floods swept the southern tip of Manhattan. With a data center on the Avenue of the Americas, CoreSite Realty escaped the worst the storm had to offer. But was it coincidence or careful planning?

....

First off, can you explain your [Billie Haggard's - CC] role within CoreSite?

We build, maintain and operate all of our datacenters, from the construction to the facilities, engineering, and security of all the data centers. So they’re the ones the in the field making all the magic happen. 

....

What sort of contingency planning do you always have in place? And what sort of specialized plans did you have in place for Sandy, when it came on your radar?

For any incident, we have a business continuity plan as well as a disaster recovery plan. And they’re driven by certain timing—disasters are. For Sandy, five days out, what it triggers is—we hold a meeting, and we go down through our checklist. Do we have this? Do we have this? Do we apply new people? Do we need to reserve hotel rooms? We go through and we check communications, the staffing of our personnel, looking at our individuals, and determining whether they have special needs. Coordinate with people we depend upon, which is our vendors and contractors. Things like making sure we have an electrician available, so if we need to we can run an alternate power source, if we have an extended outage.

Something that gets missed, when we have extended outages like this, is feeding people. So just taking the preparations and going out and shop and have three days worth of food at the site. Spare parts, run through all of our equipment checks, make sure all of our operations are ready to handle an outage.

So specifically for Sandy, it’s five days out, going through the contingency plans, making sure that we’ve gone through the checklist and making sure that everyone knew what they were doing and making sure all the preparations were made.

On the evening of the 29th, when the hurricane made landfall, what happened?

We had three people on site, one facilities person and one operations person. [Uh...I don't know who the third person was! CC] We didn’t know what the impact was going to be. And, initially, we started talking about power, and the lights started flickering. Our facilities personnel made the decision that utility power was not stable, so we proactively transferred our site to generator [power]. Because you don’t have to have an outage to create problems in the data center. Those momentary flickers take hits on the batteries, they can cause spikes on the electrical grid, grounding problems and things like that. So we proactively went to generators, prior to Sandy hitting. So we were all stable.

....

So at what time did you start worrying that [3.5-day supply of fuel for the generator - CC] wasn’t going to be enough? Or did you?

Well, I’ll tell you, the best investment I ever made… was that we paid $9,000 at the beginning of the year to have a guaranteed fuel delivery within eight hours. So when everyone started scrambling, trying to find fuel, ours was already paid for. We were at the top of the list.

So eight hours in, we already had fuel trucks running. And every 24 hours, we had fuel, even though we didn’t need to.

....

You said you had three days worth of food on-site, and three employees there. So they had cots, and slept on-site?

Yes. We reserved hotel rooms, but talk about lessons learned: what we found is even though we had personnel in hotels, they lost power and water in the hotels. So it was actually more advantageous for the guys to be at the sites sleeping, and they had water and shower capabilities and food.

We also found that our customers didn’t plan on not finding places to eat, and we were actually feeding our customers.

So how much food did you actually have on hand?

We had more than three days, and we actually had food delivered from uptown.

....

As the hurricane moved through, and past, it sounds like CoreSite’s experience wasn’t that bad. What lessons did you learn from all of this?

One is to ensure that our documentation and our checklist goes beyond 24 hours. I think that most of—if you look at the tier ratings, how a datacenter is classified, Tier 1, 2, 3, or 4 and 4 being the most reliable—all the requirements are based on 12 hours. Twelve hours of fuel, twelve hours of water for your cooling systems, and we’ve always looked at 24 hours. In preparations for disasters such as Sandy, in the future, we’re going to expand that to three days.

And the other thing is, we had to depend a lot on outside organizations. As I said, the data center becomes an island. And within the building at 32 Ave. of the Americas, the biggest problem was with network people. Even though the data center stayed up, we actually had customers of the building that had lost power and had lost connectivity and so we were sending electricians to reroute power and connectivity on our site so they [customers] could use our power and our connectivity to power their facilities.

The other thing is making sure our customers understand that temporary systems are not good in situations like this. One of our major carriers, their backup system was to bring up a rollup generator. And from what I understand, they paid to have this generator there in four hours, and when they had this generator up, the police confiscated it for emergency use. So their backup generator wasn’t there any more.

 

More on computer data security

In a previouse posting, Password Security, I mentioned that the non-governmental organization for which I volunteer, had at least one server (I don't know the extent) hit by multiple viruses that were determined to have originated in China. From Slashdot.org:

US Defense Contractors and Universities Targeted In Cyberattacks72

Posted by Unknown Lameron Wednesday June 13, @01:09PM
from the retaliation-for-stuxnet dept.

Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."

Password Security

Some of my blog friends (and relatives) and I have previously posted concerning online security and privacy issues. Yesterday, on Slashdot.org, I read an article concerning password security. It led me to a marvelous website that discusses password security and provides easy ways of making a person's passwords more secure. If you don't think that password security is an issue, you can skip this posting; but, to me it is huge. Perhaps I am a bit more paranoid than some because I have worked in areas (physical and virtual) that required it - most recently with my email accounts on FEMA servers and servers provided by the non-governmental organization (NGO) for which I do volunteer work.

One of the above-mentioned servers, the one at the NGO, experienced "issues" all through the month of May. Finally, about a week ago, the "issues" were tracked to multiple infestations of the server by viruses that originated in China. While password insecurity may not have contributed to the ability of the hacker(s) in China to infest the server (and, hey, if no one ever told you...a server is just a specialized computer - in this case, the one on which our emails reside), I think it just as likely that one or more password insecurities may have been involved. I must admit that the passwords that I use on my NGO email and LAN account are much less secure than those that I use on my FEMA accounts. FEMA sees to that!

The NGO and FEMA systems both require that I periodically change my password. This is good. However, FEMA's system will not accept change to a password that doesn't pass its definition of "goodness". In fact, I normally get so frustrated trying to come up with an acceptable password that I end up letting the system issue me a password. Such password will normally look like a random selection of key strokes - probably because it is (pseudo-random, at least). Think of something that looks like this: UaP|v8iT. (To see outputs from a 64-character pseudo-random generator of key strokes, see Perfect Passwords.)

Now, through the miracle of Slashdot.org, I have found a website that helps me evaluate the form of a password (I don't trust the website enough to put in a "real" password! lol) and gives me advice on how to make my passwords stronger, but easily remembered. How can I beat that? Answer: I can't! Thus, I have added a link to Gibson Research Corporation's How Big is Your Haystack:...and How Well Hidden is Your Needle webpage to the For Enlightenment listing of URLs on the left-hand sidebar.

From an article, How many seconds would it take to break your password? at IT World's website:

Security breaches of mind-numbing size like those at LinkedIn and EHarmony.com set crypto- and security geeks to chattering about weak passwords and lazy users and the importance of non-alphanumeric characters to security.

But you've never met any non-alphanumeric characters. Sure, you befriended a couple of street people who were a little off kilter when you were in college, and there was that hottie in a Provincetown bar that wasn't what he/she appeared to be at first. They qualified as characters, but denying them alphanumericity is pretty harsh. [I read this to mean rejecting a "friend" request, for instance. CC]

________________________________________________________________________

And insisting on a particular number of characters in a password is just pointless security-fetish control freakishness, right?

Nope. The number and type of characters make a big difference.

________________________________________________________________________

How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols)

6 characters: 2.25 billion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds

10 characters: 3.76 quadrillion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds.

Add a symbol, make the crack several orders of magnitude more difficult:

6 characters: 7.6 trillion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds

10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

• Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks.

Take Steve's advice: go for 10 characters, then add a symbol.

From Slashdot.org:

MD5crypt Password Scrambler Is No Longer Considered Safe197

Posted by timothyon Thursday June 07, @11:29AM
from the risky-busy-ness dept.

As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes "Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: 'New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'" Reader Curseyoukhan was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn. Update: 06/07 20:13 GMT by T : An anonymous reader adds a snippet from Help Net Security, too: "Last.fm has piped up to warn about a leak of their own users' passwords. Users who have logged in to the site were greeted today by a warning asking them to change their password while the site investigates a security problem. Following the offered link to learn more, they landed on another page with another warning."

Babbage: nerd of the 1830s

The Greatest Machine Never Built115

Posted by samzenpuson Sunday April 29, @11:58AM
from the oldest-school dept.

mikejuk writes "John Graham-Cumming is the leading light behind a project to actually build the analytical engine dreamed of by Charles Babbage. There is a tendency to think that everything that Babbage thought up was little more than a calculating machine, but as the video makes 100% clear the analytical engine was a real computer that could run programs. From the article: 'Of course Ada Lovelace was the first programmer, but more importantly her work with Babbage took the analytical engine from the realms of mathematical table construction into the wider world of non-mathematical programming. Her notes indicate that had the machine been built there is no question that it would have been exploited just as we use silicon-based machines today. To see the machine built and running programs would be the final proof that Babbage really did invent the general purpose computer in the age of the steam engine.'"

How weird does it get?

If this had come out yesterday, I might take it for a joke. From Slashdot.org:

World's Creepiest iPhone App Pulled After Outcry283

Posted by samzenpuson Monday April 02, @11:51AM
from the was-that-inappropriate? dept.

Hugh Pickens writes "Ben Grubb reports that an iPhone app that essentially allowed users to stalk women nearby using a location-based social networking service has been pulled from the iTunes app store by its developer after an outcry of criticism including a comment by Gizmodo labelling the 'Girls Around Me' app as the 'world's creepiest' app and a comment in The New York Times Bits blog, which said it 'definitely' won the prize for being 'too creepy'. The 'Girls Around Me' app utilized publicly available data to show a map with women who had checked-in to locations nearby using Foursquare and let users view Facebook information of those ladies if they had tied their Facebook account to their Foursquare account and if their Facebook account privacy settings were lax enough to allow any user to access it. The promotional website used for marketing the app states that the service 'helps you see where nearby girls are checking in, and shows you what they look like and how to get in touch, adding 'In the mood for love, or just after a one-night stand? Girls Around Me puts you in control! Reveal the hottest nightspots, who's in them, and how to reach them.' Foursquare yanked the Girls Around Me app's access to its data, which in turn led to the app's developer removing it from iTunes as it didn't work properly. In a statement to the Wall Street Journal, the company behind the app defended its creation: 'Since the app's launch till last Friday nobody ever raised a privacy concern because, again, it is clearly stated that Girls Around Me cannot show the user more data than [what Foursqure or Facebook] already does.'"

 

I would hasten to add that, I think that anyone who does the Foursquare-to-Facebook linking and checking in is less than prudent. (I'm trying to follow my late mother's admonition to, "Be nice!"

The FBI in action

I have no axe to grind with the FBI. In fact, they have favored me with background checks several times over the years when I needed clearances to work on projects or, indeed, to work within certain buildings. However, this is another posting at Slashdot.org that makes me increasingly glad that I cancelled my FaceBook account about five months ago. (Please see For Fans of "Person of Interest" or Facebook is tracking - or not? for a related posting.)

FBI Building App To Scrape Social Media96

Posted by Soulskillon Friday January 27, @03:08PM
from the they-know-you-read-everything-you-can-about-bieber dept.

Trailrunner7 writes "The FBI is in the early stages of developing an application that would monitor sites such as Twitter and Facebook, as well as various news feeds, in order to find information on emerging threats and new events happening at the moment. The tool would give specialists the ability to pull the data into a dashboard that also would include classified information coming in at the same time. One of the key capabilities of the new application, for which the FBI has sent out a solicitation, would be to 'provide an automated search and scrape capability for social networking sites and open source news sites for breaking events, crisis and threats that meet the search parameters/keywords defined by FBI/SIOC.'"

Added about 20 hours later

Bogie has posted an interesting article about how our browsing may be under "watch" in Your Browser is being Watched. She provides a link that will let you see the inferences that have been made about you by tracking your browsing. In my own case, I must be doing something "right" as I received a message that, in essence, said I am not being tracked!