Full Disclosure and why Vendors Hate it (Jonathan A. Zdziarski)
(via RISKS Digest)
Jonathan A. Zdziarski, May 2008
I did a talk recently at O’Reilly’s Ignite Boston party about the exciting
iPhone forensics community emerging in law enforcement circles. With all of
the excitement came shame, however; not for me, but for everyone in the
audience who had bought an iPhone and put something otherwise embarrassing
or private on it. Very few people, it seemed, were fully aware of just how
much personal data the iPhone retains, in spite of the fact that Apple has
known about it for quite some time. In spite of the impressive quantities of
beer that get drunk at Tommy Doyle’s, I was surprised to find that many
people were sober enough to turn their epiphany about privacy into a
discussion about full disclosure. This has been a hot topic in the iPhone
development community lately, and I have spent much time pleading with the
different camps to return to embracing the practice of full disclosure.
The iPhone is shrouded in secrecy on both sides – Apple (of course) uses
their secrets to instill hype (and gloss over many otherwise obvious privacy
flaws), while the iPhone development community uses their secrets to ensure
they can exploit future versions of the firmware to find these flaws (along
with all the other fun stuff we do). The secrets on both sides appear to
have not only hurt the product, but run the risk of devolving an otherwise
amazing device into the next surveillance fear. With the military and
federal agencies testing the iPhone for possible use, some of the long-held
secrets surrounding the iPhone even run the risk of affecting national
Read Full Post »
Recently someone commented on an older posting of mine that some of last year’s veggies seemed to have no flavor. I think my reply may be of general interest, so I thought I’d post it instead of just replying privately.
The discolored bean leaves I would say are cold damaged. The plant should recover.
For veggies with flavor problems, hmm. The seed being old is ok and won’t affect flavor. If it germinates, it’s got all the goodies. 🙂
Some varieties of veggie are bred for ripening at the same time, or being drought/cold/heat hardy, etc, rather than flavor. If you feel you were using a good variety, though, the next thing to look at is your soil diversity. Trace minerals account for a lot of the flavor, as well as nutrition, in food. It may be time to get a multi-mineral supplement such as greensand or some custom organic preparation, to enrich your soil.
Just like you can make bread with only flour, water, and salt, you can grow a lot of veggies with only NPK (nitrogen, phosphorus, potassium) but they’ll be pretty wonder-bread bland!
One reason that composting is such a good idea is that you’re returning minerals from the non-edible parts of the plant into your soil. We were putting our plants into the city compost bin and picking up free city compost until last summer. Then we realized we were swapping our huge peavines and tomato plants for grass clippings and who knows what. Wups! So now we have a leaf-shredder that we use to shred garden waste, and our own compost bin.
Read Full Post »
Posted in advice, cats, critters, health, real life, recommended, tagged advice, cats, critters, health, real life, recommended on February 18, 2008 |
Leave a Comment »
Plz! No paparazzi at naptime!
Our bestest buddy the Booster is doing really well and has regained much of the weight she lost this past fall, when we feared the worst. None of the tests we ran turned up anything: she was pronounced incredibly healthy for a 13.5 year old kitteh, but she was growing noticeably skinnier and I could feel more bones along her back.
I started reading the labels on the canned food, the treats, and dry food in the pet store. The dry food has 2 to 2.5 times the protein of the canned stuff, and more carbs, and the treats were similar. I wondered if the canned food was simply not providing enough protein and carbs to maintain Boo’s muscle mass and keep her warm during the colder fall/winter weather. I got some high-quality dry food and started offering them free-choice dry food again. They were all over it with great enthusiasm.
When I listen to sidewalk, I can hear ocean! … What you mean, no?
Within the week, Boo stopped losing muscle mass. Her hind legs, which were getting so thin that I could feel the tendons near her paws, plumped up again. She’s regained all her muscle mass, though not much fat, and her neck and back are noticeably more muscular. I’m really shocked that high-end canned food made with good ingredients is not enough to keep her healthy. I am very glad that she is fine again, and kind of shocked and scared that I could have been accidentally starving her! OK, not *starving*, the vet said that she was a far cry from that, but it was a startling change in Boo that I picked up on pretty quickly.
All’s well now, but I wanted to post about it in case other folks’ aging kittehs are starting to get bony. Don’t just chalk it up to the aging process. See if different or better food, or combinations of food, will work. Feed high-energy treats like Greenies, bits of cheese, etc, to help your fuzzball build up strength. And don’t give up! I look forward to many more happy years with the Booster Bunny. They don’t stay with us forever, but we want them with us as long as possible, as long as they are still enjoying being here. She’s back to her sassy self!
Read Full Post »
Posted in 746, advice, hijack, rant, real life, recommended, sysadmin, tagged advice, hijack, rant, real life, recommended, sysadmin on February 18, 2008 |
Leave a Comment »
After a long negotiation process between my DNS provider and the registrar of the domain thieves, virtual.net is back where it has belonged since early 1993: with me. Huzzah!
My advice, in retrospect, is that if your domain is hijacked, immediately file with ICANN, over the protests of your registrar if necessary. Fortunately I got my domain back, but if the remote registrar had not finally given it back (after making my registrar send some kind of “we won’t sue you” papers), I’d have been SOL, as the ICANN waiting period for opening a case had already expired.
How did I eventually lose the domain? My provider offers both secure and non-secure login pages, and I believe that I accidentally logged into a non-secure page while at a public wireless location. At first we thought my email provider had been compromised, but we found nothing but my home network access in the logs, and no suspicious activity. The fact that the thieves had to change the contact email to “email@example.com” to get the transfer key is further proof that they had no access to my email.
If your provider offers non-secure login pages, make a bookmark to their secure page and only use that bookmark for login, never surf there directly or use a sidebar login on a provider’s main page– unless it says “secure login”. There’s really no excuse for offering non-secure logins in this age of ubiquitous wireless– I’ve mentioned to my provider that they’re a bad idea, we’ll see if they go away. I was on my laptop, with a new hard drive, and I hadn’t pulled over my bookmarks yet, so I think that’s how I screwed up.
Read Full Post »
Posted in 2008, advice, culture, election, politics, tagged 2008, advice, culture, election, politics on November 8, 2007 |
1 Comment »
There’s a completely fascinating analysis of the American political scene, and the 2008 race, at the Atlantic Monthly. Interestingly enough, unlike much of their content, it’s available to nonsubscribers– are they backing a particular candidate? Regardless, the author, senior editor Andrew Sullivan, makes a point which I, as a barely-Boomer, found to be a stunning epiphany.
Sullivan’s premise is that the true dividing line in the USA political scene is the Boomer generation’s experience of the Vietnam War. It polarized people on particular viewpoints against members of their own generation in a fundamental way but was never resolved. The all-grown-up Boomers, now in positions of influence and importance, are still butting heads over Vietnam, and how it defined (for them) what it means to be an American, a patriot, a responsible human being. The clashing impacts of these opposing viewpoints are still echoing down the cultural canyons. Or, to put it more succintly, the Jarheads and the Hippies are still fighting it out, and trying to use the Iraq war to prove their points.
This is a fundamental question, and explains a great deal about seemingly irrational elements I’ve seen operating on politics and policy during my adult life. How can the generation that literally opened fire on each other at Kent State learn to work together again? How can they be prevented from imprinting their culture war on the current generation? Andrew Sullivan’s suggestion is get Barack Obama into the White House. I am inclined to agree with him.
Obama’s reach outside his own ranks remains striking. Why? It’s a good question: How has a black, urban liberal gained far stronger support among Republicans than the made-over moderate Clinton or the southern charmer Edwards? Perhaps because the Republicans and independents who are open to an Obama candidacy see his primary advantage in prosecuting the war on Islamist terrorism. It isn’t about his policies as such; it is about his person. …
What does he offer? First and foremost: his face. Think of it as the most effective potential re-branding of the United States since Reagan. …
Consider this hypothetical. It’s November 2008. A young Pakistani Muslim is watching television and sees that this man—Barack Hussein Obama—is the new face of America. In one simple image, America’s soft power has been ratcheted up not a notch, but a logarithm. A brown-skinned man whose father was an African, who grew up in Indonesia and Hawaii, who attended a majority-Muslim school as a boy, is now the alleged enemy. If you wanted the crudest but most effective weapon against the demonization of America that fuels Islamist ideology, Obama’s face gets close. It proves them wrong about what America is in ways no words can.
Regardless of your politics, this one’s an interesting read. It may not change the territory, but it sure stretches and refines the map.
Read Full Post »
Posted in advice, firefox, mac os x, recommend, security, sysadmin, tiger, tagged advice, firefox, mac os x, recommend, security, sysadmin, tiger on October 31, 2007 |
Leave a Comment »
I’ve been on a grand unification quest to find all the duplicates and old versions and generally clean the heck up on my desktop Mac, in preparation for a clean full “reference” backup and then a Leopard upgrade. I’m hearing enough security kerfuffle about the new (dis)improved firewall on Leopard; that I’m feeling glad that I didn’t buy a copy yet. Some of the issues are less relevant to me than to some, as I have a gateway firewall on our local net.
I’m disappointed to hear that Apple may be taking some of the Unix magic out of the hands of us old fogies in the course of prettying up subsystems like the firewall manager. I wouldn’t want to see quite the level of bells, whistles, and occasional frag-grenades of, say, some of the Linux GUI sysadmin tools. The princple behind those tools, however, is one that Apple would do well to emulate: provide a graphical user interface to the actual scripts and command-line / config-file changes needed to accomplish a task. Rewriting the UI as a program of its own, intertwingled with the functionality, is bad compartmentalization and should be avoided.
Speaking of firewalls, they do only protect you from stuff that is coming IN to get you, not stuff that you helpfully download and that opens up connections OUT to wreak havoc or spew spam. The emergence of Mac-targeted web trojans; is something that neither Tiger nor Leopard will prevent. It’s another class of security problem entirely, the kind that comes in via the keyboard or the mouse– what ham radio old-timers used to call “a short between the headphones”.
What I do find helpful for dodging some bullets is a the NoScript plugin for Firefox, which lets you selectively approve or deny scripts running on web pages that you are browsing. There is even some ongoing work on preventing cross-site scripting via NoScript. I find it very handy. Still, caveat clickor and all that.
Read Full Post »
We have a new October holiday, the Boosterversary. It’s a celebration of the Booster, whose photo adorns our homepage. Not only did Boo come to live with me in October (of 1994, when she was just a teensy kitunia) but last year in October, she was LOST. She was out at dusk and ran off, and was missing for several days.
I did all the usual lost-cat things: posters, going out and calling, shaking kitty-treat bags, and so on. A national lost-pet listing service gave me a unique piece of advice that I hadn’t found via any other venue: put one of your shirts outside in your backyard, a shirt that you have worn. The smellier, the better– a gym shirt is ideal. The woman who told me this said that she had, over the years, had many reports of people finding their lost pet sitting on the shirt the very next morning. She said that a persistently “lost” pet was often hurt and hiding, and not daring to come out, but that the shirt would represent your protection and safety to the pet and embolden it to remain outside its hiding place in daylight.
My husband woke up before me the next day, looked out the window, and said “She’s there! Boo is outside!” He ran to the porch and opened the back door to let her in. She had been sitting on the shirt. I called the hotline back and reported her as “found”. She had a nasty two-puncture bite that we treated at the vet’s, but was otherwise clean, well-groomed, and tidy. Clearly she’d found someplace to comfortably hide out during the several days of her absence. She had been missing at least 3 nights, maybe 4, by then.
Happy Boosterversary, Boo. Tonight, we dance the mamushka for you!
Read Full Post »