Liudvikas Bukys

I happened across web site of Victor Yodaiken who had some piquant remarks on security
(“Someone made serious money from construction of the Maginot line.”) and
the Common Criteria (giving a beautifully clear example of how they might be translated into plain acronym-free English). Now if only he published an RSS feed; I don’t know of a currently-open public scraper (myRSS is not accepting new feed requests).

Mark J Cox: Survivability:

So a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even without the firewall and without receiving updates would still remain uncompromised (and still running) to this day.

It’s not to say that a RHEL3 user couldn’t get compromised – but that’s not the point of the survivability statistuc. In order to get compromised, a user would have to have either enabled anonymous rsync, SWAT, or be running an open CVS server, none of which are default or common. Or a user would have to take some action like visiting a malicious web site or receiving and opening a malicious email.

EarthLink SIPshare: SIP-based P2P Content Sharing Prototype contibutes an open-source P2P favoring end-to-end principles:

EarthLink believes an open Internet is a good Internet. An open Internet means users have full end-to-end connectivity to say to each other whatever it is they say, be that voice, video, or other data exchanges, without the help of mediating servers in the middle whenever possible. We believe that if peer-to-peer flourishes, the Internet flourishes. SIPshare helps spread the word that SIP is more than a powerful voice over IP enabler — much more. SIP is a protocol that enables peer-to-peer in a standards-based way.

The emerging ubiquity of SIP as a general session-initiation enabler provides a rare opportunity to offer users all manner of P2P applications over a common protocol, instead of inventing a new protocol for each new P2P application that comes along.

[via Many-to-Many]

Dartmouth TR2004-515:

We describe an efficient technique that automatically detects duplicated regions in a digital image. This technique works by first applying a principal component analysis to small fixed-size image blocks to yield a reduced dimension representation. This representation is robust to minor variations in the image due to additive noise or lossy compression. Duplicated regions are then detected by lexicographically sorting all of the image blocks. We show the efficacy of this technique on credible forgeries, and quantify its robustness and sensitivity to additive noise and lossy JPEG compression.

[via Simson Garfinkel]

Yakov Shafranovich on Sender ID and software patents from Microsoft: Part I,
Part II

Update: Eric Raymond is “quoted a promise of a license with no royalties and no requirement to sign an agreement.” That would be helpful if such a license came to pass.

• This is an unhappy conversation on many many levels:
  

  AKMA:

  The officer in question (whose conduct was entirely professional, firm, and calm behind those mirrored shades) solemnly assured me that in order to use the library’s open wireless signal, I had to be seated within the library. The officer then wandered on back to the nearby police station.

  …

  ‘Maybe if you had permission it would be all right, but it’s a new law, sir; ‘theft of signal.’ It would be like if you stole someone’s cable TV connection.�

  …

  ‘It’s a federal law, sir; a Secret Service agent came and explained it to us.’
  
  [via Blogos]

• The comments on the article above include the useful link EFF: Best Practices for Online Service Providers that advocates minimizing legal problems by minimizing information collection.
• Having had to dig hard to track down aggressive intruders, I also worry about lacking the ability to investigate attacks on infrastructure (mine or everybody’s). While this application of “theft of services” looks bogus, it is a tool that I’d like to have when somebody is really attacking my network or systems. Meanwhile, there is a permanent tension between knowing what’s happening on your network (say, if you’re an ISP tracking botnets) and maintaining ignorance as a legal defense.

James Lick: Tracking A Zombie Army (PDF)

[via Asrg]

Aaron Boodman:

Forget everything you know about creating pop-up windows. Most importantly, forget you ever knew that the javascript pseudo-protocol ever existed . Do you hear me??

Never, ever, ever use the javascript: pseudo-protocol for anything, ever ever ever ever again. Please. Pretty please. The next time I click on a hyperlink, only to have it cause an error in my browser, I am going to hunt down the author and pound them into holy oblivion.

and the correct code is as follows:


<a
href="http://google.com/"
onclick="window.open(this.href, 'popupwindow',
'width=400,height=300,scrollbars,resizable');
return false;"
>
Click me any way you desire, now or later, bookmarked or not.
I will not attempt to control you, nor punish you, for I am a
simple hyperlink; eager to do your bidding, while remaining ever
helpful. I anticipating desires, but never trample possibilities.
This is the way of the Link.
</a>


See also the comments
for subtleties, such as pop-up forms.

[Via Jim O’Halloran]

A colleague of mine discovered that a scripting error had caused a few months of his Apache access logs (compressed with gzip) to get transferred in FTP ASCII mode before being archived to DVD. He asked whether there was any hope for recovery.

Those FTP transfers corrupted about 0.4% of the input bytes. Because every bit counts in a compressed file, these errors send the gzip/inflate decompressor “into the woods” pretty quickly, and every error disrupts the expansion of everything afterwards. The output turns to unrecognizable gibberish almost immediately. The decompressor itself doesn’t know it’s lost until the final crc check. (There are few illegal states on the way; if there were, that would mean that there is redundancy in the data, and a compressor’s job is to find redundancy and squeeze it out.)

The state of the art among the numerous “zip file repair programs” out there seems to concentrate on only two easy fixes (please correct me if I’m wrong):

• Fix incorrect crc/checksums so that users won’t get an error message any more.
  This doesn’t repair any data, but it does recover from some trivial file truncation or extension things that must happen occasionally to somebody (else why would this function be helpful?).
• Skip over archive members with corrupt data and find other members that are not corrupt. This is useful if the cause of corruption is a bad block on the hardware medium.

Neither of these does anything to improve corrupted data.

In the general case, solving this problem by brute-force search through all possible repairs is not feasible; unless the file is small, it’ll still be running when the lights go out on the universe. It turns out, though, that if the data has some structure, that’s enough to prune most of the search tree, and prioritize the rest, so that the highest-probability possibilities are tried first.

Apache access logs have plenty of structure, so my colleague got back a close match to his original data. I’ve documented the process
(look here for slightly more detail)
to offer hope to others in difficult cases of critical data in otherwise hopelessly damaged files. Unfortunately it’s not a turn-key process, each case requires a certain amount of tuning based on the cause of the corruption and the structure of the data.

A great OS demo anecdote from Bryan Cantrill that starts with the true observation that:

One of the downsides of being an operating systems developer is that the demos of the technology that you develop often suck. (“Look, it boots! And hey, we can even run programs and it doesn’t crash!”)

and continues on with a story about a core dump in front of customers.