Posted: 23 March 2016 Filed under: Uncategorized
Taking a gander at this article on Science Node, something caught my eye.
A lot of the same concerns that apply in the private or corporate sector apply to us as well. Where it gets interesting for us is the standard security mantra of turn on the updates, run security software or antivirus software doesn’t work very well for us.
Automatically updated software can break the data-taking process, and anything that would take all of or part of the detector off-line can be a serious problem for us.
I acknowledge that integrity and availability are primary concerns in their environment, confidentiality less so. But in the real world, things change, and new vulnerabilities are found all the time. You can’t gain the benefits of software or firmware, without the responsibilities: providing an upgrade path.
Posted: 6 October 2015 Filed under: productivity | Tags: vim
I usually use
:set expandtab in Vim, but a particular file I was editing required explicit tab characters. So I set
:noexpandtab, but then realized I couldn’t tell which were tabs, and which were spaces. Easy fix:
…where <Space> is a literal space. Thanks again to the Vim Wiki!
Posted: 11 December 2014 Filed under: Uncategorized
I was considering a free S/MIME certificate from Comodo InstantSSL, but their Subscriber Agreement reads, in part:
3.4 The Subscriber shall not use the Email Certificate to transmit (either by sending by email or uploading using any format of communications protocol), receive (either by soliciting an e-mail or downloading using any format of communications protocol), view or in any other way use any information which may be illegal, offensive, abusive, contrary to public morality, indecent, defamatory, obscene or menacing…
Which means, we’ll give you this free certificate, but you may not use it to send or receive any encrypted or signed e-mail we don’t like.
How’s that for restrictive?
Posted: 4 June 2013 Filed under: privacy, security | Tags: bitcoin, security
Using BitCoin as a Public Ledger
Interesting way to document “prior art”: create a one-way SHA256 hash of some work, then send the smallest Bitcoin amount possible to that address (use it as a wallet destination). Your hash is in the public blockchain, so you can give your document to someone else and tell them to hash it themselves, then compare to your record of the time and date.
Update: Not quite right; it’s actually a bit more more complex than that:
The document is certified via embedding its SHA256 digest in the Bitcoin blockchain. This is done by generating a valid bitcoin transaction to two specially crafted addresses which encode/contain the hash. The hash is cut in two fragments, each fragment contained in one of these addresses. The hash fragment is used as a replacement for the RIPEMD-160 hash of the public ECDSA key in the bitcoin address generation algorithm. This is why the bitcoins sent in this special transaction are unspendable, as the addresses are being generated from the document’s hash fragments instead of from a private ECDSA key.
Posted: 22 March 2013 Filed under: Uncategorized | Tags: privacy, security
U.S. cyber plan calls for private-sector scans of Net
The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cybersecurity providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency’s eavesdropping.
Posted: 27 February 2013 Filed under: Uncategorized | Tags: malware, security, web application security
Chinese Elite Hacking Unit 61398
As Mandiant mapped the Internet protocol addresses and other bits of digital evidence, it all led back to the edges of Pudong district of Shanghai, right around the Unit 61398 headquarters. The group’s report, along with 3,000 addresses and other indicators that can be used to identify the source of attacks, concludes “the totality of the evidence” leads to the conclusion that “A.P.T. 1 is Unit 61398.”
Mandiant discovered that two sets of I.P. addresses used in the attacks were registered in the same neighborhood as Unit 61398’s building.
“It’s where more than 90 percent of the attacks we followed come from,” said Mr. Mandia.
The only other possibility, the report concludes with a touch of sarcasm, is that “a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multiyear enterprise-scale computer espionage campaign right outside of Unit 61398’s gates.”
Posted: 11 February 2013 Filed under: drupal, open source | Tags: drupal
With any Web content management system, you’ve got to budget for continued support, training and improvements. After more than ten years’ experience setting up sites, and moving content between straight HTML, to writing my own customized content management system, to migrating to custom enterprise systems, including proprietary systems, and now to Drupal, I’ve found that the smart money in Web content management goes to systems that are open source, and broadly supported by the community.
We used to suffer from being “locked-in” to proprietary systems, and our vendor would milk us for all they could, or nickle and dime us to death… but now, since Drupal’s software and security improvements are free for anyone to download, all we pay for is great service. That’s what Drupal vendors compete on; they can’t lock you in.
Proprietary Web content management systems are basically fighting for their lives right now, and are working hard to find a niche where they can survive — so they’ll say anything to get you stuck to their product. This is called “vendor lock-in.” Once you’re in those systems, how do you escape? Your choices are limited, since the number of “partners” is likely nowhere near as big as the number of shops supporting Drupal now, and in the years to come. How big is your proprietary system’s development team? Drupal 7 Core had nearly 1000 contributors, and the number of folks working on Drupal contributed modules is now up above 23,000.
By the way, almost 6000 modules are available for Drupal 7, the most current version. Drupal is widely supported by a huge, vibrant community and is currently installed on over a million Web sites (see http://www.drupalshowcase.com/
for some examples).