|
Tuesday, September 17. 2013the problem with certificates
updated below - 2013-09-17
What is a Certificate and what is a Certificate Authority?How does a web site prove who they say they are?The short answer is they go to a Certificate Authority and purchase, after supplying some proofs, a certificate that says who they are. The long answer is that much of the cryptography infrastructure of the internet depends on the Public Key Infrastructure (PK), which is based on the X.509 standard for digital certificates. These certificates provide a framework for "proving" that an actor is who they represent themselves to be, and for negotiating the encryption to be used for a secure connection. There are two groupings of certificates, self-signed certificates and certificates derived from Certificate Authorities (CAs). CAs can be public entities (you can get "store bought" certificates from Verisign, Geotrust, or whoever) or private ones. if the latter, they aren't much different from self-signed certificates. Network applications that use certificates typically have a list of CAs for whom they will accept certificates, and you can add CAs or individual certificates in some cases if you decide to trust them. When your browser sets up an https: connection to an online store, these certificates are in play. this is how you, at least in theory, know that sears.com is really Sears and not some joker playing at being Sears in the interest of stealing credit card numbers. This makes CAs a target and a very attractive one, at that. If you can compromise a CA, you may be in a position to create certificates that allow you to pretend to be someone else, which permits all sorts of nasty attacks. And CAs have indeed been compromised, and at least one that i'm aware of has had to shut down because of the extent of the compromise. You see, once a CA has been compromised, the trust relationship is broken - you cannot distinguish between the "real" and the "fake" certificates, and the game is over. This is where it gets terrifyingWe know that the government, under the cover of various and sundry security provisions, has sent orders to outfits like Lavabit, essentially ordering them to operate fraudulently by continuing to sell a secure service while secretly supplying "secured" data back to the government. This is a huge ethical dilemma, which the owner of Lavabit dealt with ethically by simply shutting down his business. The ethics of any ensuing government prosecution are left for the reader's consideration. Should we assume that we know about all the orders in play? Of course not, for every ethical business owner there are no doubt other corporate entities who have chosen differently. So at this moment, can we trust any US based Certificate Authorities? I think the answer is a resounding no. And this means that anything that depends on certificates from any US based CA, whether it's a secure website or an IPSec based Virtual Private Network, is no longer trustworthy. And that should terrify us all. So what can we trust?We can trust private/public key systems that don't depend on X.509, like PGP/GPG. These work using the concept of web-of-trust, where you agree that you know that someone is who they say they are and accept their key. In theory, self-signed certificates are now more reliable if you can verify the identity of the signer. This is in essence a variation on web-of-trust. The problem with endpointsThis still doesn't mean much if the security end points are compromised. The NSA can do that, but it's expensive so they're more likely to do things like attack the Certificate Infrastructure. But your PGP/GPG key won't mean much once they hack into your PC or Mac and install a keylogger. But I've depressed everyone enough for one day. Update - 2013-09-17FYI, I am now using OpenPGP to sign everything sent from my primary email account. The fingerprint is 3133 3F6D AB20 AC3F 9C88 DC61 0F2C 74F4 7012 C7FA, short id is 7012C7FA, keyserver is hkp://keys.gnupg.net. it's a 4096 bit RSA key. cheers! Friday, September 13. 2013Garmin Nuvi rant
I have gotten a lot of good use out of entry level Garmin Nuvis. What i haven't gotten is long life. Typically i get maybe 2-3 years out of one before either the slider switch on the top fails or the USB connector fails. These failures are generally out of warranty and the only thing Garmin offers is an exchange for a refurb unit that is close to the cost of a new unit.
I don't recommend paying for lifetime maps on Nuvis. The lifetime of a well used Nuvi is simply not that long. Having said that, i will probably replace the current Nuvi (failed slider switch) with another Garmin when the time comes, but i may consider going a little upmarket next time out. Saturday, July 6. 2013link spam update the secondFriday, July 5. 2013link spam update...
after the link spam incident discussed here i sent a polite inquiry to prweb asking whether link spamming using links to their service was a ToS violation. They have responded:
Dear Richard, This is of course, fundamentally unsatisfactory. They have Terms of Service which their customers must agree to and the ToS can of course contain limitations on how they use the links. Now to ask the person whose name is on the release about the link spamming incident. somewhat bemused...
Someone just tried to link spam a blog I manage. It got kicked into automoderation. I found it somewhat entertaining, as the link was to a press release on www.prweb.com plugging an online reputation management service. It appears that they are not worried about having an online reputation for link spamming.
I'm not revealing the details just yet, as it is a possibility that this is a Joe-Job. But more than likely it's someone setting up as a reputation consultant who isn't really very competent or knowledgeable about what they're doing. In the meantime, I have submitted a inquiry to prweb as to whether or not link spamming is a violation of their Terms of Service. I'll be very interested to hear their response. Thursday, July 4. 2013Vicksburg
the other thing that happened 150 years ago was the surrender of the Confederate forces in Vicksburg, Mississippi to Grant, after a brilliant campaign. Vicksburg would have a number of effects:
It is hard to over emphasize the impact of this victory, which is overshadowed by the fact that Gettysburg happened at the same time. Grant would go on to fix the situation at Chattanooga that had resulted from Rosecran's bad day during the Chickamauga campaign before heading east. And Grant was the first commander in chief to truly understand what would be needed to end the war. Grant had intended to command from the west, but after taking command, he would decide to place Sherman, his most trusted subordinate, in command in the west, while he shadowed Meade & The Army of the Potomac. Gettysburg thoughts
150 years ago today - the day after the battle
First, some things missing from the film I already talked about day 1. For day 2, the film focuses almost entirely on Joshua Chamberlain and the 20th Maine on Little Round Top. So what's missing? Well, lots. Chamberlain's Regiment was part of Strong Vincent's Brigade. Vincent's Brigade was rushed in to cover Little Round Top after General Warren discovered it was uncovered and that the Confederates had figured that out. All the regiments in Vincent's Brigade were heavily involved, and Vincent himself was killed that day. Now why was Little Round Top uncovered? Because General Dan Sickles had ignored instructions and moved his forces forward from Cemetery Ridge to the Peach Orchard and the Wheatfield. Sickle's forces were not sufficient to extend to Little Round Top, so they were anchored on Devil's Den. There was intensive fighting in the Peach Orchard, the Wheatfield and Devil's Den, none of which is covered in the film. And the film doesn't cover any of the fighting going north along the line, wrapping around Cemetery Hill and Culp's Hill. Day 3 in the film is all about Pickett's charge, but ignores all kinds of other fighting that day. Context Generally missing from most Gettysburg discussion (film or otherwise) is context. Meade is often criticized for failure to pursue, but actually the Army of the Potomac followed Lee for 10 days, almost trapping Lee against the Potomac River. Meade seems to have come up about one day short on catching Lee, but Lee's escape wasn't exactly a cakewalk. Some recommended books Gettysburg: The Last Invasion Allen C. Guelzo Gettysburg Stephen W. Sears Plenty of Blame to Go Around: Jeb Stuart's Controversial Ride to Gettysburg Wittenberg & Petruzzi One Continuous Fight: The Retreat from Gettysburg and the Pursuit of Lee's Army of Northern Virginia, July 4 - 14, 1863 Wittenberg, Petruzzi & Nugent Protecting the Flank at Gettysburg: The Battles for Brinkerhoff's Ridge and East Cavalry Field, July 2 -3, 1863 Eric Wittenberg Gettysburg's Forgotten Cavalry Actions: Farnsworth's Charge, South Cavalry Field, and the Battle of Fairfield, July 3, 1863 Eric Wittenberg Monday, July 1. 2013July 1st, 150 years ago today
Most of the focus will be on a small town in South Central Pennsylvania. What happened there is significant and fascinating, but generally it is overemphasized at the expense of the real action.
In the western theater, forces under General Grant had successfully executed his novel campaign plan, with the result that he had Confederate forces under siege in Vicksburg Mississippi, and the Confederacy was about to be split in two as the Federal government gained complete control over the Mississippi River. Arguably this was far more important to the course of the war than what happened at Gettysburg. Vicksburg By July 1st, Grant's brilliant campaign had settled into a siege. The defenders of Vicksburg had no way out and it was only a matter of time until they ran out of supplies. This moment would be coming soon. In addition to splitting the Confederacy, Grant & Sherman would also start to set a pattern for future operations that would carry through Sherman's march through Georgia in 1865. The pattern? Unable to occupy Jackson Mississippi, Grant would send Sherman to raid Jackson instead, and Sherman would destroy the railroads, the warehouses and the factories, leaving nothing in Jackson of value to the Confederacy. Gettysburg The events of the first day are only partly described in the film. The film omits entirely the intense fighting on the west side of the town which lasted until the two Federal Corps were overwhelmed by Confederates coming from the west and the north. The Federal forces would stream through the town and settle on Cemetery Hill, where the remainder of the Army of the Potomac would arrive for the second day's battle. The TV Cartel
We shut down our satellite TV a few months ago, and mostly haven't missed it. We can get the Rays games we want to watch via MLB TV, well except for the Yankees games and the weekend national broadcasts. We can get most other things via Netflix, Amazon Instant Video and Hulu+.
What we can't get are two events on NBC Sports, the Tour de France and F1 racing, because the TV Cartel (the cable and the Satellite providers) have decreed that they are the only way you can see these things. There is no technical barrier, there is even an NBC Sports app for my iPad which would stream the events - but I can only access the stream if I have an account with Dish, or DirecTV, or Time Warner, or Comcast, or whoever. And it sucks, because these are the only two things they have to offer me, and they charge way, way too much money to make it worth while. Friday, June 14. 2013Saratoga & Bennington Battlefield Tour
One of the things I've enjoyed has been touring battlefields with knowledgable leaders. They can help a lot with framing, visualization and context.
Lately I've been working on my own understanding of the Saratoga Campaign of 1777 and it seems to me that a tour which covers the approaches to the battles as well as the battles themselves might make for a worthwhile exercise. I'm considering whether to try for one in early August of this year or the spring of next year. The tour would entail carpooling with 20 to 25 participants, and the fee for the tour would be a contribution to Gift of Life. We'd meet for breakfast somewhere in the Glens Falls or Lake George Village area, where I'd do a presentation explaining the British strategy for suppression of the rebellion in 1777, and why Burgoyne led British forces south via Lake Champlain. I'd also provide a brief explanation of the British attempt on Lake Champlain the year before, and what happened at Ticonderoga in 1777 (Ticonderoga is too far north to include on a one day tour.) We'd then head to sites (that fit the schedule) where we'd talk about what happened at these locations and how they influenced the progress of the campaign. These sites would include at a minimum the Bennington Battlefield (in Walloomsac, New York), the Saratoga Battlefield and a number of other spots that influnced the battle (perhaps Fort Miller, the San Coick Mill in North Hoosick, and so forth.) Topics: Framing & context- why were the armies here and what were their goals and objectives? who were the commanders and what were their strengths and weaknesses? what were the strengths and weaknesses of the campaign plans? Interpretation (meta discussion) - what are the issues with how we interpret the campaign? how has the interpretation changed over time? have we been misled by conventional wisdom into oversimplified pictures of what happened? (e.g., were Burgoyne and Gates really as bad as their reputations would lead us to believe?) Compare and constrast: the Bennington Battlefield and the Saratoga Battlefield, two very different experiences. How has battlefield preservation & interpretation changed over the past 100 years? Which approach do you think is better? Saturday, February 16. 2013lessons from my recent macbook outage
when you add an external drive to your mac laptop as a backup device, go with two partitions, one for time machine backup, and one for a bootable copy of mac os x. put a copy of the mac os x installer in the bootable mac os x partition. when you do need to restore you can boot from the external drive, reinstall on your new or newly wiped internal drive and restore from the time machine backup.
if you go with this setup, you also have the option of restoring your backup onto the external drive while you wait for the replacement hard drive to arrive from your vendor of choice. it won't be much of a laptop if you have to lug an external drive around, but at least you'll be on the air. don't attempt to defrag in place. wipe and reinstall from backup. it was defragging in place that put me into the 36 hour rebuild from hell. Sunday, January 13. 2013Several quick Civil War book reviewsOne of the Civil War figures most frequently misrepresented and misunderstood is Ulysses S. Grant. The historical memory of Grant contains significant contradictions. His reputation in history ranges from extremely high highs to some very low lows. [note: I am an amazon affiliate and if you buy books through these links, I do receive a pittance] And Keep Moving On: The Virginia Campaign, May-June 1864 is a campaign history, but a larger history than just of Grant's Overland Campaign of 1864, as it also discusses campaigning in the Shennandoah Valley and on the Peninsula; Grimsley is making the point that the Overland Campaign was part of a larger strategic concept, and Grant was General-in-Chief, not commander of the Army of the Potomac. It provides a good outline of the progress of the campaign, and some valuable analysis of the command structure and relationships in the Army of the Potomac. This analysis includes insights into why Grant's campaign failed in its intended purpose, but succeeded in that it ultimately trapped Lee's army in the entrenchments around Petersburg. The book first appeared in 2002, but is still where I would send folks wishing to learn about this campaign. Grimsley's insights about the differences between Grant's command approach and those of the generals he inherited in the Army of the Potomac are quite valuable as they explain why it was so hard for Grant to get the army to execute his plans. The Man Who Saved The Union: Ulysses Grant in War and Peace is a pop history of Grant. It is a decent book if you are looking for an introduction to Grant, but it contains no new information or analysis and is of no great interest to the serious student of the Civil War, who presumably is already familiar with McFeely, Simpson, etc. However, even for someone just looking for an introduction to Grant, I'm really much more inclined to recommend the following work: U. S. Grant: American Hero, American Myth is not as detailed a biography of Grant. The book is in two parts, the first half being a biographical sketch of Grant which is a pretty fair introduction. The second half is a little different. In 2002, David Blight's Race and Reunion: The Civil War in American Memory launched the modern study of Civil War Memory. Still a developing field, the idea is to examine the changes in our memory as a society of the Civil War, to look at the varying views of the war and its key figures and events, and to try to understand why those views have changed over time and how they originated. The second half of Waugh's book is an examination of how the memory of Grant changed over time, how a man who was nearly elected to the Presidency for a third term, and who was hugely popular at the time of his death somehow became Grant the Butcher and Grant, President in a corrupt administration, and continues by looking at how Grant's reputation seems to be on the rise. These insights are again, quite valuable and a good reason to pick up a copy of Waugh in preference to Brands. Remembering the Battle of the Crater: War as Murder isn't directly about Grant, but it is very directly about Civil War Memory. The Battle of the Crater occurred towards the beginning of the ten month long "siege" of Petersburg. It was an attempt to breach the Confederate fortifications by detonating 8000lbs of gunpower in a tunnel which the Federal forces dug under a Confederate fortification. The detonation was tremendously destructive, but the Federal attack which followed up floundered due to various bad decisions on the part of the Federal command. One of the most notable features of the Federal attack was the extensive use of soldiers from the USCT (United States Colored Troops). The USCT troops were not correctly used, however (It's that bad decision making; Ferrero's USCT Division been trained to lead the assault and should have led it, but were replaced by untrained white troops the day before the battle, and a lack of training and leadership in that initial assault made all the difference. Ferrero's troops were instead in the later waves, fed into a attack that had already turned into a disaster.) Levin's first chapter outlines the battle, but he is not attempting present a detailed history (Hess is good for that.) Levin focuses on what came after the war, how the memory of the battle evolved, how the role of the USCT was largely omitted from historical accounts until the 70s and 80s, and the reasons why that happened. This book is a fine and well focused example of the current state of the study of Civil War Memory. Monday, December 3. 2012LEDs and CFLs and Halogens, Oh My!
so over the past couple of years, i've mostly converted the house from incandescents to CFLs, with a noticeable impact on the electric bills. i've noticed a couple of things in that time:
1) spiral CFLs come right up to their full illumination fairly quickly; CFLs in special envelopes that simulate conventional incandescents generally do not. 2) in most fixtures, spiral vs fake bulb doesn't matter, just use a spiral 3) equivalent wattage clams tend to be shaky, learn to think in lumens and treat watts as the power consumption measurement that it is 4) CFLs may have issues in "rough use" situations. i have an exterior light next to a heavily used exterior door; the slamming of the door seems to affect CFLs more. but the big thing that i'm here to write about today is this one: PAR30 CFLs in a recessed can don't really have much longer lives, the heat appears to be an issue. i have had two out of four i installed in the kitchen die after 2 years, whereas the other CFLs in the house seem to be going on and on. the PAR30s also seem to have not nearly the light output you want, and are particularly slow to produce what light they can. so i replaced one of the defunct PAR30 CFLs with a halogen (i have a bunch in the basement left over after the conversion), and i checked out current LED prices. while most of the LED bulb prices are still priced a bit high, i found Philips brand LEDs in the PAR30 format at Home Despot for less than $30. still high, but with projected brightness and long lifespans, i figured it was worth a crack. so i bought a 730 lumen warm white (2700 color temperature, same as conventional bulbs) LED bulb and installed it. 1) it's quite bright 2) it comes up to full brightness in about a second 3) the color is a fine match for the existing halogens 4) my wife wants more of them swapped in. not sure about the longevity, obviously, although there are claims of 20+ years. we shall see. Friday, November 23. 2012Emergency Services mapping: local policy
One of the issues that will come up in these projects is local variation. There will be differences on a state-by-state basis, and unique things within a jurisdiction. The only way we're going to learn about these is by pushing forward, but we can think about them in advance so that there's a plan.
Each time a new department or company is brought into the process, there will be a discovery period. Local statutes and policies will need to be figured out. There will be important items that are not necessarily appropriate as data for OSM. Thus, we will have the local policy file. I don't know what form this will take yet. I'm on a learning curve with mkgmap. I don't think there's an "emergency" mode for a Nuvi, and there are multiple classes of emergency vehicle. An ambulance is not a police car, is not a pumper, is not a hook-and-ladder truck, is not an extensible ladder truck. Each different class of equipment may have a different set of routing constraints. Some of these constraints can be configured using traditional OSM tagging (maxweight, maxheight, maxlength), but others may reflect specialized local knowledge. We are very likely going to end up with different maps for different equipment classes. We also must incorporate specific local knowledge. The local responders may be able to tell us that certain routes should not be taken if at all possible. We will need a way to describe that and get it into the GPS of choice. Now, and this is IMPORTANT: The primary application for this is not for a particular engine company or volunteer district responding in their own territory. The primary application is a mutual assistance call, where, say, the McKownville VFD receives a request for assistance from the neighboring Westmere VFD and needs to go somewhere they ordinarily don't. Whenever I describe the project to someone involved in the real world of firefighting, they invariably bring this issue up without any prompting on my part. Out of area response weighs heavily on the minds of firefighters. So there's one of the key areas that needs to be fleshed out -- how do we reflect local policy? Right now, I'm interested in ideas and approaches, not code. It's not time for code just yet. Have at it in the comments. Thursday, November 22. 2012OSM Emergency Services project: indemnification
Some recent discussion on the OSM tagging mailing list brought something to my attention that has to be a part of the Emergency Services Mapping project.
The additional component is indemnification. OSM and the cadre of Volunteer Mappers have no resources to defend a lawsuit. There will be a need to provide protection for them in our modern legal climate. I'm adding this to my presentation and will have to insure that protection for them is part of any formal project that gets launched.
« previous page
(Page 4 of 11, totaling 155 entries)
» next page
|
Calendar
QuicksearchArchivesCategoriesBlog AdministrationPowered byright side networked blogs |