April 29th, 2017


Click here to go see the bonus panel!

Hovertext:
Intimacy is about ten percent as important as winning.

New comic!
Today's News:

This is apparently the week of dirty jokes.

April 28th, 2017
solarbird: (ART-gonzo)
I am dogfooting my own neutral good style variant (mostly because hey look now i can use my phone on this site) so again let me know if you see something broken.

I know blockquotes worked in default colours, this is a test post in this custom colour set
Mood:: 'tipsy maybe' tipsy maybe
solarbird: From moongazeponies on deviantart (pony-pinkie-hax)
posted by [personal profile] solarbird at 05:34pm on 28/04/2017 under ,
You Want Mobile Dreamwidth, Artie? You Got It (again):

Neutral Good CSS patchset 0.81alpha, 29 April 2017.

Choose style "Neutral Good" in the journal style selector. Copypasta all of this into the Custom CSS box. It's 726 lines and includes Navbar 2.0. Apply "your style" to everything you can.

Fixes: lots. Changed comment cascades to work on mobile without horizontal scrolling. YES I SAID WITHOUT HORIZONTAL SCROLLING. Also fixed a lot of RSS feed stomping on the read page, and some other things on the read page, all of which means I can go back a couple of thousand entries in my Reading list and have NO FUCKING HORIZONTAL SCROLLING.

This is still an alpha and without warranty and all that, please report bugs. Thanks.
Mood:: 'ambitious' ambitious

Posted by Bruce Schneier

A "mysterious squid" -- big and red -- washed up on a beach in Carteret County, North Carolina. Someone found it, still alive, and set it back in the water after taking some photos of it. Squid scientists later decided it was a diamondback squid.

So, you think that O'Shea might know the identity of the squid Carey Walker found on the Portsmouth Island Beach, just by looking at an emailed photo or two? Indeed, he did. After a couple of days of back-and-forth emails -- it can be difficult to connect consistently with a world-famous man who lives now in Australia -- he reported that, while unusual to be seen on beaches in our parts, this was not a particularly unusual squid: It was a diamondback squid, known in scientific nomenclature as Thysanoteuthis rhombus.

T. rhombus, also known as the diamond squid or diamondback squid, is a large species that grows to about 100 centimeters in length, which translates to about 39 inches, and ranges in weight from 20 to 30 kilograms, which translates to 44 to 50 pounds. Which means that, if nothing else, Carey Walker is pretty good at estimating the weight and length of big red squids he picks up on remote beaches.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted by Bruce Schneier

Researchers have configured two computers to talk to each other using a laser and a scanner.

Scanners work by detecting reflected light on their glass pane. The light creates a charge that the scanner translates into binary, which gets converted into an image. But scanners are sensitive to any changes of light in a room­ -- even when paper is on the glass pane or when the light source is infrared -- which changes the charges that get converted to binary. This means signals can be sent through the scanner by flashing light at its glass pane using either a visible light source or an infrared laser that is invisible to human eyes.

There are a couple of caveats to the attack -- the malware to decode the signals has to already be installed on a system on the network, and the lid on the scanner has to be at least partially open to receive the light. It's not unusual for workers to leave scanner lids open after using them, however, and an attacker could also pay a cleaning crew or other worker to leave the lid open at night.

The setup is that there's malware on the computer connected to the scanner, and that computer isn't on the Internet. This technique allows an attacker to communicate with that computer. For extra coolness, the laser can be mounted on a drone.

Here's the paper. And two videos.

vortacist: (Default)
posted by [personal profile] vortacist in [community profile] wiscon at 02:03pm on 28/04/2017
(cross-posted from wiscon-talk Google group)

Hi all,

I've booked a room with two double beds for WisCon 41, and so far there are just two of us in it. I'd love to find more roommates!

About me: I'm a 36yo non-binary femme (they/them/theirs). This is my first WisCon, and I'm travelling solo. I'm allergic to smoke and critters with fur (so I come from a pet-free home); I do best in no/low-scent environments.

About the room: This is a Concourse-level quad room. It's costing me about $166 per night including taxes/fees, which I plan to split evenly among as many of us use it each night. I have the room Thursday evening through Tuesday morning (and so far there are two of us in it Thurs-Sun nights).

Quiet hours: Because of my chronic illness, I need to get a lot of sleep -- which means I'm looking at going to bed around 11:30pm or so each night and sleeping until 9 or 10 am. I wear earplugs and a mask, so lights on / people using phones/laptops / whispered conversations are fine, but loud conversations or having folks over for get-togethers are a no-go.

If you're interested in becoming a roommate or have questions, feel free to write me at this email address.

Best,
Kit


Click here to go see the bonus panel!

Hovertext:
Cartooning is actually my part-time job.

New comic!
Today's News:

BAHFest Sydney is now taking submissions! Check it out!

Posted by Bruce Schneier

There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here's another: using the phone's ambient light sensor to detect what's on the screen. It's a proof of concept, but the paper's general conclusions are correct:

There is a lesson here that designing specifications and systems from a privacy engineering perspective is a complex process: decisions about exposing sensitive APIs to the web without any protections should not be taken lightly. One danger is that specification authors and browser vendors will base decisions on overly general principles and research results which don't apply to a particular new feature (similarly to how protections on gyroscope readings might not be sufficient for light sensor data).

solarbird: justice rains on your face (pharah)
You want mobile Dreamwidth, Artie? You got it.

The base style REQUIRED is Neutral Good. That's the default "new user" style and is why I went at that one first. This is an extension (and something of a rewrite) of that style, entirely in CSS. It fixes many bugs on desktop, and gives you a functional mobile view of your reading list and your journal. It makes NO attempt to address system style issues on mobile.

The CSS overlay which you need to copy and paste into the "custom css" pane of the advanced style customisation interface is here:

http://solarbird.net/Livejournal/2017-04/neutral-good-update-solarbird-2017-04-27.txt

This will ALSO get you Navbar 2, the upgrade of Navbar I've been running for a while. (Yes, you can still disable it.) It will NOT get you Navbar 3, so you won't have the mobile version you see in the screenshots in my previous post. But the navbar will be better looking on desktop, and no worse on mobile.

THIS IS AN ALPHA RELEASE, only tested so far against Safari and Firefox. Please report bugs.

(Except for the one where replying to an extant comment in single-entry view causes iOS to autozoom still. I know about that one and I'll fix it. But other than that. Comments are particularly rough at the moment tbh.)

eta: Version 0.7 alpha replaced with version 0.8 alpha, same link. Abovementioned bug fixed, several other bugs fixed, more cleanup, vitally improved handling of cascading comment threads on mobile, a few other things.
Mood:: 'busy' busy
posted by [syndicated profile] krugman_oped_feed at 03:21am on 28/04/2017
posted by [syndicated profile] xkcd_feed at 04:00am on 28/04/2017
April 27th, 2017
solarbird: (Default)
posted by [personal profile] solarbird at 07:16pm on 27/04/2017 under ,
EVERYTHING BUT THE NAVBAR IS LIVE ON MY TESTBED ACCOUNT RIGHT NOW.

And will get broken as I continue to fuck with it. But still. Everything but Navbar 3 is real and live; these are otherwise-unedited iPhone screencaps.


User Logged In, User Panel, Mobile
 



User Logged In, Location Panel, Mobile
 



User Logged In, Find Panel, Mobile
 
Mood:: 'pleased' pleased
karzilla: a green fist above the word SMASH! (Default)
posted by [staff profile] karzilla in [site community profile] dw_maintenance at 03:03pm on 27/04/2017
We are planning to do a code push late this weekend, at approximately 8pm PDT / 11pm EDT / 3am UTC on Sunday, Apr 30 (or May 1 for you transatlantic types.).

I don't have a list of changes for you yet, but most will fall into the following categories: things users have complained about to support volunteers, things support volunteers have complained about to developers, things [staff profile] denise has complained about not working the way she expects them to (and as we all know, The Boss is Always Right), and things that were printing warnings over and over in the production server logs, making it hard to spot when less frequent, more urgent errors were being printed. Oh, and also all the unused code I ripped out at the roots, which if you notice that, I did it wrong.

To sum up: we are rolling out a bunch of requested changes, so thank you all for your feedback!

If you're new to Dreamwidth and interested in tracking our development process, our commit logs are published to [site community profile] changelog and [community profile] changelog_digest, and every month or so, one of our volunteers will translate those often-cryptic entries into witty, informative code tours! The most recent one was published on April 1, so we're about due for a new one. Hint, hint.

We'll update here again to let you know when the code push is imminent!


Click here to go see the bonus panel!

Hovertext:
I'm starting to wonder if I don't have some deeply repressed fantasy where I'm a middle aged woman who participates in overly blunt job interviews.

New comic!
Today's News:

HEY BRITAIN! Soonish is available in the UK. We've used metric units, added the letter "U" after every "O" and as a courtesy, every book will be lightly dampened with cold rain.

Available for preorder!

posted by [syndicated profile] bruce_schneier_feed at 11:20am on 27/04/2017

Posted by Bruce Schneier

Interesting paper: "The rise of reading analytics and the emerging calculus of reading privacy in the digital world," by Clifford Lynch:

Abstract: This paper studies emerging technologies for tracking reading behaviors ("reading analytics") and their implications for reader privacy, attempting to place them in a historical context. It discusses what data is being collected, to whom it is available, and how it might be used by various interested parties (including authors). I explore means of tracking what's being read, who is doing the reading, and how readers discover what they read. The paper includes two case studies: mass-market e-books (both directly acquired by readers and mediated by libraries) and scholarly journals (usually mediated by academic libraries); in the latter case I also provide examples of the implications of various authentication, authorization and access management practices on reader privacy. While legal issues are touched upon, the focus is generally pragmatic, emphasizing technology and marketplace practices. The article illustrates the way reader privacy concerns are shifting from government to commercial surveillance, and the interactions between government and the private sector in this area. The paper emphasizes U.S.-based developments.

solarbird: (korra-on-the-air)
posted by [personal profile] solarbird at 01:07am on 27/04/2017 under ,
Well, I've at least managed to clear my browser tabs.

Fascism/authoritarianism and the corporatist state:
  • Rep. Adam Schiff on @MSNBC: It sounds like the W.H. has paperwork from Mike Flynn that they weren't willing to give to the Oversight Cmte.
  • Justices Alarmed by Government’s Hard-Line Stance in Citizenship Case
  • Trump says he may break up 9th Circuit Court after rulings go against him
  • Juvenile criminal defense attorneys forced to agree to Taser's terms of service to see the state's evidence
Corruption and looting:
  • The tale of the dictator’s daughter and her prince
  • Mar-a-Lago blog was not reviewed before posting on State site
  • Whitehouse Files Hatch Act Complaint Over Pruitt Participation in Oklahoma GOP Fundraiser
  • Nominee to head FDA joined effort to get a drug company more fentanyl
  • Trump tax proposal would slash taxes for his businesses
  • At Trump’s EPA, Less Science and More Industry
  • Trump orders review of national monuments to allow development
  • MNUCHIN: we are going to eliminate on the personal side all tax deductions other than mortgage interest and charitable deductions.
  • Trump Tax Plan Slashes Individual and Corporate Rates
Xenophobia and reactions against:
  • White House Optimism on Shutdown Complicated by Trump Demands
  • When is a wall not a wall? GOP redefines Trump’s border wall
  • Police Chief Meidl: In Spokane, undocumented immigrant crime is practically nonexistent
Trumpcare/Chumpcare 2.0:
  • Republicans exempt their own insurance from their latest health care proposal
  • Apparently repealing Obamacare could violate international law
Trade:
  • Trump puts EU ahead of Britain in trade queue
  • Trump Administration Puts Trade Deal With EU Ahead of Post-Brexit Britain
  • Republicans tell Trump to hold up on NAFTA withdrawal
Brutal horribleness:
  • Sandy Hook truther Alex Jones asks for privacy in custody battle ‘for the sake of my children’
(Alex Jones spent a lot of time siccing conspiracy theory haters on the parents of the children murdered at Sandy Hook, claiming the shooting didn't happen and was staged. The abuse, stalking, and harassment the parents of the dead children suffered was truly barbaric, and Alex Jones was the primary motivator here.)

Everything else:
  • Different president, same old government shutdown threats
  • Republican North Carolina judge resigns — and slams the GOP on the way out
  • Trump’s over-the-top, boastful AP interview, annotated

Good luck out there.

It's April 27th, 2017; this is the news )
Mood:: 'blank' blank
April 26th, 2017
posted by [syndicated profile] bruce_schneier_feed at 11:14am on 26/04/2017

Posted by Bruce Schneier

There's a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract:

In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies, we examine the composition and variation across three primary components: The coverage and exclusions of first and third party losses which define what is and is not covered; The security application questionnaires which are used to help assess an applicant's security posture; and the rate schedules which define the algorithms used to compute premiums.

Overall, our research shows a much greater consistency among loss coverage and exclusions of insurance policies than is often assumed. For example, after examining only 5 policies, all coverage topics were identified, while it took only 13 policies to capture all exclusion topics. However, while each policy may include commonly covered losses or exclusions, there was often additional language further describing exceptions, conditions, or limits to the coverage. The application questionnaires provide insights into the security technologies and management practices that are (and are not) examined by carriers. For example, our analysis identified four main topic areas: Organizational, Technical, Policies and Procedures, and Legal and Compliance. Despite these sometimes lengthy questionnaires, however, there still appeared to be relevant gaps. For instance, information about the security posture of third-party service and supply chain providers and are notoriously difficult to assess properly (despite numerous breaches occurring from such compromise).

In regard to the rate schedules, we found a surprising variation in the sophistication of the equations and metrics used to price premiums. Many policies examined used a very simple, flat rate pricing (based simply on expected loss), while others incorporated more parameters such as the firm's asset value (or firm revenue), or standard insurance metrics (e.g. limits, retention, coinsurance), and industry type. More sophisticated policies also included information specific information security controls and practices as collected from the security questionnaires. By examining these components of insurance contracts, we hope to provide the first-ever insights into how insurance carriers understand and price cyber risks.

solarbird: (korra-on-the-air)
posted by [personal profile] solarbird at 01:19am on 26/04/2017 under ,
I'm overbooked this week; Anna's nasal surgery on Monday went about as planned, but there is much more time-consuming aftercare than I understood, and while this needed to happen, it is a lot of time away from other things. Here's a partial catch-up, with emphasis on fascism and neo-fascist activities.

Russia:
  • Republican Oversight Leader: Michael Flynn Apparently Broke the Law
  • EXCLUSIVE: Sebastian Gorka’s Ties To Nazi-Allied Group Stretch Back Decades
  • Senate Russia probe flounders amid partisan bickering
  • Senate Trump-Russia Probe Has No Full-Time Staff, No Key Witnesses
  • Macron Victim of Cyber Attack Similar to U.S. Democratic Party’s
  • Donald Trump, Jr., retweeting Nigel Farage endorsing Marine Le Pen. Global. White. Nationalist. Authoritarianism. Movement.

Misogyny:
  • A GOP Lawmaker Has Been Revealed As The Creator Of Reddit’s Anti-Woman ‘Red Pill’ Forum
  • And here it is, the NH state rep and founder of The Red Pill talking about why he should get to sleep with underage girls
  • Donald Trump to strip all funding from State Department team promoting women's rights around the world
  • Inside The Online Community Of Men Who Preach Removing Condoms Without Consent

Corruption and farce:
  • House Oversight Committee calls on Trump’s business to prove he’s not violating the Constitution
  • Ivanka Trump adds a chief of staff
  • Report: Trump won't fire Spicer because 'the guy gets great ratings'

Chechnya:
  • Gay men detained in Chechnya give accounts of abuse, electrocution
  • President of Chechnya Intends to Eliminate All Gay Men There by Ramadan

And three unsorted:
  • Trump’s Sanctuary Cities Order Blocked by Federal Judge
  • Resilience of the Resistance
  • May Benefits as Britain's Pro-Brexit Party Loses Supporters

It's April 26th, 2017; this is the news )
Mood:: 'busy' busy
solarbird: justice rains on your face (pharah)
posted by [personal profile] solarbird at 12:18am on 26/04/2017 under , ,
Looks like Navbar version 3 might get fast-tracked. Mobile and desktop both. Might even be in next Monday's news post. Excellent.
Mood:: 'pleased' pleased

April

SunMonTueWedThuFriSat
        1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13 14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30