Reading [entries|reading|network|archive]
simont

[ userinfo | dreamwidth userinfo ]
[ archive | journal archive ]

[syndicated profile] hacker_news_daily_feed Sun 2017-08-20 00:00
Daily Hacker News for 2017-08-19

The 10 highest-rated articles on Hacker News on August 19, 2017 which have not appeared on any previous Hacker News Daily are:

LinkReply
[syndicated profile] markov_stoats_feed Sat 2017-08-19 12:00
Saturday, 19 August 2017 : the Stoat Distribution of the Day.

stoats!

Day 1440. There are 357 red stoats, 170 blue stoats, and 473 green stoats.


LinkReply
[personal profile] andrewducker Sat 2017-08-19 12:00
Interesting Links for 19-08-2017

[xpost |http://andrewducker.livejournal.com/3609145.html]

LinkReply
[syndicated profile] hacker_news_daily_feed Sat 2017-08-19 00:00
Daily Hacker News for 2017-08-18

The 10 highest-rated articles on Hacker News on August 18, 2017 which have not appeared on any previous Hacker News Daily are:

LinkReply
[syndicated profile] schneier_no_tracking_feed Fri 2017-08-18 21:27
Friday Squid Blogging: Brittle Star Catches a Squid

Posted by Bruce Schneier

Watch a brittle star catch a squid, and then lose it to another brittle star.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

LinkReply
[syndicated profile] schneier_no_tracking_feed Fri 2017-08-18 19:14
More on My LinkedIn Account

Posted by Bruce Schneier

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account:

My Only LinkedIn Post (Yes, Really)

Welcome to my LinkedIn page. It looks empty because I'm never here. I don't log in, I never post anything, and I won't read any notes or comments you leave on this site. Nor will I accept any invitations or click on any "connect" links. I'm sure LinkedIn is a nice place; I just don't have the time.

If you're looking for me, visit my webpage at www.schneier.com. There you'll find my blog, and just about everything I've written. My e-mail address is schneier@schneier.com, if you want to talk to me personally.

I mirror my blog on my Facebook page (https://www.facebook.com/bruce.schneier/) and my Twitter feed (@schneierblog), but I don't visit those, either.

Now I hear that LinkedIn is e-mailing people on my behalf, suggesting that they friend, follow, connect, or whatever they do there with me. I assure you that I have nothing to do with any of those e-mails, nor do I care what anyone does in response.

LinkReply
[syndicated profile] xkcd_feed Fri 2017-08-18 04:00
Earth Orbital Diagram

You shouldn't look directly at a partial eclipse because of the damage that can be caused by improperly aligning the solar-lunar orbital plane with the orbital bones around your eye.
Link1 comment | Reply
[syndicated profile] schneier_no_tracking_feed Fri 2017-08-18 11:40
Unfixable Automobile Computer Security Vulnerability

Posted by Bruce Schneier

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network (CAN):

Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.

Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.

Details on how the attack works are here:

The CAN messages, including errors, are called "frames." Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame. When a device detects such an event, it writes an error message onto the CAN bus in order to "recall" the errant frame and notify the other devices to entirely ignore the recalled frame. This mishap is very common and is usually due to natural causes, a transient malfunction, or simply by too many systems and modules trying to send frames through the CAN at the same time.

If a device sends out too many errors, then­ -- as CAN standards dictate -- ­it goes into a so-called Bus Off state, where it is cut off from the CAN and prevented from reading and/or writing any data onto the CAN. This feature is helpful in isolating clearly malfunctioning devices and stops them from triggering the other modules/systems on the CAN.

This is the exact feature that our attack abuses. Our attack triggers this particular feature by inducing enough errors such that a targeted device or system on the CAN is made to go into the Bus Off state, and thus rendered inert/inoperable. This, in turn, can drastically affect the car's performance to the point that it becomes dangerous and even fatal, especially when essential systems like the airbag system or the antilock braking system are deactivated. All it takes is a specially-crafted attack device, introduced to the car's CAN through local access, and the reuse of frames already circulating in the CAN rather than injecting new ones (as previous attacks in this manner have done).

Slashdot thread.

LinkReply
[syndicated profile] markov_stoats_feed Fri 2017-08-18 12:00
Friday, 18 August 2017 : the Stoat Distribution of the Day.

stoats!

Day 1439. There are 351 red stoats, 176 blue stoats, and 473 green stoats.


LinkReply
[personal profile] liv Fri 2017-08-18 12:04
Helsinki, Worldcon

That was not the Worldcon I would have liked; I'd hoped to do as several of my friends did, and travel overland and explore some of the region. Or at least to really get immersed in the con itself. And I'd have liked a proper holiday with my partners and their children, which hasn't really happened this year though we've had a few short breaks.

In reality I was only able to go for the long weekend. I spent an eye-watering amount of money on a trip that didn't quite work for me, between flights, accommodation, Worldcon membership (when I actually only ended up attending for half a day), and just general living expenses in a not very well planned trip to an expensive city. It feels churlish to complain about being in a position to spend a bit too much on a less than perfect trip, and in many ways it was good, just not quite what I'd hoped for.

more details )

[location |Helsinki, Finland]
[Current Mood: | becolden]
[Current Music: |The Feeling: Fill my little world]

Link2 comments | Reply
[personal profile] andrewducker Fri 2017-08-18 12:00
Interesting Links for 18-08-2017

[xpost |http://andrewducker.livejournal.com/3608856.html]

Link2 comments | Reply
[syndicated profile] hacker_news_daily_feed Fri 2017-08-18 00:00
Daily Hacker News for 2017-08-17

The 10 highest-rated articles on Hacker News on August 17, 2017 which have not appeared on any previous Hacker News Daily are:

LinkReply
[personal profile] kaberett Thu 2017-08-17 20:24
[food] Beans bourdeto, sort of

I went to Corfu! I was introduced to Corfiot bean stew! I was a fan. I am also struggling to track down a recipe that will let me recreate the But That's Amazing Though that I experienced there, because it's generally made with fish and there are relatively few recipes online, which means my ability to take the average of multiple recipes is limited. Nonetheless!

Read more... )



... which I served up with The Rice Of My People, which I'd apparently somehow not made for A before; he is a Fan. It turns out. Read more... )
Link2 comments | Reply
[personal profile] andrewducker Thu 2017-08-17 19:23
What I plan to do for my birthday, by Andrew Ducker Age 44 362/365

Monday is my birthday, and to celebrate Jane is going to show me around Paris for a long weekend. We're off tomorrow morning, and arriving back on my actual Birthday (Monday), which is _also_ the anniversary of the first time she hugged me (after she came to the airport to meet me off the plane back from my trip around the Southlands).

I arrived home to discover that she had made this wonder in the living room:


And I am looking forward to being allowed to open any of the things underneath it!

(Jim is being left with strict instructions that he is not allowed to eat any of the boxes. Or the tree. Or be sick on any of them. Or peek inside.)
[xpost |http://andrewducker.livejournal.com/3608787.html]

Link4 comments | Reply
[personal profile] jack Thu 2017-08-17 13:34
Helsinki and Worldcon

I went to Helsinki for worldcon.

It was lovely to see osos and liv.

I always find travel a little stressful but I have got better at not worrying. It's still feels like more of a hurdle than travelling locally, even if it shouldn't, but less so.

Helsinki was nice. I didn't do a lot of exploring, but some. I love water, and enjoyed going to another city based on the sea. Helsinki itself isn't on as many islands as Stockholm, but the harbour is covered with them and several tourist attractions are on one island or another.

We went to the zoo, and I went out to the island fortress Suomelina, both nice ferry rides. Suomelina was originally fortified by Sweden when Finland was part of Sweden, and later controlled by Finland and by Russia, with modern fortifications added to the older ones. The original fortifications are incredible to see, vast stone walls dozens of feet thick with tunnels at the bottom surrounding grassy courtyards, and at the main entrance, stone steps swooping down to the sea from a giant gate that frames the sun.

When we flew back, I realised what Liv had already told me, but not previously realised the extent of, that there really are continuous islands all the way from Finland to Sweden.

Zoo pictures are slowly being uploaded on twitter :)

Food was expensive but fairly easy. Few places had good vegetarian options already on the menu, but everyone I spoke to was eager to to be flexible and make up a cheaper price for a plate full of all the side dishes, without me needing to explain or anything.

Part of the expense is being in a foreign conference centre when the pound is getting weaker, but as I understand it, Finland *is* typically more expensive. I don't know enough about it, but my impression is, partly due to needing to import more food, and partly due to higher taxes and wages. But I wish people would acknowledge that latter part when complaining.

Worldcon was fun. Registration was incredibly quick with a computerised "scan barcode and print label" system, and everything was well organised apart from being over-full on the first two days.

Most of the panels I went to were decent but none stood out to me as amazing.

I loved seeing authors I cared about, at the steven universe panel, at the wild cards panel (and winning hugos). The quantum computing panel didn't tell me a lot about the theory but was fascinating for telling us about what computers had practically been built -- and apparently IBM have one you can run programs on online!!

I had a better balance between different sorts of things, I did some panels, some meeting people. I met up with people, but didn't feel like I was constantly missing out on fun things just round the corner. I got some books I was excited by but not too many.
[xpost |http://cartesiandaemon.livejournal.com/1035937.html]

Link2 comments | Reply
[syndicated profile] markov_stoats_feed Thu 2017-08-17 12:00
Thursday, 17 August 2017 : the Stoat Distribution of the Day.

stoats!

Day 1438. There are 354 red stoats, 166 blue stoats, and 480 green stoats.


LinkReply
[syndicated profile] schneier_no_tracking_feed Thu 2017-08-17 11:12
Do the Police Need a Search Warrant to Access Cell Phone Location Data?

Posted by Bruce Schneier

The US Supreme Court is deciding a case that will establish whether the police need a warrant to access cell phone location data. This week I signed on to an amicus brief from a wide array of security technologists outlining the technical arguments as why the answer should be yes. Susan Landau summarized our arguments.

A bunch of tech companies also submitted a brief.

LinkReply
[personal profile] andrewducker Thu 2017-08-17 12:00
Interesting Links for 17-08-2017

[xpost |http://andrewducker.livejournal.com/3608369.html]

Link5 comments | Reply
[personal profile] kaberett Thu 2017-08-17 11:25
In which I grouse about some of the superficial shit that's stressing me out

Includes current politics + mental illness, HURRAH.

Read more... )



OKAY THAT WILL DO FOR NOW.
Link16 comments | Reply
[syndicated profile] hacker_news_daily_feed Thu 2017-08-17 00:00
Daily Hacker News for 2017-08-16

The 10 highest-rated articles on Hacker News on August 16, 2017 which have not appeared on any previous Hacker News Daily are:

LinkReply
navigation
[ viewing | most recent entries ]
[ go | earlier ]