After a lot of really difficult work and evaluating a half-dozen 3rd-party libraries, I've finally gotten a round-trip between a local ASP.NET application and SalesForce. This is the first victory in two big battles against the SalesForce integration model I've been fighting for the last two weeks.

The next hurdle will be to get the SalesForce API to accept my application's SAML assertion after the user is authenticated. I really have no idea how to do that yet—and no one I've spoken with knows, either.

Still, this was a good way to end a long work-week. And soon: pizza.

As a large part of my brain noodles on how to get multiple IDPs to work with a single RP, a smaller part of my brain has looked out the window and realized Chicago is having a normally crappy April:

• The are 5-13 after allowing a run in the bottom of the 13th last night in Milwaukee;
• It's 13°C 7°C and raining, which is great because we need the rain and cool weather; and
• ...well, that's all I got right now.

I had a third thing, but SAML got in the way, I guess.

...you know it's going to be bad. And it really is:

Passed in 2012 after a 60 Minutes report on insider trading practices in Congress, the STOCK Act banned members of Congress and senior executive and legislative branch officials from trading based on government knowledge. To give the ban teeth, the law directed that many of these officials' financial disclosure forms be posted online and their contents placed into public databases. However, in March, a report ordered by Congress found that airing this information on the Internet could put public servants and national security at risk. The report urged that the database, and the public disclosure for everyone but members of Congress and the highest-ranking executive branch officials -- measures that had never been implemented -- be thrown out.

The government sprang into action: last week, both chambers of Congress unanimously agreed to adopt the report's recommendations. Days later, Obama signed the changes into law.

Bluntest of all was Bruce Schneier, a leading security technologist and cryptographer. "They put them personally at risk by holding them accountable," Schneier said of the impact of disclosure rules on Congress members and DC staffers. "That's why they repealed it. The national security bit is bullshit you're supposed to repeat." (Three of the four experts we consulted opted for the same term of choice.)

As Schneier said, "There was a security risk, but it was not a national security risk. It was a personal Congressperson risk." And that was enough to stymie transparency.

One commenter on the original CRJ article points out, "Right, they're concerned about people getting their personal info online...as they pass CISPA."

This was a bipartisan effort, by the way.

Via Sullivan, a new Google Chrome plugin that allows you to embed secret messages in photos you post on Facebook:

That’s the idea behind Secretbook, a browser extension released this week by 21-year-old Oxford University computer science student and former Google intern Owen-Campbell Moore. With the extension, anyone — you, your sister, a terrorist — could share messages hidden in JPEG images uploaded to Facebook without the prying eyes of the company, the government or anyone else noticing or figuring out what the messages say. The only way to unlock them is through a password you create.

The extension is only available for the Google Chrome browser — Campbell-Moore cites its developer tools and popularity — and the messages are restricted to 140 characters. Less certain is what Facebook thinks; a spokesman declined to comment. But it’s still the first time anyone’s managed to figure out how to automate digital steganography — the practice of concealing messages inside computer files — through Facebook, the world’s biggest social media platform. Unlike cryptography, which uses ciphertext to encrypt messages, steganographic messages are simply hidden where no one would think to look.

Calling Bruce Schneier...

Too much going on:

• Paul Murphy at Financial Times thinks Cyprus will do the right thing
• Microsoft released figures about national security letters the FBI has sent it
• .NET 4 introduced the System.Numerics.Complex type
• Microsoft's Channel 9 posted a video about migrating applications to Azure virtual machines
• Jeff Atwood makes a case for the Ruby language
• BuzzFeed imagines Twitter's 7th anniversary promo video with the Inception theme
• No one really cares about LinkedIn endorsements
• T-Mobile has put up an animated graphic showing cyber attacks in real time

Now, I will go back to drafting documentation while I wait for AT&T to reconfigure my DSL and kill my landline. I've had a POTS ("plain old telephone service") twisted-pair line longer than most people on earth have been alive. After today, no longer. I don't think I'll miss it, either. I only have it because I have a business-class DSL, which I don't need anymore, and the only people who call it want money from me.

Security guru Bruce Schneier examines Papal election security:

Probably the biggest risk is complacency. What might seem beautiful in its tradition and ritual during the first ballot could easily become cumbersome and annoying after the twentieth ballot, and there will be a temptation to cut corners to save time. If the Cardinals do that, the election process becomes more vulnerable.

A 1996 change in the process lets the cardinals go back and forth from the chapel to their dorm rooms, instead of being locked in the chapel the whole time, as was done previously. This makes the process slightly less secure but a lot more comfortable.

There are also enormous social -- religious, actually -- disincentives to hacking the vote. The election takes place in a chapel and at an altar. The cardinals swear an oath as they are casting their ballot -- further discouragement. The chalice and paten are the implements used to celebrate the Eucharist, the holiest act of the Catholic Church. And the scrutineers are explicitly exhorted not to form any sort of cabal or make any plans to sway the election, under pain of excommunication.

Of course, no amount of security in the world will prevent the electors from replacing Joseph Ratzinger with someone at least as out-of-touch and reactionary as he is, given the constitution of the cardinality these days.

More things I gotta read later:

• The New York Times has a thorough look at their recent security problems, and security writer Nick Selby takes Symantec to task for its response.
• The Atlantic posted photos of Grand Central Station commemorating its 100th birthday this month.
• Sarah Goodyear imagines drone-proof cities in the Middle East.

Now, back to rewriting an authentication provider...

Via Bruce Schneier, apparently some of the confetti thrown at the Macy's Thanksgiving Day Parade last weekend came from the Nassau County Police:

A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.

They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month.

Most significant, the confetti strips identified Nassau County detectives by name. Some of them are apparently undercover. Their social security numbers, dates of birth and other highly sensitive personal information was also printed on the confetti strips.

I expect the follow-up story to describe how a document destruction company now faces a massive lawsuit...

James Fallows, reacting to the Patreaus debacle, reminds everyone of the obvious:

Here is the secret plan:

Never put anything in an email message, to anyone, that would cause you serious problems if it fell into the wrong hands.

That's the plan™. All of it. Never do this. Ever.

Yep. This is the advice security experts have given for, well, ever.

My latest entry is up on the 10th Magnitude tech blog.

You can also read it right here.

Via Sullivan, artist Heather Dewey-Hagborg is creating 3D portraits from random hairs:

Collecting hairs she finds in random public places – bathrooms, libraries, and subway seats – she uses a battery of newly developing technologies to create physical, life-sized portraits of the owners of these hairs. You can see the portrait she’s made from her own hair in the photo below. While the actual likeness is a point of contention, these images bring about some creepy-yet-amazing comments; on genetic identity (how much of “you” really resides in your DNA?); on the possibilities of surveillance (what if your jealous partner started making portraits from hairs they found around your house?); and on the subjectivity inherent in working with “hard” data and computer systems (how much of a role do human assumptions play in this machine made portrait?).

The artist's site is here.

All right. This came a little sooner than I expected, and from a different source. I've long recognize the necessity of adapting to, rather than raging impotently against, the fundamental changes to the security and privacy mores we've had for several thousand years. (As Bruce Schneier has pointed out, "Fifteen years ago, [CCTV cameras] weren't everywhere. Fifteen years from now, they'll be so small we won't be able to see them.") But this project, if it works as hoped, actually freaks me out a little.

I'm going to whistle past this graveyard for the time being...

I have just spent an hour of my life—one that I will never get back—trying to figure out why I couldn't install any software from .msi files on one of my Windows 7 machines. Every time I tried, I would get a message that the installer "could not find the file specified."

If you're interested in this, or you want to see a stupid rage comic face, click through:

Last weekend I described moving my email hosting from my living room home office out to Microsoft Exchange Online. And Thursday I spent all day at a Microsoft workshop about Windows Azure, the cloud computing platform on which my employer, 10th Magnitude, has developed software for the past two years.

In this post, I'm going to describe the actual process of migrating from an on-site Exchange 2007 server to Exchange Online. If you'd prefer more photos of Parker or discussions about politics, go ahead and skip this one.

The FBI has put together a committee of university presidents to root out foreign spies who have infiltrated American colleges:

While overshadowed by espionage against corporations, efforts by foreign countries to penetrate universities have increased in the past five years, [Frank] Figliuzzi, [Federal Bureau of Investigation assistant director for counterintelligence] said. The FBI and academia, which have often been at loggerheads, are working together to combat the threat, he said.

Attempts by countries in East Asia, including China, to obtain classified or proprietary information by “academic solicitation,” such as requests to review academic papers or study with professors, jumped eightfold in 2010 from a year earlier, according to a 2011 U.S. Defense Department report. Such approaches from the Middle East doubled, it said.

The problem with this, as a number of people pointed out in the article, is that academics share information freely. That's their freaking job. And the U.S. has hundreds of thousands of foreign students—76,000 from China alone—because, for now anyway, we have the best schools in the world.

Of course the FBI should go after real spies, and discovering former Russian intelligence agent Sergei Tretyakov probably prevented Russia from stealing information that would have helped them catch up to where we'd gotten ten years earlier.

The university presidents on the FBI's committee need to remember their first duty. I hope some of them will remind the FBI that suspecting lots of foreigners of trying to spy on us will cost more than it will save.

This is a very old conversation. There are always people who see enemies everywhere. Sometimes they're right; but we need to make sure that when they're wrong, they don't cause more damage than they're trying to prevent.

Raganwald yesterday posted a facetious resignation outlining the dangers to employers of asking prospective employees to disclose social media information:

I have been interviewing senior hires for the crucial tech lead position on the Fizz Buzz team, and while several walked out in a huff when I asked them to let me look at their Facebook, one young lady smiled and said I could help myself. She logged into her Facebook as I requested, and as I followed the COO’s instructions to scan her timeline and friends list looking for evidence of moral turpitude, I became aware she was writing something on her iPad.

“Taking notes?” I asked politely.

“No,” she smiled, “Emailing a human rights lawyer I know.” To say that the tension in the room could be cut with a knife would be understatement of the highest order. “Oh?” I asked. I waited, and as I am an expert in out-waiting people, she eventually cracked and explained herself.

“If you are surfing my Facebook, you could reasonably be expected to discover that I am a Lesbian. Since discrimination against me on this basis is illegal in Ontario, I am just preparing myself for the possibility that you might refuse to hire me and instead hire someone who is a heterosexual but less qualified in any way. Likewise, if you do hire me, I might need to have your employment contracts disclosed to ensure you aren’t paying me less than any male and/or heterosexual colleagues with equivalent responsibilities and experience.”

Three things:

• He's right on the main point. Looking through employees' Facebook pages uninvited is tricky enough. Determining whether or not to hire someone based on a Facebook page is closer to the line. Forcing the disclosure crosses the line, surveys the land, plants a flag, and invites the natives to kill you in your sleep.
• Disclosing a password to anyone for any reason is, almost always, a bad idea. Authentication is half of security (the other is authorization, which depends on you being who you say you are). The corollary to authentication is deniability. If you lose control over your Facebook password, you expose yourself to identity theft. To emphasize this point, in our office we routinely prank developers who leave their keyboards unlocked when they leave the room. Walking away at a client site could let clients see other clients' materials, for starters, but it also could allow someone to send email or make Facebook posts in your name.
• I am proud to report that Illinois is right now passing a law to prohibit this practice. It will probably be signed later this month.

I don't want to lose these things:

• The Economist hosted an online debate about aviation security between security expert Bruce Schneier and TSA director Kip Hawley.
• The Atlantic explains why conservatives are afraid of cities.
• a la card Chicago, which sells a deck of 52 $10-off coupons to area restaurants, has a one-day promotion today for 50% off. (Enter code "SPRING2012" in the appropriate box.

That is all. More UK and France photos later today.

I've spent the morning working at the Peet's Coffee in Half Moon Bay, Calif.. For some reason, this location has blocked HTTP access to most Google addresses.

The most obvious symptom is that browser requests to Google, Youtube, and other Google properties (including GMail) simply don't go through. Chrome reports "connection reset" after timing out; IE simply spins into oblivion. Another symptom, which took me a few moments to figure out, is that sites that have Google Analytics bugs (like this one) sometimes, but not always, fail to load. Reading the page source shows that the entire page has loaded, but the browser doesn't render the page because part of it is being blocked.

Using nothing more sophisticated than Ping and Tracert, I've determined that the block occurs pretty close to my laptop, possibly even in the WiFi router or in Peet's proxy server. Pinging Google's public DNS service (8.8.8.8) works fine, as does making nslookup requests against it. But pinging www.google.com, www.youtu.be, and www.gmail.com all fail. Tracerts to these URLs and directly to their public IPs also fail at the very first hop.

Google IPs appear to start with 74.125.x.y. Tracert to 8.8.4.4 passes through 74.125.49.85 a few hops away; www.google.com resolves to 74.125.224.84; etc. However, reverse DNS lookups show something slightly different. 8.8.4.4 resolves back to google-public-dns-b.google.com; however, 74.125.224.84 resolves back to nuq04s07-in-f20.1e100.com. 74.125.224.69 (www.youtu.be) resolves back to another 1e100.com address.

All other sites appear to work fine, with decent (megabit-speed) throughput.

So, the mystery is: who has blocked Google from this Peet's store, and why? I have sent Peet's a request for comment.

A man accused of rape in Alabama got into an online argument with the Jefferson County Sheriff's Office on the office's Facebook page:

U.S. Marshals took Dustin McCombs into custody today in Ohio, said Chief Deputy Randy Christian.

The U.S. Marshal's Gulf Coast Regional Task for in Birmingham shared information with their counterparts in Ohio who tracked down the fugitive.

McComb's was featured on the Jefferson County Sheriff Department's Facebook page as its "Creep of the Week" because of an outstanding forcible rape charge.

McCombs apparently decided that was a challenge, taking up a posting duel with the department on Facebook, according to the website Gizmodo.

Of course, McCombs has not been convicted of the crime that led to his arrest warrant, but wow is he stupid. The entire exchange is still available on Failbook, and worth a look. So is the sheriff's Facebook page, which seems like an effective use of social media by government.

Welcome back. We were dark today to protest two flawed legislative proposals, the Stop Online Piracy Act and the Protect IP Act.

The administration today hinted at a threat to veto SOPA, while several senators have withdrawn support for PIPA in response to the blackout protests around the Internet:

Co-sponsors who say they can no longer support their own legislation include Senators Marco Rubio, a Florida Republican, Roy Blunt, a Missouri Republican, and Ben Cardin, a Maryland Democrat. Republican Representatives Ben Quayle of Arizona, Lee Terry of Nebraska, and Dennis Ross of Florida also said they would withdraw their backing of the House bill.

Rubio said he switched his position on the Senate measure, the Protect IP Act, after examining opponents’ contention that it would present a “potentially unreasonable expansion of the federal government’s power to impact the Internet,” according to a posting today on Facebook. Blunt said in a statement today he is withdrawing as a co-sponsor of the Senate bill.

The Washington Monthly explains the administration's volte face on SOPA:

The White House didn’t issue a veto threat, per se, but the administration’s chief technology officials concluded, “We will not support legislation that reduces freedom of expression, increases cybersecurity risk or undermines the dynamic, innovative global Internet.” The statement added that any proposed legislation “must not tamper with the technical architecture of the Internet.” The White House’s position left SOPA and PIPA, at least in their current form, effectively dead.

The state of play in the Senate is a little different — a PIPA vote is likely next Tuesday — but even in the upper chamber, the bill is quickly losing friends. Sen. Scott Brown (R-Mass.) announced his opposition yesterday, and Sen. Ben Cardin (D-Md.), a former co-sponsor of PIPA, is also now against it.

The President did, however, shut down the Keystone XL pipeline (at least for now).

So, in all, this was a pretty good day for the people.

Update: Via Coding Horror, Mozilla Foundation Chair Mitchell Baker has a great description of why PIPA and SOPA are so awful.

The largest encyclopedia ever assembled will go offline tomorrow to protest against the Stop Online Piracy Act, currently working its way through Congress's collective bowels. From Wikipedia's public statement:

[T]he Wikimedia Foundation is asked to allocate resources and assist the community in blacking out the project globally for 24 hours starting at 05:00 UTC on January 18, 2012, or at another time as determined by the Wikimedia Foundation. This should be carried out while respecting technical limitations of the underlying software, and should specifically prevent editing wherever possible. Provisions for emergency access to the site should be included in the blackout software. In order to assist our readers and the community at large to educate themselves about SOPA and PIPA, these articles and those closely related to them will remain accessible for reading purposes if possible. Wikipedians are urged to work with WMF staff to develop effective messaging for the "blackout screens" that directs readers to suitable online resources. Sister projects, such as the German and Italian Wikipedias and Wikimedia Commons, have indicated an intention to support the same principles with banners on those sites, and the support of other projects is welcome and appreciated.

Twitter CEO Dick Costolo is unimpressed: " 'That's just silly. Closing a global business in reaction to single-issue national politics is foolish,' Costolo [said]."

For what it's worth, my U.S. Senators are split: Senator Mark Kirk (R-IL) claims to be opposed to it, while Senator Dick Durbin (D-IL) is a co-sponsor of the Senate's version. Neither has any material on his website about it. I have written to Senator Durbin and to Representative Mike Quigley (D-IL) for comment.

Via Sullivan, a constitutional analysis of the Stop Online Piracy Act:

To begin with, the bills represent an unprecedented, legally sanctioned assault on the Internet’s critical technical infrastructure. Based upon nothing more than an application by a federal prosecutor alleging that a foreign website is “dedicated to infringing activities,” Protect IP authorizes courts to order all U.S. Internet service providers, domain name registries, domain name registrars, and operators of domain name servers—a category that includes hundreds of thousands of small and medium-sized businesses, colleges, universities, nonprofit organizations, and the like—to take steps to prevent the offending site’s domain name from translating to the correct Internet protocol address.

This not only violates basic principles of due process by depriving persons of property without a fair hearing and a reasonable opportunity to be heard, it also constitutes an unconstitutional abridgement of the freedom of speech protected by the First Amendment. The Supreme Court has made it abundantly clear that governmental action suppressing speech, if taken prior to an adversary proceeding and subsequent judicial determination that the speech in question is unlawful, is a presumptively unconstitutional “prior restraint.” In other words, it is the “most serious and the least tolerable infringement on First Amendment rights,” permissible only in the narrowest range of circumstances. The Constitution requires a court “to make a final determination” that the material in question is unlawful “after an adversary hearing before the material is completely removed from circulation.”

(Emphasis in quoted blog post; references removed.)

I've already written to my representative in Congress; have you written to yours?

Given my activities yesterday (i.e., going through airport security), I found the latest interview with Bruce Schneier timely and once again correct:

As we came by the checkpoint line, Schneier described one of these aspects: the ease with which people can pass through airport security with fake boarding passes. First, scan an old boarding pass, he said—more loudly than necessary, it seemed to me. Alter it with Photoshop, then print the result with a laser printer. In his hand was an example, complete with the little squiggle the T.S.A. agent had drawn on it to indicate that it had been checked. “Feeling safer?” he asked.

To a large number of security analysts, [the billions we've spent on security theater] makes no sense. The vast cost is not worth the infinitesimal benefit. Not only has the actual threat from terror been exaggerated, they say, but the great bulk of the post-9/11 measures to contain it are little more than what Schneier mocks as “security theater”: actions that accomplish nothing but are designed to make the government look like it is on the job. In fact, the continuing expenditure on security may actually have made the United States less safe.

Yes. We spend money on high-tech, whiz-bang solutions to human-intelligence problems. The attack on 9/11 can't happen again in the U.S., not because of full-body scanners at airports, but because of reinforced cockpit doors and vigilant passengers. Should we let just anyone board a transport airplane without a security check[1]? No, of course not; but we should make the checks effective, rather than flamboyant.

Security, however, tends to ratchet up, because no one wants to be the guy who relaxed security right before an attack. And we know an attack will happen someday; nihilists are not easily dissuaded from their crimes. Still, one can hope.

A little housekeeping: if the blog seems slow today, thank this entry, which has got over 70,000 page views yesterday through 19:00 CDT and continues to get hit today. (Usual site traffic is about 4,000 page views per day, total.)

So, there's nothing wrong with either the blog or with your carrier. It's just a lot more traffic than my servers usually get.

I'm David Braverman, this is my blog, and Parker is my 5-year-old mutt. I last updated this About... page in February, but some things have changed. In the interest of enlightened laziness I'm starting with the most powerful keystroke combination in the universe: Ctrl-C, Ctrl-V.

Twice. Thus, the "point one" in the title.

The Daily Parker is about:

• Parker, my dog, whom I adopted on 1 September 2006.
• Politics. I'm a moderate-lefty by international standards, which makes me a radical left-winger in today's United States.
• Photography. I took tens of thousands of photos as a kid, then drifted away from making art until a few months ago when I got the first digital camera I've ever had that rivals a film camera. That got me reading more, practicing more, and throwing more photos on the blog. In my initial burst of enthusiasm I posted a photo every day. I've pulled back from that a bit—it takes about 30 minutes to prep and post one of those puppies—but I'm still shooting and still learning.
• The weather. I've operated a weather website for more than ten years. That site deals with raw data and objective observations. Many weather posts also touch politics, given the political implications of addressing climate change, though happily we no longer have to do so under a president beholden to the oil industry.
• Chicago, the greatest city in North America, and the other ones I visit whenever I can.

I've deprecated the Software category, but only because I don't post much about it here. That said, I write a lot of software. I work for 10th Magnitude, a startup software consultancy in Chicago, I've got about 20 years experience writing the stuff, and I continue to own a micro-sized software company. (I have an online resume, if you're curious.) I see a lot of code, and since I often get called in to projects in crisis, I see a lot of bad code, some of which may appear here.

I strive to write about these and other things with fluency and concision. "Fast, good, cheap: pick two" applies to writing as much as to any other creative process (cf: software). I hope to find an appropriate balance between the three, as streams of consciousness and literacy have always struggled against each other since the first blog twenty years ago.

If you like what you see here, you'll probably also like Andrew Sullivan, James Fallows, Josh Marshall, and Bruce Schneier. Even if you don't like my politics, you probably agree that everyone ought to read Strunk and White, and you probably have an opinion about the Oxford comma—punctuation de rigeur in my opinion.

Another, non-trivial point. Facebook reads the blog's RSS feed, so many people reading this may think I'm just posting notes on Facebook. Facebook's lawyers would like you to believe this, too. Now, I've reconnected with tons of old friends and classmates through Facebook, I play Scrabble on Facebook, and I eagerly read every advertisement that appears next to its relevant content. But Facebook's terms of use assert ownership of everything that appears on their site, regardless of prior claims, which contravenes four centuries of law.

Everything that shows up on my Facebook profile gets published on The Daily Paker first, and I own the copyrights to all of it (unless otherwise disclosed). I publish the blog's text under a Creative Commons attribution-nonderivative-noncommercial license; republication is usually OK for non-commercial purposes, as long as you don't change what I write and you attribute it to me. My photos, however, are published under strict copyright, with no republication license, even if I upload them to other public websites. If you want to republish one of my photos, just let me know and we'll work something out.

Anyway, thanks for reading, and I hope you continue to enjoy The Daily Parker.

I don't have all the details, but it looks like an employee at one of the hospital's vendors did something really stupid:

A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.

Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.

Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.

One can easily see how this happened: someone on the billing contractor's staff was taking a class of some kind and decided to use real, live, HIPAA-protected data for a project. My law-school Wills instructor, Jerry Leitner, would explain this by the "omnibus explanation," the thing that explains nearly every human endeavor that ends badly: stupidity.

The article mentions Stanford got fined $250,000 from the breach. I wonder if they'll be able to get a contribution award from the contractor?

Gulliver this afternoon examines whether we might want to examine them:

A new academic paper [PDF] from John Mueller (of The Ohio State University) and Mark Stewart (of the University of Newcastle in Australia) attempts to determine whether the return on investment justified those huge expenditures. ... [T]he findings in this paper are truly remarkable. By 2008, according to the authors, America's spending on counterterrorism outpaced all anti-crime spending by some $15 billion. Messrs Mueller and Stewart do not even include things like the wars in Iraq and Afghanistan (which they call "certainly terrorism-determined") in their trillion-plus tally.

"[A] most common misjudgment has been to embrace extreme events as harbingers presaging a dire departure from historical patterns. In the months and then years after 9/11, as noted at the outset, it was almost universally assumed that the terrorist event was a harbinger rather than an aberration. There were similar reactions to Timothy McVeigh’s 1995 truck bomb attack in Oklahoma City as concerns about a repetition soared. And in 1996, shortly after the terrorist group Aum Shinrikyo set off deadly gas in a Tokyo subway station, one of terrorism studies' top gurus, Walter Laqueur, assured the world that some terrorist groups 'almost certainly' will use weapons of mass destruction 'in the foreseeable future.' Presumably any future foreseeable in 1996 is now history, and Laqueur’s near 'certainty' has yet to occur."

The paper also found that anti-terror spending has outpaced anti-crime spending by some $15 bn, despite crime costing society significantly more. The paper doesn't go into the politics of why this might be so, but I'll hazard a guess that cutting crime benefits more people a little while spending on anti-terror measures benefits a few people quite a bit. Lowering the likelihood that my car will suffer $300 in damage from a break-in has less immediacy than a $30m contract for a new security gadget would were I in that line of business.

Via Bruce Schneier, the author of How the End Begins describes how no one can ever be absolutely certain an order to destroy civilization is authentic:

Can the president start a nuclear war on his own authority—his own whim or will—alone? The way Brigadier Gen. Jack D. Ripper did in Dr. Strangelove? What if a president went off his meds, as we'd say today, and decided to pull a Ripper himself? Or what if a Ripper-type madman succeeded in sending a falsely authenticated launch order? You're about to kill 10 million people, after all.

Anyway, back down there in your launch capsule you might allow yourself to wonder: "This launch order, is this for real or for Nixon's indigestion?"

If you were asking yourself that question, you wouldn't be the only one. James Schlesinger, secretary of defense at that time, No. 2 in the nuclear chain of command, was reported to be so concerned about Nixon's behavior that he sent word down the chain of command that if anyone received any "unusual orders" from the president they should double-check with him before carrying them out.

So there you are, having just received the order to launch nuclear genocide. Should you suppress any doubts, twist your launch key in the slot simultaneously with your fellow crewman and send death hurtling toward millions of civilians halfway around the world? Without asking questions? That's what you're trained to do, not ask questions. Trainees who asked questions were supposed to be weeded out by the Air Force's "psychiatric consideration of human reliability" requirement. I've read this absurd Strangelovian document, which defined sane and reliable as being willing to kill 10 or 20 million people with the twist of a wrist, no questions asked.

Oh, yeah, I'll sleep well tonight.

In no particular order:

• Today is the 100th anniversary of the deadly Triangle Shirtwaist factory fire in New York, in which 146 workers died. If you want to know why we have unions in the U.S., read the story. This is the world to which the radical right are happy to return us.
• I have to hand it to Citibank and their crack team of fraud preventatives. Last week I bought a plane ticket from Chicago to London for about $700. A few hours later I attempted to put down a £100 deposit on a hotel room in London. Citibank declined the smaller charge, because it was an international purchase without card-in-hand, as they say. Note I bought the airline ticket online also.
  A 10-minute phone call to them, followed by an apologetic phone call to the hotel, and it went through fine. This morning, I bought a £58 round trip rail ticket from London to York on a day within both the air ticket and hotel reservation (both of which Citibank knows about), and their computer called me within seconds to warn me of yet more fraud. Fifteen minutes later they have finally—finally!—acknowledged that I might be in the UK for a couple of days, and possibly will be using my credit card to make reservations ahead of the trip. Note to people outside the US: They're not trying to protect me; they're trying to protect themselves. In the US, card holders have a $50 liability limit for fraudulent transactions; the bank's liability is essentially limitless. But still, guys?
• Microsoft's Raymond Chen has a funny anecdote about the Seattle Symphony Orchestra's front office getting confused between Paul Cézanne and Camille Saint-Saëns, complete with a handy chart to tell the difference.

That is all.

Via Bruce Schneier, a retired CIA codebreaker recently decoded a message sent to Confederate Lt. Gen. John Pemberton in July 1863:

The encrypted, 6-line message was dated July 4, 1863, the date of Pemberton's surrender to Union forces led by Ulysses S. Grant, ending the Siege of Vicksburg in what historians say was a turning point midway into the Civil War.

The message is from a Confederate commander on the west side of the Mississippi River across from Pemberton.

"He's saying, 'I can't help you. I have no troops, I have no supplies, I have no way to get over there,'" Museum of the Confederacy collections manager Catherine M. Wright said of the author of the dispiriting message. "It was just another punctuation mark to just how desperate and dire everything was."

That day, 4 July 1863, the Union not only captured Vicksburg but also prevailed at Gettysburg. Historians generally agree the two victories effectively ended any possibility of the Confederacy winning the war, though they would continue to fight for another 20 months.

The full text of the message to Pemberton reads:

"Gen'l Pemberton:

You can expect no help from this side of the river. Let Gen'l Johnston know, if possible, when you can attack the same point on the enemy's lines. Inform me also and I will endeavor to make a diversion. I have sent some caps (explosive devices). I subjoin a despatch from General Johnston."

The last line, Wright said, seems to suggest a separate delivery to Pemberton would be the code to break the message.

The news story has more details about how they found the message, and how they broke the code.

I've recently had the opportunity to work on-site with a client who has a strong interest in protecting its customers' privacy. They have understandably strict policies regarding who can see what network data, who can get what access to which applications, etc. And they're interested in the physical security of their buildings.

At some point, however, process can stymie progress, and this client recently added a physical security measure that can stand as a proxy for everything else about how they function. Not content with having a full-time security guard at each lobby entrance, and with doors that require an ID to open, they now have a man-trap-style revolving door system. Only one person can enter the door at a time, or alarms sound. The doors move slowly enough that even the slowest walkers—and this is far Suburbistan, so there are many—can get through without hurrying. And to make extra-special-certain, these doors require a second ID badge.

Now, the client building is 30 km from the nearest city of any size, and that city doesn't even rank in the top 50 by population. In order to get to the building you have to drive some distance from anyplace you'd ever want to be, then cross a parking lot whose area, according to Google Maps, is four times greater than the building's footprint. In other words, they're protecting the building from...nobody. Nobody will ever lay siege to this place.

This aptly demonstrates the philosophy throughout the organization: they have immense barriers that have no purpose except to prevent any actual work from happening. My effort for this particular client lasted several long weeks and produced, in the end, about fifteen lines of code. They brought 60 developers onto the project to speed it up, with the result that 60 developers tripped over procedures and project management at immense cost to the company to produce something four guys in a garage could have done in the same length of time.

There's a punchline, a poignant one for the day after Elizabeth Edwards died: the client is a major health-insurance company.

Do you want to know why the U.S. spends more on health care than any other country? I think I have the answer.

N.B.: The title of this post comes from one of my favorite quotes, usually ascribed to Napoleon Bonaparte but probably coined by Robert Heinlein: "Never attribute to malice that which is adequately explained by stupidity."

Via Schneier, the Department of Homeland Security will soon get rid of color-coded warnings:

In an interview on “The Daily Show” last year, the homeland security chief, Janet Napolitano, said the department was “revisiting the whole issue of color codes and schemes as to whether, you know, these things really communicate anything to the American people any more.”

The answer, apparently, is no.

The Homeland Security Department said the colors would be replaced with a new system — recommendations are still under review — that should provide more clarity and guidance. The change was first reported by The Associated Press.

I wonder what that guy at O'Hare—the one who says "The current threat advisory level is orange" all day—I wonder what he'll do now?

Security guru Bruce Schneier has great advice about when to change your passwords:

The primary reason to give an authentication credential -- not just a password, but any authentication credential -- an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.

... An attacker who gets the password to your bank account by guessing or stealing it isn't going to eavesdrop. He's going to transfer money out of your account -- and then you're going to notice. In this case, it doesn't make a lot of sense to change your password regularly -- but it's vital to change it immediately after the fraud occurs.

... So in general: you don't need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you've shared a computer with, change them all.

A good friend woke up this morning to find her email and Facebook accounts hacked, with a message sent out to everyone in her address book that she'd been robbed at gunpoint while visiting London and desperately needed a credit card to get on the plane back home.

Other than the story's baseline implausibility (a gun robbery in London being about as likely as getting trampled by a moose in Atlanta), there were other clues it was a phisher. For one thing, my friend is an American lawyer, not a Nigerian criminal, so she has a direct, concise, and moreover punctuated writing style not immediately in evidence in the phishing message.

The take-away, to all the would-be phishers reading this: you'll get farther with your frauds if you learn better English. Next time, instead of asking for credit-card numbers, write this: "Help! I am being held captive unless I can draft a 500-word essay on epistemology, and they'll only allow me one reference book! Please, I'm desperate, send me Strunk and White before I use unnecessary words!"

Oh, and also try hacking your victim's spouse's account, which will make it harder for people to verify the dodge.

Waaaaay back in ancient history, I actually reported a Nigerian scammer to the FBI. This was, oh, 1997 or so, maybe 1998. The FBI already had a cybercrimes unit in San Francisco, and I had a half-hour conversation with one of the agents there about a bizarre email I'd received from a Nigerian IP address. We actually did some IP tracing and header analysis on the email to determine its origin. Yes, the scam was that new.

Who was it that said, the more things change, the more they stay the same? Right:

OFFICER IN-CHARGE:
NAME: Mr. Robert Stephen Sien @
FBI UK Internet Fraud Watch/Alert
Phone: +44 792 457 7408

We are writing in response to our track light monitoring device which we received today in our office about your transactions.

The Federal Bureau Of Investigation (FBI) Washington DC, in conjunction with the Scotland Yard, Has screened through our various Monitoring Networks also our German counterpart the anti fraud unit reported that your identity/information was used to dupe a German Business man to the tune of $5 Million USD by some Africa/Nigerian Fraudsters.

After all the series of investigations conducted here in our office we tracked your record and we found out that you have never had any fraudulent case that may jeopardize your image and personality.

We have concluded our investigation and you have been approved to be compensated from the total amount recovered for scam victims compensation. So all you need to do right now in other to receive your compensation and clear your name from the list of these Con Men which has already been forwarded to our office is to secure the CLEAN BILL CERTIFICATE immediately.

This Certificate will clear your name from the scam list which will enable you receive the sum of $500,000.00 Usd compensation fund.

You are required to contact Robert S. Sien by email: rssien@aol.com with your full name and contact details for easy communication also to guild you on how to secure the CLEAN BILL CERTIFICATE and claim your money.

THANKS FOR YOUR CO-OPERATION.

Robert Stephen Sien.
FBI SPECIAL AGENT

You know what tipped me off? What made me certain this was a 419 scammer? Because, you can see, it's quite well crafted, no loose ends, nothing to arouse suspicion.

What tipped me off was this:

When real FBI agents refer to their employer, they never capitalize "of".

It's obvious when you look at it.

Bruce Schneier gives three main reasons:

One, terrorist attacks are harder to pull off than popular imagination -- and the movies -- lead everyone to believe. Two, there are far fewer terrorists than the political rhetoric of the past eight years leads everyone to believe. And three, random minor terrorist attacks don't serve Islamic terrorists' interests right now.

... So, to sum up: If you're just a loner wannabe who wants to go out with a bang, terrorism is easy. You're more likely to get caught if you take a long time to plan or involve a bunch of people, but you might succeed. If you're a representative of al-Qaida trying to make a statement in the U.S., it's much harder. You just don't have the people, and you're probably going to slip up and get caught.

Brilliant:

If the TSA Were Running New York

- All vans or SUVs headed into Midtown Manhattan would have to stop and have their contents inspected. If any vehicle seemed for any reason to have escaped inspection, Midtown in its entirety would be evacuated;

- A whole new uniformed force -- the Times Square Security Administration, or TsSA - would be formed for this purpose;

- The restrictions would never be lifted and the TsSA would have permanent life, because the political incentives here work only one way.

... The point of terrorism is not to "destroy." It is to terrify. And for eight and a half years now, the dominant federal government response to terrorist threats and attacks has been to magnify their harm by increasing a mood of fear and intimidation. That is the real case against the ludicrous "orange threat level" announcements we hear every three minutes at the airport. It's not just that they're pointless, uninformative, and insulting to our collective intelligence; it's that their larger effect is to make people feel frightened rather than brave.

It always strikes me that Israel, which has actual, ongoing terrorism, doesn't x-ray people's shoes.

I'm back in the US, and mostly sure it's Monday evening. Beyond that I'm still recovering from my 14-hour flight yesterday. I'm also waiting for a new hard disk from Dell for my laptop, as the old one died. Fortunately, I back it up religiously.

While I get my creativity back, enjoy someone else's: WW2 As Seen On Facebook.

The Internet experience at Pudong International Airport differs markedly from the experience at our hotel. I've noticed a pattern, whereby unencrypted data, like The Daily Parker, seems to move about an order of magnitude faster than encrypted data, like the HTTPS connection I've got going with my mail server. The interesting part is that both sites are going through the same router back in Chicago. So, either the Web terminal I'm using has a particularly hard time with secure websites, or something is slowing down the mail packets. Hmmm...can't think what that might be...

Compounding my Internet woes, my laptop's hard drive corrupted its boot sector Saturday afternoon. I have no idea how this happened. The Bitlocker recovery key no longer works. I expect tomorrow I'm going to have to install a new hard drive and then install all my software again. This does not make me happy. On the other hand, I have two episodes of Lost to catch up on before Tuesday.

This, anyway, explains why I didn't post anything yesterday, and why the video clip of the world's fastest land vehicle will have to wait until later today. (Because of the International Date Line, even though I have a 13-hour overnight flight, I arrive at O'Hare 30 minutes after I leave Shanghai.)

Two hours until my flight home. Maybe my email will finish downloading by then?

If this story is true, someone needs time in jail to think about civic responsibility:

In a lawsuit filed Tuesday in federal court, [a Pennsylvania] family said the school's assistant principal had confronted their son, told him he had "engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district."

The suit contends the Lower Merion School District, one of the most prosperous and highest-achieving in the state, had the ability to turn on students' webcams and illegally invade their privacy.

The suit says that in November, assistant principal Lynn Matsko called in sophomore Blake Robbins and told him that he had "engaged in improper behavior in his home," and cited as evidence a photograph from the webcam in his school-issued laptop.

Matsko later told Robbins' father, Michael, that the district "could remotely activate the webcam contained in a student's personal laptop . . . at any time it chose and to view and capture whatever images were in front of the webcam" without the knowledge or approval of the laptop's users, the suit says.

A security professional in New York has investigated the technical claims and found them convincing. He also expanded on the original news story with some circumstantial evidence:

The truly amazing part of this story is what's coming out from comments from the students themselves. Some of the interesting points:

• Possession of a monitored Macbook was required for classes
• Possession of an unmonitored personal computer was forbidden and would be confiscated
• Disabling the camera was impossible
• Jailbreaking a school laptop in order to secure it or monitor it against intrusion was an offense which merited expulsion

When I spoke at MIT about the wealth of electronic evidence I came across regarding Chinese gymnasts, I used the phrase "compulsory transparency". I never thought I would be using the phrase to describe America, especially so soon, but that appears to be exactly the case.

I can't wait to see how this turns out.

Software entrepreneur Joel Spolsky says that's a good start, but only part of it:

[L]et’s stop talking about “backups.” Doing a backup is too low a bar. Any experienced system administrator will tell you that they have a great backup plan, the trouble comes when you have to restore.

And that’s when you discover that:

• The backed-up files were encrypted with a cryptographically-secure key, the only copy of which was on the machine that was lost
• The server had enormous amounts of configuration information stored in the IIS metabase which wasn’t backed up
• The backup files were being copied to a FAT partition and were silently being truncated to 2GB
• Your backups were on an LTO drive which was lost with the data center, and you can’t get another LTO drive for three days
• And a million other things that can go wrong even when you “have” “backups.”

The minimum bar for a reliable service is not that you have done a backup, but that you have done a restore.

As someone who's got reliable, clockwork backups running, and has had them fail for one of the reasons Spolsky listed (and others that he didn't), I think this is tremendously good advice.

I don't know where this came from originally, but...well, look:

(Full size after the jump.)

And you don't let a convicted hacker near the prison computers, either:

Douglas Havard, 27, serving six years for stealing up to £6.5million using forged credit cards over the internet, was approached after governors wanted to create an internal TV station but needed a special computer program written.

He was left unguarded and hacked into the system's hard drive at Ranby Prison, near Retford, Notts. Then he set up a series of passwords so no one else could get into the system.

How could this be worse? Glad you asked:

The blunder emerged a week after the Sunday Mirror revealed how an inmate at the same jail managed to get a key cut that opened every door.

It's scary when the Mirror starts to sound like the Onion...

(Via Bruce Schneier.

I can't wait to see what they'll have us do after this:

On the evening of Aug. 28, Prince Mohammed bin Nayef, the Saudi Deputy Interior Minister — and the man in charge of the kingdom’s counterterrorism efforts — was receiving members of the public in connection with the celebration of Ramadan....

One of the highlights of the Friday gathering was supposed to be the prince’s meeting with Abdullah Hassan Taleh al-Asiri, a Saudi man who was a wanted militant from al Qaeda in the Arabian Peninsula (AQAP). Al-Asiri had allegedly renounced terrorism and had requested to meet the prince in order to repent and then be accepted into the kingdom’s amnesty program. Such surrenders are not unprecedented....

But the al-Asiri case ended very differently from the al-Awfi case. Unlike al-Awfi, al-Asiri was not a genuine repentant — he was a human Trojan horse. After al-Asiri entered a small room to speak with Prince Mohammed, he activated a small improvised explosive device (IED) he had been carrying inside his anal cavity. The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince — the target of al-Asiri’s unsuccessful assassination attempt.

(Via Bruce Schneier.)

I learned a valuable lesson yesterday: when you lock your computer to your hotel room desk, and you put the cable-lock key in your pocket, you have to remove the key from your pocket before sending the slacks down to the laundry.

This realization crept up on me over a very quiet 90-second period that started when I looked in my room safe for the key and didn't find it there.

I won't keep you in suspense: housekeeping found and returned the key this morning. This is good, because I had no idea how I was going to fit the desk in the overhead compartment on my flight home.

Photos and reviews of Ribfest tomorrow morning. Right now, though, I'm all about the novelty of updating TDP from my phone. Also tomorrow, I'll explain why this is a bigger deal than it seems.

Via Bruce Schneier, a demonstrably incompetent police chief in the UK has resigned after mishandling a secret document:

Police were forced to carry out raids on addresses in the north-west of England in broad daylight yesterday, earlier than planned, after [Bob] Quick, the Metropolitan police's assistant commissioner [and senior-most counter-terrorism official], was photographed carrying sensitive documents as he arrived for a meeting in Downing Street.

A white document marked "secret", which carried details of the operation being planned by MI5 and several police forces, was clearly visible to press photographers equipped with telephoto lenses.

Yesterday, realising the existence of the ­photographs of the ­document – which included the names of several senior officers, sensitive locations and details about the nature of the overseas threat – the government imposed a "D notice" to restrict the media from revealing the contents of the picture.

The Guardian article has a photo of the document, taken as Quick got out of his car.

Police also revealed that Quick's Windows password was "bob1" and that he routinely leaves his keys in his car "so [he'll know] where to find them."

Two examples of totally ineffective security responses in today's news. First, in suburban Chicago, a commuter-rail ticket agent called police about a man with a gun boarding a train, causing a two-hour delay as heavily-armed cops evacuated and searched the train. They found the man with the gun when the man in question saw the commotion and identified himself as a Secret Service agent, not realizing he was himself the target of the search:

Metra spokeswoman Judy Pardonnet said the incident began when a plainclothes Secret Service agent asked a Naperville ticket agent whether there were metal detectors aboard the BNSF Line train and indicated he was carrying a gun.

Via Bruce Schneier, a woman brought clearly-labeled gunpowder through a TSA checkpoint, in the regulation size baggies:

Mind you, I had packed the stuff safely. It was in three separate jars: one of charcoal, one of sulphur, and one of saltpetre (potassium nitrate). Each jar was labeled: Charcoal, Sulphur, Saltpetre. I had also thoroughly wet down each powder with tap water. No ignition was possible. As a good citizen, I had packed the resulting pastes into a quart-sized "3-1-1" plastic bag, along with my shampoo and hand cream. This bag I took out of my messenger bag and put on top of my bin of belongings, turned so that the labels were easy for the TSA inspector to read.

I expect she'll get noticed the next time she flies...