Updates from September, 2010 Toggle Comment Threads | Keyboard Shortcuts

  • Hober Short 1:38 pm on 30 September 2010 Permalink | Reply  

    Speaking of ESR, he recently wrote a piece about the group identity of the engineers behind the Stuxnet worm, whether or not they’re properly considered hackers. That’s interesting in its own way, but what really caught my interest is his description of Stuxnet that covers some things that Security Now omitted. I quote at length:

    The factual background: The Stuxnet worm takes over a particular make of Siemens programmable industrial controller and does things to it the exact nature of which are undetermined, but which are highly unlikely to be good for whatever the controller is running. Once in place, it can be remote-programmed from a control machine. It appears to have targeted the industrial infrastructure of Iran. Code analysts believe the development and test time required to field Stuxnet would be 2.5 to 5 man years of full-time work by a well-funded group with access to test hardware. The worm continues to spread in Iran; the Iranians deny that it has damaged any government systems, but are offering big bucks to any security experts willing to help them clean it out.

    Well-grounded speculation: It is widely believed that Stuxnet was aimed at the Iranian uranium-enrichment plant at Natanz and the nuclear power plant at Bushehr; experts have described it as clearly a “directed sabotage weapon” aimed not at normal criminal purposes such as spamming, phishing or intrusion blackmail but rather at causing physical infrastructure damage. The development effort was probably beyond the sustained funding capability of entities smaller than a large multinational or nation-state; the most obvious candidates are Israel and the United States.

    Whoa.

     
    • Hober Short 1:01 pm on 1 October 2010 Permalink | Reply

      It’s worth noting I posted this on the Thursday that a new Security Now came out, and in it Steve Gibson presents, fairly and skeptically, the notion that Stuxnet might be a weapon. Good on him.

  • Bartholomew Xerxes Ogilvie, Jr. 3:55 pm on 28 September 2010 Permalink | Reply  

    During the most recent Security Now podcast, Steve Gibson talked about how VeriSign has introduced a security-token app for the iPhone, essentially providing the same functionality as the PayPal security key (or “football,” as he likes to refer to it) in an app.

    What he didn’t mention is that an equivalent app is available for Android as well. I searched the Market and found the VeriSign VIP Access app, which I immediately installed and linked to my PayPal account. There have been times when I’ve wanted to access my PayPal account while away from home, and I don’t routinely carry my security key with me. Now I don’t have to: I never go anywhere without my phone.

     
    • Hober Short 11:21 am on 30 September 2010 Permalink | Reply

      ESR has written about the smartphone being the Eater of Gadgets. I’ve already switched to using my Captivate as my go-to guitar tuner because it’s better in a few key areas.

      On that note, is there any reason to keep the normal standalone hardware token registered to your account? Backup in case your phone gets run over?

      • Bartholomew Xerxes Ogilvie, Jr. 11:29 am on 30 September 2010 Permalink | Reply

        Steve Gibson would probably say that nothing could ever be as secure as the standalone token, because it cannot be corrupted by other software running on the device. Theoretically, I suppose a trojan could somehow crack the algorithm being used by the Android software and spoof it.

        In practical terms, though, I’d have to say “no.” Certainly, if I were signing up for PayPal’s security-key service today, I wouldn’t bother to buy the standalone token.

  • Bartholomew Xerxes Ogilvie, Jr. 3:48 pm on 28 September 2010 Permalink | Reply  

    Well, dang. I’ve been resisting the TiVo Premiere because the reviews were underwhelming, and as far as I could see it didn’t offer any significant features beyond what I already get with my TiVo HD.

    But now the inevitable has happened: TiVo has announced that Hulu Plus will soon be available on the TiVo Premiere. I’ve been wishing for years that I could get Hulu through a set-top box; my computer isn’t set up for comfortable TV viewing, and that’s the main reason I’ve tended to use Hulu very little (even though I like the service a lot).

    All TiVo has to do now is offer another one of their occasional lifetime-subscription-transfer promotions, and I suspect I won’t be able to say no. You listening, TiVo?

     
  • Hober Short 7:28 pm on 24 September 2010 Permalink | Reply  

    I’ve got a new post up at my oft-dormant blog. Allow me to quote the first sentence:

    Minecraft is a damned odd game.

     
  • Bartholomew Xerxes Ogilvie, Jr. 11:50 am on 24 September 2010 Permalink | Reply  

    As a newly minted Android fan(boy), I couldn’t resist contributing my votes to this two-part poll on Ars Technica:

    • What OS does your mobile phone run?
    • What OS will your next mobile phone run?

    I’m not crazy about the wording of the second question; while I think it’s likely that I’m going to stick with Android, I don’t exclude the possibility of switching if things are different in two years. (I still think Windows Phone 7 has a lot of promise.)

    But I found the poll results interesting. Excluding all of the OSs with single-digit percentages, the results as I’m writing this are:

    • Current OS: Android 31.24%, iOS 37.44%
    • Next OS: Android 42.14%, iOS 33.88%

    Of course, Web polls aren’t scientific, and the Ars crowd is hardly representative of mobile-phone users in general. Still, this is interesting evidence of Android’s continuing growth — as much in “mind share” as market share. This doesn’t necessarily mean iPhone users are going to switch to Android, but it does suggest that Android is doing a better job of picking up new users in general.

    I think this is great — not because I want Android to “win” a mobile-OS battle, but because I want the competition to be as robust as possible. I’ll be even happier if Windows Phone 7 becomes a real player. Ideally, when it’s time for me to choose my next phone, it will be a really difficult decision.

     
  • Hober Short 3:12 pm on 23 September 2010 Permalink | Reply  

    So, part of the paper that I wrote last weekend about economic recovery before, during, and after World War II touched on debunking the idea that because GDP went up and unemployment went down during the war, that was the recovery. Turns out, those statistics get bogus during wartime with a command economy and a draft (what a twist!). In short, unemployment is a really shitty way, even in peace time, to try and find a single number that describes economic health.

    This is why real economists have indexes that summarize many different things. If you want to get a sense of how the stock market went, don’t look at Microsoft or Wal-Mart, look at the Dow Jones Industrial Average, or the S&P 500.

    Anyway, in Microeconomics today, it was pointed out that unemployment is also a lagging economic indicator. Basically, unemployment summarizes conditions over the last two or three quarters, but tells you very little about current conditions.

    Someone really should get around to writing a book or a series of blog posts or something explaining all this stuff about how to use economic data in every day life…

     
  • Hober Short 1:08 pm on 21 September 2010 Permalink | Reply  

    OK GO just posted another incredible one-take low-budget video, this time for their song “White Knuckles“. Assuming they’re still getting normal budgets from their label for music videos, they’ve probably almost got enough saved up for another video where they blow shit up for no reason at all.

     
  • Hober Short 12:22 pm on 21 September 2010 Permalink | Reply  

    Over the weekend, I was at home writing a paper on economics of the Great Depression disguised as a paper for American Military History–about the intersection of the two, the wartime economic “recovery” of WWII– and got in to a discussion about the concept of economic rent, and what it means for public policy.

    Of course, this required me to define economic rent, and I came up with an extemporaneous definition, inspired by a recent episode of the EconTalk podcast: economic rent is an artificial incentive created to promote an ideological goal.

    What kinds of things am I talking about? Cash for Clunkers, which was an artificial incentive ostensibly promoting newer, more fuel efficient cars. But also things like the Ansari X Prize that led to the first civilian astronaut getting his wings, an artifical incentive to further civilian spaceflight.

    Economists usually contrast rent with profit, where profit is an organic benefit that arises from the spontaneous (i.e. decentralized) organization of businesses.

    I bring this all up because this excellent letter by Don Boudreaux over at Cafe Hayek neatly outlines the difference between profit and rent:

    When materials are worth recycling, markets for their reuse naturally arise. For materials with no natural markets for their reuse, the benefits of recycling are less than its costs – and, therefore, government efforts to promote such recycling waste resources.

    The government may pay you to recycle plastic bottles, but no business would. However, they’ll gladly buy aluminum cans off of you, because getting aluminum from consumers who think empty cans to be worthless is a lot easier than digging it out of the ground.

     
  • Bartholomew Xerxes Ogilvie, Jr. 1:24 pm on 7 September 2010 Permalink | Reply  

    Listening to Steve Gibson’s review of tracking cookies during last week’s Security Now, I had one of those “duh” moments of revelation.

    Ever since I became obsessed with Android phones, I’ve started noticing more banner ads featuring mobile phones, particularly Android smartphones. I figured this was probably some sort of attentional bias: because I was interested in Android phones, I was now noticing ads that had previously not caught my attention. If there really were more such ads, I assumed it was because of the huge growth of Android’s market share recently.

    While those factors might be genuine, it occurs to me that a more important factor is the change in my Web browsing habits. I visit a lot of different blogs and forums dedicated to mobile phones, and specifically Android, on a daily basis. It would not take a very sophisticated analysis of my Web habits to deduce where my interests lie.

    What I can’t figure out is how this is a bad thing. I’d much rather see ads that are concerned with something I’m actually interested in. I’d also like to see businesses able to maximize the effectiveness of their advertising, because that will enable them to spend less on advertising and more on developing cool products I might want to buy.

    And who knows, one of these days I might actually click on an ad.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel