Info Tech Buzz: 2007

Friday, December 14, 2007

FW: ITADJUNCTS: Library Post-test

Please answer all of the following questions and send the results to posten@monmouth.edu

Thank you

Sam

1. Which of the following will help you find books in the Monmouth University Library?

a. The Interlibrary Loan Service

b. The Research Databases of the Library

c. The Library Catalog

d. The Google Search Engine

2. What research tool should you use to get an authoritative and reliable overview of a topic that you knew very little about?

a. Wikipedia

b. An encyclopedia

c. A newspaper

d. A popular magazine

3. In the APA citation below, what is the title of the journal?

Nicholls, R. (2007). Postcards from the Past: Pressing questions and a persistent vitality. American Scholar, 76(1), 34-37. Retrieved Thursday, May 3, 2007 from the Academic Search Premier database.

a. Nicholls, R.

b. Academic Search Premier

c. American Scholar

d. Postcards from the Past

4. Which of the following statements is TRUE?

a. Most full-text journal articles in the Library Research Databases are also freely available to anyone who searches on the Internet.

b. You can find articles from scholarly journals in the Library’s Research Databases

c. Google search engine is the best tool to search for journal articles

d. You cannot search the Library’s Research Databases from home

5. Which of the following statements is TRUE about scholarly journals?

a. They contain colorful, glossy pages and typically accept commercial advertising

b. They are mainly for laymen and non-professionals to read

c. They have plain pages, minimal graphics, and detailed references

d. They contain glossy photos but not charts or tables

6. Journal Locator is used to:

a. Find a reference book

b. Find initial topics in your research

c. Find a government document

d. Find print and online journals the library subscribes to

7. Interlibrary Loan is a system for Monmouth University students to:

a. Purchase books and journals

b. Borrow books owned by the Monmouth University Library

c. Borrow books and journal articles that are NOT owned by the University Library

d. Travel to area libraries and check books out of them

8. What are the key concepts of the following statement: “Discuss how the breakup of the Soviet Union has impacted U.S. foreign policy”?

a. Breakup, “United States’ foreign policy”, “Soviet Union”

b. “Soviet Union”, “United States”

c. “United States’ policy”, ”Soviet Union’s foreign policy”

d. Breakup, “United States’ foreign policy”

9. Which of the following would be the best tool to use to obtain journal articles for your selected topic?

a. The online library catalog

b. A research database (e.g. Academic Search Premier)

c. An encyclopedia

d. Google Scholar

10. You are writing a paper on capital punishment as a deterrent to crime. What are the best keyword strategies for your search?

a. “capital punishment” OR crime

b. Deterrent AND crime

c. “capital punishment” AND crime

d. Prison AND crime

11. What is the easiest way to find out if the Library has the 1998 issues of Journal of Communication?

a. Search the Library’s periodical stacks

b. Search the Journal Locator

c. Search Google Scholar

d. Search NoodleTools

12. In order to locate a library book on the shelf, you will need:

a. The call number

b. The location

c. The status

d. Answers a, b, and c

13. You are writing a research paper and you read an article on your topic. In which of the following instances would you cite the material as a footnote/reference in your paper?

a. When you write an idea from the article in your own words

b. When you quote from the article, using quotation marks

c. If you have not used anything from the article

d. Answers a and b

14. What are services provided by the Library?

a. You can access the Library resources via your eCampus courses

b. You can borrow a laptop computer at the Circulation Desk

c. You can IM a librarian at any time of the day

d. You have wireless Internet access

e. Answers a, b, and d

15. You are writing a report on automobile safety and tires. You have found several sources. Which would be the most trustworthy because of the likelihood of having objective information?

a. Survey from a tire manufacturer

b. Article in a consumer advocate magazine

c. Information from a car manufacturer’s website

d. Article in a women’s magazine

DISCLAIMER:
E-mail Confidentiality/Proprietary Notice: The information contained in this transmission may be proprietary and subject to protection under the law. The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited. If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from any computer. Thank you.

Introducing Knols

Google introduced their competitor to Wikipedia today, "Knols" which are units of knowledge. Interesting concept and different philosophy than what Wiki tries to do.

Rough Type has the best insight on it so far:

http://www.roughtype.com/archives/2007/12/google_knol_tak.php

Thursday, December 06, 2007

NEW - Drop box assignment due today

_______________________________________________
itadjuncts mailing list
itadjuncts@monmouth.edu
http://mail.monmouth.edu/mailman/listinfo/itadjuncts

<<ATT172174.txt>>
https://monmouth.desire2learn.com/d2l/tools/dropbox/dropboxPickup/pickupFolderContents.asp?ou=33002&db=290078

I know this is similar question to the drop box assignment zero where I asked you to list out your technology experience and expectations, but the School has asked us to be a bit more specific in asking: Did you take a technology course in high school? Answer yes or no. Do

not include personal typing courses. If so, what was the content of
this course?

Please upload the answer to this question on ecampus at the drop box listed above. If at all possible please answer this question today, if you can.

Thank you so very much.

Sam and the IT dept.

Tuesday, December 04, 2007

Access Practice Test enclosed, meet at Library tonight

OK, the access practice test is enclosed. To do the practice test tho you need to have read our book's chapters about creating table relationships. In the past we did all this by creating simple queries but now MS has moved this into it's own relationships tabs. Perhaps you can still do it by just making queries but it's best for us to follow the recommended route.

If the book's way of doing things didnt work so well for you, try the tutorial on the CDs I gave you. There are also the official MS web pages that describe the process here:

http://office.microsoft.com/en-us/access/CH100645681033.aspx

and

http://office.microsoft.com/en-us/access/CH100645771033.aspx

Give the sample test a shot. Our actual exam that we will take on Thursday uses a VERY simple table relationship and I'll be pretty flexible about helping you make this work since we won't have actually done it live in class. But you need to try this and see how it works before attempting it on the test. Complete the pretest by tomorrow night at the latest so that if you have any questions you can contact me long before we are set to take the test on Thursday.

ALSO! Tonight we are meeting DIRECTLY at the library. DO NOT GO TO OUR REGULAR MEETING ROOM. Meet in the library lobby at 5:55.

See you there tonight.

Sam

Monday, November 26, 2007

Asynchronous/Virtual class!

We have something special planned for Tuesday night, a class that will be conducted virtually!

First, read the class lecture notes at:

http://zorak.monmouth.edu/~posten/homepc.ppt

Then tomorrow night you can log in to http://ecampus.monmouth.edu and join the chat room for our IT 102-50 section to discuss issues regarding what you need to think about when budgeting for a home computer. A log of the conversation will be mailed out as well for an 'asynchronous' learning experience. You can log in from a home computer, one in the dorms, or actually go to our classroom.

Once the lecture and discussion session are complete, your homework assignment will be to design and budget a 'dream' home computer system. If unlimited funds were available what kind of computer would you build and why? Would you want something simple just to email, surf the web and do reports on? Or would you want a killer audio/video powerhouse that could play all the latest games at their best quality? Maybe you would want a monster video and audio editing system where you could do photography and make movies. Or will you go for something simple and elegant with moderate power like an Apple iMac or Dell's new Dell ONE?

You will gather a list of all the features and create a powerpoint presentation showing what your system can and can't do and an excel spreadsheet that details ALL of the costs it would take to acquire such a system. Dont forget printers, LCDs, peripherals and software, also tax shipping and other hidden costs. Together this should be a 3-4 page presentation and a single excel spreadsheet, and should be ready to show the rest of the class on Thursday night.

Let me know if you have any questions, I'll see you (virtually!) tomorrow night.

Sam

Thursday, November 15, 2007

Is email dead?

Slate thinks so:

http://slate.com/id/2177969/pagenum/all/#page_start

Thomas Hawk agrees:

http://thomashawk.com/2007/11/email-1961-2007-rip-thank-god.html

You Tube HD? Yes please.

http://www.techcrunch.com/2007/11/15/youtube-hd-coming-soon/

Colussus:

http://news.bbc.co.uk/1/hi/technology/7094881.stm

Hacker of the year arrested:

http://www.smh.com.au/news/security/police-swoop-on-hacker-of-the-year/2007/11/15/1194766821481.html

RCRD LBL

http://www.engadget.com/2007/11/15/engadget-founder-peter-rojass-new-digital-music-site-rcrd-lbl-l/

Get free downloads today!

Also check out:

http://www.niggytardust.com from Saul Williams and Trent Rezner.

Tuesday, November 13, 2007

What's wrong with Creative Commons?

I dont agree with all of his conclusions but it's an interesting backgrounder from a professional perspective.

http://www.jmg-galleries.com/blog/2007/11/12/creative-commons-a-great-concept-ill-never-employ/

OF COURSE CC isn't designed for folks like him and it's frustrating that this is so often confused.

Wednesday, November 07, 2007

Professor Lessig's TED talk

http://www.boingboing.net/2007/11/06/larry-lessigs-ted-ta.html

How hackers work

From How stuff works….

http://computer.howstuffworks.com/hacker.htm

Sam

Sunday, November 04, 2007

Yahoo vs. Google

http://weblogs.media.mit.edu/SIMPLICITY/nonflickr/05_yahoogle.html

Sam

Friday, November 02, 2007

AP chief on how the net has tranformed news

http://www.ap.org/pages/about/whatsnew/wn_110107a.html

Thursday, November 01, 2007

If you put amateurs on the front line of security

You shouldn’t be surprised when you get amateur results…

So says noted security expert Bruce Schneier…

http://www.schneier.com/blog/archives/2007/11/the_war_on_the.html

Do you agree? Is escalating every possible incident the right thing to do, cause it only takes one wrong decision to allow harm to happen? Or do we need to stop living in fear and think objectively? What’s the easy thing to do? What’s the right thing?

Sam

Friday, October 26, 2007

FW: [IP] Re: WORTH REMEMBERING djf AT&T says there is no duopoly, net neutrality is bad

From Prof. Farber's IP list. Have any of you checked out legal bittorrent downloads?

-----Original Message-----
From: David Farber [mailto:dave@farber.net]
Sent: Friday, October 26, 2007 10:52 AM
To: ip@v2.listbox.com
Subject: [IP] Re: WORTH REMEMBERING djf AT&T says there is no duopoly, net neutrality is bad

Begin forwarded message:

From: Edward Almasy <ealmasy@axisdata.com>
Date: October 26, 2007 10:37:39 AM EDT
To: "Matthew Tarpy" <tarpy@tarpify.com>
Cc: David Farber <dave@farber.net>
Subject: Re: [IP] Re: AT&T says there is no duopoly, net neutrality
is bad

On Oct 25, 2007, at 8:20 AM, Matthew Tarpy wrote:
> Should network providers not be able to react to the
> usage of their network to increase stability, limit activity that is
> theft at worst, and in a gray nebula of legality at best?

I know this has been said before, but given the questions at hand,
I think it bears worth repeating: BitTorrent is used every day for
legitimate purposes that are not at all gray or nebulous.

Every single one of the torrents on the BitTorrent trackers listed
below is 100% legal. bt.etree.org currently has more than 3,300 active
legal music torrents, and it's not just Phish and the Grateful Dead;
you don't hear about it much in the popular media (for obvious reasons),
but Radiohead, Pearl Jam, My Morning Jacket, Ryan Adams, and hundreds of
other very successful artists allow and encourage free sharing of
recordings of their work online. linuxtracker.org has thousands of
legal
torrents available, and it's not just software -- they're also using
BitTorrent to distribute educational videos and podcasts. Even clearly
suspect sites like The Pirate Bay offer many gigabytes of legal content
(e.g. http://thepiratebay.org/user/meetthegimp/).

Traffic shaping or blocking like that practiced by Comcast affects
more than just the downloading of illegal MP3s -- it also hinders
the rapidly-growing community of people using the technology for
legitimate tasks. If this is representative of what we can expect
without net neutrality, then I can't help but think that some legal
protection for that neutrality is needed.

http://bt.etree.org
http://linuxtracker.org
http://kickmedown.com
http://torrent.fedoraproject.org
http://www.tapers.org

-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

Wednesday, October 24, 2007

Wolfram announces the simplest possible turing machine is universal

This is pretty incredible stuff, and if you believe in the ideas of A New Kind of Science, a big deal towards showing that they really are on to something!

http://blog.wolfram.com/2007/10/the_prize_is_won_the_simplest.html?lid=title

Also check out Wolframs work on Numb3rs:

http://blog.wolfram.com/2007/09/wolfram_research_goes_to_holly.html?lid=title

This is pretty slick

You might have guessed, but in norwegian languages, Posten means Post Office. I get a google alert for the name Posten every few days, and one came up with some Swedish Postcards. One link looked particularly interesting and it sent me to this site, I've never seen one done so well. Check it out!

http://www.riktigavykort.se/eng/riktiga_vykort_eng.html

Tuesday, October 23, 2007

The Wilhelm Scream

http://www.dvconfidential.com/news/wilhelm-scream-on-abc-news

Monday, October 15, 2007

Interesting article on people not being who they say who they are on the net

Really wacky but apparently true story…

http://www.laweekly.com/news/news/the-life-and-death-of-jesse-james/17427/?page=1

Saturday, October 13, 2007

Links for Web stuff

http://zorak.monmouth.edu/~posten/class4.ppt

http://zorak.monmouth.edu/~posten/class5.ppt

http://zorak.monmouth.edu/~posten/class8.ppt

http://zorak.monmouth.edu/~posten/class11.ppt

Thursday, October 11, 2007

Why the US is the leader in phone snooping

According to wired mag:

http://www.wired.com/politics/security/news/2007/10/domestic_taps

Wednesday, October 10, 2007

iPods are required listening

http://www.nytimes.com/2007/10/09/education/09ipod.html?_r=1&ex=1349668800&en=2b4712e51570ca4e&ei=5088&partner=rssnyt&emc=rss&oref=slogin

Monday, September 24, 2007

Thomas Hawk's 12 rules for photowalking

http://thomashawk.com/2007/09/principles-and-guidelines-for-modern.html

Do you agree with Mr. Hawk (that's not his real name BTW) where Graffiti and following the rules are concerned? He advocates (among other things) that artists should push boundaries and paint over other people's propery and not heed 'no photography' zones.

I went to the King Tut exhibit in Philly this weekend and was TOTALLY bummed that I couldnt take photos. They had some BS excuse about it being necessary to preserve the artifacts but it was ALL REALLY ABOUT forcing you into their gift shop at the end and not having any of your own shots to rely on so you had to buy their overpriced versions instead. It totally sucked. And that's not even the worst part about the exhibit....

DISCLAIMER:
E-mail Confidentiality/Proprietary Notice: The information contained in this transmission is confidential/proprietary and may be subject to protection under the law. The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited. If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from any computer. Thank you.

Thursday, September 20, 2007

Lecture on enabling your childhood dreams

A dying University professor gives his final and possibly most inspiring lecture:

http://wms.andrew.cmu.edu/001/pausch.wmv

Wednesday, September 19, 2007

Class notes for classes 4 & 5

zorak.monmouth.edu/~posten/class4.ppt

zorak.monmouth.edu/~posten/class5.ppt

Tuesday, September 18, 2007

NYT kills off for fee content, tells the rest of the world to give up too

"Why the change?

Since we launched TimesSelect in 2005, the online landscape has altered significantly. Readers increasingly find news through search, as well as through social networks, blogs and other online sources. In light of this shift, we believe offering unfettered access to New York Times reporting and analysis best serves the interest of our readers, our brand and the long-term vitality of our journalism. We encourage everyone to read our news and opinion – as well as share it, link to it and comment on it."

That's encouraging!

http://www.nytimes.com/ref/membercenter/lettertoreaders.html

http://www.nytimes.com/2007/09/18/business/media/18times.html?ex=1347768000&en=88011ab45717e39d&ei=5124&partner=permalink&exprod=permalink&pagewanted=all

Google's office triple play is now complete:

http://news.yahoo.com/s/ap/20070918/ap_on_hi_te/google_software

Monday, September 17, 2007

Monday updates

http://news.bbc.co.uk/2/hi/programmes/from_our_own_correspondent/6995061.stm

http://slashdot.org/articles/07/09/17/1342255.shtml

http://apple.slashdot.org/apple/07/09/17/0355218.shtml

More later

Thursday, September 13, 2007

Thursday updates

Hacking at Yahoo

http://yodel.yahoo.com/2007/09/12/hacks-come-to-life/

Microsoft being naughty about Auto Update:

http://windowssecrets.com/2007/09/13/01-Microsoft-updates-Windows-without-users-consent

Ipod Touch 5 star review... at PCWorld

http://www.pcmag.com/article2/0,1895,2179701,00.asp

Fair use worth 2.2 Trillion

http://news.com.com/8301-10784_3-9777863-7.html

Tuesday, September 11, 2007

More on influential bloggers

Here's another good starting place:

http://northxeast.com/blogging/nxes-fifty-most-influential-bloggers/

Check this out, it's what a Printed Circuit Board looks like using 3D xrays! (Plus assignment for next week)

I happened to catch a link to Andrew ‘Bunny’ Huang’s blog and went back over a few of his articles, you should check it out if you are interested in what real low level hardware hackers are into these days.

This blog post talks about PCBs, and even shows you what one looks like under an Xray. We’ll be talking about Printed Circuit Boards (like the motherboard and expansion cards house in our Hewlett Packard desktops) over the next few weeks. Bunny took a series of xray photos and strung them together making a real time video, pretty cool!

http://www.bunniestudios.com/blog/?p=172

To see the rest of his entries check out:

http://www.bunniestudios.com/blog

Assignment for next Tuesday: Part 1. compile a list of 5 blogs that talk about issues you are interested in, whether they be technology, music, movies, politics, relationships, your area of study or whatever. Need help finding good blogs to link? Technorati is probably a good place to start.

http://www.technorati.com/pop/

http://www.technorati.com/pop/blogs/?faves=1

http://www.technorati.com/topics

Part two, come up with 3 reasons why you think people blog, and describe the differences between blogging and journalism, if there are any.

Monday, September 10, 2007

Just say no to "ringles"

What a terrifically bad idea!

http://arstechnica.com/news.ars/post/20070910-meet-the-ringle-can-it-save-the-riaa.html

Friday, September 07, 2007

Luciano Pavarotti is gone, but what does this have to do with Infotech?

http://www.groklaw.net/article.php?story=2007090606152045

Do look through the comments, quite illuminating!

Is it legal to make my own ringtones?

YOU BET IT IS. Don't be a sucker and pay $2.50 each _IF_ you already legally own the music via ripping it from a CD you bought.

http://www.engadget.com/2007/09/07/know-your-rights-is-it-illegal-to-make-my-own-ringtones/

BluRay Vs. HD DVD fizzles, Adobe Photoshop Express revealed, more!

http://arstechnica.com/news.ars/post/20070906-battle-between-blu-ray-and-hd-dvd-fizzles-as-consumers-watch-and-wait.html

http://blogs.adobe.com/jnack/2007/09/photoshop_expre.html

Cringely deconstructs Apple's 'Cat String Theory' genius:
http://www.pbs.org/cringely/pulpit/2007/pulpit_20070906_002891.html

Fat Nano unboxing:
http://arstechnica.com/journals/apple.ars/2007/09/06/ipod-classic-and-3rd-generation-ipod-nano-unboxing-photos

Count down to Fat Nano and iPod Touch 'Will it blend' in 3-2-1...
http://www.willitblend.com

65 year old woman gets carded and turned away for not having ID:
http://news.yahoo.com/s/ap/20070906/ap_on_fe_st/65_year_old_carded

I believe it. I get carded all the time, even with my parents and I'm over 35...

Photoshop text magic:
http://www.designvitality.com/blog/2007/09/photoshop-text-effect-tutorial/

Muscle on a computer controlled film?
http://technology.newscientist.com/article.ns?id=dn12603&feedId=online-news_rss20

Hacking Ikea:
http://www.nytimes.com/2007/09/06/garden/06hackers.html?_r=1&pagewanted=all&oref=slogin

Zombie Viagra Spam:
http://www.wired.com/politics/security/news/2007/09/pfizerspam

Wednesday, September 05, 2007

Apple blows the doors off iPods

New features, cheaper prices, iPod touch (like the iPhone without the phone), a Starbucks partnership, and oh yeah, iPhone is now $200 cheaper too.

http://www.macworld.com/news/2007/09/04/livecoverage/index.php

http://www.engadget.com/2007/09/05/steve-jobs-live-apples-the-beat-goes-on-special-event/

Friday, August 31, 2007

Introducing Dr. Henry Jenkins

I just read a fascinating interview of Dr. Henry Jenkins from MIT in the most recent 'Game Informer' magazine. Will try to get a copy of that out to you once I find a copy of it on line. In the mean time, check out the good Dr.'s own blog:

http://www.henryjenkins.org/2006/06/who_the_is_henry_jenkins.html

Go to his latest entries:

http://www.henryjenkins.org/index.html

And an article on PBS where he dispells some commonly held myths about gaming and psychology:

http://www.pbs.org/kcts/videogamerevolution/impact/myths.html

And his page at MIT:

http://web.mit.edu/cms/People/henry3/

Wednesday, August 29, 2007

If you are thinking about buying an iPod this week for School

PLEASE WAIT until wednesday afternoon.

http://www.engadget.com/2007/08/28/its-on-apple-event-slated-for-september-5th/

http://www.engadget.com/2007/08/29/rumors-unleashed-wireless-itunes-store-to-debut-wednesday/

http://www.engadget.com/2007/08/29/product-red-ipod-shuffle-coming-on-the-5th/

Tips on being a savvyer web shopper

Good info for folks who are new to buying online:

http://www.macworld.com/2007/08/features/money_shopping/index.php

I also recommend http://www.pricegrabber.com but you should always check the vendors on any of these price tools at reseller ratings.

Defend Fair Use website launch, backed by the CCIA

http://arstechnica.com/news.ars/post/20070828-google-microsoft-backed-group-ready-to-defend-fair-use.html

http://www.defendfairuse.org/index.html

I've been waiting for the consumer electronics industry to start beating the drums on this issue. What it simply comes down to is that the content industries know they are doomed if they don't adapt to the digital world, they have been putting off changes for the last 30 years by these so called DRM experiments which anyone with half a brain had told them couldnt and wouldnt work, and the computer and consumer electronics guys let them get away with it. If the CCIA is genuine about this, this is a good start. But a lot of these CCIA guys have ties to the content industries and the battle is far from over.

Monday, August 27, 2007

Hackers at Microsoft

Microsoft has a new blog for the 'Hackers' they employ. More importantly for us, they discuss the term Hacker and why it's not a perjorative, and also talk about the differences between white hat and black hat hackers.

http://arstechnica.com/journals/microsoft.ars/2007/08/26/new-blog-spotlights-microsofts-hackers

http://blogs.msdn.com/hackers/default.aspx

Tuesday, August 21, 2007

DRM shutdown leaves Google video users stranded

http://arstechnica.com/news.ars/post/20070821-google-video-store-gets-stay-of-execution-full-refunds-coming.html

Not so bad if you are one of the few thousand Google video buyers or were unfortunate enough to buy in to Circuit City's failed DIVX format, but what happens if Apple decides to shut down their iTunes store or if one of the studios pulls their catalogue. Think it can't happen? If it can happen to google Apple is no different.

Monday, August 20, 2007

FW: [IP] Voting excerpts from CRYPTO-GRAM [RISKS] Risks Digest 24.79

From Professor Farber's IP list and Bruce Schneier's cryptogram.

Bruce posits that the vast majority of 'secure' system vendors want to use a trick to make their potential customers think about security backwards.

Think about how this ties in to the 'Freakonomics' theories.

Sam

-----Original Message-----

Begin forwarded message:

Date: Wed, 15 Aug 2007 03:34:56 -0500
From: Bruce Schneier <schneier@SCHNEIER.COM>
Subject: Voting excerpts from CRYPTO-GRAM

[Note: This item has been PGN-excerpted with Bruce's permission.
PGN]

                   CRYPTO-GRAM
                 August 15, 2007
                by Bruce Schneier
                 Founder and CTO
                  BT Counterpane
               schneier@schneier.com
              http://www.schneier.com
             http://www.counterpane.com

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at
<http://www.schneier.com/crypto-gram-0807.html>. These same essays
appear in the "Schneier on Security" blog:
<http://www.schneier.com/blog>. An RSS feed is available.

Assurance

Over the past several months, the state of California conducted the most
comprehensive security review yet of electronic voting machines. People
I consider to be security experts analyzed machines from three different
manufacturers, performing both a red-team attack analysis and a detailed
source code review. Serious flaws were discovered in all machines and,
as a result, the machines were all decertified for use in California
elections.

The reports are worth reading, as is much of the commentary on the
topic. The reviewers were given an unrealistic timetable and had trouble
getting needed documentation. The fact that major security
vulnerabilities were found in all machines is a testament to how poorly
they were designed, not to the thoroughness of the analysis. Yet
California Secretary of State Debra Bowen has conditionally recertified
the machines for use, as long as the makers fix the discovered
vulnerabilities and adhere to a lengthy list of security requirements
designed to limit future security breaches and failures.

While this is a good effort, it has security completely backward. It
begins with a presumption of security: If there are no known
vulnerabilities, the system must be secure. If there is a vulnerability,
then once it's fixed, the system is again secure. How anyone comes to
this presumption is a mystery to me. Is there any version of any
operating system anywhere where the last security bug was found and
fixed? Is there a major piece of software anywhere that has been, and
continues to be, vulnerability-free?

Yet again and again we react with surprise when a system has a
vulnerability. Last weekend at the hacker convention DefCon, I saw new
attacks against supervisory control and data acquisition (SCADA) systems
-- those are embedded control systems found in infrastructure systems
like fuel pipelines and power transmission facilities -- electronic
badge-entry systems, MySpace, and the high-security locks used in places
like the White House. I will guarantee you that the manufacturers of
these systems all claimed they were secure, and that their customers
believed them.

Earlier this month, the government disclosed that the computer system of
the US-Visit border control system is full of security holes. Weaknesses
existed in all control areas and computing device types reviewed, the
report said. How exactly is this different from any large government
database? I'm not surprised that the system is so insecure; I'm
surprised that anyone is surprised.

We've been assured again and again that RFID passports are secure. When
researcher Lukas Grunwald successfully cloned one last year at DefCon,
industry experts told us there was little risk. This year, Grunwald
revealed that he could use a cloned passport chip to sabotage passport
readers. Government officials are again downplaying the significance of
this result, although Grunwald speculates that this or another similar
vulnerability could be used to take over passport readers and force them
to accept fraudulent passports. Anyone care to guess who's more likely
to be right?

It's all backward. Insecurity is the norm. If any system -- whether a
voting machine, operating system, database, badge-entry system, RFID
passport system, etc. -- is ever built completely vulnerability-free,
it'll be the first time in the history of mankind. It's not a good bet.

Once you stop thinking about security backward, you immediately
understand why the current software security paradigm of patching
doesn't make us any more secure. If vulnerabilities are so common,
finding a few doesn't materially reduce the quantity remaining. A system
with 100 patched vulnerabilities isn't more secure than a system with
10, nor is it less secure. A patched buffer overflow doesn't mean that
there's one less way attackers can get into your system; it means that
your design process was so lousy that it permitted buffer overflows, and
there are probably thousands more lurking in your code.

Diebold Election Systems has patched a certain vulnerability in its
voting-machine software twice, and each patch contained another
vulnerability. Don't tell me it's my job to find another vulnerability
in the third patch; it's Diebold's job to convince me it has finally
learned how to patch vulnerabilities properly.

Several years ago, former National Security Agency technical director
Brian Snow began talking about the concept of "assurance" in security.
Snow, who spent 35 years at the NSA building systems at security levels
far higher than anything the commercial world deals with, told audiences
that the agency couldn't use modern commercial systems with their
backward security thinking. Assurance was his antidote:

"Assurances are confidence-building activities demonstrating that:
"1. The system's security policy is internally consistent and reflects
     the requirements of the organization,
"2. There are sufficient security functions to support the security
policy,
"3. The system functions to meet a desired set of properties and *only*
     those properties,
"4. The functions are implemented correctly, and
"5. The assurances *hold up* through the manufacturing, delivery and
     life cycle of the system."

Basically, demonstrate that your system is secure, because I'm just not
going to believe you otherwise.

Assurance is less about developing new security techniques than about
using the ones we have. It's all the things described in books like
"Building Secure Software," "Software Security," and "Writing Secure
Code." It's some of what Microsoft is trying to do with its Security
Development Lifecycle (SDL). It's the Department of Homeland Security's
Build Security In program. It's what every aircraft manufacturer goes
through before it puts a piece of software in a critical role on an
aircraft. It's what the NSA demands before it purchases a piece of
security equipment. As an industry, we know how to provide security
assurance in software and systems; we just tend not to bother.

And most of the time, we don't care. Commercial software, as insecure as
it is, is good enough for most purposes. And while backward security is
more expensive over the life cycle of the software, it's cheaper where
it counts: at the beginning. Most software companies are short-term
smart to ignore the cost of never-ending patching, even though it's
long-term dumb.

Assurance is expensive, in terms of money and time for both the process
and the documentation. But the NSA needs assurance for critical military
systems; Boeing needs it for its avionics. And the government needs it
more and more: for voting machines, for databases entrusted with our
personal information, for electronic passports, for communications
systems, for the computers and systems controlling our critical
infrastructure. Assurance requirements should be common in IT contracts,
not rare. It's time we stopped thinking backward and pretending that
computers are secure until proven otherwise.

Wednesday, August 08, 2007

Tough questions for and weasel answers from the TSA

http://www.schneier.com/interview-hawley.html

"You could perhaps feel better by setting up employee checkpoints at entry points, but you'd hassle a lot of people at great cost with minimal additional benefit, and a smart, patient terrorist could find a way to beat you. Today's random, unpredictable screenings that can and do occur everywhere, all the time (including delivery vehicles, etc.) are harder to defeat. With the latter, you make it impossible to engineer an attack; with the former, you give the blueprint for exactly that. "

He gives the same argument for not screening workers that he DISMISSED for passengers. What a load of bull.

Meet the Hackers

http://www.forbes.com/2007/08/06/security-hacking-challenge-tech-cx_ag_0806toughhack.html

Good introduction to why we differentiate between the terms Hackers and other terms like crackers etc.

More great Font advice

http://www.smashingmagazine.com/2007/08/08/80-beautiful-fonts-typefaces-for-professional-design/

It's amazing how something as simple as font selection can influence how you feel about what is written.

Sam

Friday, August 03, 2007

Search gets creepy

http://www.time.com/time/business/article/0,8599,1649121,00.html

Kinda spooky =)

And.... We're back

Time to start punching in a few infotech articles again!

Don't even think about making a 10 second clip of a movie!

http://www.washingtonpost.com/wp-dyn/content/article/2007/08/01/AR2007080102398.html

Grand Theft Auto 4 delayed =(

http://www.nytimes.com/2007/08/03/technology/03game.html?ex=1343793600&en=778fbc940423357d&ei=5089&partner=rssyahoo&emc=rss

Tuesday, April 24, 2007

Just a little bit evil...

Google introduced their new "History" feature yesterday, that lets you see all the information they know about you. Hey nice, right? You can even go in and delete anything embarassing you dont want there. Or can you?

http://www.google.com/history/whprivacyfaq.html
"What happens when I pause the service, remove items, or delete the Web History service?

You can choose to stop storing your web activity in Web History either temporarily or permanently, or remove items, as described in Web History Help. If you remove items, they will be removed from the service and will not be used to improve your search experience. As is common practice in the industry, Google also maintains a separate logs system for auditing purposes and to help us improve the quality of our services for users. For example, we use this information to audit our ads systems, understand which features are most popular to users, improve the quality of our search results, and help us combat vulnerabilities such as denial of service attacks. "

Yeah. So they only remove it from the list YOU can see. They dont really remove it. They have it forever and so do the people that use their advertising system, ie their partners.

Nice try. A "Feel good" feature that does nothing. Still, at least you can see what the gatekeepers can see, if this REALLY is all they have. Of course, the real data IMO is underneath the surface and is the culmination of what they DO with that data, comparing you to your neighbors and other net users.