Subscribe: Nicholas Weaver's Random Thoughts
Added By: Feedage Forager Feedage Grade C rated
Language: English
comment spam  comment  computer  east coast  iphone  lockin policy  note  protocol visiting  security  spam  start scared  start  traffic 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Nicholas Weaver's Random Thoughts

Nicholas Weaver's Random Thoughts

Updated: 2018-03-10T03:34:47.993-08:00


A Protocol for Visiting China (or DEFCON)


The following is my computer protocol for visiting a hostile environment. I actually designed it under the threat model of "What if I needed to visit China", which requires facing two nation-state adversaries (the US and Chinese government) which may have legal access to the computer, but I use it for going to DEFCON. It may actually be overkill for DEFCON, but as they say "There is kill, and

On Lauren Weinstein...


I was, for a long time, a participant on Lauren Weinstein's "NNSquad" mailing list. There are many important issues in traffic shaping, traffic management, and other related topics. But I had to conclude, reluctantly, that you can't deal with him. His views are those of a zealot, unwilling to compromise, and seems intent on forcing his view of "neutrality".The two last straws were his

HTTP is Hazardous to Your Health


The following is not original, but simply a summary of widely known information.It has been known for decades that plaintext protocols, such as HyperText Transfer Protocol (http) are vulnerable to man-in-the-middle attacks. Yet we are now at the point where there is simply too many ways to man-in-the-middle the web browser, and too much lovely mayhem that can be constructed, for this to be

Japanese are going to do "graph takedown"...


Geore Ou reports that the Japanese ISPs are going to start doing something similar to what I noted in january, albeit instead of just attacking the graphs of communication, simply warning and then disconnecting users.(typo fixed, grr)

A security thought: AT&T Copyright Fighting


The following is just my own opinion and speculation, to a hypothetical question: If I was AT&T, why and how would I implement the AT&T plan to enforce copyright on user traffic. (Note, this post is an extension of my slashdot comment on that thread, and basically describes a "DMCA Takedown on the Network Layer" style of response.)I also believe this would be a significant problem if implemented

Comment spam is worth real money...


(Note: Links are deliberately not clickable, we don't want to give the Spammers pagerank)Blogger has a pretty significant amount of protection against comment spam. They have to, because comment spam degrades the blog ecosystem. On this personal blog, I've just gotten comment spam like this:I have to say that I love this article. I have searched for many weeks to find an article about this

Hofmann's Crash


I was at MotoGP racing this weekend, having fun with my camera. One of the photos I captured was Alex Hofmann's crash during free practice in MotoGP, when he was T-boned by Sylvain Guintoli on the enterance to the corkscrew.I was using a rental lense on my Canon XTi, with a deliberately long shutter speed (1/200) to increase the sensation of speed and depth of field.The full sequence is

How to (and how not to) run an airline


For those who have yet to experience the joy of East Coast air travel, there is one bane beyond all others: East Coast thunderstorms. During the late afternoon and evening, masses of thunderstorms often form, blocking airports and flight paths from Boston to Washington. These storms often create "creeping delays", where all Air Traffic Control can tell the pilots sitting on the ground is "ask

iPhone Redux and the Left Turning Porsche...


OK. I still don't like the lockin policy. I find it horribly objectionable.But I got a chance to play with an iPhone this weekend, a good 10 minutes of lustworthy exploration.Yeah, the edge network is sucky, but it is sufficient for a lot of work.Yeah, the lockin policy is repulsively crippling.But the thing is so well done, so well put together, so easy to use, with all the little touches,

iPhone Lockdown and Intent-Based Pricing


There are several applications I'd want to run or port on an iPhone. This includes a full ssh environment, subversion version control, and some custom scripts using ImageMagic which would allow me to process, manipulate, and upload photographs using my digital camera (assuming you could adapt the iPod port to a camera or compact flash card) : all tasks I perform on my Mac laptop but which would

Personal Financial Security Protocols


Note: The following is a work in progress. Comments are greatly appreciated.There is an old saying, "The cobbler's children have no shoes", implying that experts in a field often neglect their own discipline in their daily lives. For me, as a security "expert", this is not the case. I have a rich and complex set of personal protocols for dealing with financial matters, including protecting my

Intro (Redux)


A redux on my intro:I figure that I'm enough of an egomaniac that I finally should start up a blog. After all, it is only academics with LARGE egos which should be blogging... This is not really very active yet, but I expect to use it in the future to post original items.For background, my research area is computer security and computer architecture. I received my Ph. D. from UC Berkeley in

When should we start being really scared?


As an non-economist, when should we start being scared?1) We have a household savings rate of 0%.2) Huge deficits in both current account and government, to the tune of several hundred billion a year.3) A spookily-flat yield curve (my bank will loan me at <6% for 30 years, but will borrow from me at ~3.8% for just 9 months!), which says that some huge amount of long term money is amazingly

Simple Little Delay-Line Hack...


People have proposed requiring the client system to do work as a way of limiting/mitigating DOS attacks, and others have countered that it isn't fair to small devices (eg, phones) as there may be 1-3 orders of magnitude difference in computing power between clients. Thus a followon proposal is many schemes which just force a client to WAIT when the server is under load. I've heard of some

Passive Resistance to Stupid Security


I have a great dislike for stupid security. Airline security in particular ticks me off. It's stupid. ID checks, pointless inspections of shoes, a complete ban on such deadly items as a pair of pliers... At the same time, they don't screen the ground crews and maintenance staff, who can (and HAVE) smuggled a gun aboard the plane, shot the air crew, and caused a fatal crash killing everyone

Coming Soon...


The disadvantage of doing a content-only blog, or attempting one, is that content CREATION is vastly harder than content referencing, especially when one has a day job.Nevertheless, there are some upcoming rants/topics that I plan on pursuing in the near term. This is a preview."Stupid VM Tricks", or why you should hold off on infrastructure upgrades. How to leverage upcomming VM-friendly x86s

Should We Close Reagan National Airport?


Matthew Dodd over at SFTT comments that a proposed policy allowing "private" planes to fly into Reagan National Airport represents another instance of Politics over Security.I actually take an even more extreme view: I don't believe Reagan National should be open for ANY nongovernmental/nonmilitary flights.The reopening of Reagan national to even commercial flights was a triumph of convenience

So What Will Happen To Real Estate?


So what is my prediction? After all, I'm deliberately staying out of the real estate market, so why am I making this decision. The first question is how are people able to buy at all, with prices so high? With the example 2 bedroom condo requiring over $3000 a month in cash flow, and over $2200 a month in tax-neutral cashflow, how can anyone afford anything?Of course, people aren't paying

Why I'm Not Buying A House..


As I've graduated, and now have a stable job and income, I'm supposed to think about buying a house, rather than continuing to pay rent. But with Bay Area home prices at dizzying levels, I have to ask whether it makes sense to buy or keep renting. Being logical, I decided to use everyone's favorite financial "what if" tool, a spreadsheet, to construct a model of the various costs.But before I

Export License Required to Log In...


The Commerce Department, in the Federal Register, has proposed some significant changes to the Export Control Rules. The changes seem subtle and arcane (a change of 'and' to 'or', changing country of citizenship to country of birth OR citizenship (whichever is more restrictive), and a couple of "clarifications"). But the implications appear huge, especially the 'and' to 'or' change. Assuming



I figure that I'm enough of an egomaniac that I finally should start up a blog. After all, it is only academics with LARGE egos which should be blogging... This is not really very active yet, but I expect to use it in the future to post original items.For background, my research area is computer security and computer architecture. I received my Ph. D. from UC Berkeley in the fall of 2003, and