Friday, September 23, 2005

Researchers recover typed text using audio recording of keystrokes

Holy cow! This is a bit disturbing, even to someone like myself.

I'm sure the truly paranoid will never be able to sleep at night knowing this little tidbit.

Thursday, September 22, 2005

Freakonomics, abortions and crime

No comments:
Orson Scott Card discusses Freakonomics the discovery of correlations, causes and effects that completely disagree with what is usually considered common knowledge. He uses correlations between crime rates, abortion and promiscuity as a prime example.

Even if you disagree (and I'm sure most people will, because the conclusions are quite disturbing), it's extremely thought provoking and should be read by as many people as possible.

Tuesday, September 13, 2005

Common sense security

No comments:
This is based on a comment I made in the MacBytes forum. It was in response to an article about Mac OS security, but is equally valid for everybody.
All security for all operating systems must start and end with the user. If the user is knowledgeable and vigilant, then most security products are unnecessary. If he is not, then no amount of add-ons will protect him.

I use a wide variety of computers at home and at work, running a wide variety of operating systems, including Windows. I employ the following security measures for all of them:

  • The networks (home and work) are behind hardware firewalls. The home LAN is behind a Linksys router with NAT turned on and all but one inbound port (SSH) blocked. The corporate LAN has its own firewall, administered by the IT department.
  • Operating system software is kept up to date with all the latest patches. I use the auto-update facilities to inform me of updates, but not auto-install them. (I want to know what and when I'm installing these patches, even if I end up installing them all.
  • I keep my applications (especially internet-using ones) up to date with the latest patches from their respective vendors.
  • I only install software that I purchase or download from well-known sites. This is almost always the publisher's own site or a genuine not-pirated CD.
  • I do not trade "warez"
  • I do share my disk volumes over the LAN, but with some restrictions. At home, all volumes are exported as read-only (if I need to put a file on another computer, I log-in locally to that computer and use the network to fetch it from the file's source computer, which also exports its volumes as read-only.) At work, I use our network's domain-level security so that only my personal account can mount one of my volumes read-write - other domain users are read-only, and guest-access is blocked.
  • I disable auto-installation in all programs, including web browsers, games, and the OS itself. I will let apps notify me when updates are available, but I must always give approval before download or installation. When stuff has certificates (like Windows updates), I review them to make sure the files come from where they are supposed to be coming from.
  • I never run a program e-mailed to me. Never. Even if the message is expected and comes from someone I know, I won't trust it. If I want someone to give me a program (which happens very very infrequently), I'll have him put it on a known web server and send me a URL to it, or (even better) snail-mail me a CD or load it into a flash drive I always carry with me.
  • I don't use known-insecure programs (like Outlook)
  • I configure my e-mail program (Thunderbird) to disable plugins, Java and JavaScript. Remote images are blocked.
  • Whenever possible/practical, I work from non-administrator accounts. Unfortunately, this usually isn't practical for Windows systems, but it is no big deal on other systems (including Linux and Mac OS.)
Note that none of these procedures require the purchase of any special software and none require the overhead of background software.

I do keep a virus scanner (provided by my employer) running on the Windows PC's just in case something should slip by my procedures. (The scanner updates itself every day at 1:00am and scans the local hard drives every day at 2:00am.) To date, I have gotten exactly one virus over the entire time I've had computers attached to the internet (which is as long as the internet has existed.) And this virus arrived via Microsoft's own Office Update server.

I also run AdAware and SpyBot S&D to scan for spyware on the PC's. I run these scans infrequently, but they have never found anything more intrusive than tracking cookies in my web browsers. (Which I make no attempt to block - I don't consider cookies a serious threat.)

I run the Microsoft software firewall on my Windows XP boxes, but I do not normally run software firewalls on any other computers, preferring to rely on the LAN's hardware firewall. I do keep a copy of Zone Alarm installed, but disabled on Windows laptops - I enable it when traveling in case other networks don't have proper firewalls in place.

Sometimes people ask if I should run antivirus software on my Mac. I tell them what I just wrote above. With proper security procedures, a virus scanner should not be necessary. If the Mac should ever become a target of intense malware activity (like Windows is), I will probably invest in antivirus software "just in case" it should be needed, but I intend on waiting until then.

Monday, September 05, 2005

Pizza to prevent cancer?

No comments:
This weekend, I saw excerpts from this (July 2003) Reuters article posted in the window of a pizza parlor. I found it rather fascinating. There appears to be a link between regular consumption if Italian pizza and reduced cancer risk.

Follow the link for the details.

Thursday, September 01, 2005

Orson Scott Card: Gaza and the Israeli Settlers

No comments:
Card analyzes the current Israeli political situation. Specifically, Sharon's move to forcibly remove all Jewish settlers from Gaza.

His analysis (which I won't repeat, because it is somewhat involved - go read the article) seems solid, but it does not leave me with a good feeling about the man.

While Card's analysis may make perfect sense from a global-politics point of view, ultimately, this policy boils down to forcing people out of their homes in order to create a PR campaign. This is especially disgusting and hypocritical when you note that Sharon (who was not Prime Minister at the time) was one of those trying to convince as many Jews as possible to move into Gaza.

My prediction (which is far from mine alone) is that this policy is not going to change a thing. The terrorists will continue to use Gaza as a base of operations for attacks against Israel. They will now start demanding more land, including Jerusalem (and based on recent reports of attacks there, this may already have begun.) And what is Israel going to do? They're either going to have to wage an all-out war (destroying any sympathy from the press) or they'll sit back and let their people be murdered (which seems to have been their policy up until now.)

PR stunts may work fine for drumming up global sympathy, but they won't do squat for bringing about peace. When you're dealing with an enemy that sincerely believes in victory-or-death, and victory means your complete annihilation, you only have one option - to give them death. Until Israel (regardless of who is in charge) faces this reality, every action they take is just another euphemism for surrender and suicide.

Maybe I'm being far too pessimistic here. I certainly hope I am. But so far, those who disagree with me can only point to wishful thinking to back up their arguments.