You are here

rick's blog

The electronic library debate continues

Cousin Jon emailed me David Pogues' recent blog on copyright, with an observation on digital libraries.

The science and technology world has an interesting analog to the paper vs electronic print music debate. In our world, the problem crops up with professional papers. My own attitude is clear: if I have the choice between downloading a free copy of someone's paper I find on-line, or purchasing a copy from the professional society, I grab the free copy.

Partly this is because the original author doesn't get a penny from publication sales. In many cases the author is lucky if the association prints the paper for free, without requiring "page charges." Another reason is that, in most cases, the paper is actually made available on-line by one or more of its authors.

Wordpress tag: 

CPU-based Security Improvements Adopted Slowly

'Way, 'way back in the 1960s, computer designers tried out different techniques to limit how a computer executed its programs. Some should be pretty well known, like storage protection and the distinction between "kernel mode" for the operating system and "user mode" for applications. Another was data execution prevention (aka "DEP"), where the computer distinguishes between RAM that stores instructions and RAM that stores data. If the program tries to jump into instructions stored in data RAM, the CPU aborts the program.


Fast forward to 2010. Most microprocessors were supporting DEP in the mid 1990s; a few supported it before that. OS support came more slowly. Windows as been using one form or another of this since 2004 in XP Service Pack 2. However, it doesn't matter for most major applications, because they didn't fix their code to take advantage of it. So, if they suffer a buffer overflow, there's nothing to prevent the computer from trundling off to la-la land.

Russian spycraft ain't what it used to be

A wise note written by Johannes Ulrich of SANS Institute outlines cyber security lessons from the recent russian spy arrests. Clearly, information security tradecraft has not made its way into spy schools, at least not in Russia.

A lot of their failures trace back to a stealth search warrant a few years back that netted an encrypted drive. One of the agents fortunately noticed the slip of paper with an obscure set of letters and numbers: the written password.

Wordpress tag: 
Post category: 

More puzzles from the Puzzle Palace

A reader pointed me to an apparently dull collection of NSA documents recently posted by that useful source, One of the hidden gems is a "CMI Newsletter" containing a eight pages of crypto puzzles.

I've taken the liberty of posting the CMI Newsletter separately (PDF, click this link), but kudos go to GovernmentAttic for dredging up this diamond in the rough. If you work out answers, feel free to post them here, or at least provide a pingback so interested people can find them.

Post category: 

More on the Internet Kill Switch

OK, I've calmed down and looked at recent news reports. First, I'm relieved to see that the Obama administration is not in fact behind this nonsense - it's a cadre of clueless US Senators. Second, the Administration is not supporting this nonsense.

Post category: 

The Internet "Kill Switch" is Nonsense


Okay, I got that off my chest. [see later post]

For those who came late to the party, here's how to think of the "Internet Kill Switch." Substitute "Internet" for any of these:

  • National highway system
  • National airspace
  • Nationwide broadcast system
  • Starbucks
You can't have an "Internet Kill Switch" for the same reason you can't have a "Starbucks Kill Switch." The things being controlled are thoroughly distributed and they operate independently.

Yes, the President can always declare a "Starbucks Emergency" and demand shutdown of all Starbucks (and Caribou and Dunn Brothers and other caffiene chains, to be fair). But there's no real control over such things. Someone won't get the word, or they'll ignore it.

Wordpress tag: 
Post category: 

The challenge of employee monitoring

Tam Harbert has posted a fairly even-handed discussion of employee monitoring in Computerworld. This is a difficult topic to address, since it treads on the fine line between employee privacy and a company's obligation to ensure efficient use of their resources. When Secure Computing bought Webster Webtrack, a web filtering product, back in the 1990s, the developers said that they'd see drops of 70% in web traffic when users knew they were being monitored.

It's a well known fact - people are more likely to behave if they think they're being watched. And it's easy to waste time surfing the web.

Post category: 

Spreadsheet CPU

Back when I was teaching full-time, I constructed a CPU simulation in Excel. Originally I used it to teach non-majors about CPU instruction cycles, an obscure topic included in an obsolete list of the course's required topics.
Post category: 

A Memoir of Secure Computing Corporation

Now that Secure Computing Corporation is a memory, having been acquired by McAfee, I'm going to write up a few memories of my own experiences. At one point I posted much of this in the appropriate Wikipedia entry, but that's actually not kosher. Since much of it is based on personal recollection, these words fall in line with what they call "original research." So I'm posting it here.


I joined Secure Computing about a year after it came into existence. It was called "Secure Computing Technology Corporation" at the time. By the time I left, they'd gone through three more company presidents, 4 corporate logos, several mergers, and bounced the corporate headquarters from Minnesota to Silicon Valley.

MS Word versus Framemaker

I've been using Framemaker to create large documents for almost two decades. I'm currently participating in an email discussion group of Frame users, and someone asked about comparing Microsoft Word and Frame. Someone else suggested Googling for the answer, since lots of people like to talk about it.

So, here is my own contribution to the question.



Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer