A really simple Drupal 7 example module

I developed this module back when I managed my self-hosted Drupal system. Since then I’ve found that there’s more to life than managing your own web site, and that it’s cheaper and more effective to do it through WordPress.com even though I retain a fondness for Drupal. Yes, it’s ironic that this Drupal example is hosted on a WordPress server.

Continue reading A really simple Drupal 7 example module

Boston University’s RAX Library

(circa 1973-8)

Boston University (BU) developed its own timesharing system in the 1970s for its IBM 360 and 370 mainframes. The system was based on the batch-oriented Remote Access Computing System (RACS) developed by IBM. McGill University also participated in RAX development, but their version was renamed “McGill University System for Interactive Computing” (MUSIC). Although many of the details are lost in the mists of time, both systems used some text processing tools developed at BU.

Continue reading Boston University’s RAX Library

Pragmatic Security: the history of the Visa card

BankAmericard welcome signI’ve been looking at the evolution of electronic funds transfer (EFT) and payment systems recently. My research uncovered a gem: about two years ago, David Stearns completed a dissertation that looks at the early evolution of the Visa card (originally “Bank Americard”) in the context of other evolving electronic payment systems. Stearns’ work is both readable and filled with interesting information.

Continue reading Pragmatic Security: the history of the Visa card

Boak’s Puzzle: Disposing of Classified Trash

Boak's History of US COMSECRecently I was skimming through the NSA’s “classified history of COMSEC” (Volume 1 and Volume 2).  This “history” is a transcription of lectures by David G. Boak, who liked to explain NSA-related topics from a historical perspective. He clearly inspired a generation of NSA’s employees. The last “real” page of the document contains a humorous story and a crypto puzzle (link to extract in pdf).

The NSA had an incinerator in their old Arlington Hall facility that was designed to reduce Top Secret crypto materials and such to ash. Someone discovered that it wasn’t in fact working. Contract disposal trucks had been disposing of this not-quite-sanitized rubish, and officers tracked down a huge pile in a field in Ft. Meyer.

How did they dispose of it? The answer is encrypted in the story’s text! Continue reading Boak’s Puzzle: Disposing of Classified Trash

Real-world document encryption

I’ve been reviewing histories of cryptography recently and here’s an interesting thing about pre-computer encryption: it’s almost entirely used for communications security. People encryptedmessages, but they rarely encrypted documents.

I’ve finally found a few real-world cases: encrypted diaries. BBC did a short segment on them last summer. But I’m still looking – there must be other cases where someone needed to keep some long-term data secret from prying eyes.

Continue reading Real-world document encryption

Design Patterns for Identity Systems

These are design patterns in the Christopher Alexander sense rather than the object oriented design sense: they address the physical and network environment rather than focusing on software abstractions. The patterns were introduced in my book Authentication.

There are four patterns: local, direct, indirect, and off-line.

Continue reading Design Patterns for Identity Systems

A Simple CPU Demonstration

Simple CPUCPU = Central Processing Unit

The CPU is the working part of the computer.

It runs your programs, makes changes to the contents of memory, and sends data to peripheral devices.

Thus, it causes the computer to produce the results you want.

The Simple CPU demonstrates how a computer works: what some very simple computer instructions look like and how they are combined to perform a calculation.

Continue reading A Simple CPU Demonstration

Fixing the Insider Threat: Separation of Duty

The insider threat isn’t easy to fix. We can fix it with Separation of Duty, but it requires planning ahead, discipline, and effort. But it’s essentially why banks can hire low-wage tellers and not worry about theft at the till (or at least not as much).

San Francisco lost control of their FiberWAN. It’s not clear how much this affected day to day operations, since the city appeared to still be working. And that in itself is a tribute to separation of duty.

Continue reading Fixing the Insider Threat: Separation of Duty