Stories vs. Statistics: "There may be comfort in numbers, but there is inspiration in story telling"

So true:

It confirmed something I have suspected. People, particularly in business, crave statistics. They need measurement. They like the confirmation of bar graphs and flow charts.

But what they remember are people's stories. People stories stay with them longer than do pie charts. People's stories inspire others to change, to innovate and to disrupt. There may be comfort in numbers, but there is inspiration in story telling.

(From Shel Israel, of Naked Conversations fame.)

Fix the World.

I feel so fortunate to live in a town where so many scary-smart people are trying really hard to make the world a better place. They've got lots of good ideas. They believe in what works - prove it! And they believe in the power of working together, sharing ideas and information, and realize what’s important to make sure that power can be used to help make the world a better place.

I’ve started to tag some of these people, places and things: http://del.icio.us/fullerbecker/fixtheworld.

Feel free to subscribe to that tag’s RSS feed and see what I find next.

Tie-dye credit: giina caliente

HP: all mice to be enuchs

No longer will Hewlett-Packard's mice have balls.

I am not an architecture astronaut!

I'm not.

I just wanted to get that on record.

Thanks, I feel much better now.

Integration - and why you really ought to subscribe to Kim Cameron's Identity Blog

Found this integration poster by Jeff Bohren on Kim Cameron's Identity blog. Kim's blog is very good stuff, in my "A+ Feeds" folder. If you have some ideas what "identity" means and why its interesting, you should without question be subscribed to Kim's blog. Go read, you'll see.

Coming soon to Rhapsody, I hope! I can't believe I haven't bought it yet. Saturday Nights & Sunday Mornings - Counting Crows: "Saturday Nights & Sunday Mornings - Counting Crows"

(Via Counting Crows Discography on Rhapsody Online.)

Yay! Time Machine now works on HD's attached to Airport Extreme Base Station!

From MacRumors:

After the release of today's Time Machine and Airport update, several readers report that Time Machine now supports backups to USB drives connected to your Airport Extreme basestation. This configuration essentially reproduces the functionality of Apple's Time Capsule product.

Looks like I can now get off the fence of "should I buy a Time Capsule, or can I get Airport Extreme and buy a third party (bigger) external hard drive?"

I want to do the latter, since I'll get:
- More space for my money
- Failure independence - if the wireless function fails, at least I won't lose the storage function. (In my experience, consumer wireless routers have a much shorter MTBF than consumer hard drives.)

Subversion checkout

Macintosh:Subversion beckerd$ svn checkout https://danproject.googlecode.com/svn/trunk/ danproject --username dan.becker
Error validating server certificate for 'https://danproject.googlecode.com:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: *.googlecode.com
- Valid: from Sat, 24 Jun 2006 00:05:41 GMT until Sat, 21 Jun 2008 19:45:36 GMT
- Issuer: Certification Services Division, Thawte Consulting cc, Cape Town, Western Cape, ZA
- Fingerprint: 89:87:5e:ca:0b:03:d2:83:db:7b:3f:20:5d:d0:76:c7:76:6b:cb:b2
(R)eject, accept (t)emporarily or accept (p)ermanently? t
Authentication realm: Google Code Subversion Repository
Password for 'dan.becker':
Checked out revision 4.
Macintosh:Subversion beckerd$

Subversion!

So, looks like I get to play with Subversion a bit.

I've started reading up on it a bit.

Set up a project on Google Code since that gives me a pre-set-up Subversion repository.

Collected a few subversion bookmarks on del.icio.us. If you know Subversion, take a look; am I missing some really good ones?

Installed Subversion and SvnX on my Mac.

Defeating full-disk encryption with a can of compressed air

I found this absolutely astounding.

 

But upon reflection, it makes sense.

 

From Bruce Schneier's blog

 

Cold Boot Attacks Against Disk Encryption

Nice piece of research:

 

We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.

[...]

The root of the problem lies in an unexpected property of today's DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of "canned air" dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 °C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power. Just put the chips back into a machine and you can read out their contents.

This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which "everybody knew" would cause the keys to be erased.

Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents. We show very effective methods for finding and extracting keys from memory, even if the contents of memory have faded somewhat (i.e., even if some bits of memory were flipped during the power-off interval). If the attacker is worried that memory will fade too quickly, he can chill the DRAM chips before cutting power.

There seems to be no easy fix for these problems. Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today's Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module.

The paper is here; more info is here. Articles
here.

There is a general security problem illustrated here: it is very difficult to secure data when the attacker has physical control of the machine the data is stored on. I talk about the general problem here, and it's a hard problem.

 

 

(By the way, did you know that Bruce Schneier's tears can burn holes through an OpenBSD firewall? Lucky for us, Bruce Schneier never cries.)