Chris Fenton shows that you can build a fully functional cycle-accurate Cray-1 with an FPGA. He even built a case that looks like an old Cray-1
Some quick testing shows my iPad 2 is about 18 times faster than a Cray-1. <grin>
Declan McCullagh in CNET reports that the Justice Department is pushing an absurd over broadening of the CFAA to criminalize violating website terms of service agreements.
The idea would be to treat all website terms of service as contracts fully limiting access to the site, therefor any violation of the TOS would be unauthorized access (A.K.A. Hacking) which is a felony.
Don't lie about your age, weight, height, or job title on that dating site!
Anonymizer just released the results of a new survey of people's use of privacy protecting technologies. The short answer is that the old standards, anti-virus and firewalls, are widely used. Unfortunately they don't actually do much to protect your privacy. They are more about security.
For full details, read the article.
Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack.
Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
This statistic really reinforces a point that I keep making. We are putting effort and treasure into fighting terrorism orders of magnitude out of proportion to its impact.
Out of more than 150,000 murders in the United States since 9/11 -- currently more than 14,000 each year -- Islamist terrorists accounted for fewer than three dozen deaths by the end of 2010. Part of the credit for this is surely due to the law-enforcement officers and community members who have worked to uncover plots before they could be carried out. But fewer than 200 Muslim Americans have been involved in violent plots since 9/11, most of them overseas, so credit for the low level of violence must be due primarily to the millions of Muslims who have refrained from answering the call to terrorism.
I posted this as a comment over on LinkedIn, but thought it was worth reposting on its own.
Privacy professionals can haggle over whether any given situation requires overwrite, multi-pass overwrite, degaussing, physical destruction or whatever else. The 99% issue is that people treat the trashcan icon on their computers as though it really and completely disposed of the file.
Closely related is the fallacy that your login password will protect your hard drive if your computer is sold / stolen.
I heard something recently at a conference which really struck a chord with me. It was about USB drives as attack vectors, but the argument applies very broadly.
We have spent many years trying to educate our way to computer security. It is very clear that is a failed strategy and given the relative immutability of human nature it is highly unlikely to ever be a successful strategy.
At this point, if I sell my password protected computer and that leads to my identity being stolen, shame on us as engineers who designed such a fragile system with such a huge and foreseeable failure mode.
We can argue about whether it should be a password or pass phrase, if there should be biometrics or other multi-factor authentication schemes, but lets at least make sure there is a door on the house and ensure that it is closed before debating tumbler lock vs. keypad.