The state of BlahBlahBlahg

Since I’m getting just a few regular visitors a day right now (yes, I check my logs to get an idea of where my traffic comes from), I thought I’d take a few lines to write about the status of the site.  I am consistently seeing over 100 unique hits a day now.  Unfortunately for me, somewhere around half of those are crawlers.  And let’s face it, around 50 unique hits per day isn’t much.  But it makes me feel good to see incoming traffic from, forums where I post, the trackbacks from the stories I link, RSS aggregators, and occasional lucky hits to me from search engines.  I’m getting a few regular visitors, too.  So at least a few people re-visit, which makes me think I’m posting something others find interesting.  This has no meaning to anyone but me, but I thought I’d at least say thanks to the few folks that come back occasionally.

What is up with USB flash drives?

Not an interesting read or anything, but I’m really wondering what’s happened to USB flash drives.  Early this year I was looking for a 1-gig drive to replace my wife’s crashed 256 Meg drive.  I found a 2-Gig for $80, and at the time, that was considered quite the deal.  Tonight, while looking for memory for my brother’s computer, I saw half a dozen 4-gig models at newegg for under $100.  There are 1-gig drives for under $30 now.  Prices have plummeted in just a couple of months.  I’m just surprised by how quickly things are coming down.

[tags]USB drives[/tags]

Movie-plot threat contest

I forgot to post this when I first read it, but I find the idea so intriguing that I felt I had to pop it up here now that I’m reading up on it again.  On his blog, Bruce Schneier is running a movie-plot threat contest.  The basic idea is to come up with some potential terrorist threat that is highly unlikely, but sufficiently sensational to capture the attention of security spenders and elevate public fear enough to damage the economy and get public buy-in to bad, stupid, or highly intrusive but ineffective security measures.  As of last week, Bruce reported nearly 600 entries, and I suspect that number will grow for a while yet.

Looking over the different terrorist plots, they seem to fall into several broad categories. The first category consists of attacks against our infrastructure: the food supply, the water supply, the power infrastructure, the telephone system, etc. The idea is to cripple the country by targeting one of the basic systems that make it work.

The second category consists of big-ticket plots. Either they have very public targets — blowing up the Super Bowl, the Oscars, etc. — or they have high-tech components: nuclear waste, anthrax, chlorine gas, a full oil tanker, etc. And they are often complex and hard to pull off. This is the 9/11 idea: a single huge event that affects the entire nation.

The third category consists of low-tech attacks that go on and on. Several people imagined a version of the DC sniper scenario, but with multiple teams. The teams would slowly move around the country, perhaps each team starting up after the previous one was captured or killed. Other people suggested a variant of this with small bombs in random public locations around the country.

There is a lot of meat to this article, so head over to Bruce’s blog and read the entire contest status update.
[tags]Schneier, Movie-plot threats[/tags]

Airline security failure overseas

(via Bruce Schneier’s blog)

I know that neither of my visitors likely share my fascination with computer and physical security, but I still like to share interesting stories I read about security problems.  This one, in particular, caught my eye because I’ve pointed out the same potential problem numerous times in real life (yes, I actually interact with people not online at times).  Here is the full story from the link:

An investigation is being conducted into a security breach at Dublin Airport last week.

A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening.

It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security.

Informed sources said the incident which took place last Tuesday was a ‘‘procedural’’ breach.

Flash a badge that looks like the right one, and through you go without screening.

I’ve worked places where security requirements are such that all employees must pass through metal detectors and have all packages hand inspected.  All employees except the security guards, that is.  I’ve worked places where security requirements are such that all contract employees must pass through a metal detector and have bags passed through an X-Ray machine, but company employees don’t have to submit to any inspection.

In each of these cases, consider who the most likely culprits are in cases of stolen equipment or prohibited items making their way inside the security perimiter.  But if you state the obvious answer, you’ll be accused of having a bad attitude because you are in the former groups instead of the latter.

So, continuing with the above article, this is a failure where someone in charge of screening allowed someone who upon cursory inspection appeared to pass the “allowed to enter without screening” requirements, and was therefore allowed to enter without screening.  This risk can be reduced somewhat with better inspections than cursory, but it can be reduced even more by getting rid of that exception.  Of course, this won’t happen, because too many those in charge of physical security prefer to consider their groups outside the need for physical security checks.  Isn’t it ironic?
[tags]Security failures[/tags]

Sony still hates consumers, now also hates artists

(via boingboing)

Sensationalist headlines just sound good to me some times.  For this write-up, the title refers to the fact that Sony pays its recording artists royalties on iTunes downloads as if the download were a sale of music.  This means lower royalty payments.  However, when a consumer downloads a tune from iTunes, Sony has a license agreement that restricts the user’s rights, basically stating that the download is a licensing of content, not a sale of goods.

NEW YORK – Rock bands Cheap Trick and The Allman Brothers Band are suing Sony Music, claiming they are being shortchanged on royalties for songs downloaded legally over the Internet.

. . .

According to the suit, the record company is treating digital downloads like traditional record sales, rather than licensed music, triggering a different royalty deal.

Under that old rubrik, the record company deducts fees for the kind of extra costs they used to incur when records were pressed on vinyl, including packaging charges, restocking costs and losses due to breakage.

Tracks sold over the Internet usually go for about 99 cents. About 70 cents of the sale price goes to Sony. The bands are getting about 4 1/2 cents per song, according to the suit, rather than the approximately 30 cents they claim is rightfully theirs.

Something smells fishy here.  Anyone know what that is?

[tags]Sony, iTunes, Screw the consumer[/tags]