Apple Security Updates

Apple has released an updated Security Advisory, to fix two problems introduced in the previous rev. Not a big deal, unless you happened to be trying to deal with their ftpd. As we’ve pointed out (PDF) in the past, security updates are a race between attacks and defense, and there are trade-offs you can make.

I’m still trying to find out what’s in Apple Remote Desktop security update, to make a good decision about if I should install it.

Holy Lousy Security, Batman!

Britons seemed startled by the ease with which palace security was overrun by two men in super hero costumes carrying an extension ladder….Police used a crane to extract him from the ledge as his supporters chanted “free Batman” from behind a police cordon.

From the New York Times story. Or, Google News has more. The men were protesting for more father’s visitation rights after divorces, and the right to carry ladders in public, which will shortly be banned in England. An exception will be made for those who have a builder’s license, pass a background check, and pay an annual fee.

"Want more Secure Software?"

SecurityFocus points to a nice short article over at suggests that

Gartner advises that for companies building their own software, developers should be pushed to put security at the head of their list. It’s not just in-house tech makers that need a word in their ears – the analysts suggest end users should give vendors grief about tightening up their security procedures too.

John Pescatore, the analyst in question, nails it. If you want more security from your vendor, you’ve got to make it a buying criteria. If you want more security from your developers, you’ve got to make time for it in the schedule, and you’ve got to give them tools and training to know what to do. Better security isn’t hard, it just costs some money. Do you prefer to spend that up front, or on operations later?

Mathematical Classifications

Mathematicians use a scheme called the Mathematics Subject Classification, (MSC) which includes a “how to use“, as well as a long history of being revised to reflect changes in the field, and I would guess, practice in how to effectively classify things.

It has a General and Miscellaneous Topics section, too.

Articles must be given a primary classification, and may be given arbitrary additional classifications. The first article in the first volume I was published in was 54C40, 14E20 secondary 46E25, 20C20.

That’s (54C40 Algebraic properties of function spaces), (14E20 Birational Geometry:Coverings), (46E25 Rings and algebras of continuous, differentiable or analytic functions {For Banach function algebras, see 46J10, 46J15})*, 20C20 Modular representations and characters).

Google doesn’t seem to be specialized in searching these things. Those 4 numbers as a search don’t return the specific paper, but then, the specific paper isn’t online. There are search engines that are able to search by MSC. (It’s under “Class”) in that link, or try to navigate in Norwegian. I did, before finding the English link.

UPDATE: The * after the {see 46J10, 46J15} was going to be a footnote, explaining that {braces} represent prioritization–you must check to see if 46J10 or 46J15 are better fits.

Canadian Health Care

The New York Times reports on a lack of doctors in Canada, along with a rise in Canadians using emergency rooms to replace family doctors. (Use BugMeNot if you don’t want to register.)

The basic problem is economic. Doctors are much better paid in the US than in Canada, and doctors can easily move. Its also harder for a doctor to be entrepreneurial in Canada, not only because of the extra paperwork, but some things that they may want to do are actually banned. For example, a doctor can’t open a private surgery with the plan to sell overnight stays, even if people want to pay for it. The slur against that is it would ‘create a two-tier system.’ Similarly, the supplemental health insurance I had while working in Montreal would pay for a private hospital room, but there were either none or very few, reserved for senior politicians and the otherwise well-connected. Apparently a private room counts as two-tier.

Of course, there is a two-tier system now. A well-off friend once flew to the US for treatment he needed. It seems that Canada could do a better job of providing base care while still providing the base level of health care which they do. And another friend, just to balance the anecdotes, has gotten good long-term care for an unusual and life-threatening condition. He’d be long bankrupt in the US.

Shih shih…

The great linguist Chao Yuen-Ren once wrote an essay in Chinese using only words which (in Mandarin) would be transliterated as shih (using Wade-Giles; shi in pinyin). You can see the text in characters and two transliterations, read the translation (“A poet by the name of Shih Shih living in a stone den was fond of lions…”), and hear both Mandarin and Cantonese readings here

Via LanguageHat, where you can see the reference chain.

Bluetooth and phone security

Some Singaporean students have figured out how to use Bluetooth to turn off the cameras in Nokia’s phones, according to an article in Gizmodo, via a long chain to a now deleted newspaper article.
I wonder if they turn it back on when you leave the area?
However, Loosewire, the earliest still working link, implies that software is loaded onto the phone.
There have long been rumors that phones can be remotely, and silently activated, to act as bugging devices by law enforcement. Activating the camera remotely is pretty similar. It wouldn’t surprise me if BlueTooth Security vulnerabilities lead to either of these functions being controllable by whoever’s nearby. I wonder how much it would cost to repair every Nokia/Bluetooth/Camera phone in an area after someone with a high powered radio sent them all a message?

Airline "security"

The Webflyer points to a great David Rowell column, including:

An argument ensued. Ms O’Leary not unreasonably thought it unfair to be trapped on the delayed flight when there was another flight due to leave shortly that she could make if allowed to leave the United Express flight. The pilot called the police who arrested her for disorderly behavior. After some three hours of questioning by police and FBI, they eventually released her.

Ms O’Leary is not only a former US Secretary of Energy, but also a current board member of United Airlines, and has been for almost five years.

Now, while I agree that you can’t trust those senior government officials on anything, I can’t see three hours of questioning. The airlines are clearly using the police to threaten passengers who think their service stinks, and are speaking out.

Swire on Disclosure

Peter Swire has a new working draft A Model For When Disclosure Helps Security. Its a great paper which lays out two main camps, which he calls open source and military, and explains why the underlying assumptions cause clashes over disclosure. That would be a useful paper, but he then extends it into a semi-mathematical model of the factors that contribute to the usefulness of hiding information. (Semi-mathematical because there’s no numbers attached, but rather “high/low” rankings.)

Continue reading