Reflecting on a metaphor I made the other day. There’s a saying, “When all you have is a hammer, everything looks like a nail.” Thinking about some new users’ experiences with OpenBSD, I think OpenBSD is a lot like a screw, whereas Linux/OS X is a nail. First, they serve roughly the same purpose. They are, from a distance, roughly the same size and shape. You can even drive a screw into wood using a hammer, though it will be a frustrating experience (especially if it’s a machine screw). Once you learn to use the right tools, however, screws are also easy to work with, and maybe a better choice if what you’re looking for is a secure fastener (though I may be biased). OpenBSD generally follows the same POSIX standard as other unix flavors, so lots of things will be similar, but there are differences as well and ignoring them is not recommended.

A personal followup of sorts regarding Bay Area public transit and its solutions. I’m trying to get from the SFO airport to Facebook headquarters. My friend suggests Uber, seriously and repeatedly. Just for giggles, I inquire with the Google Maps what my options are. Take BART to another BART to Caltrain to a bus and hoof it on foot from there. All told, about as fast as the Oregon Trail and with a total fare cost probably approaching my plane ticket. How do people live like this? (How did I live like that?)

Related: A Walking Tour of Silicon Valley.

“Occam’s Razor is pre-Snowden thinking. Like 9/11, Snowden changed everything.” - tptacek

Some thoughts on what it means to be POSIX compliant and why OpenBSD deliberately fails to comply in some cases. For background, I think the POSIX standard is a bit ridiculous, but that’s more about the absurdities one encounters when super strictly interpreting a standards document. This is more about refusing to follow along with even a more even handed interpretation.

more...

I previously described the bcrypt pbkdf. The design is still the same, but yesterday djm noticed a fatal flaw in the implementation. The regress test which I created on amd64 was failing every test on i386. Obviously not good.

more...

The cool thing to do is encrypt all your network traffic. This used to be cool, but it’s even cooler now. I don’t really see much point to encrypting your nytimes.com visits, but I guess some people don’t like others knowing what kinds of news articles they read. (We all know you just read the gossip columns.) Anyway, the downside is minimal to non-existent, so go for it.

But wait! I was reading about The Dictionary of Numbers and got to the downside mentioned at the end. The browser extension was also modifying the text of a bank statement. Ordinarily, I’d say the easy thing is to only use amusing extensions on http, but not https, sites. How does that work in the brave new world of all https all the time?

Used to be https served a dual role as a signifier of serious business. Now it doesn’t, but we haven’t really replaced it. True enough, it was never a reliable signifier, and maybe the best thing to do if running with a dozen funny extensions is use a different browser (profile) for serious business.

I wonder how this affects phishing. When “https is secure, make sure your bank uses https” permeates into the general conscience, does it become “if everything is https, everything is secure“? Does the prevalence of https inspire false confidence in the web or will people learn that https was never a good signal for determining the legitimacy of a (possibly forged) web site?

Happy Canada Day! And almost 4th of July. Some shock and outrage to go with the fireworks. Don’t worry, I’m not entirely serious. The contrarian in me made me do it.

more...

I’m not sure what trickery LinkedIn uses to trick my connections into endorsing me, since they don’t seem like the kinds of people who would do so voluntarily, but LinkedIn never fails to notify me of my ever growing reputation. (I wonder if and how many people I’ve endorsed.) Today’s email was pretty sweet:

I've just endorsed you for new skills & expertise!

Amp expertise is definitely going on the resume.

Quoting from Celiac Power, “They tested the blood for gluten antibodies, expecting to see the current 1 percent rate of disease. Instead, only 0.002 percent of the airmen tested positive. Further tests showed today’s young men were 41/2 times more likely to have the illness.”

Puzzle: Arrange the numbers 0.01, 0.00002, and 20.5 in a sensible equation.

Google Glass facial recognition. “I think that makes conversation far more efficient.” For all those times I’ve had an inefficient conversation with somebody because I couldn’t read their Wikipedia article out of the corner of my eye.

From Ars.