techdirt reports on artificial intelligence security system flagging innocent parent as registered sex offender, despite numerous mismatches in data.

Schools and other bureaucracies are already run by people with little to no common sense, an infantile view that security can be provided by something that doesn’t require any thought or effort from them, and irrational fears that lead them to run around solving problems which don’t actually exist so they can act busy and look like they take security seriously. Bruce Schneir calls this security theater. It would be security comedy except innocent people get hurt. It’s not going to end well. This system is called Raptor. Continue reading

Or, how Lizzie Warren (probably) made sure she had Instagram views.

Elizabeth Warren shares a “sincerity” micro-brew with her authentic social media followers.

Super-hip, septuagenarian multi-millionaire Lizzie “Fauxcahontas” Warren took to the inter-webs and the social medias yesterday in a genuine, homespun, all-American moment of camaraderie with the common folk. Standing in the kitchen of her quaint little mansion in Cambridge, the revered and much-loved 1/1024th Native American icon had a beer in the company of her hubby and her dog and shared her humanity with adoring fans.

Or, not so much. In a world where most normal people would rather watch an embalming than a live stream of a politician faking authenticity, you have to ask how did Warren make sure she would have some minimum number of viewers for her little fireside chat?

I can’t find any stats on how many viewers Warren had, but you can be sure she had a plan in place to ensure a minimum audience. She is not about to throw a party and leave any risk that no one will come.

So how do you guarantee that you get views on the internet? The best way is called a click farm. While we can’t know for sure, many of the so-called InstaGram “views” may not have been fans at all. Or even humans. Continue reading

My friend Matt Mower recently pointed me to the Blueprint CSS Framework, a very nifty set of modular CSS stylesheets and accompanying sample files that help a neophyte web builder create nice looking sites with multi-column layouts while still using CSS.

I can’t point you to my results yet, but I can say that it’s helped me immensely and allowed me to actually structure a multi-column web page without the use of tables.

About once a year I foolishly take on the task of designing a new website. As you can see from the HTML on this very page (assuming you’re looking at my web page and not the RSS feed) this effort has never actually resulted in a new design for b.cognosco. But never mind that.

What normally happens is that I spend days and days with high blood pressure, evolving a blue-streak vocabulary, throwing temper tantrums, and being cruel to small animals while I try to get HTML to do what I want with my limited understanding of the all too cryptic CSS.

Once I have good and well failed at that I try to hire someone to help me. I am a cheap bastard and have no interest in going out to *real* designers who will charge me $3,000 – $10,000 for a website that is basically for some hobby interest of mine or some freebie for a friend. But I am also a contrarian – so I do not wish to click over to TypePad or WordPress and grab up a template that is in use by a few hundred other people. I like to do a lot of stuff that simple templates don’t cover.

So I do various mockups of the page in something I can understand (like Adobe InDesign) until I have something I am happy with, create a PDF, and send it to some HTML slice-and-dice service or con one of the many web people I know into doing a little work for me on the side.

Sometimes this last approach works out ok except that no one creates CSS stylesheets I can really understand. So even if the site looks good I have to spend days of frustration trying to understand the nesting and tagging and inheritance and hacks and browser-specific workarounds that everyone uses.

But Blueprint has made it a lot easier, and more understandable, to use CSS by providing a discrete grid for layout and a well-documented set of stylesheets that explain what things do. I’m told the grid is even quite useful for experienced web designers to speed their basic development. I’ll put some links to the new site(s) here when they’re ready. In the meantime, try out Blueprint. It’s nice.

maclockpick_pulls_private_data_via_usb_portOnly $499 and available in bulk from Subrosasoft, The MacLockPick is a handy little device for computer-illiterate trusted civil servants to plug into sleeping MacBooks and collect data from all those computers left lying around at crime scenes – just like on TV. Via Digital Trends Magazine:

MacLockPick Pulls Private Data Via USB Port

Friday, April 27th 2007 @ 6:50 AM PDT
By Nick Mokey
Staff Writer, Digital Trends News

Uncle Sam has a new way to pry into your data, and it’s as simple as popping in a thumb drive.

Lock up your MacBooks, Apple fans: SubRosaSoft announced Friday that they are shipping a USB thumb drive, dubbed MacLockPick, that can extract passwords, Internet history, and system settings from an OS X user just by slipping it into a USB drive.

Of course, the drive is only available to law enforcement, but we have to wonder if the same technology that powers it will ever become available to less scrupulous individuals. […]

Anyone wonder just what security measures are in place to ensure that only law enforcement can purchase this. Better yet, what security is in place to ensure that law enforcement doesn’t lose, misplace, or steal the device? Not that it does anything that a power user couldn’t do given a little private time with the computer, but it does make it seamless, simple, silent, and quick – just the thing for the sort of abuse-prone neanderthals that seem to make up far too much of the law enforcement population.

The following is a list of file items that can be extracted using SubRosaSoft’s MacLockPick:

Apple Keychain Passwords

  • System – The user password of the logged in user. Often this is shared for root access and FileVault encryption.
  • General – Includes (but is not limited to) passwords for encrypted disk images, wifi base stations, iTunes music store, iChat login, Apple Remote Desktop.
  • Internet – Includes (but is not limited to) login and password details for web sites, email accounts, some peer to peer networks, online services and stores, auction sites, and .mac accounts.
  • AppleShare – A list of login and password details for appleshare servers this mac has connected to.

Files and Folder details

  • Folder Dates – A list of all the key user folders along with their creation date, date of last modification, date of first access, and date of the most recent access.
  • Disk Images – Paths to the most recent disk images that have been mounted on this mac.
  • Preview – Full paths to recent files that have been viewed in the preview program.
  • QuickTime – File names for recently viewed movies fro the QuickTime player applications
  • Recent Applications, Documents, and Servers – Program names for the most recently used items on this Macintosh computer.

Instant Messaging

  • Default Login – for iChat instant messenger system.
  • Complete buddy list – including buddies who have since been deleted.


  • Account Details – login names and server addresses used.
  • Address Book – Address details for entries in the address book including contacts that have been deleted. This address book is used by most communication programs on the Mac and is used to synchronize with the iPod and other portable devices.
  • Opened Attachments – Paths to files that have been received as an attachment then saved or opened including the date and time of opening.

Web History and Preferences

  • Search Strings – The most recent items that the user has searched for using the google toolbar in safari.
  • Cached Bookmarks – Sites that have been bookmarked in Safari including items that have been deleted.
  • Current Bookmarks – Sites that are currently bookmarked in Safari.
  • Cookies – A full list of cookies include the server address the cookie value and the date and time of assignment.
  • History – Complete details of browsing history including the number of times visited and the date and time of the most recent visit.

Hardware Preferences

  • iPod – Serial numbers of any iPod that have been connected to this Mac along with the date and time it was first used.
  • Bluetooth Devices – hardware address of any bluetooth devices that have been paired with this mac along with the most recent time these devices have been paired.
  • Wifi Connections – Listings for wifi base stations that have been used on this computer including the base address and the date and time of the first connection.
  • Network Interfaces – MAC address for each integrated network interface on the suspect’s machine.

No doubt there will be, if there isn’t already, an open source version of this  or a free set of instructions to DIY for anyone with the time and inclination to do so.

For the past couple of weeks I’ve been working on a new site design for a client – We actually have the structure and information architecture pretty well mapped out and are focusing on look and feel, but this type of tool could still come in handy. Even though I am not a designer I’ve taken to creating my own mockups over the years because I find starting from ground zero with a designer to be incredibly frustrating and expensive – it just takes forever for a designer, even a good one, to figure out what you want if you can’t draw at least a basic picture of it yourself. So now I create a fairly complete mockup and then have a designer polish it. That works out much better for me.

But even though I’m getting better at it, I still go through lots of iterations – especially in basic information architecture. Something like Denim could come in handy. I like the mindmap-style sketch interface – seems to me the two are quite similar. I’ll be trying it out later this week. Hat tip to Jim McGee:

Web Design Tool: Denim Site Sketching

When you are making websites, inevitably some form of sketching will be done to rough out it’s design and interactivity.

Whether you’re the web designer or someone trying to communicate your ideas to a web designer, this little piece of software, called Denim, will come in handy.

What Denim does is allow you to create a mock website, with linking pages, just from your rough sketches. Obviously, this will work particularly well with a tablet interface.


Supports Windows, Mac and Unix.

Denim by the University Of Washington

A few weeks ago I reported that I had purchased a new firewall, a Netgear FVS124G. I was enthusiastic about it at first but, like most technology, the teething problems showed up rather quickly. Between then and now I’ve been dealing with technology at a level that I no longer enjoy. But it does appear that, with the help of people at the Vonage Forum, the Netgear Support Forum, and Netgear tech support I have managed to get most things working correctly.

The FVS124G has several features that attracted me:

Combined with my little Netgear GS608 Gigabit switched hub it makes a perfectly adequate small office backbone. The trouble was the firmware didn’t actually work in many areas. The idea behind dual WAN ports is that you can have two broadband connections. The firewall offers three modes of connecting:

  • Manual selection
  • Auto-rollover
  • Load Balancing

Manual mode means one WAN port is active. If it goes down (a daily occurrence with DSL in my area) you manually switch to the secondary (cable modem in my case.) Auto-rollover means that the firewall monitors the state of the primary WAN and if it senses failure it automatically switches over to the secondary. Load balancing is where both WAN ports are active and the firewall distributes traffic between them.

I wanted to use Load Balancing mode, taking advantage of the bandwidth available via both my DSL line and my cable modem line. I naively thought I could get better performance and reliability with less hassle. This is sorta true, sorta not. Everything has a price.

It turns out that lots of net connections require continuity – that is, they can’t send packets over two different broadband connections because the source IP address changes. HTTPS is one such protocol. VoIP is another. There are others, I’m sure. When these connections get broken up over two source IP addresses they cease to work. Since I’m a Vonage VoIP user once I switched to Load Balancing mode my phone stopped working. Not good.

I fiddled with that for quite a while, trying different firewall rules, QoS settings, etc. Nothing worked. The FVS124G has a protocol binding function which, in theory, would let me force all traffic from a given device or protocol to a specific WAN port. But it didn’t work. Even after setting up the correct rules a packet trace showed that VoIP packets were going over both WAN ports.

After reading some tech notes and forum entries I upgraded to the latest Netgear firmware release (v 1.1.38.) That was a disaster. The new firmware slowed my DSL connection to a crawl – about the same as an old 56k dial-up connection. It was terrible. So even if the other problems had be resolved, the new problems were worse. So I went back to my original firmware (v 1.1.30) and eventually got back to my starting point. But I couldn’t use Load Balancing.

The only way I could get the Vonage device to make a clean connection was to switch to Manual or Auto-rollover. Even with that I had to go through some hoops, as v 1.1.30 wasn’t SIP compliant and all the SIP functions had to be manually disabled by telneting into the box and issuing some arcane commands via a command line. In the end I settled on using Auto-rollover mode so that if my cable modem (now primary) went down (which it did with some regularity) the firewall would switch to DSL which, hopefully, would choose some different time to be down each day.

The trouble with this arrangement was that once the firewall “rolled over” to DSL it did not recover when the primary WAN came back online, instead going into Load Balancing mode and using both WAN ports. Which killed my phone service. Again. And required that I reboot the firewall.

Not much better than having to manually switch it.

As a result of all this testing, experimenting, and tech support contact the folks at Netgear asked if I would try an intermediate version of firmware, v 1.1.33, and try again.

I’m pleased to report that v 1.1.33 seems to be much better behaved. The protocol binding issue appears to be resolved, as well as having full SIP compliance. In fairly short order I have been able to verify that packets from the Vonage device are, indeed, staying on the WAN port for which they are designated. But there is still no free lunch.

You see, distributing traffic across two broadband connections adds overhead. Somewhere some processor must decide what packets go where, and that takes time. The net result is that total throughput in Load Balancing mode is actually somewhat lower than when using a single, dedicated WAN port. I had not thought about this.

To minimize the problem I can setup protocol binding rules to shape traffic and, essentially, perform manual load balancing. This seems to work pretty well. It lets me address my basic problem which is that my local LAN traffic was breaking up my VoIP connection, but it does little to add reliability. Now any given service or connection is subject to the service level of the broadband connection to which it is dedicated.

If my DSL line goes down (two or three times a day for 5-10 minutes each) my phone doesn’t work. If my cable modem goes down (this is getting rarer now) my e-mail and web browser don’t work. So I’m pretty much back where I started, except I do have clearer VoIP connections.

At least there is symmetry.

I downloaded a fresh copy of Acronis TrueImage Home 9.0 today and installed it on my ThinkPad. I’ll be imaging the ThinkPad hard drive to an external drive tonight. Over the next week I’ll be embarking on building a couple of computers. I used to enjoy doing that, but not anymore. I’m only doing it because I want to rebuild my two primary workstations – the one that went up in flames 3 years ago, and its replacement which cratered due to a dead drive controller on the mother board last summer.

Both have really nice cases, top-quality power supplies, and nice peripherals that still do what I need, so I didn’t want to just toss that stuff. Besides, my luck with branded PCs is no better. They go up in flames for me, too. I’m just death on computers, for reasons that completely escape me.

These two will be clones – identical motherboards, CPU chips, DIMMs, and system hard drives. That way when the first one dies I can just swap right over to the next and keep on working. In the meantime, the backup unit will serve as a file server and A/V workstation.

I really hope these are the last two computers I ever have to build. Maybe I’ll switch to Macintosh when the time comes to buy another one.

Brent Ashley reminds us all that backups are essential to peace of mind. Which reminds me… I’ve been living off my laptop for more than a year since my last workstation went up in flames (gawd, I hate computers) and I really need to back it up to an external drive like, right now.

The path to serenity is via regular backups

Michael O’Connor Clarke’s recent brush with near-data-death had a happy ending, and he credits my backup advice with helping to save the day. I figure now is as good a time as any to make that advice more widely known.

The ONLY successful backup strategy is one that actually gets your system backed up regularly. This means taking it out of the hands of the procrastinator and into the hands of the automator.

In my opinion the only truly workable restore strategy is to have a disk image to restore. If you have to spend untold hours loading your OS and programs, searching for license keys and farting around with settings, passwords, adding users etc etc, just to get to the point where you can restore your backed-up data, you are wasting time and money.

A regularly scheduled disk-image backup will save your otherwise very sorry ass many many times.

I use Acronis True Image to back up my laptop. The Home version suits my needs, but the Workstation and Server products are stellar as well for a business environment.

Acronis makes a compressed image of selected partitions on your hard drive. It does this in the background while you are still using your computer. You can schedule it to happen regularly so you don’t even have to think about it.

With Acronis you can:

  • Make a full image of your drive
    • Make multiple incremental images against a full image
    • Save the image locally or over the network, split to multiple files or CDs/DVDs
  • Access the images for read or restore
    • Mount any full or incremental image to access a snapshot of your drive via a drive letter
    • Restore your machine from any full or incremental state via disk, cd, network
    • Restore your machine from bare metal with a rescue boot CD
  • Schedule backups
    • Automate backups so you don’t have to think about them
    • Define pre and post commands to run

Those are the basics you need. Beyond that you can use the rescue CD to back up and restore non-windows partitions, too – Linux and BSD for instance. There are many other features too.

I have a scheduled task set up to back up my laptop every Monday and Thursday at 2am to my home server. If my laptop is plugged into my network at home at those times, it will save a full disk image to the server. If the target directory already contains a full image, it will build an incremental image.

At the start of each month, I delete the contents of my LastMonth directory and move the current image and incrementals there. I should really write a batch to invoke pre-task to do this automatically, since this is the only thing I still have to remember to do.

I’m pretty serious about my backups. On my server, I have two 250Gb hard drives that I synchronize daily using rsync. I also copy certain critical files off to a NAS device that’s at the other end of the house and take sporadic file backups to a USB drive to take offsite. You don’t have to get that crazy about it, but for the sake of your long-term sanity, by all means set up a regular image backup of your main machines.

A little over a year ago I lost a long-time friend and mentor to prostate cancer. He was a relatively young, healthy 60 years old. He was diagnosed in August of last year. He died in January. By the time he died the cancer had spread to his lungs and his brain. His loss will be felt for a long, long time.

The statistics on prostate cancer are discouraging – it’s the most common malignancy among American men. The treatments are barbaric, and our ability to diagnose early or with any specificity is poor, at best. But there is good news on the horizon.

As reported at MedicineNet, a new protein, called prostate cancer antigen-2 (EPCA-2), looks like it’s going to provide a far more accurate marker for cancer cells than the common PSA test:

“We’ve been able to show that blood levels of it are low in normal individuals and high in prostate cancer, and that it distinguishes between cancers that are confined to the prostate and those that have spread outside the gland,” explained study lead researcher Dr. Robert H. Getzenberg, professor of urology and director of research at Johns Hopkins University’s James Buchanan Brady Urological Institute, in Baltimore.His team published its findings in the May issue of Urology.


Spotting especially life-threatening prostate tumors is “the holy grail” of diagnosis, he said. Current PSA testing cannot distinguish between cancers that will grow so slowly that they pose no danger to life and those that require quick action. The hope is that the ECPA-2 test will identify men whose slow-growing cancers make them candidates for “watchful waiting” rather than immediate surgery or other treatment.

Speaking of curing cancer, if you want to donate to one of the world’s most efficient charities (by efficient I mean in excess of $.90 of every dollar goes directly to research) Seth has his Pan-Mass Challenge page up. All proceeds go to the Jimmy Fund at the Dana-Farber Cancer Institute.

Recent article in the Daily Mail reports on new use of an inkjet-style printer being used to fashion accurate, biodegradable bone grafts for cosmetic surgery and other uses. Fascinating…

The artificial bones created from an inkjet

14th April 2007

Scientists are creating artificial bones using a modified version of an inkjet printer.

The technology creates perfect replicas of bones that have been damaged and these can then be inserted in the body to help it to heal. The process will revolutionise bone graft surgery, which currently relies on either bits of bone taken from other parts of the body or ceramic-like substitutes.


Found via FUTUREdition from The Arlington Institute.