Re: [FRIAM] Passwords

2010-12-23 Thread Nicholas Thompson
Oh, Gosh!

This reminds me of those printed instructions on aluminum ladders: "Under no
circumstances use this ladder for CLIMBING."

We ordinary mortals are screwed. 

Nick 

-Original Message-
From: friam-boun...@redfish.com [mailto:friam-boun...@redfish.com] On Behalf
Of Parks, Raymond
Sent: Thursday, December 23, 2010 8:52 PM
To: 'friam@redfish.com'
Subject: Re: [FRIAM] Passwords

Folks,

  I decided to put my advice about securing home networks in this message,
along with password advice.

To secure your home network -

1. Use a firewall - either build one or buy one.  Most broadband routers
include a firewall.

2. Configure the firewall to deny all incoming traffic and only allow
minimal outgoing traffic (http and pop3/imap is a good starting set).  Note
that I did not include DNS or ICMP - these have long been used for
exfiltration.

3. If you have wireless -

  A. Use the best authentication/encryption you can - WPA2 not WEP.  We can
break the latter in minutes if you are generating traffic.

  B. Find a way to treat that traffic as untrusted - route it into your home
network as if it's from the Internet.  This will require setting up a VPN
(IPSEC comes with all modern OSes) and sending traffic directly out to the
Internet.  The VPN would be used to access the internal wired network, if
you insist.

3. If you really want to expose a service to the Internet - don't.  Use a
port-knocking solution (google it) that only opens the relevant port for a
brief time after you have hit the right sequence of ports.  Consider using a
non-standard port when it opens - many hotels and Internet cafes only allow
http (port 80) so you might run your ssh on that port to bypass filtering.

Passwords are only marginally secure.  The problem with the idea that Owen
cited is that many web-sites don't allow certain characters (usually a
subset or the full set of special characters) and/or restrict password
length.  One site I have to regularly fight with cuts off the password I set
without any indication.  Password length is important.  Most winders boxen
store and forward NTLM password hashes.  I just bought, off Newegg, three
systems with Invidia GPUs that can each brute force 4-6 billion 8 character
NTLM passwords per minute.  You can rent GPUs off the cloud and folks have
demonstrated using that for MD5 hash cracking.  If you have the patience,
you can double performance with ATI GPUs.  Most websites use MD5 password
hashes - which are usually weaker than NTLM.

I use a password formula which I mix up and customize to fit each web-site's
peculiarities.  This method can be frustrating - but I get by.

Ray Parks


- Original Message -
From: Owen Densmore [mailto:o...@backspaces.net]
Sent: Wednesday, December 22, 2010 09:57 AM
To: The Friday Morning Applied Complexity Coffee Group 
Subject: [FRIAM] Passwords

I recently added a mac mini to my digital ecology, and it got me bustling
about tidying up a bit.

One area is logins.  I fixed the mini so that I can ssh to it, but only via
crypto (ssh-keygen) keys.  I had a port-scan within 2 hours of forwarding
port 22 from my airport, so feel that passwords simply are a Bad Idea in
this day and age.

My ISP also lets me use key pairs so that got me thinking about alternatives
to name/password logins.

Now, I *do* believe passwords can be made reasonably secure:
http://goo.gl/jqV7w .. maybe even more secure than key/pairs which can be
compromised stealing my laptop.

So a few questions about your experiences:
- Can I use public keys for heavily used sites (gmail, amazon, ...)?
- Is openID a reasonable alternative? http://openid.net http://goo.gl/BOpg
- Do you have a name/password strategy that you like?
- Any other alternatives?

-- Owen




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives,
unsubscribe, maps at http://www.friam.org




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives,
unsubscribe, maps at http://www.friam.org



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


[FRIAM] Botnets

2010-12-23 Thread Parks, Raymond
  Yeah, OSX doesn't have enough market share to be interesting to bot herders.  
Apple iOS and Android may change that but so far the RBN and such haven't 
figured out how to make money off them.  BTW, don't think OSX or iOS aren't 
pwnable - all of the current crop of Adobe hacks work on them.

  Linux has even less market share and it's use for servers makes it less 
attractive (except for web-servers).  Servers make the Internet work - botting 
servers might cause the Internet to not work.  That could get unhealthy for the 
bright person who does it and interferes with a $2 trillion organized crime 
economy.

  The routing infrastructure (backbone, border, and edge) is mostly Cisco with 
Juniper running second and Foundry far behind.  While IOS is based on BSD, 
every model runs a different version - Cisco is heterogenous.  Nation state 
attacks on routing are probable - criminal attacks are not.

Ray Parks


- Original Message -
From: Owen Densmore [mailto:o...@backspaces.net]
Sent: Thursday, December 23, 2010 07:04 PM
To: The Friday Morning Applied Complexity Coffee Group 
Subject: Re: [FRIAM] [sfx: Discuss] What is Going on with wikileaks

On Dec 22, 2010, at 5:33 PM, Parks, Raymond wrote:

> Note - the following advice is for Winders - there are no significant botnets 
> of OSX or Linux systems.

Really? Whew!  

But are you sure?  Seems to me that there are large number of linux/unix 
servers running many VMs, all of which could be compromised. And macs are 
getting pretty popular for not only desktops but phones and pads.  And what 
about all the smartphones, not just iPhones?  Wouldn't a couple of million 
hacked androids be interesting to the bot-net folks?  And game machines?  And 
AppleTV .. and heck, the TVs themselves even.

And the real fear for me is the future hacking of the routers themselves, most 
are running linux nowadays, right?

I guess its just the massive number of windows computers still is most logical 
due to the numbers.  I'm not at all sure windows is inherently more vulnerable 
than mac/linux, right?

   -- Owen



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] Passwords

2010-12-23 Thread Parks, Raymond
Folks,

  I decided to put my advice about securing home networks in this message, 
along with password advice.

To secure your home network -

1. Use a firewall - either build one or buy one.  Most broadband routers 
include a firewall.

2. Configure the firewall to deny all incoming traffic and only allow minimal 
outgoing traffic (http and pop3/imap is a good starting set).  Note that I did 
not include DNS or ICMP - these have long been used for exfiltration.

3. If you have wireless -

  A. Use the best authentication/encryption you can - WPA2 not WEP.  We can 
break the latter in minutes if you are generating traffic.

  B. Find a way to treat that traffic as untrusted - route it into your home 
network as if it's from the Internet.  This will require setting up a VPN 
(IPSEC comes with all modern OSes) and sending traffic directly out to the 
Internet.  The VPN would be used to access the internal wired network, if you 
insist.

3. If you really want to expose a service to the Internet - don't.  Use a 
port-knocking solution (google it) that only opens the relevant port for a 
brief time after you have hit the right sequence of ports.  Consider using a 
non-standard port when it opens - many hotels and Internet cafes only allow 
http (port 80) so you might run your ssh on that port to bypass filtering.

Passwords are only marginally secure.  The problem with the idea that Owen 
cited is that many web-sites don't allow certain characters (usually a subset 
or the full set of special characters) and/or restrict password length.  One 
site I have to regularly fight with cuts off the password I set without any 
indication.  Password length is important.  Most winders boxen store and 
forward NTLM password hashes.  I just bought, off Newegg, three systems with 
Invidia GPUs that can each brute force 4-6 billion 8 character NTLM passwords 
per minute.  You can rent GPUs off the cloud and folks have demonstrated using 
that for MD5 hash cracking.  If you have the patience, you can double 
performance with ATI GPUs.  Most websites use MD5 password hashes - which are 
usually weaker than NTLM.

I use a password formula which I mix up and customize to fit each web-site's 
peculiarities.  This method can be frustrating - but I get by.

Ray Parks


- Original Message -
From: Owen Densmore [mailto:o...@backspaces.net]
Sent: Wednesday, December 22, 2010 09:57 AM
To: The Friday Morning Applied Complexity Coffee Group 
Subject: [FRIAM] Passwords

I recently added a mac mini to my digital ecology, and it got me bustling about 
tidying up a bit.

One area is logins.  I fixed the mini so that I can ssh to it, but only via 
crypto (ssh-keygen) keys.  I had a port-scan within 2 hours of forwarding port 
22 from my airport, so feel that passwords simply are a Bad Idea in this day 
and age.

My ISP also lets me use key pairs so that got me thinking about alternatives to 
name/password logins.

Now, I *do* believe passwords can be made reasonably secure: 
http://goo.gl/jqV7w .. maybe even more secure than key/pairs which can be 
compromised stealing my laptop.

So a few questions about your experiences:
- Can I use public keys for heavily used sites (gmail, amazon, ...)?
- Is openID a reasonable alternative? http://openid.net http://goo.gl/BOpg
- Do you have a name/password strategy that you like?
- Any other alternatives?

-- Owen




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


[FRIAM] Network neutrality

2010-12-23 Thread Robert Holmes
Network neutrality matters. It really, really matters. Here's why.

http://www.theopeninter.net/

-- R

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

Re: [FRIAM] [sfx: Discuss] What is Going on with wikileaks

2010-12-23 Thread Owen Densmore
On Dec 22, 2010, at 5:33 PM, Parks, Raymond wrote:

> Note - the following advice is for Winders - there are no significant botnets 
> of OSX or Linux systems.

Really? Whew!  

But are you sure?  Seems to me that there are large number of linux/unix 
servers running many VMs, all of which could be compromised. And macs are 
getting pretty popular for not only desktops but phones and pads.  And what 
about all the smartphones, not just iPhones?  Wouldn't a couple of million 
hacked androids be interesting to the bot-net folks?  And game machines?  And 
AppleTV .. and heck, the TVs themselves even.

And the real fear for me is the future hacking of the routers themselves, most 
are running linux nowadays, right?

I guess its just the massive number of windows computers still is most logical 
due to the numbers.  I'm not at all sure windows is inherently more vulnerable 
than mac/linux, right?

   -- Owen



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] "We asked Bruce Sterling for his take on Wikileaks."

2010-12-23 Thread Pamela McCorduck

But it takes some patience to read beginning to end.


On Dec 23, 2010, at 7:58 PM, Owen Densmore wrote:

Man, almost a complete book!  His best work always has been  
journalistic, even when fiction.


   -- Owen


On Dec 23, 2010, at 4:19 PM, glen wrote:



The Blast Shack (via Nelson, via mariuswatz)
http://www.webstock.org.nz/blog/2010/the-blast-shack/

--
glen


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org



"If you're away from Broadway, you're only camping out."

Thomas E. Dewey


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

Re: [FRIAM] "We asked Bruce Sterling for his take on Wikileaks."

2010-12-23 Thread Owen Densmore
Man, almost a complete book!  His best work always has been journalistic, even 
when fiction.

-- Owen


On Dec 23, 2010, at 4:19 PM, glen wrote:

> 
> The Blast Shack (via Nelson, via mariuswatz)
> http://www.webstock.org.nz/blog/2010/the-blast-shack/
> 
> -- 
> glen
> 
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> lectures, archives, unsubscribe, maps at http://www.friam.org



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] Anyone FRIAM-ing tomorrow (the 24th)?

2010-12-23 Thread Nicholas Thompson
Tom, 

 

Not me and frank is out of town.  So no stones for the stone soup.  

 

Nick 

 

From: friam-boun...@redfish.com [mailto:friam-boun...@redfish.com] On Behalf
Of Tom Johnson
Sent: Thursday, December 23, 2010 3:53 PM
To: fr...@redfish. com
Subject: [FRIAM] Anyone FRIAM-ing tomorrow (the 24th)?

 

If so, where?  Garcia Street Books?

-tom

-- 
==
J. T. Johnson
Institute for Analytic Journalism   --   Santa Fe, NM USA
www.analyticjournalism.com
505.577.6482(c)505.473.9646(h)
http://www.jtjohnson.com  t...@jtjohnson.com
==


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

[FRIAM] "We asked Bruce Sterling for his take on Wikileaks."

2010-12-23 Thread glen

The Blast Shack (via Nelson, via mariuswatz)
http://www.webstock.org.nz/blog/2010/the-blast-shack/

-- 
glen


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


[FRIAM] Anyone FRIAM-ing tomorrow (the 24th)?

2010-12-23 Thread Tom Johnson
If so, where?  Garcia Street Books?

-tom

-- 
==
J. T. Johnson
Institute for Analytic Journalism   --   Santa Fe, NM USA
www.analyticjournalism.com
505.577.6482(c)505.473.9646(h)
http://www.jtjohnson.com  t...@jtjohnson.com
==

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

Re: [FRIAM] Help with memory

2010-12-23 Thread Richard Lowenberg

I recall reading the NYer article by Commoner at the time,
as the subject matter was of keen interest to me then, and continues  
to be.

FYI, a couple of other related seminal publications from those days:
The Entropy Law and the Economic Process, by Nicholas Georgescu-Roegen,
Harvard U. Press, 1971.
"Energy and Information", by Myron Tribus and Edward C. McIrvine,
Scientific American, Sept. 1971 (issue on Energy and Power).
I haven't checked to see if these are available online.
Richard


On Dec 23, 2010, at 12:21 PM, George Duncan wrote:


See

http://www.newyorker.com/archive/1976/02/09/1976_02_09_038_TNY_CARDS_000316706

for the second article in the series,

found via Bing.

On Thu, Dec 23, 2010 at 10:41 AM, Nicholas  Thompson
 wrote:

Thanks, Everybody,



It Was Barry Commoner, in a three article series in the NY-er  
beginning Feb

2, 1976, called “Energy”.



And it does have a long and loving account of entropy.  I still  
haven’t been
able to read it because the archive system is hostile to ordinary  
mortals,
but I will let you all know if it is as good as I remember it  
being.  My
especial gratitude to Carl Tollander and John Kennison, who helped  
me look,

and to Renata Golden, who found it.



What threw me off the scent was that Commoner wrote a book, a few  
years
earlier on a closely related topic, that does not mention entropy  
once!




Nick







From: Nicholas Thompson [mailto:nickthomp...@earthlink.net]
Sent: Friday, December 17, 2010 9:24 PM
To: 'c...@plektyx.com'; 'The Friday Morning Applied Complexity  
Coffee Group'

Subject: RE: [FRIAM] Help with memory



Carl and everybody,



The Wikipedia entry sure looked like it was going to have the  
reference, but

alas, it did not!



You are probably all prepared for one of the well-known terrors of  
old age,
that you forget stuff.  But another terror of old age you may not  
know about

– that you remember with great force and clarity things that never
happened.



So, everybody, despite Carl’s best efforts, the question remains  
open.  I
have put in calls to local nursing homes, but in the meantime could  
you put

your thinking caps on?



Thanks,



Nick



PS  What the dickens did Roger Rabbit have to do with street cars and
entropy?







From: friam-boun...@redfish.com [mailto:friam-boun...@redfish.com]  
On Behalf

Of Carl Tollander
Sent: Friday, December 17, 2010 8:28 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: Re: [FRIAM] Help with memory



Google "Roger Rabbit", which sends you to
http://en.wikipedia.org/wiki/Great_American_streetcar_scandal  
Many

links.

On 12/17/10 8:03 PM, Nicholas Thompson wrote:

Many years ago, perhaps more than 40, I swear I read a series of  
articles,
later published as a book, that laid out the basic principles of  
entropy,
told the history (perhaps mythic) of how GM tore up the trolley  
lines in LA
to get its dirty busses to replace clean trolley cars, argued that  
we would
in the next 40 years transition to natural gas as the price of  
other fossil
fuels rose, etc., etc.  I think I read it in the New Yorker, and I  
have had
two candidates for who wrote it, both of which have turned out to  
be wrong:
Bradford Snell and Barry Commoner.  Does anybody else remember it?   
Is

anybody else on this list OLD enough to have read it?



I promise I have googled the hell out it to no avail.



Nick



Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

http://home.earthlink.net/~nickthompson/naturaldesigns/

http://www.cusf.org











FRIAM Applied Complexity Group listserv

Meets Fridays 9a-11:30 at cafe at St. John's College

lectures, archives, unsubscribe, maps at http://www.friam.org


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org





--
George Duncan
georgeduncanart.com
(505) 983-6895
Represented by ViVO Contemporary
725 Canyon Road
Santa Fe, NM 87501

Life must be understood backwards; but... it must be lived forward.
Soren Kierkegaard


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] Help with memory

2010-12-23 Thread George Duncan
See

http://www.newyorker.com/archive/1976/02/09/1976_02_09_038_TNY_CARDS_000316706

for the second article in the series,

found via Bing.

On Thu, Dec 23, 2010 at 10:41 AM, Nicholas  Thompson
 wrote:
> Thanks, Everybody,
>
>
>
> It Was Barry Commoner, in a three article series in the NY-er beginning Feb
> 2, 1976, called “Energy”.
>
>
>
> And it does have a long and loving account of entropy.  I still haven’t been
> able to read it because the archive system is hostile to ordinary mortals,
> but I will let you all know if it is as good as I remember it being.  My
> especial gratitude to Carl Tollander and John Kennison, who helped me look,
> and to Renata Golden, who found it.
>
>
>
> What threw me off the scent was that Commoner wrote a book, a few years
> earlier on a closely related topic, that does not mention entropy once!
>
>
>
> Nick
>
>
>
>
>
>
>
> From: Nicholas Thompson [mailto:nickthomp...@earthlink.net]
> Sent: Friday, December 17, 2010 9:24 PM
> To: 'c...@plektyx.com'; 'The Friday Morning Applied Complexity Coffee Group'
> Subject: RE: [FRIAM] Help with memory
>
>
>
> Carl and everybody,
>
>
>
> The Wikipedia entry sure looked like it was going to have the reference, but
> alas, it did not!
>
>
>
> You are probably all prepared for one of the well-known terrors of old age,
> that you forget stuff.  But another terror of old age you may not know about
> – that you remember with great force and clarity things that never
> happened.
>
>
>
> So, everybody, despite Carl’s best efforts, the question remains open.  I
> have put in calls to local nursing homes, but in the meantime could you put
> your thinking caps on?
>
>
>
> Thanks,
>
>
>
> Nick
>
>
>
> PS  What the dickens did Roger Rabbit have to do with street cars and
> entropy?
>
>
>
>
>
>
>
> From: friam-boun...@redfish.com [mailto:friam-boun...@redfish.com] On Behalf
> Of Carl Tollander
> Sent: Friday, December 17, 2010 8:28 PM
> To: The Friday Morning Applied Complexity Coffee Group
> Subject: Re: [FRIAM] Help with memory
>
>
>
> Google "Roger Rabbit", which sends you to
> http://en.wikipedia.org/wiki/Great_American_streetcar_scandal Many
> links.
>
> On 12/17/10 8:03 PM, Nicholas Thompson wrote:
>
> Many years ago, perhaps more than 40, I swear I read a series of articles,
> later published as a book, that laid out the basic principles of entropy,
> told the history (perhaps mythic) of how GM tore up the trolley lines in LA
> to get its dirty busses to replace clean trolley cars, argued that we would
> in the next 40 years transition to natural gas as the price of other fossil
> fuels rose, etc., etc.  I think I read it in the New Yorker, and I have had
> two candidates for who wrote it, both of which have turned out to be wrong:
> Bradford Snell and Barry Commoner.  Does anybody else remember it?  Is
> anybody else on this list OLD enough to have read it?
>
>
>
> I promise I have googled the hell out it to no avail.
>
>
>
> Nick
>
>
>
> Nicholas S. Thompson
>
> Emeritus Professor of Psychology and Biology
>
> Clark University
>
> http://home.earthlink.net/~nickthompson/naturaldesigns/
>
> http://www.cusf.org
>
>
>
>
>
>
>
>
>
> 
>
> FRIAM Applied Complexity Group listserv
>
> Meets Fridays 9a-11:30 at cafe at St. John's College
>
> lectures, archives, unsubscribe, maps at http://www.friam.org
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> lectures, archives, unsubscribe, maps at http://www.friam.org
>



-- 
George Duncan
georgeduncanart.com
(505) 983-6895
Represented by ViVO Contemporary
725 Canyon Road
Santa Fe, NM 87501

Life must be understood backwards; but... it must be lived forward.
Soren Kierkegaard


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


[FRIAM] Michael Nielsen » Introduction to the Polymath Project and “Density Hales-Jewett and Moser N umbers”

2010-12-23 Thread Owen Densmore
A while back I mentioned Timothy Gowers and others had started a mathematics 
collaboration project, the Polymath Project. Basically its "open source math".

This is an example of their project, describing its progress through a 
particular problem: http://goo.gl/LlFCR

-- Owen




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] Help with memory

2010-12-23 Thread Nicholas Thompson
Thanks, Everybody, 

 

It Was Barry Commoner, in a three article series in the NY-er beginning Feb
2, 1976, called "Energy". 

 

And it does have a long and loving account of entropy.  I still haven't been
able to read it because the archive system is hostile to ordinary mortals,
but I will let you all know if it is as good as I remember it being.  My
especial gratitude to Carl Tollander and John Kennison, who helped me look,
and to Renata Golden, who found it.  

 

What threw me off the scent was that Commoner wrote a book, a few years
earlier on a closely related topic, that does not mention entropy once!  

 

Nick

 

 

 

From: Nicholas Thompson [mailto:nickthomp...@earthlink.net] 
Sent: Friday, December 17, 2010 9:24 PM
To: 'c...@plektyx.com'; 'The Friday Morning Applied Complexity Coffee Group'
Subject: RE: [FRIAM] Help with memory

 

Carl and everybody, 

 

The Wikipedia entry sure looked like it was going to have the reference, but
alas, it did not!

 

You are probably all prepared for one of the well-known terrors of old age,
that you forget stuff.  But another terror of old age you may not know about
- that you remember with great force and clarity things that never happened.


 

So, everybody, despite Carl's best efforts, the question remains open.  I
have put in calls to local nursing homes, but in the meantime could you put
your thinking caps on?  

 

Thanks, 

 

Nick 

 

PS  What the dickens did Roger Rabbit have to do with street cars and
entropy?  

 

 

 

From: friam-boun...@redfish.com [mailto:friam-boun...@redfish.com] On Behalf
Of Carl Tollander
Sent: Friday, December 17, 2010 8:28 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: Re: [FRIAM] Help with memory

 

Google "Roger Rabbit", which sends you to
http://en.wikipedia.org/wiki/Great_American_streetcar_scandal Many
links.

On 12/17/10 8:03 PM, Nicholas Thompson wrote: 

Many years ago, perhaps more than 40, I swear I read a series of articles,
later published as a book, that laid out the basic principles of entropy,
told the history (perhaps mythic) of how GM tore up the trolley lines in LA
to get its dirty busses to replace clean trolley cars, argued that we would
in the next 40 years transition to natural gas as the price of other fossil
fuels rose, etc., etc.  I think I read it in the New Yorker, and I have had
two candidates for who wrote it, both of which have turned out to be wrong:
Bradford Snell and Barry Commoner.  Does anybody else remember it?  Is
anybody else on this list OLD enough to have read it?  

  

I promise I have googled the hell out it to no avail.  

  

Nick   

  

Nicholas S. Thompson 

Emeritus Professor of Psychology and Biology 

Clark University 

http://home.earthlink.net/~nickthompson/naturaldesigns/
  

http://www.cusf.org   

  

  

 
 

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org

[FRIAM] British eight-year-olds publish study in top science journal

2010-12-23 Thread glen e. p. ropella
British eight-year-olds publish study in top science journal
http://www.rawstory.com/rs/2010/12/eight-year-olds-publish-science-journal/

Blackawton bees
http://rsbl.royalsocietypublishing.org/content/early/2010/12/18/rsbl.2010.1056.full

-- 
glen e. p. ropella, 971-222-9095, http://tempusdictum.com



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] Passwords

2010-12-23 Thread Russell Standish
The whole Gawker thing was quite ridiculous. I'd never heard of Gawker
until this breach occurred, and now sites like LinkedIn (which I am a
member of) require me to change my password, just because my email was
amongst those stolen from Gawker. One would have to assume that my
"Gawker" password was invalid since I'd never signed up to it.

Do social websites really need to "pad" their membership lists with
email addresses harvested off the web? I'm continuously spammed by
Plaxo even though as far as I can tell you need to have a Windows
computer to use it, so never bothered with that either.

Cheers

On Wed, Dec 22, 2010 at 12:44:02PM -0700, Douglas Roberts wrote:
> I use dropbox to keep an encrypted document of all my passwords too.  Good
> old gpg.  Now, if I could just remember my pass phrase...
> 
> --Doug
> 
> On Wed, Dec 22, 2010 at 12:25 PM, Roger Critchlow  wrote:
> 
> > I just moved my keepassx password vault onto my dropbox folder, and
> > installed the android keepassx client on my phone.
> >
> > Seems that every few days I get an email from some online account that
> > noticed my email address in the compromised gawker data and wonders if I
> > should change my password.  But the bulk of the accounts, which all used the
> > same email address, haven't been heard from.
> >
> > -- rec --
> >
> > On Wed, Dec 22, 2010 at 9:57 AM, Owen Densmore wrote:
> >
> >> I recently added a mac mini to my digital ecology, and it got me bustling
> >> about tidying up a bit.
> >>
> >> One area is logins.  I fixed the mini so that I can ssh to it, but only
> >> via crypto (ssh-keygen) keys.  I had a port-scan within 2 hours of
> >> forwarding port 22 from my airport, so feel that passwords simply are a Bad
> >> Idea in this day and age.
> >>
> >> My ISP also lets me use key pairs so that got me thinking about
> >> alternatives to name/password logins.
> >>
> >> Now, I *do* believe passwords can be made reasonably secure:
> >> http://goo.gl/jqV7w .. maybe even more secure than key/pairs which can be
> >> compromised stealing my laptop.
> >>
> >> So a few questions about your experiences:
> >> - Can I use public keys for heavily used sites (gmail, amazon, ...)?
> >> - Is openID a reasonable alternative? http://openid.net
> >> http://goo.gl/BOpg
> >> - Do you have a name/password strategy that you like?
> >> - Any other alternatives?
> >>
> >>-- Owen
> >>
> >>
> >>
> >> 
> >> FRIAM Applied Complexity Group listserv
> >> Meets Fridays 9a-11:30 at cafe at St. John's College
> >> lectures, archives, unsubscribe, maps at http://www.friam.org
> >>
> >
> >
> > 
> > FRIAM Applied Complexity Group listserv
> > Meets Fridays 9a-11:30 at cafe at St. John's College
> > lectures, archives, unsubscribe, maps at http://www.friam.org
> >
> 
> 
> 
> -- 
> Doug Roberts
> drobe...@rti.org
> d...@parrot-farm.net
> 505-455-7333 - Office
> 505-670-8195 - Cell

> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> lectures, archives, unsubscribe, maps at http://www.friam.org


-- 


Prof Russell Standish  Phone 0425 253119 (mobile)
Mathematics  
UNSW SYDNEY 2052 hpco...@hpcoders.com.au
Australiahttp://www.hpcoders.com.au



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org


Re: [FRIAM] [sfx: Discuss] What is Going on with wikileaks

2010-12-23 Thread Parks, Raymond
Note - the following advice is for Winders - there are no significant botnets 
of OSX or Linux systems.

To detect if your system(s) are running bot software -

1. Be aware of changes in performance and behaviour of your system.

2. Log all traffic to the Internet and look for stuff you didn't cause.

3. If you suspect a problem and from time to time,

  A. Download (using a different system) a live CD of an antivirus - Kaspersky 
and AVG both offer good free versions.

  B. Disconnect your system from any networks (including wireless - disabling 
wireless or turning off your router)

  C. Boot your system from the live CD and execute a complete system scan.

Unless you are the target of a nation-state adversary that should catch 
everything.

To keep from getting a bot, given that the primary sources of infection are 
email attachments, email URLs/links,  and malware on web-servers -

1.  Browse the web safely.

  A. Use a browser that supports NoScript - Firefox or Seamonkey - obtain the 
plugin (donate if you can) and install it.  AdBlock is another good one.

  B. Set your browser to block pop-ups and redirects and warn of other insecure 
behaviour.

  C. When NoScript warns of scripting, only give temporary permission to run 
scripts from web-sites when it makes sense (I never allow doubleclick).

  D. Think before you proceed through warnings - does it make sense, has that 
web-site ever caused that warning before, etc..

2. Use email safely by restricting your client to text only - no HTML.  Use the 
"if this email looks weird" links so your browser defenses can work.

I have done this for years and never had a virus or spyware.  I don't even 
bother with AV and such - all they ever found were Windows components.

Ray Parks


- Original Message -
From: Owen Densmore [mailto:o...@backspaces.net]
Sent: Monday, December 20, 2010 10:43 AM
To: SFx Discuss ; The Friday Morning Applied Complexity 
Coffee Group 
Subject: Re: [FRIAM] [sfx: Discuss] What is Going on with wikileaks

On Dec 19, 2010, at 9:50 PM, Nicholas Thompson wrote:

> Owen:
> 
> How do I tell if I'm a zombie?
> 
> [Even his best friends kept it from him!]
> 
> Nick 

There are folks much more in the know around here than I am, feel free to speak 
up!

Easiest is to use a pro like Dotfoil here in Santa Fe.  But Googling will turn 
up something for your particular system as well.

I use a "root-kit" checker periodically (thus far clean) and a much more 
complete unix-y system (Macs are Unix), clamav, that checks every file on your 
system! (You can skip certain types of files, but hard to tell what to skip).  
Clamav now works on windows too. Unfortunately, they both just log questionable 
files, and require you to determine if they are bad.

The general advice is to just avoid direct exposure to the internet (i.e. use a 
wireless router w/ firewall), but that is only for active probing of machines 
(port scans for well known defects) by the bad guys.  My mac mini (home server) 
was probed within 2 hours of being connected to the open internet! (I saw this 
because I opened a firewall port for ssh, for which I only use public/private 
crypto keys, no logins allowed)

The harder problem is indirect exposure to the raw internet .. mainly mail or 
websites & downloads (including mail attachments).  These connections provide 
direct access to your machine, but only to the program being used.  I've gotten 
several of these lately, all ending with ".exe" which is not a Mac file format 
.. a windows executable.)

To my knowledge, I've been hacked only once.  It was a linux laptop in 1994 or 
so, while in Sun labs.  The system had a few odd configuration changes and 
about a dozen of us looked at it and decided something was wrong so I wiped the 
system and started over.  We think it was picked up while at the San Francisco 
Mosconi conference center.  Problem did not reappear.

For the scale of systems we're talking about 
(http://en.wikipedia.org/wiki/Botnet), your system will show some signs in 
general, but alas, signs that are typical for other, benign forms of 
mis-configuration.  One cute trick is to try to limit C&C (command and control) 
access to your system.  The bots communicate home via chat and other protocols 
that you likely do not use.  You can configure your router to disallow outgoing 
use of their port numbers.

But dropping by Dotfoil periodically is a lot like a yearly checkup for your 
car, not a bad idea.

-- Owen


On Dec 19, 2010, at 9:50 PM, Nicholas Thompson wrote:

> Owen:
> 
> How do I tell if I'm a zombie?
> 
> [Even his best friends kept it from him!]
> 
> Nick 
> 
> -Original Message-
> From: Owen Densmore [mailto:o...@backspaces.net] 
> Sent: Sunday, December 19, 2010 9:32 PM
> To: disc...@sfcomplex.org
> Subject: Re: [sfx: Discuss] What is Going on with wikileaks
> 
> Whew, thanks .. I thought I was loosing it.  I couldn't understand any
> non-botnet (zombie collections) solution working, given