Internet of Things – Privacy and Security in a Connected World | FTC

Internet of Things – Privacy and Security in a Connected World (IoT); Federal Trade Commission (FTC); 2013-11-19.


Via: backfill


National Science Foundation

Keith Marzulo

Collateral, slides 1121

  • Precious Nomenclature
    • Ubiquitous Computing
    • Pervasive Computing
    • Distributed Sensor Networks
    • Internet of Things
    • Cyber-Physical Systems
  • NSF CPS Program
  • Paul Ford, Some Opinement; Hemispheres; 2013-11; pages 66-68.
  • Highlighted Programs
    • Networked Embedded Sensor-Rich Systems (ActionWebs)
      • Claire Tomlin, Edward Lee, S. Shankar Sastry, David
        Culler (Berkeley)
      • Hamsa Balakrishnan (MIT)
    • Foundations Of Resilient Cyber-physical Systems (FORCES)
      • who?
    • Advanced Transportation Systems
      • Raj Rajkumar, Ed Clarke, John Dolan, Sicuan Gao, Paul
        Ribski, David Wettergreen, Paolo Zuliana (CMU)
    • Environment Monitoring (Intelligent River)
    • Semantic Security Monitoring for Industrial Control Systems (ICS)
      • Robin Sommer (Berkeley)
      • Adam Slagell & Ravishankar Iyer (Illinois)
    • Reprogramming a Pacemaker
      • Kevin Fu (Mass-Amherst; Michigan)
    • Reprogramming Automobiles
      • Tadayoshi Kohno & Shwetak Patel (U Washington)
      • Stefan Savage & Ingolf Krueger (UCSD)
    • Security and Privacy in Vehicular Cyber-Physical Systems
      • Hari Balakrishnan, Samuel Madden, Daniela Rus (MIT)
    • Secure Telerobotics
      • Howard Jay Chizeck & Tadayoshi Kohno (Washington)


M.H. Carolyn Nguyen
Director, Technology Policy Group, Microsoft

Collateral, slides 22-39

Panel 1: The Smart Home

  • Michael Beyerle, GE Appliances
  • Jeff Hagins, SmartThings
  • Craig Heffner, Tactical Network Solutions
  • Eric Lightner, Department of Energy
  • Lee Tien, Electronic Frontier Foundation

Collateral, slides 40-57

  • Connected Platform
    • ACM controller to appliances
    • GEA server (cloud controlled)
    • iOS & Android apps
  • SmartThings
  • Smart home
  • SmartSense Product Line: Multi, Presence,Hub, Motion, Outlet

An Internet of Things

Vint Cerf
Slides 58-72


  • Gee Whiz, my how far we’ve come, what a long strange trip it’s been
  • Smart Cities
  • Self-Driving Cars
  • Implications, Challenges & Opportunities

Panel 2: Connected Health & Fitness

Moderator: Commissioner Maureen Ohlhausen

  • Stan Crosley, Indiana University
  • Joseph Lorenzo Hall, Center for Democracy & Technology
  • Anand Iyer, WellDoc Communications
  • Scott Peppet, University of Colorado School of Law
  • Jay Radcliffe, InGuardians

Collateral, slides 73-75

  • Insulin Pump
  • BlueStar

Panel 3: Connected Cars

  • Yoshi Kohno, University of Washington
  • John Nielsen, American Automobile Association
  • Wayne Powell, Toyota Technical Center
  • Christopher Wolf, Future of Privacy Forum


  • none

Panel 4: Privacy and Security in a Connected World

  • Ryan Calo, University of Washington Law School
  • Dan Caprio, McKenna Long & Aldridge LLP
  • Michelle Chibba, Office of Information & Privacy Commissioner of Ontario
  • Drew Hickerson, Happtique
  • David Jacobs, Electronic Privacy Information Center
  • Marc Rodgers, Lookout Security

Collateral, slides 79-85

  • Four Scenarios (user stories)


Error setting extended attribute ‘system.nfs4_acl’: Input/output error

The document is arbitrary; it is an example.  the behavior occurs with all documents.


  • NFSv4
    • Client is Fedora 18, 3.11.10-100.fc18.x86_64
    • Server is Fedora 18, 3.9.4-200.fc18.x86_64
  • Server local data
    • ext4+luks
  • evince
    • accessed the document via http
    • (document stored in /tmp)
    • Save As to store over nfs4



$ getfattr -n system.nfs4_acl ./incoming/Liu\,\ Kun\ and\ Tang\,\ Lei\;\ CIKM\;\ 2011-10-24\;\ fp0472-liu\;\ Large-Scale\ Behavioral\ Targeting\ with\ a\ Social\ Twist.pdf
# file: incoming/Liu, Kun and Tang, Lei; CIKM; 2011-10-24; fp0472-liu; Large-Scale Behavioral Targeting with a Social Twist.pdf

$ getfattr -e text -n system.nfs4_acl ./incoming/Liu\,\ Kun\ and\ Tang\,\ Lei\;\ CIKM\;\ 2011-10-24\;\ fp0472-liu\;\ Large-Scale\ Behavioral\ Targeting\ with\ a\ Social\ Twist.pdf )
# file: incoming/Liu, Kun and Tang, Lei; CIKM; 2011-10-24; fp0472-liu; Large-Scale Behavioral Targeting with a Social Twist.pdf
system.nfs4_acl="\000\000\000\000\000\000\000\000\000\000\000\000�\000\000\000OWNER@\000\000\000\000\000\000\000\000\000\000\000\000�\000\000\000GROUP@\000\000\000\000\000\000\000\000\000\000\000\000�\000\000\000    EVERYONE@\000\000"

$ getfattr -d ./incoming/Liu\,\ Kun\ and\ Tang\,\ Lei\;\ CIKM\;\ 2011-10-24\;\ fp0472-liu\;\ Large-Scale\ Behavioral\ Targeting\ with\ a\ Social\ Twist.pdf

i.e. the dump option does not dump anything.

What does “RFC 1918 response from Internet for” mean? | ISC Knowledge Base

What does “RFC 1918 response from Internet for” mean?; ISC Knowledge Base; 2011-03-18, updated 2012-09-27; Top, Software Products, BIND9, FAQs

IPv4 per RFC 1918


IPv6 per RFC 4193

  • fc00::/7
    • fc00::/8 (unused)
    • fd00::/8 (locally assigned)


Cadillac ELR | Patrick Wang

Cadillac ELR #2 Off the Lot

Patrick Z. Wang;Cadillac ELR #2 Driven off the Lot & First Drive 32.2 miles, 11.1Kwh; In My Cadillac ELR; 2014-01-12.

cadillac elr delivery truck
Patrick Z. Wang; Picking up the ELR this weekend hopefully; In My Cadillac ELR; 2014-01-07.

Patrick Z. Wang; 2014 Cadillac ELR Customer Profile – Who’s Buying This Anyways?; In My Cadillac ELR; 2013-11-20; via backfill.

Black Cadillac ELR
Patrick Z. Wang; Why I picked the Cadillac ELR over the Model S 60Kwh.; In My Cadillac ELR; 2013-11-18; via backfill.

GNOME3 Shell Cheat Sheet

William Jon McCann; GNOME3 Shell Cheat Sheet; updated 2013-11-22

System Settings -> Keyboard -> Shortcuts


  • System (Windows) key: Switch between overview and desktop
  • Alt+F1: Switch between overview and desktop
  • Alt+F2: Pop up command dialog
  • Alt+Tab: Pop up application switcher
  • Alt+Shift+Tab: Cycle in reverse direction in the application switcher
  • Alt+[key above Tab]: Switch between windows of the same application in Alt+Tab
  • Ctrl+Alt+Tab: Pop up accessibility switcher
  • Ctrl+Shift+Alt+R: Start and end screencast recording
  • Ctrl+Alt+Up/Down arrow: Switch between workspaces
  • Ctrl+Alt+Shift+Up/Down arrow: Move the current window to a different workspace


Cadillac ELR, some actualities and promotions

cadillac elr

2011-cadillac-elr-6-1024x682; Cadillac ELR Test Drive Reviews; In EV Obsession; 2014-01-14; syndicated; generalized autosnobbery, can’t bring himself to say he likes it, ’cause then what’s left of his career in The Opinery?

Cadillac ELR
; Who Does GM Expect to Buy the Cadillac ELR?; In Wall Street CheetSheet; 2013-12-01.

See also: Patrick Wang’s Journey

Simplified instructions for the configuration of Firefox to support Yahoo! Messenger’s ymsgr:SendIM URLs


Step 1

In the file ~/.local/share/applications/mimeapps.list, add the following

# ymsgr

Step 2

Within the directory ~/.local/share/applications add a file ymsgr.desktop containing the following:

[Desktop Entry]
Name=Yahoo! Messenger
Comment=Yahoo! Messenger
Exec=purple-url-handler %u

Step 3

Configure the MIME types handler to use the new MIME type and purple-url-handler.



$ rpm -q -a | grep purple

Previously noted

Is the Chevy Volt Destined To Remain GM’s ‘Niche’ Product? | Hybrid Cars

Jeff Cobb; Is the Chevy Volt Destined To Remain GM’s ‘Niche’ Product?; In Hybrid Cars; 2014-01-23.


Provided for color, background & verisimilitude …




To Validate: Red Hat 974811 NetworkManager dispatchers dbus services configuration on Fedora 20 (Heisenbug)

Still seems a problem on Fedora 20


Rethinking Passwords to Adapt to Constrained Keyboards | Jakobsson, Akavipat

Markus Jakobsson, Ruj Akavipat; Rethinking Passwords to Adapt to Constrained Keyboards; In Proceedings of CCS (CCS ’11); 2011; 11 pages.


We describe and analyze a variant of the traditional password scheme. This is designed to take advantage of standard error-correcting methods of the types used to facilitate text entry on handsets. We call the new approach fast- words to emphasize their primary feature compared to regular passwords. Compared with passwords, fastwords are approximately twice as fast to enter on mobile keyboards, and approximately three times as fast on full-size keyboards. This is supported by user studies reported on herein. Furthermore, these user studies show that fastwords also have considerably greater entropy than passwords, and that their recall rates are dramatically higher than that of passwords and PINs. The new structure permits a memory jogging technique in which a portion of the fastword is revealed to a user who has forgotten it. We show that this results in boosted recall rates, while maintaining a security above that of traditional passwords. We also introduce the notion of equivalence classes, whether based on semantics or pronunciation, and describe uses, including voice-based authentication. The new technology does not need any client-side modi fication.


Sponsored Broadband vs “We, the People” as Broadcasters

Looks like someone missed the memo …

Compare & contrast the two world views…


Social Class and the Hidden Curriculum of Work

Jean Anyon; Social Class and the Hidden Curriculum of Work; In Journal of Education, Vol. 162, No. 1; 1980-Fall.
Anyon is (was) the chairperson of the Department of Education at Rutgers University, Newark


It’s no surprise that schools in wealthy communities are better than those in poor communities, or that they better prepare their students for desirable jobs. It may be shocking, however, to learn how vast the differences in schools are – not so much in resources as in teaching methods and philosophies of education. Jean Anyon observed five elementary schools over the course of a full school year and concluded that fifth-graders of different economic backgrounds are already being prepared to occupy particular rungs on the social ladder. In a sense, some whole schools are on the vocational education track, while others are geared to produce future doctors, lawyers, and business leaders. Anyon’s main audience is professional educators, so you may find her style and vocabulary challenging, but, once you’ve read her descriptions of specific classroom activities, the more analytic parts of the essay should prove easier to understand.


Via: backfill

Ad blockers: A solution or a problem? | ComputerWorld

; Ad blockers: A solution or a problem?; In ComputerWorld; 2014-01-15.
Teaser: It’s a cause. It’s a curse. It’s just business. Ad blockers take a bite out of the $20 billion digital advertising pie.

; The business of ad blocking: A Q&A with Adblock Plus lead investor Tim Schumacher; In ComputerWorld; 2014-01-15.
Teaser: interview with Tim Schumacher



  • Adblock Plus
    • Till Faida, president
    • Acceptable Ads program
    • Tim Schumacher
      • the founder of domain marketplace Sedo
      • Adblock Plus’ biggest investor
    • Claims
      • Attributed to Tim Schumacher
      • 148 publishers participate in the Acceptable Ads program
      • 90% of participants in the program aren’t charged at all
      • Attributed to Ad Block Plus
        • rejected 50% of 777 whitelist applicants; because of [their] unacceptable ads,
        • the overall acceptance rate stands at just 9.5%.
        • <quote>Adblock Plus claims that about 6% of all Web surfers in the U.S. run its open-source software, mostly in the form of Google Chrome and Firefox browser add-ons and extensions.</quote>
    • Deals
      • Google
      • Some “Alexa top 100″ site, spoken for anonymously by an ex-employee.
  • AdBlock
    • Not Ad Block Plus, but something else
    • Michael Gundlach, founder, ex-Google
  • ClarityRay
    • Ido Yablonka, CEO
    • URL-swapping mechanism
    • Funding: around $0.5M
  • Destructoid
    • Niero Gonzalez
  • Disconnect
    • Casey Oppenheim, co-CEO
  • Evidon
  • Geekzone
    • Mauricio Freitas, publisher
  • Google
    • 2013-03 => removed Ad Block Plus from its Google Play store, 2013-03
    • 2013-06 => deal with Ad Block Plus

      • Media
        • search ads
        • sponsored search results
      • Venue
        • Google
        • AdSense partners
  • Interactive Advertising Bureau (IAB)
    • Mike Zaneis, senior vice president
  • PageFair
    • JavaScript countermeasure
    • Sean Blanchfield, CEO
    • Funding: around $0.5M
  • Reddit
    • Erik Martin, general manager
  • Some Site
    • Not named explicitly
    • “top-ranking in Alexa”
    • Spoken for by an ex-employee.
    • <quote>On the other hand, the former executive at the Alexa top-ranking site said an Adblock Plus representative told him he had to pay even though Adblock Plus agreed that the publisher’s ads were acceptable and should not be blocked. “If we didn’t pay they would continue to block us. To me it seems like extortion,” he says.</quote>

Quoted for color, breadth & verisimilitude


  • Only time will tell (the old saw)
  • <quote>Everything turns on what consumers do next. </quote>

Via: backfill
Via: Soulskill; Ask Slashdot: Are AdBlock’s Days Numbered?; In Slashdot; 2014-01-17.

The Complex Dynamics of Wishful Thinking | Brown, Sokal, Friedman

Nicholas J.L. Brown, Alan D. Sokal, Harris L. Friedman; The Complex Dynamics of Wishful Thinking; In American Psychologist; Volume 68; 2013-07-15; 35 pages.


We examine critically the claims made by Fredrickson and Losada (2005) concerning the construct known as the “positivity ratio.” We find no theoretical or empirical justification for the use of differential equations drawn from fluid dynamics, a subfield of physics, to describe changes in human emotions over time; furthermore, we demonstrate that the purported application of these equations contains numerous fundamental conceptual and mathematical errors. The lack of relevance of these equations and their incorrect application lead us to conclude that Fredrickson and Losada’s claim to have demonstrated the existence of a critical minimum positivity ratio of 2.9013 is entirely unfounded. More generally, we urge future researchers to exercise caution in the use of advanced mathematical tools such as nonlinear dynamics and in particular to verify that the elementary conditions for their valid application have been met.


Page 21 <quote>They appear to assert that the predictive use of differential equations abstracted from a domain of the natural sciences to describe human interactions can be justified on the basis of the linguistic similarity between elements of the technical vocabulary of that scientific domain and the adjectives used metaphoric ally by a particular observer to describe those human interactions. If true, this would have remarkable implications for the social sciences. One could describe a team’s interactions as “sparky” and confidently predict that their emotions would be subject to the same laws that govern the dielectric breakdown of air under the influence of an electric field. Alternatively, the interactions of a team of researchers whose journal articles are characterized by “smoke and mirrors” could be modeled using the physics of airborne particulate combustion residues, combined in some way with classical optics.</quote>

Page 32 Citing Stanislav Andreski <quote>The recipe for authorship in this line of business is as simple as it is rewarding: just get hold of a textbook of mathematics, copy the less complicated parts, put in some references to the literature in one or two branches of the social studies without worrying unduly about whether the formulae which you wrote down have any bearing on the real human actions, and give your product a good-sounding title, which suggests that you have found a key to an exact science of collective behaviour.</quote> (Stanislav Andreski, Social sciences as sorcery, London, UK: Andre Deutsch. 1972, pp. 129–130)

Original Works

In inverse chronological order


Via: backfill, backfill

Preventing Western Digital SmartWare Virtual CD from automounting in your desktop

Why do this?  When the CD-ROM function is burned into the very firmware of the disk unit …  That’s when.  Very pesky. You crack the case on one of those things and it’s not really a sata disk inside, the pins are all different.  Which means it does different things than a disk.  <spooky>Different things.</spooky>

Preventing Western Digital SmartWare Virtual CD from automounting in your desktop; in /etc/fstab

/dev/sr1 none udf rw,noauto 0 0

Via: Linux Living: Enjoy your WD My Book 1TB Drive: No more WD SmartWare icon in Ubuntu! » circa 2010-01-14.

<quote>As I mentioned in my last post, I recently picked up a Western Digital My Book Essential 1 TB external hard drive. Although it doesn’t as yet display the same problems that my Simpletech hard drive wa….</quote>

Via: backfill


Pico: No More Passwords! | Hsing Ping Fu

Hsing Ping Fu; Pico: No More Passwords!; Masters Thesis; K. U. Leuven; 2013; 66 pages.


Managing passwords for online application accounts is a heavy responsibility for users. Using easily remembered passwords or repeatedly using the same password makes the account susceptible to brute force guessing. Furthermore, the password-protected accounts are vulnerable to attacks like phishing, keylogging, eavesdropping, and man-in-the-middle attacks, no matter how strong the passwords are. Hence the urgent need for an alternative to password system.

Stajano proposed a candidate known as Pico [37]. This is an authentication hardware token utilizing mutual authentication with the application server to obtain access to users’ accounts. The credentials for the authentication are created and managed by Pico and are guaranteed to be secure and unique for each application. The Pico device is portable and easy to use, allowing users to login everywhere. Compared to other existing password alternatives, Pico has the advantage of providing protection against the attacks mentioned above and effortless access control device.

Although Stajano presents desirable functionalities in for the Pico, its practicality remains to be demonstrated. Toward this goal, this thesis proposes a set of specifications for the Pico device, and a prototype device to demonstrate the Pico functionalities. The specification defines authentication protocols, the underlying cryptographic algorithms, and the credentials. The protocols mutually authenticate Pico and the server, over an encrypted channel protected by mutual secret from key exchange algorithms. The servers are verified by credentials registered in Pico database, to prevent internet phishing. Moreover, out-of-band communication schemes and message structures for all the communication between Pico and servers are specified as well.

The technical specifications are implemented on a smartphone based Pico prototype. The algorithms are programmed in Java and executed on Android platform, using several Android libraries. This prototype is capable of performing cryptographic calculations, wireless communication, and providing a proper user interface. A demonstration server is also implemented to test the entire Pico system. As a result, users can log on to this server by pointing the Pico prototype to the QR code displayed on the web page, and the account can be accessed within few seconds.

Pico: No More Passwords! | Frank Stajano

Frank Stajano; Pico: No More Passwords!; In Proceedings of the Security Protocols Workshop; 2011; 34 pages; revision 61 of 2011-08-31 19:55:55 +0100


From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can’t abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn’t merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides “continuous authentication” and is resistant to brute force guessing, dictionary attacks, phishing and keylogging.