Paul Kuliniewicz

There’s fire.

I guess I can check off “watch a building burn” on my Things To Do Before I Die list.

Read the rest of this entry »

Today I finished the report for my Security project, which was an analysis of the work I did last semester in Access Controls, wherein I designed an alternative language for specifying SELinux policies. Very briefly (since I don’t feel like rehashing the 15-page writeup), SENG (my poorly-named language) augments the existing policy language with higher-level features, in order to eliminate the need to use macros when writing a policy, which in turn will make doing analysis of a policy earlier.

So with that out of the way, which largely finishes off the project (modulo a few small odds and ends), I figure I’ll have some free time coming up, right?

Then I get this in the mail:

Read the rest of this entry »

The police and the military have fundamentally different missions. The police protect citizens. The military attacks the enemy. When you start giving police powers to the military, citizens start looking like the enemy.

– Bruce Schneier

Question: is “copy-and-paste” considered to be a single verb, or two verbs joined by a conjunction?

More to the point, is the gerund form “copy-and-pasting” or “copying-and-pasting”?

The former sounds less awkward but looks less grammatically correct. Plus, the Wikipedia article on the copy-and-paste programming anti-pattern uses it. So I guess I’ll use that form in the report I’m writing that’s due tomorrow.

OK, that’s enough stalling. Back to work.

On two occasions I have been asked (by members of Parliament!), “Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?” I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.

– Charles Babbage

It took them almost two weeks and they managed to truncate the headline given to it on their website, but The Exponent finally got around today to publishing the letter I sent them last Tuesday, in response to a previous letter complaining that last month’s article on evolution versus intelligent design was biased.

Here’s the letter I wrote:

Read the rest of this entry »

In case you’ve been living under a rock for the past two weeks and haven’t heard about it, Bruce Schneier has an excellent article on the Sony DRM Rootkit debacle. Until recently, Sony has been distributing a rootkit on its CDs that hides itself on your system (and helpfully lets other malware hide too) and phones home about what music you listen to.

And if that weren’t enough, Ed Felten and J. Alex Halderman discovered that as part of the arduous uninstall process to remove the rootkit, the web-based uninstaller opened a massive security hole on your system that would let any malicious website run arbitrary code on your computer! (Followups here and here.)

Note in particular how people who downloaded the album illegally had no problems from any of this (as the DRM is easily bypassed), but customers who bought legal copies of the CD were punished by being spied on and having their computers opened up to attackers.

Rhythmbox Applet 0.1.9 is now out, ahead of time for the upcoming Rhythmbox 0.9.2 release. And there’s some pretty long-awaited changes coming your way. Take a look:

• Added D-Bus support! Rhythmbox Applet now works with Rhythmbox 0.9.2 and later, in addition to Rhythmbox 0.8.8 and earlier.
• Streamlined the appearance of the applet to reduce clutter.
• The applet’s background color now changes along with the panel it’s in.
• Added French (fr) translation, contributed by Ersplus. Thanks!

If the class you have in the morning has a mailing list, and it’s around 30 degrees outside, and it’s a ten-minute talk to campus, I highly recommend checking your e-mail from the list before going to class. It might be the case that an e-mail was sent out a couple hours earlier saying that class was cancelled.

Good judgement comes from experience; experience comes from bad judgement.

– Fred Brooks

The Panda’s Thumb reports that in yesterday’s election, all eight incumbent Dover Area School Board members have been voted out of office. The eight incoming members ran on the Dover CARES ticket, which among other things advocates taking intelligent design back out of the science curriculum.

So while Kansas is returning science education to the Dark Ages, at least common sense seems to be prevailing in Dover, Pennsylvania.

For those who are interested, here are the slides I will be using in my presentation on SHA attack techniques:

• SHA Attacks (web-based)
• SHA Attacks (OpenOffice.org 2.0)

Monday is my turn to give a presentation at the security reading group, which meets Mondays at 3 pm in the CERIAS conference room (aka REC 217). My topic is attacks on the hash functions SHA-0 and SHA-1; I will be walking through some of the recent work looking for ways to find collisions.

Why that particular topic? I was curious how those attacks worked myself, and this seemed as good a way as any to force myself to read the relevant papers.

Since there’s almost always empty seats available at the reading group’s meetings, if you’re on campus and want to attend the presentation, you’re more than welcome to show up. I’ll post the presentation slides here afterwards.

The announcement sent out to the reading group’s mailing list follows.

Read the rest of this entry »

This trial has established that [teaching] Intelligent Design [in public school] is unconstitutional because it is an inherently religious proposition, a modern form of creationism. It is not just the product of religious people, it does not just have religious implications, it is in its essence religious. Its essential religious nature does not change whether it is called “Creation Science” or “Intelligent Design” or “Sudden Emergence Theory.” The shell game has to stop.

– Eric Rothschild, in closing arguments in Kitzmiller v. DASD

I am not making this up: the patent office is currently considering issuing a patent on “Process of relaying a story having a unique plot“. Here’s the abstract:

A process of relaying a story having a timeline and a unique plot involving characters comprises: indicating a character’s desire at a first time in the timeline for at least one of the following: a) to remain asleep or unconscious until a particular event occurs; and b) to forget or be substantially unable to recall substantially all events during the time period from the first time until a particular event occurs; indicating the character’s substantial inability at a time after the occurrence of the particular event to recall substantially all events during the time period from the first time to the occurrence of the particular event; and indicating that during the time period the character was an active participant in a plurality of events.

That’s right, the applicant is trying to patent a story idea.

More details at Groklaw.