[syndicated profile] dorktower_feed

Posted by John Kovalic

Hi John,

My name is Alessandra (called Sandy) from Italy.

At  first, sorry for my english!

I’d like to tell you that you are my favorite illustrator !

I met you in Lucca comics & games in far 2005 during an interview of  Ragno Magazine, do you remember?

In that time, you draw me a play card of munchkin “a lot of very nice balloons”, but my boyfriend lost my card and I cry.

I love Munchkin illustration!

In Lucca comics & games 2014 I went to Lucca only for you, but during your signed session,  Lucca’s security couldn’t enter in Games palace .

So, I’d like to know if you will came in Italy again , and finally say hallo to you!

Thanks a lot for your kindness and enjoy yourself!



Hi, Sandy!

First off, thank you so much for the VERY kind words! Your English is MUCH better than my Italian, so you have nothing to apologize for!

I’d love to come back to Italy soon. When I was in school, in England, we’d spend our suppers outside of Milan. I miss it terribly.

The problem with Lucca is, it usually falls on Halloween, and I really try to spend holidays with my wife and daughter. But I do have a many friends there, and I miss them. So…possibly..?

I’m sorry I missed you at Lucca 2014 – it was a crazy huge convention. If I’m not back at Lucca next year, perhaps there will be another Italian show. In any case, Italy’s definitely top of my list to get back to, and soon! And I’ll certainly re-draw you that card!

With many thanks,



[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

Denuvo is probably the best digital-rights management system, used to protect computer games. It's regularly cracked within a day.

If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that doesn't mean Denuvo will stay effectively useless forever. The company has updated its DRM protection methods with a number of "variants" since its rollout in 2014, and chatter in the cracking community indicates a revamped "version 5" will launch any day now. That might give publishers a little more breathing room where their games can exist uncracked and force the crackers back to the drawing board for another round of the never-ending DRM battle.

BoingBoing post.

Related: Vice has a good history of DRM.

[syndicated profile] badastronomy_feed

Posted by Phil Plait

It’s very easy for some groups of humans to slip into a lazy way of thinking about our planet. They look around and think it was made for us, in some cases literally so. Air, water, land, resources to exploit… the Earth is ours for the taking.

Not everyone feels this way, of course, but enough do — and have enough power — to influence a great many other people.

Others know better. As a group, one of the more convincing viewpoints counter to this comes from scientists. When we look at the Earth carefully, understand it through the filter of trying to learn from what it’s showing us rather than simply taking from it what we want, we find out something very, very important: The Earth is under no obligation whatsoever to nurture us.

Quite the opposite, in fact. If you look at the planet another way, it seems like it’s constantly trying to kill us. An animation put out by the Pacific Tsunami Warning Center makes that very, very obvious: It shows every recorded earthquake from Jan. 1, 2000 to Dec. 31, 2015.

Yeah. The rate of the video is 30 days of earthquakes displayed per second. Each flash is an earthquake, with the magnitude of the quake displayed as a scaled circle (after a moment each quake fades and shrinks in size so it doesn’t obscure subsequent activity).

Watching the video, it almost seems like the Earth is alive. Of course, that’s another illusion, an anthropomorphistic filter our brains like to employ.

But it isn’t alive, and neither was it created for us, nor is it trying to kill us. It just exists as the laws of nature define. In fact, it is we who have over millions of generation of life adapted to it. And by no means has that been an easy task; the multiple mass extinctions life has undergone over the past several billion years are testament to that.

But this animation shows one thing very clearly: We take the Earth for granted at our peril. Small earthquakes can do heavy damage if we are not prepared, and large ones can spread that devastation over huge distances.

And we tamper with our planet at our own risk, as well. Run the video again (at 2X speed if that helps) and keep your eyes on Oklahoma, in the United States. You’ll see virtually no earthquakes there until 2008 or so. Then, suddenly, they bloom, dozens of them. Why? Because of wastewater from oil extraction injected into wells.

I won’t make any Frankensteinian parallels here, but it’s worth noting that when we tamper with the Earth, it sometimes tampers back. The environment is in a dynamic equilibrium, ever-changing but balanced. That balance can be upset though, even by such creatures small as we. Off the top of my head, the fact that we dump 40 billion extra tons of carbon dioxide into the air every year means the Earth will respond in some way. Many ways, in fact, none of them good.

Perhaps Isaac Newton wasn’t thinking of this when he crafted his Third Law of Motion, but as we have seen over and again, our actions sometimes produce equal and opposite reactions. Sometimes unequal, with the effects far outstripping the causes, like climate change. But that does seem to be a lesson here; we do something because it seems helpful or useful, then find out what we’re doing is making things worse for ourselves.

Science has no moral for us; it is a tool, like a shovel or a hammer. Any tool can be used for good or for ill, and it’s up to us to decide which. But the beauty of science is that it can be used to help us make that decision a wise one.

Ignoring it, well, that would be foolish. But many fools love power, don’t they?

Of course, that power is in many cases given to them by us. That’s a decision we need to make more wisely as well.

Tip o’ the strike-slip fault to Kris McCall.


Logo Format

Light Logo

Listicle Format

No Markers

Featured Post


Article Type


Is News

Breaking News


Standout Article

News Keywords

Bad Astronomy, earthquakes, climate change, earth
Image icon globalmap_earthquakes_2001-2015.jpg

Hide Comments


Video Hero Autoplay

Show the Media Gallery title

Show on Hero

Hero Image
Hero Caption: 
All the recorded earthquakes from Jan. 1, 2001 - Dec. 31, 2015 are shown on this global map. Credit: Pacific Tsunami Warning Center

To Be Read By Rod Serling

Oct. 20th, 2017 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen


You unlock this bakery with the key of imagination. Beyond it is another dimension.

A dimension of icing.

A dimension of piping bags.

A dimension of wreckitude.

You're moving into a land of both shadow and substance, of bad taste and even worse skill. You just crossed over into...

The Twilight Zone.


 Picture, if you will... a monkey. This monkey:

I know, creepy right? [shivering] Brrrrrr. Totally.


[resuming serious announcer voice] Ahem. Now picture, if you will, five ravenous-yet-dim-witted Shih Tzu dogs:

[sternly] Let's call them Muffy, Boopsie, Precious, Buttercup and Mr. Snuggles.


Now picture, if you will, a face of terror that watches in malignant silence far beyond your present capacity to understand. A face enigmatically bizarre in terms of time and space. A face...

...of a tweety bird.


 Now picture, if you will, Meerkat Zombies...raising the roof.

"What up, playah?"


This is the stuff of fantasy, the thread of imagination, the ingredients... of the Twilight Zone.


Jennifer P., Matt N., Christine S., and Melanie L., picture, if you will... a dolphin eating a Snickers bar in flip-flops and a cardigan. Then tell me what that looks like. I've always wondered.


Note: A couple of people suggested the pictures should be in black and white which was an awesome idea. So we changed them. I think it adds to the ambiance, don't you? For those who really want to see the full color versions, click here.

UPDATE! LeAnna and Woobie took up the dolphin challenge and sent in their ideas.


First LeAnna's:
AWESOME! Check out the flip flop thongs on his flippers.


And next we have Woobie's
See, the snickers bar is wearing the cardigan and flip flops because I apparently have no grasp of sentence structure. ?thought Who would have



One more!
This one's from Vanilla Smoke. Awesome!



Thank you for using our Amazon links to shop! USA, UK, Canada.

Friday's strip

Oct. 20th, 2017 06:13 am
madfilkentist: Krosp, from Girl Genius by Phil and Kaja Foglio. (Krosp)
[personal profile] madfilkentist posting in [community profile] girlgenius_lair
It's like a revival meeting! Ivo is wrestling with Sin!


Irma Bell

Oct. 19th, 2017 10:48 pm
[syndicated profile] dailykitten_feed

Posted by Tom "The Kittenmaster" Cooper

Please join me to give a huge TDK welcome to our Star Kit for today, Irma Bell. She is an 8 week old Calico from Leesburg, Georgia.

Irma Bell

Irma Bell was brought to me during the hurricane Irma storm. Some people said they found her on their steps. They also said the mom had left her but I believe they got her and didn’t want her anymore. I like to think its was Gods gift to me because the animal shelter is right next door to the office I was at when they brought her in.

[syndicated profile] eff_feed

Posted by gennie

This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not affect HTTPS traffic, and KRACK’s discovery does not mean all Wi-Fi networks are under attack. For most people, the sanest thing to do is simply continue using wireless Internet access.

The limited privacy goals of WPA

It’s worth taking a step back and remembering why a cryptographic protocol like WPA was developed to begin with. Before the advent of Wi-Fi, computers typically connected to their local Internet access point (e.g. a modem) using a physical wire. Traditional protocols like Ethernet for carrying data on this wire (called the physical layer) were not encrypted, meaning an attacker could physically attach an eavesdropping device to the wire (or just another computer using the same wire) to intercept communications. Most people weren’t too worried about this problem; physically attaching a device is somewhat difficult, and important traffic should be encrypted anyways at a higher layer (most commonly a protocol like TLS at the transport layer). So Ethernet was unencrypted, and remains so today.

With wireless protocols it became much easier to eavesdrop on the physical layer. Instead of attaching a device to a specific wire, you just need an antenna somewhere within range. So while an unencrypted wireless network is theoretically no less secure than an unencrypted wired network, in practice it’s much easier to set up an eavesdropping device. For some it became a hobby to drive or bike around with an antenna looking for wireless networks to eavesdrop on (called wardriving). In response, the IEEE (a computer and electronics engineers’ professional organization) standardized an encryption protocol called WEP (Wired Equivalent Privacy). The name is telling here: the goal was just to get back to the relative privacy of a wired connection, by using encryption so that an eavesdropping device couldn’t read any of the traffic. WEP was badly broken cryptographically and has been supplanted by WPA and WPA2, but they have the same basic privacy goal.

Note that WPA’s privacy goals were always very limited. It was never intended to provide complete confidentiality of your data all the way to its final destination. Instead, protocols like TLS (and HTTPS) exist which protect your data end-to-end. In fact, WPA provides no protection against a number of adversaries:

  • At any point between the access point and the server you’re communicating with, an eavesdropper can read your data whether the first hop was WPA, Ethernet, anything else. This means your Internet provider or any Internet router on the network path between you and the destination server can intercept your traffic.
  • Your access point operator (e.g. the owner of your local coffee shop) can read your traffic.
  • Anybody who compromises your access point can read your traffic, and there is a long history of exploits against wireless routers.
  • Anybody who knows the access point’s password can perform a machine-in-the-middle attack and read your traffic. This includes anybody who cracks that password.

A secondary goal: access control

In addition to providing privacy against local eavesdroppers, WPA is commonly used to provide access control to the network by requiring the use of a “pre-shared key” to create sessions. This is the Wi-Fi access password or token which is familiar to most users when trying to connect to a new network. The goal here is simple: the owner of the wireless access point may want to prevent access by unauthorized devices, require new devices to jump through some hoops like watching an advertisement or agreeing to a terms of use agreement, or otherwise alter traffic for unauthorized guests. For years EFF has supported increased availability of open wireless access points, but certainly access point owners should have the ability to limit access if they want to.

How KRACK changes the picture

KRACK makes it possible for an adversary to completely undermine the privacy properties of WPA and WPA2 in many cases. The attack is somewhat complex in that it requires active broadcasting of packets and tricking a device into resetting its key, but it’s the kind of thing that will likely soon be automated in software. This means that, for now, data on many wireless access points may be vulnerable to interception or modification. Keep in mind two big caveats:

  • The attacker must be local and proactive. Carrying out this attack requires having an active antenna in range of the targeted wireless network and requires broadcasting many packets and intercepting or delaying others. This is all doable, but does not easily scale.
  • Important traffic should already be protected with HTTPS. As discussed above, there are already many potential attackers that WPA provides no security against. At worst, KRACK adds an additional one to the list, but with no more power than you ISP or any router on the Internet backbone already has (and those are much more scalable places to conduct surveillance or other mischief). We already have protocols to defend against these attackers, and thanks to the success of projects like EFF’s Encrypt The Web initiative more than half of all Internet traffic is already protected by HTTPS.

On the access control front, it’s unclear how much KRACK matters. It does not provide a new way to crack the pre-shared key or password of a wireless network. Some variants of KRACK enable recovering enough key material to hijack an existing connection and use it to gain unauthorized access, but this is probably not the easiest way to gain unauthorized access.

How did we get here?

Matt Green provides a great overview of the flawed process that led to KRACK being undiscovered for over a decade. The biggest single problem is that the protocol definitions were not easily available to security researchers, so none bothered to seriously look. This is another clear example of why important protocols like WPA and WPA2 should be open and free to the public: so that security researchers can investigate and catch these sorts of vulnerabilities early in the life of a protocol, before it’s embedded in billions of devices.

What you can do to protect your local network

Fortunately, while the KRACK vulnerability is baked into the WPA specification and deployed on billions of devices, it is relatively easy to patch in a backwards-compatible way. It requires patching both devices that connect to the Internet and access points. If you operate a wireless network, patching your router is a great step. Your Internet devices (your computer, phone or tablet) will also need to be patched. Many patches are already available and many devices will automatically be patched.

With that said, it’s a forgone conclusion that there will still be billions of unpatched devices for years (maybe even decades) to come. That’s because, as we’ve said before:

patching large, legacy systems is hard. For many kinds of systems, the existence of patches for a vulnerability is no guarantee that they will make their way to the affected devices in a timely manner. For example, many Internet of Things devices are unpatchable, a fact that was exploited by the Mirai Botnet. Additionally, the majority of Android devices are no longer supported by Google or the device manufacturers, leaving them open to exploitation by a "toxic hellstew" of known vulnerabilities.

So while we don’t think people should necessarily freak out about KRACK, it does demonstrate once again how important it is for industry to solve the patching problem.

[syndicated profile] eff_feed

Posted by amul

E-Verify is a massive federal data system used to verify the eligibility of job applicants to work in the United States. The U.S. Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS), and the U.S. Social Security Administration (SSA) administer E-Verify. Until now, the federal government has not required private employers to use E-Verify, and only a few states have required it. However, a proposed bill in Congress, the Legal Workforce Act (HR 3711), aims to make E-Verify use mandatory nationwide despite all the very real privacy and accuracy issues associated with the data system.

EFF recently joined human rights and workers rights organizations from across the United States and sent a letter to Congress pointing out the flaws of E-Verify. 

Instead of learning from the recent Equifax data breach that access to sensitive information creates an attractive target for data thieves, our elected representatives want to compel a massive increase in the use of yet another data system that can be breached. To use E-Verify, employers need to collect and transmit sensitive information, such as our social security and passport numbers.

And a data breach isn’t the only concern with such a data system: there’s also the likelihood of data errors that can prevent many Americans from obtaining jobs. Even worse, E-Verify is likely to have an unfair disparate impact against women, as they are more likely to change their names due to marriage or divorce. Additionally, a Government Accountability Office (GAO) report [.pdf page 19] found that despite being eligible, E-Verify leads to more denials for people not born in America, and can “create the appearance of discrimination.” The GAO report also stated that these errors would increase dramatically if E-Verify is made mandatory.

Instead of recognizing the problematic nature of E-Verify, the White House is pushing to make it mandatory in its negotiations with Congress concerning legislative protection for Deferred Action for Childhood Arrivals (DACA) recipients. If successful, this would jeopardize Americans’ collective security and privacy. Not to mention that this expanded database may find uses beyond employment verification, and end up as another tool in an already impressive law enforcement surveillance arsenal.

As we have in the past, EFF will continue to do everything in our power to fight against the mandatory usage of E-Verify. It was a bad idea then and it’s a bad idea now.

Ever-Present Wylla

Oct. 19th, 2017 09:54 am
[syndicated profile] ittybittykitty_feed

Posted by Laurie Cinotto


 I've been working hard trying to organize ten years of kitten photographs and have been spending lots of time in front of my computer. Usually, I float around the house with my laptop but because I'm shuffling things around on external hard drives, the cords are keeping me tethered to my desk.

Thankfully, I have my ever-present Wylla to keep me company.  With this little beauty by my side, even the tedious task of organizing hundreds of thousands of photo files is bearable!

It's horribly dark, windy and rainy right now, but before the storm moved in, we did get a few sunny afternoons. I took these photos earlier in the week when the days were still bright.  Wylla is beautiful year-round, but I do think she looks loveliest in the fall light!

Fall is Charlene's season, too, but she has been keeping a lower profile and is still not feeling her best. Hopefully, her GI issues will be resolved soon and we will have our normal girl back.  For now, we'll keep doing all we can to figure this out and get her through it while trying to minimize her anxiety and keep her comfortable.  Thank you for well-wishes for our Girl.  It's nice knowing you are out there and rooting for our girl!



















The problem with Uber

Oct. 19th, 2017 03:56 pm
[syndicated profile] scottaaronson_feed

Posted by Scott

I just spent a wonderful and exhausting five days in the Bay Area: meeting friends, holding the first-ever combined SlateStarCodex/Shtetl-Optimized meetup, touring quantum computing startups PsiCorp and Rigetti Computing, meeting with Silicon Valley folks about quantum computing, and giving a public lecture for the Simons Institute in Berkeley.  I’ll probably say more about some of these events in future posts, but for now: thanks so much to everyone who helped them happen!

Alas, my experiences getting around the Bay this week convinced me that there’s a real problem with Uber.  And no, I’m not talking about their corporate culture, or the personality of ousted CEO Travis Kalanick, or the hardball lobbying of municipalities to allow ride-sharing, or the taxi companies needing to adapt to survive, or even Uber having an unsustainable business model (they could charge more and I’d still use it…).

The problem is: when you order an Uber, like 2/3 of the time you and the driver can’t find each other without a lot of back and forth.

Firstly, because you can’t specify where you are with enough accuracy.  When you try, the app does this thing where it literally moves the “you are here” pointer to a place where you’re not. And then, even if the little dot correctly indicates your location, for some reason the driver will think you’re somewhere totally different.

Secondly, because Uber cars are typically unmarked.  Yes, the app tells you that it’s a white Ford or whatever—but there’s a lot of white cars, and it’s hard (at least for me) to distinguish models at a distance, so you can then face a stressful “Where’s Waldo?” problem involving hundreds of cars.

Thirdly, because the drivers understandably have their phones mounted on their dashboards—the result being that, when you call to try to figure out where they are, nothing they say can be distinguished from “mmph hrmph mmph.”  And of course they can’t text while driving.

To be clear, these gripes arise only because ride-sharing apps generally work so damn well, and are such an advance over what preceded them, that they’ve changed our expectations about the convenience of getting from place to place.  Because of Uber and Lyft and so on, it’s tempting to plan your life around the assumption that you can be anywhere in a greater metro area, and within 3 minutes a car will magically arrive to take you to wherever else in that area you need to be—while your brain remains uncluttered with transportation logistics, among the most excruciating of all topics.  This is a problem borne of success.

But—good news, everyone!—I have an idea to solve the problem, which I hereby offer free of charge to any ride-sharing service that wants to adopt it.  Namely, when you order a ride, why doesn’t the app—with your explicit permission, of course—use your phone’s camera to send a selfie of you, together with the location where you’re waiting, to the driver?  Is there some obvious reason I’m missing why this wouldn’t work?  Have any ride-sharing companies tried it?  (I only learned today that I can update my Uber profile to include my photo.  Hopefully that will help drivers find me—but a photo of the intersection, or the side of the building where I am, etc. could help even more.)

[syndicated profile] unity3d_blogs_feed

Posted by Nathan Ventura

Learn how a successful indie developer used Unity Connect to hire a talented VR developer to build the sequel to the critically-acclaimed space simulator, Universe Sandbox. As the creator of the best-selling physics space simulator, Universe Sandbox, the studio Giant Army didn’t start so giant. The title, which has sold over 800,000 copies to date, […]
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children.

Press release. News article.

This is the same group that found all those security and privacy vulnerabilities in smart dolls.