I don’t know who this guy is, but he’s definitely worth watching if you’re into serious guitar work.

(requires Adobe Flash plugin.

This is a reprint from Bruce Schneier’s blog on security.

This is an interesting paper on the efficacy of terrorism:

This study analyzes the political plights of twenty-eight terrorist groups — the complete list of foreign terrorist organizations (FTOs) as designated by the U.S. Department of State since 2001. The data yield two unexpected findings. First, the groups accomplished their forty-two policy objectives only 7 percent of the time. Second, although the groups achieved certain types of policy objectives more than others, the key variable for terrorist success was a tactical one: target selection. Groups whose attacks on civilian targets outnumbered attacks on military targets systematically failed to achieve their policy objectives, regardless of their nature.

The author believes that correspondent inference theory explains this. Basically, the theory says that people infer the motives of an actor based on the consequences of the action. So people assume that the motives of a terrorist are wanton death and destruction, and not the stated aims of the terrorist group:

The theory posited here is that terrorist groups that target civilians are unable to coerce policy change because terrorism has an extremely high correspondence. Countries believe that their civilian populations are attacked not because the terrorist group is protesting unfavorable external conditions such as territorial occupation or poverty. Rather, target countries infer from the short-term consequences of terrorism — the deaths of innocent citizens, mass fear, loss of confidence in the government to offer protection, economic contraction, and the inevitable erosion of civil liberties — the objectives of the terrorist group. In short, target countries view the negative consequences of terrorist attacks on their societies and political systems as evidence that the terrorists want them destroyed. Target countries are understandably skeptical that making concessions will placate terrorist groups believed to be motivated by these maximalist objectives.

This certainly explains a great deal about the U.S.’s reaction to the 9/11 attacks. Many people — along with our politicians and press — believe that al Qaeda terrorism is different, and they’re just out to kill us all. (In fact, I’m sure I’ll get blog comments along those lines.) The paper examines this belief: where it came from, how it manifested itself, and why it is wrong.

Professor Daniel Solove, from George Washington University Law School, has written a wonderful paper on privacy and the “Nothing to Hide” argument (click here to read). It is important for people to understand that privacy is about the balance of power, and NOT about hiding unlawful or bad behavior. When a person quips: “I don’t mind the government surrveilling me… I have nothing to hide”, they are basing the value of privacy on this “bad behavior” fallacy. If privacy were based on this notion, then why don’t we share our credit card statement, paystubs, and medical records with our neighbors? Why do we put curtains on our windows and doors on our bedrooms? To take it to the extreme, why to we even wear clothes? The fact that we keep these things private doesn’t mean there is anything unlawful or wrong going on. It simply means we want to maintain a certain level of control on our lives, and revealing any one of these things could affect that power balance between us and others (whether businesses or people).

This balance of power is important to understand when it comes to government surveillance. Mass surveillance is usually framed by supporters as enhancing security, which in many cases it’s true. However, we must strike a balance between privacy and “surveillance based” security, as the two are diametrically opposed (note that there are many other ways to increase security without relying on surveillance). When striking this balance, we all too often underestimate the value of privacy because we don’t frame it in terms of power and self-determination. Framing privacy this way is important, as evidenced by the fact that the United States Constitution is designed to limit the powers of government, not grant them. It defines a set of “inaliable rights” to help maintain the power balance. The 1st Amendment allows us to express our opinions, the 2nd Amendment allows us to defend ourselves from a tyrannical government, and 4th Amendment protects us from unreasonable searches (surrveilance) and seizures. It also defines a system of checks-and-balances between the 3 branches to help ensure no one branch gains too much power. When we as a nation forget this, we open ourselves up to losing more and more control over the direction of our lives.

Here’s the abstract from the paper:

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: I’ve got nothing to hide. According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.

Daniel Solove’s blog “Concurring Opinions” can be found here.

An interesting research paper. From the abstract:

We describe a “cheat” attack, allowing an ordinary process to hijack any desirable percentage of the CPU cycles without requiring superuser/administrator privileges. Moreover, the nature of the attack is such that, at least in some systems, listing the active processes will erroneously show the cheating process as not using any CPU resources: the “missing” cycles would either be attributed to some other process or not be reported at all (if the machine is otherwise idle). Thus, certain malicious operations generally believed to have required overcoming the hardships of obtaining root access and installing a rootkit, can actually be launched by non-privileged users in a straightforward manner, thereby making the job of a malicious adversary that much easier. We show that most major general-purpose operating systems are vulnerable to the cheat attack, due to a combination of how they account for CPU usage and how they use this information to prioritize competing processes. Furthermore, recent scheduler changes attempting to better support interactive workloads increase the vulnerability to the attack, and naive steps taken by certain systems to reduce the danger are easily circumvented. We show that the attack can nevertheless be defeated, and we demonstreate this by implementing a patch for Linux that eliminates the problem with negligible overhead.

Click here to read (459KB, PDF)