Bruce Momjian

Blog




Community Amish Evangelicals

Tuesday, September 2, 2014

I just watched three hour-long bbc documentaries about the Amish, Amish: A Secret Life, Trouble In Amish Paradise, and Leaving Amish Paradise. The three documentaries form a set that record a few families over several years.

First, the documentaries are interesting because they show a group that historically has avoided visual recordings. Second, the thread throughout the documentary is that these families agreed to being recorded because they disagree with a works-based/legal method of salvation. They believe in an evangelical Christianity that emphasizes a personal relationship with Jesus as the means of salvation.

One big impetus of this change is that the Bible is now widely available in English, rather than the antiquated German that few Amish understand. Amish can now see that the old-order Amish behavioral laws are not part of the Bible, and that the Bible promotes a faith/relationship-based method of salvation. Also, the Amish featured in these documentaries express a wisdom about family, work, and faith that I rarely see, even among mature Christians.

 


Community The Questionable Link Between Saturated Fat and Heart Disease

Monday, June 2, 2014

In another dietary reevaluation, saturated fat might not be bad for you, and avoiding it might cause even worse problems.

Update: New book, The Big Fat Surprise 2014-06-13

Post a Comment

Technology Computer Device Security

Wednesday, May 21, 2014

Several of the computer devices I use contain or have access to security information. The computer devices are usually under my control or are in secure locations, but occasionally these devices are not under my control, e.g. luggage storage, hotel room, empty office. I need to securely lock these devices when they are in insecure locations. This blog post explores the options available.

My first devices is a Lenovo T60. There are five levels of security supported by this device:

The question is what can someone access with physical control of the laptop? First, it is possible to clear the boot password by removing the cmos battery and draining power by pressing the on/off button. Once the cmos is cleared, the date stored in the bios needs to be set. If a bios password has been set, you need to move motherboard jumpers to reset the bios settings, including the bios password.

What is more secure are the hard drive passwords. This can be set when setting the bios password, or separately from the bios setup. There are two hard drive passwords, master and user. Either one can be used to unlock the hard drive, and on boot the boot password will be tried as the hard drive password, requiring only one password to be entered. This password makes it more difficult for the disk drive to be removed and read on another machine. Only three password attempts are possible before requiring the hard drive to be power-cycled. (Lenovo has a passphrase password storage mode that allows long passwords but requires a Lenovo laptop to unlock the drive.) The drive password is stored in a private area on the drive that cannot be accessed by normal user tools. There are some tricks for unlocking drives which are very device-specific and only possible for some drives.

The operating system password is only useful for trivial security control. Rebooting any laptop is easy, and booting into administrator mode trivial. It might be difficult to restore the laptop with the same running applications that existed before reboot, so the reboot tampering might be detectable.

A further security measure is to store secure information on a removable USB memory stick with an encrypted file system that can only be decrypted with a long password (like a uuid) stored on the laptop. The usb stick alone cannot be decrypted, and the laptop alone doesn't contain any secure information.

One attack method that is hard to prevent is delayed security transmission, where a program runs periodically on the laptop and transfers secure information from the laptop when the drive and usb memory is decrypted. (Keyloggers also fall into this category.) This underscores the importance of preventing anyone from accessing the operating system. By shutting down the laptop and removing the usb stick, while it is possible to reset the boot and bios password, an attacker would still need to overcome the hard drive password and then install something to read the secure information from the usb stick. Hard drive encryption is an even more secure option.

For my Nexus 7, UnKeyLocker allows the password to be enabled when the device will be in an insecure area. The password will be required on resume and boot until the device is unlocked and UnKeyLocker turned off. Encrypting the storage is also an option.

Post a Comment

Thoughts A Troublesome Inheritance

Thursday, May 8, 2014

A new book, A Troublesome Inheritance, has the potential to upend common assumptions about race the same way The Bell Curve did in 1994. A Wall Street Journal book review builds the case for why this book is so important:

But so far it has been the norm, not the exception, that variations in these genes show large differences across races. We don't yet know what the genetically significant racial differences will turn out to be, but we have to expect that they will be many. It is unhelpful for social scientists and the media to continue to proclaim that "race is a social construct" in the face of this looming rendezvous with reality.

In fact, the review even explains the likely methods that will be used to attack the book. As the reviewer was a co-author of The Bell Curve, he ought to know.

Post a Comment

Technology Women in Tech

Friday, March 7, 2014

I often hear laments about the lack of women in technology fields, even though I believe much of this is caused by women finding technology-heavy work environments unattractive. This blog post explains the issue better than I ever could, focussing on two issues:

  • equality and interchangeability are not the same
  • economic needs often overshadow family needs

The last item bears more exploration. There is an unspoken feeling in the USA that whatever is good for the economy is also good for society, and by extension the family. Even when presented with demonstratable cases where this is false, the assumption remains that, at some macro level, this balances out. See this post for more details.

Post a Comment

Technology The Nsa and Too Much Safety

Tuesday, January 7, 2014

Edward Snowden initially revealed the nsa is spying on Internet traffic and forcing cloud service providers like Google, Yahoo, and Microsoft to divulge private communications between users. New revelations indicate that hardware providers are also targets, with hardware shipments being intercepted to install spyware. It has been known that other governments routinely do this, particularly China, but it was thought the usa was mostly immune. This gave non-US purchasers confidence in US products — that confidence is gone, and with it, lots of money; spying revelations are expected to cost IT firms billions.

What is odd is that there seems to be little concern among the US public. This is probably because the spying is pitched as "making America safer," targets only foreigners, and there is little evidence the information obtained by spying was misused. Contrast that with spying on anti-war protesters in the 1970's that was misused, and once exposed, led to increased intelligence oversight. It seems a similar shocking example of abuse must happen before the public will demand reform.

We don't know if US government spying ever prevented an attack, but we do know that such spying will cost the US economy billions of dollars in the coming years, and the US public seems to be fine with that tradeoff.

Update: A summary of the costs of spying 2014-01-18

Post a Comment