Tag Archives: airport

Security Risks of TSA PreCheck

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/12/security_risks_12.html

Former TSA Administrator Kip Hawley wrote an op-ed pointing out the security vulnerabilities in the TSA’s PreCheck program:

The first vulnerability in the system is its enrollment process, which seeks to verify an applicant’s identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA’s system for checking airport workers’ identities concluded that it was “not designed to provide reasonable assurance that only qualified applicants” got approved. It’s not a stretch to believe a reasonably competent terrorist could construct an identity that would pass PreCheck’s front end.

The other step in PreCheck’s “intelligence-driven, risk-based security strategy” is absurd on its face: The absence of negative information about a person doesn’t mean he or she is trustworthy. News reports are filled with stories of people who seemed to be perfectly normal right up to the moment they committed a heinous act. There is no screening algorithm and no database check that can accurately predict human behavior — especially on the scale of millions. It is axiomatic that terrorist organizations recruit operatives who have clean backgrounds and interview well.

None of this is news.

Back in 2004, I wrote:

Imagine you’re a terrorist plotter with half a dozen potential terrorists at your disposal. They all apply for a card, and three get one. Guess which are going on the mission? And they’ll buy round-trip tickets with credit cards and have a “normal” amount of luggage with them.

What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.

The Trusted Traveler program is based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That’s simply not true. Most of the 9/11 terrorists were unknown and not on any watch list. Timothy McVeigh was an upstanding US citizen before he blew up the Oklahoma City Federal Building. Palestinian suicide bombers in Israel are normal, nondescript people. Intelligence reports indicate that Al Qaeda is recruiting non-Arab terrorists for US operations.

I wrote much the same thing in 2007:

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

The truth is that whenever you create two paths through security — a high-security path and a low-security path — you have to assume that the bad guys will find a way to exploit the low-security path. It may be counterintuitive, but we are all safer if the people chosen for more thorough screening are truly random and not based on an error-filled database or a cursory background check.

In a companion blog post, Hawley has more details about why the program doesn’t work:

In the sense that PreCheck bars people who were identified by intelligence or law enforcement agencies as possible terrorists, then it was intelligence-driven. But using that standard for PreCheck is ridiculous since those people already get extra screening or are on the No-Fly list. The movie Patriots Day, out now, reminds us of the tragic and preventable Boston Marathon bombing. The FBI sent agents to talk to the Tsarnaev brothers and investigate them as possible terror suspects. And cleared them. Even they did not meet the “intelligence-driven” definition used in PreCheck.

The other problem with “intelligence-driven” in the PreCheck context is that intelligence actually tells us the opposite; specifically that terrorists pick clean operatives. If TSA uses current intelligence to evaluate risk, it would not be out enrolling everybody they can into pre-9/11 security for everybody not flagged by the security services.

Hawley and I may agree on the problem, but we have completely opposite solutions. The op-ed was too short to include details, but they’re in a companion blog post. Basically, he wants to screen PreCheck passengers more:

In the interests of space, I left out details of what I would suggest as short-and medium-term solutions. Here are a few ideas:

  • Immediately scrub the PreCheck enrollees for false identities. That can probably be accomplished best and most quickly by getting permission from members, and then using, commercial data. If the results show that PreCheck has already been penetrated, the program should be suspended.
  • Deploy K-9 teams at PreCheck lanes.

  • Use Behaviorally trained officers to interact with and check the credentials of PreCheck passengers.

  • Use Explosives Trace Detection cotton swabs on PreCheck passengers at a much higher rate. Same with removing shoes.

  • Turn on the body scanners and keep them fully utilized.

  • Allow liquids to stay in the carry-on since TSA scanners can detect threat liquids.

  • Work with the airlines to keep the PreCheck experience positive.

  • Work with airports to place PreCheck lanes away from regular checkpoints so as not to diminish lane capacity for non-PreCheck passengers. Rental Car check-in areas could be one alternative. Also, downtown check-in and screening (with secure transport to the airport) is a possibility.

These solutions completely ignore the data from the real-world experiment PreCheck has been. Hawley writes that PreCheck tells us that “terrorists pick clean operatives.” That’s exactly wrong. PreCheck tells us that, basically, there are no terrorists. If 1) it’s an easier way through airport security that terrorists will invariably use, and 2) there have been no instances of terrorists using it in the 10+ years it and its predecessors have been in operation, then the inescapable conclusion is that the threat is minimal. Instead of screening PreCheck passengers more, we should screen everybody else less. This is me in 2012: “I think the PreCheck level of airport screening is what everyone should get, and that the no-fly list and the photo ID check add nothing to security.”

I agree with Hawley that we need to overhaul airport security. Me in 2010: “Airport security is the last line of defense, and it’s not a very good one.” We need to recognize that the actual risk is much lower than we fear, and ratchet airport security down accordingly. And then we need to continue to invest in investigation and intelligence: security measures that work regardless of the tactic or target.

Tips To Survive Family Tech Support

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/tips-survive-family-tech-support/

Family Tech Support

This is the time of year when a lot of us travel home for the holidays. If you’re the most technical person in the room – heck, even if you’re just the only one who knows how to turn on a computer – some of your less technically-minded relatives might depend on you for help with their gear. If you’re on the hook to help, here are a few tips to make things go more smoothly. Spend less time fixing gear and more time enjoying holiday cheer!

Be Patient

Take a deep breath. Take a stiff drink if it’ll help. Remember that getting frustrated or angry with your family member is bound just to create a bigger problem. It might not be natural for you to to listen to what’s going on without rolling your eyes, interjecting, making sarcastic remarks or giving off body language “tells” that show your frustration.

Remember, they’re coming to you because they need help. So be kind, and remember the Golden Rule: Treat others as you’d like to be treated.

Take Time To Understand The Problem

Articulating the exact nature of your technical problem can be hard even when you know what you’re doing. Add inexperience to the mix and it’s a recipe for confusion, both for the person afflicted with the problem but the person trying to help.

So when your relative says to you, “My iPhone isn’t working,” find out what that means before you troubleshoot. If you go off to fix something without knowing exactly what you’re trying to fix, you can make things worse.

Try Not To Overexplain The Fix

Remember that the person you’re helping doesn’t necessarily think like you, and that they’re reaching out to you because they believe you have a different set of skills.

To that end, try to keep your explanations simple and clear. Don’t make assumptions about their level of knowledge. And if their eyes glaze over, try to make it easier for them by using simple analogies or metaphors that might make it easier to understand.

Install Remote Control Software

It’s one thing to help a relative in person when their gear is in your lap or in your hands, but it’s another thing entirely if they need your help when you’re not around. And if the questions pop up around the holiday dinner table, chances are you’re not going to get everything fixed right then.

That’s why using remote control software can come in really handy – apps that will enable you to take control of their computer from yours, so you can quickly and easily make changes without having to tell them step-by-step what to do.

TeamViewer, LogMeIn, Microsoft Remote Desktop, even old-fashioned VNC all get the job done, so use whatever tool you prefer.

Don’t Be Afraid To Say No

You may be perfectly comfortable putting a new air filter in your car, but there’s a big difference between that and rebuilding a transmission. Likewise, there are some problems with computers and smartphones that might be totally beyond the scope of your ability to fix. Whether it’s physically taking something apart of a software problem that’s really gnarly, you may very well hit a brick wall without any obvious solution.

The important thing is not to get in over your head and make things worse, because that’s not going to help anyone, and it’s just going to create more frustration and aggravation. At that point, it’s not only safe but suggestible to tell your relative to bring the gear to a trained pro in order to fix.

Make Sure They’re Backed Up

Get ’em Backblaze. Let’s face it, accidents happen all the time. An accidental tip of the eggnog cup, some rough handling by the security folks at the airport, or just a slip of the laptop off the bed and all of a sudden you, Mom, Dad or Aunt Jeanine are looking at an expensive and costly repair.

Without a backup, the data on that device is lost forever. Thanks to Backblaze, that data can be restored from anywhere, anytime. $5 per month is all it costs for unlimited backup from any Mac or PC. Set it up the next time you’re home. When something goes wrong, you’ll be able to help your relatives recover their vacation photos, that Excel spreadsheet or anything else they might need.

Give a little, get a little!

‘Tis better to give than to receive. What’s even better than that? When you get something out of the deal too. With Backblaze’s Refer A Friend program, you can refer family members and friends who will get a free month of Backblaze to try out the service for themselves. When they buy Backblaze, you’ll get a free month too. You can receive an unlimited number of free months.

The post Tips To Survive Family Tech Support appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Amazon Lex – Build Conversational Voice & Text Interfaces

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/amazon-lex-build-conversational-voice-text-interfaces/

While computers that talk are great, computers that listen and respond are even better! If you have used an Amazon Echo, you know how simple, useful, and powerful the Alexa-powered interaction model can be.

Today we are making the same deep learning technologies (ASR – Automatic Speech Recognition NLU – Natural Language Understanding) that power Amazon Alexa available to you for use in your own conversational applications. You can use Amazon Lex to build chatbots and other types of web & mobile applications that support engaging, lifelike interactions. Your bots can provide information, power your application, streamline work activities, or provide a control mechanism for robots, drones, and toys.

Amazon Lex is designed to let you get going quickly. You start out by designing your conversation in the Lex Console, providing Lex with some sample phrases that are used to build a natural language model. Then you publish your Amazon Lex bot and let it process text or voice conversations with your users. Amazon Lex is a fully-managed service so you don’t need to spend time setting up, managing, or scaling any infrastructure.

Your chatbot can connect with Facebook Messenger today; Slack and Twilio integration is in the works as well. On the AWS side, it works with  AWS Lambda, AWS Mobile Hub, and Amazon CloudWatch. Your code can make use of Amazon DynamoDB, Amazon Cognito, and other services.

Amazon Lex lets you use AWS Lambda functions to implement the business logic for your bot, including connections to your enterprise applications and data. In conjunction with the newly announced SaaS integration for AWS Mobile Hub, you can build enterprise productivity bots that provide conversational interfaces to  the accounts, contacts, leads, and other enterprise data stored in the SaaS applications that you are already using.

Putting it all together, you now have access to all of the moving parts needed to build fully integrated solutions that start at the mobile app and go all the way to the fulfillment logic.

Amazon Lex Concepts
Let’s take a quick look at the principal Amazon Lex concepts:

Bot – A bot contains all of the components of a conversation.

Intent – An intent represents a goal that the bot’s user wants to achieve (buying a plane ticket, scheduling an appointment, or getting a weather forecast, and so forth).

Utterance – An utterance is a spoken or typed phrase that invokes an intent. “I want to book a hotel” or “I want to order flowers” are two simple utterances.

Slots – Each slot is a piece of data that the user must supply in order to fulfill the intent. Slots are typed; a travel bot could have slots for cities, states or airports.

Prompt – A prompt is a question that asks the user to supply some data (for a slot) that is needed to fulfill an intent.

Fulfillment – Fulfillment is the business logic that carries our the user’s intent. Lex supports the use of Lambda functions for fulfillment.

Bots, intents, and slots are versioned so that you can draw clear lines between development, testing, staging, and production, in a multi-developer environment. You can create multiple aliases for each of your bots and maps them to specific versions of the components.

Building a Bot
You can define your Lex bot and set up all of these components from the Lex Console. You can start with one of the samples or you can create a custom bot:

You define your utterances and their slots on the next page:

And customize your bot using the settings:

You can test your bot interactively and refine it until it works as desired:

Then you can generate a callback URL for use with Facebook (and others on the way):

I’ll share more details as soon as the re:Invent rush is over and I have time to really dig in.

Pricing and Availability
Amazon Lex is available in preview form in the US East (Northern Virginia) Region and you can start building conversational applications today!

After you sign up, you can make 10,000 text requests and 5,000 speech requests each month at no charge for the first year. After that you will pay $4.00 for each 1,000 speech requests and $0.75 for every 1,000 text requests.

Jeff;

 

 

The “cryptsetup initrd root shell” vulnerability

Post Syndicated from corbet original http://lwn.net/Articles/706444/rss

Hector Marco and Ismael Ripoll report
a discouraging vulnerability in many encrypted disk setups: simply running
up too many password failures will eventually result in a root shell.
This vulnerability allows to obtain a root initramfs shell on
affected systems. The vulnerability is very reliable because it doesn’t
depend on specific systems or configurations. Attackers can copy, modify or
destroy the hard disc as well as set up the network to exfiltrate
data. This vulnerability is specially serious in environments like
libraries, ATMs, airport machines, labs, etc, where the whole boot process
is protect (password in BIOS and GRUB) and we only have a keyboard or/and a
mouse.

Now Open – AWS US East (Ohio) Region

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/now-open-aws-us-east-ohio-region/

As part of our ongoing plan to expand the AWS footprint, I am happy to announce that our new US East (Ohio) Region is now available. In conjunction with the existing US East (Northern Virginia) Region, AWS customers in the Eastern part of the United States have fast, low-latency access to the suite of AWS infrastructure services.

The Details
The new Ohio Region supports Amazon Elastic Compute Cloud (EC2) and related services including Amazon Elastic Block Store (EBS), Amazon Virtual Private Cloud, Auto Scaling, Elastic Load Balancing, NAT Gateway, Spot Instances, and Dedicated Hosts.

It also supports (deep breath) Amazon API Gateway, Amazon Aurora, AWS Certificate Manager (ACM), AWS CloudFormation, Amazon CloudFront, AWS CloudHSM, Amazon CloudWatch (including CloudWatch Events and CloudWatch Logs), AWS CloudTrail, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline, AWS Config, AWS Database Migration Service, AWS Direct Connect, Amazon DynamoDB, EC2 Container Registy, Amazon ECS, Amazon Elastic File System, Amazon ElastiCache, AWS Elastic Beanstalk, Amazon EMR, Amazon Elasticsearch Service, Amazon Glacier, AWS Identity and Access Management (IAM), AWS Import/Export Snowball, AWS Key Management Service (KMS), Amazon Kinesis, AWS Lambda, AWS Marketplace, Mobile Hub, AWS OpsWorks, Amazon Relational Database Service (RDS), Amazon Redshift, Amazon Route 53, Amazon Simple Storage Service (S3), AWS Service Catalog, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), AWS Storage Gateway, Amazon Simple Workflow Service (SWF), AWS Trusted Advisor, VM Import/Export, and AWS WAF.

The Region supports all sizes of C4, D2, I2, M4, R3, T2, and X1 instances. As is the case with all of our newer Regions, instances must be launched within a Virtual Private Cloud (read Virtual Private Clouds for Everyone to learn more).

Well Connected
Here are some round-trip network metrics that you may find interesting (all names are airport codes, as is apparently customary in the networking world; all times are +/- 2 ms):

  • 12 ms to IAD (home of the US East (Northern Virginia) Region).
  • 20 ms to JFK (home to an Internet exchange point).
  • 29 ms to ORD (home to a pair of Direct Connect locations hosted by QTS and Equinix and another exchange point).
  • 91 ms to SFO (home of the US West (Northern California) Region).

With just 12 ms of round-trip latency between US East (Ohio) and US East (Northern Virginia), you can make good use of unique AWS features such as S3 Cross-Region Replication, Cross-Region Read Replicas for Amazon Aurora, Cross-Region Read Replicas for MySQL, and Cross-Region Read Replicas for PostgreSQL. Data transfer between the two Regions is priced at the Inter-AZ price ($0.01 per GB), making your cross-region use cases even more economical.

Also on the networking front, we have agreed to work together with Ohio State University to provide AWS Direct Connect access to OARnet. This 100-gigabit network connects colleges, schools, medical research hospitals, and state government across Ohio. This connection provides local teachers, students, and researchers with a dedicated, high-speed network connection to AWS.

14 Regions, 38 Availability Zones, and Counting
Today’s launch of this 3-AZ Region expands our global footprint to a grand total of 14 Regions and 38 Availability Zones. We are also getting ready to open up a second AWS Region in China, along with other new AWS Regions in Canada, France, and the UK.

Since there’s been some industry-wide confusion about the difference between Regions and Availability Zones of late, I think it is important to understand the differences between these two terms. Each Region is a physical location where we have one or more Availability Zones or AZs. Each Availability Zone, in turn, consists of one or more data centers, each with redundant power, networking, and connectivity, all housed in separate facilities. Having two or more AZ’s in each Region gives you the ability to run applications that are more highly available, fault tolerant, and durable than would be the case if you were limited to a single AZ.

Around the office, we sometimes play with analogies that can serve to explain the difference between the two terms. My favorites are “Hotels vs. hotel rooms” and “Apple trees vs. apples.” So, pick your analogy, but be sure that you know what it means!


Jeff;

 

The Compute Module – now in an NEC display near you

Post Syndicated from Eben Upton original https://www.raspberrypi.org/blog/compute-module-nec-display-near-you/

Back in April 2014, we launched the Compute Module to provide hardware developers with a way to incorporate Raspberry Pi technology into their own products. Since then we’ve seen it used to build home media players, industrial control systems, and everything in between.

Earlier this week, NEC announced that they would be adding Compute Module support to their next-generation large-format displays, starting with 40″, 48″ and 55″ models in January 2017 and eventually scaling all the way up to a monstrous 98″ (!!) by the end of the year. These are commercial-grade displays designed for use in brightly-lit public spaces such as schools, offices, shops and railway stations.

Believe it or not these are the small ones

Believe it or not, these are the small ones.

NEC have already lined up a range of software partners in retail, airport information systems, education and corporate to provide presentation and signage software which runs on the Compute Module platform. You’ll be seeing these roll out in a lot of locations that you visit frequently.

Each display has an internal bay which accepts an adapter board loaded with either the existing Compute Module, or the upcoming Compute Module 3, which incorporates the BCM2837 application processor and 1GB of LPDDR2 memory found on the Raspberry Pi 3 Model B. We’re expecting to do a wider release of Compute Module 3 to everybody around the end of the year.

The Compute Module in situ

The Compute Module in situ

We’ve been working on this project with NEC for over a year now, and are very excited that it’s finally seeing the light of day. It’s an incredible vote of confidence in the Raspberry Pi Compute Module platform from a blue-chip hardware vendor, and will hopefully be the first of many.

Now, here’s some guy to tell you more about what’s going on behind the screens you walk past every day on your commute.

‘The Power to Surprise’ live stream at Display Trends Forum 2016 – NEC Teams Up With Raspberry Pi

NEC Display Solutions today announced that it will be sharing an open platform modular approach with Raspberry Pi, enabling a seamless integration of Raspberry Pi’s devices with NEC’s displays. NEC’s leading position in offering the widest product range of display solutions matches perfectly with the Raspberry Pi, the organisation responsible for developing the award-winning range of low-cost, high-performance computers.

The post The Compute Module – now in an NEC display near you appeared first on Raspberry Pi.

Terrorist False Alarm at JFK Airport Demonstrates How Unprepared We Really Are

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/08/terrorist_false.html

The detailed accounts of the terrorist-shooter false-alarm at Kennedy Airport in New York last week illustrate how completely and totally unprepared the airport authorities are for any real such event.

I have two reactions to this. On the one hand, this is a movie-plot threat — the sort of overly specific terrorist scenario that doesn’t make sense to defend against. On the other hand, police around the world need training in these types of scenarios in general. Panic can easily cause more deaths than terrorists themselves, and we need to think about what responsibilities police and other security guards have in these situations.

Why You Should Speak At & Attend LinuxConf Australia

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2016/08/04/lca2016.html

[ This blog
was crossposted
on Software Freedom Conservancy’s website
. ]

Monday 1 February 2016 was the longest day of my life, but I don’t mean
that in the canonical, figurative, and usually negative sense of that
phrase. I mean it literally and in a positive way. I woke up that morning
Amsterdam in the Netherlands — having the previous night taken a
evening train from Brussels, Belgium with my friend and colleague Tom
Marble
. Tom and I had just spent the weekend
at FOSDEM 2016, where he and
I co-organize
the Legal
and Policy Issues DevRoom
(with our mutual friends and colleagues,
Richard Fontana and Karen M. Sandler).

Tom and I headed over to AMS airport around 07:00 local time, found some
breakfast and boarded our flights. Tom was homeward bound, but I was about
to do the crazy thing that he’d done in the reverse a few years before: I
was speaking at FOSDEM and LinuxConf Australia, back-to-back. In fact,
because the airline fares were substantially cheaper this way, I didn’t
book a “round the world” flight, but instead two back-to-back
round-trip tickets. I boarded the plane at AMS at 09:30 that morning
(local time), and landed in my (new-ish) hometown of Portland, OR as
afternoon there began. I went home, spent the afternoon with my wife,
sister-in-law, and dogs, washed my laundry, and repacked my bag. My flight
to LAX departed at 19:36 local time, a little after US/Pacific sunset.

I crossed the Pacific ocean, the international dateline, left a day on
deposit to pickup on the way back, after 24 hours of almost literally
chasing the sun, I arrived in Melbourne on the morning of Wednesday 3
February, road a shuttle bus, dumped my bags at my room, and arrived just
in time for
the Wednesday
afternoon tea break at LinuxConf Australia 2016 in Geelong
.

Nearly everyone who heard this story — or saw me while it was
happening — asked me the same question: Why are you doing
this?
. The five to six people packed in with me in my coach section on
the LAX→SYD leg are probably still asking this, because I had an
allergic attack of some sort most of the flight and couldn’t stop coughing,
even with two full bags of Fisherman’s Friends over those 15 hours.

But, nevertheless, I gave a simple answer to everyone who questioned my
crazy BRU→AMS→PDX→LAX→SYD→MEL itinerary: FOSDEM and LinuxConf AU are
two of the most important events on the Free Software annual calendar.
There’s just no question. I’ll write more about FOSDEM sometime soon, but
the rest of this post, I’ll dedicate to LinuxConf Australia (LCA).

One of my biggest regrets in Free Software is that I was once — and
you’ll be surprised by this given my story above — a bit squeamish
about the nearly 15 hour flight to get from the USA to Australia, and
therefore I didn’t attend LCA until 2015. LCA began way back in 1999.
Keep in mind that, other than FOSDEM, no major, community-organized events
have survived from that time. But LCA has the culture and mindset of the
kinds of conferences that our community made in 1999.

LCA is community organized and operated. Groups of volunteers
each year plan the event. In the tradition of science fiction conventions
and other hobbyist activities, groups bid for the conference and offer
their time and effort to make the conference a success. They have an
annual hand-off meeting to be sure the organization lessons are passed from
one committee to the next, and some volunteers even repeat their
involvement year after year. For organizational structure, they rely on a
non-profit organization, Linux
Australia
, to assist with handling the funds and providing
infrastructure (just like Conservancy does for our member projects and
their conferences!)

I believe fully that the success of software freedom and GNU/Linux in
particularly has not primarily been because companies allow developers to
spend some of their time coding on upstream. Sure, many Free Software
projects couldn’t survive without that component, but what really makes
GNU/Linux, or any Free Software project, truly special is that there’s a
community of users and developers who use, improve, and learn about the
software because it excites and interests them. LCA is one of the few
events specifically designed to invite that sort of person to attend, and
it has for almost an entire generation stood in stark contrast the highly
corporate, for-profits events that slowly took over our community in the
years that followed LCA’s founding. (Remember all those years of
LinuxWorld
Expo
? I wasn’t even sad when IDG stopped running it!)

Speaking particularly of earlier this year, LCA 2016 in Geelong, Australia
was a particular profound event for me. LCA is one of the few events that
accepts my rather political talks about what’s happening in Open Source and
Free Software, so I gave a talk
on Friday
5 February 2016
entitled Copyleft For the Next Decade: A
Comprehensive Plan
, which was recorded, so you can watch it. I do
warn everyone that the jokes did not go over well (mine never do), so after I
finished, I was feeling a bit down that I hadn’t made the talk entertaining
enough. But then, something amazing happened: people started walking up to
me and telling me how important my message was. One individual even came up
and told me that he was excited enough that he’d like
to match
any donation that Software Freedom Conservancy received during LCA 2016
.
Since it was the last day of the event, I quickly went to one of the
organizers, Kathy Reid, and asked
if they would announce this match during the closing ceremonies; she agreed.
In a matter of just an hour or two, I’d gone from believing my talk had
fallen flat to realizing that — regardless of whether I’d presented
well — the concepts I discussed had connected with people.

Then, I sat down in the closing session. I started to tear up slightly
when the
organizers announced the donation match
. Within 90 seconds, though,
that turned to full tears of joy when the incoming President of Linux
Australia, Hugh Blemings, came on
stage and
said
:

[I’ll start with] a Software Freedom Conservancy thing, as it turns out.
… I can tell that most of you weren’t at Bradley’s talk earlier on
today, but if there is one talk I’d encourage you to watch on the
playback later it would be that one. There’s a very very important
message in there and something to take away for all of us. On behalf of
the Council I’d like to announce … that we’re actually in the
process of making a significant donation from Linux Australia to Software
Freedom Conservancy as well. I urge all of you to consider contributing
individual as well, and there is much left for us to be done as a
community on that front.

I hope that this post helps organizers of events like LCA fully understand
how much something like this means to us who run a small charities —
and not just with regard to the financial contributions. Knowing that the
organizers of community events feel so strongly positive about our work
really keeps us going. We work hard and spend much time at Conservancy to
serve the Open Source and Free Software community, and knowing the work is
appreciated inspires us to keep working. Furthermore, we know that without
these events, it’s much tougher for us to reach others with our message of
software freedom. So, for us, the feeling is mutual: I’m delighted that
the Linux Australia and LCA folks feel so positively about Conservancy, and
I now look forward to another 15 hour flight for the next LCA.

And, on that note, I chose a strategic time to post this story. On Friday
5 August 2016, the CFP for LCA
2017 closes
. So, now is the time for all of you to submit a talk. If
you regularly speak at Open Source and Free Software events, or have been
considering it, this event really needs to be on your calendar. I look
forward to seeing all of you Hobart this January.

How Una Got Her Stolen Laptop Back

Post Syndicated from Andy Klein original https://www.backblaze.com/blog/how-una-found-her-stolen-laptop/

Lost Laptop World Map

Reading Peter’s post on getting your data ready for vacation travels, reminded me of a story we recently received from a Backblaze customer. Una’s laptop was stolen and then traveled the over multiple continents over the next year. Here’s Una’s story, in her own words, on how she got her laptop back. Enjoy.

Pulse Incident Number 10028192
(or: How Playing Computer Games Can Help You In Adulthood)

One day when I was eleven, my father arrived home with an object that looked like a briefcase made out of beige plastic. Upon lifting it, one realized it had the weight of, oh, around two elephants. It was an Ericsson ‘portable’ computer, one of the earliest prototypes of laptop. All my classmates had really cool and fashionable computer game consoles with amazing names like “Atari” and “Commodore”, beautifully vibrant colour displays, and joysticks. Our Ericsson had a display with two colours (orange and … dark orange), it used floppy discs that were actually floppy (remember those?), ran on DOS and had no hard drive (you had to load the operating system every single time you turned on the computer. Took around 10 minutes). I dearly loved this machine, however, and played each of the 6 games on it incessantly. One of these was “Where In The World Is Carmen Sandiego?” an educational game where a detective has to chase an archvillain around the world, using geographical and cultural references as clues to get to the next destination. Fast forward twenty years and…

It’s June 2013, I’m thirty years old, and I still love laptops. I live in Galway, Ireland; I’m a self-employed musician who works in a non-profit music school so the cash is tight, but I’ve splashed out on a Macbook Pro and I LOVE IT. I’m on a flight from Dublin to Dubai with a transfer in Turkey. I talk to the guy next to me, who has an Australian accent and mentions he’s going to Asia to research natural energy. A total hippy, I’m interested; we chat until the convo dwindles, I do some work on my laptop, and then I fall asleep.

At 11pm the plane lands in Turkey and we’re called off to transfer to a different flight. Groggy, I pick up my stuff and stumble down the stairs onto the tarmac. In the half-light beside the plane, in the queue for the bus to the terminal, I suddenly realize that I don’t have my laptop in my bag. Panicking, I immediately seek out the nearest staff member. “Please! I’ve left my laptop on the plane – I have to go back and get it!”

The guy says: “No. It’s not allowed. You must get on the bus, madam. The cabin crew will find it and put it in “Lost and Found” and send it to you.” I protest but I can tell he’s immovable. So I get on the bus, go into the terminal, get on another plane and fly to Dubai. The second I land I ring Turkish Air to confirm they’ve found my laptop. They haven’t. I pretty much stalk Turkish Air for the next two weeks to see if the laptop turns up, but to no avail. I travel back via the same airport (Ataturk International), and go around all three Lost and Found offices in the airport, but my laptop isn’t there amongst the hundreds of Kindles and iPads. I don’t understand.

As time drags on, the laptop doesn’t turn up. I report the theft in my local Garda station. The young Garda on duty is really lovely to me and gives me lots of empathy, but the fact that the laptop was stolen in airspace, in a foreign, non-EU country, does not bode well. I continue to stalk Turkish Airlines; they continue to stonewall me, so I get in touch with the Turkish Department for Consumer Affairs. I find a champion amongst them called Ece, who contacts Turkish Airlines and pleads on my behalf. Unfortunately they seem to have more stone walls in Turkey than there are in the entire of Co. Galway, and his pleas fall on deaf ears. Ece advises me I’ll have to bring Turkish Airlines to court to get any compensation, which I suspect will cost more time and money than the laptop is realistically worth. In a firstworld way, I’m devastated – this object was a massive financial outlay for me, a really valuable tool for my work. I try to appreciate the good things – Ece and the Garda Sharon have done their absolute best to help me, my pal Jerry has loaned me a laptop to tide me over the interim – and then I suck it up, say goodbye to the last of my savings, and buy a new computer.

I start installing the applications and files I need for my business. I subscribe to an online backup service, Backblaze, whereby every time I’m online my files are uploaded to the cloud. I’m logging in to Backblaze to recover all my files when I see a button I’ve never noticed before labelled “Locate My Computer”. I catch a breath. Not even daring to hope, I click on it… and it tells me that Backblaze keeps a record of my computer’s location every time it’s online, and can give me the IP address my laptop has been using to get online. The records show my laptop has been online since the theft!! Not only that, but Backblaze has continued to back up files, so I can see all files the thief has created on my computer. My laptop has last been online in, of all the places, Thailand. And when I look at the new files saved on my computer, I find Word documents about solar power. It all clicks. It was the plane passenger beside me who had stolen my laptop, and he is so clueless he’s continued to use it under my login, not realizing this makes him trackable every time he connects to the internet.

I keep the ‘Locate My Computer” function turned on, so I’m consistently monitoring the thief’s whereabouts, and start the chapter of my life titled “The Sleep Deprivation and The Phonebill”. I try ringing the police service in Thailand (GMT +7 hours) multiple times. To say this is ineffective is an understatement; the language barrier is insurmountable. I contact the Irish embassy in Bangkok – oh, wait, that doesn’t exist. I try a consulate, who is lovely but has very limited powers, and while waiting for them to get back to me I email two Malaysian buddies asking them if they know anyone who can help me navigate the language barrier. I’m just put in touch with this lovely pal-of-a-pal called Tupps who’s going to help me when… I check Backblaze and find out that my laptop had started going online in East Timor. Bye bye, Thailand.

I’m so wrecked trying to communicate with the Thai bureaucracy I decide to play the waiting game for a while. I suspect East Timor will be even more of an international diplomacy challenge, so let’s see if the thief is going to stay there for a while before I attempt a move, right? I check Backblaze around once a week for a month, but then the thief stops all activity – I’m worried. I think he’s realized I can track him and has stopped using my login, or has just thrown the laptop away. Reason kicks in, and I begin to talk myself into stopping my crazy international stalking project. But then, when I least expect it, I strike informational GOLD. In December, the thief checks in for a flight from Bali to Perth and saves his online check-in to the computer desktop. I get his name, address, phone number, and email address, plus flight number and flight time and date.

I have numerous fantasies about my next move. How about I ring up the police in Australia, they immediately believe my story and do my every bidding, and then the thief is met at Arrivals by the police, put into handcuffs and marched immediately to jail? Or maybe I should somehow use the media to tell the truth about this guy’s behaviour and give him a good dose of public humiliation? Should I try my own version of restorative justice, contact the thief directly and appeal to his better nature? Or, the most tempting of all, should I get my Australian-dwelling cousin to call on him and bash his face in? … This last option, to be honest, is the outcome I want the most, but Emmett’s actually on the other side of the Australian continent, so it’s a big ask, not to mention the ever-so-slightly scary consequences for both Emmett and myself if we’re convicted… ! (And, my conscience cries weakly from the depths, it’s just the teensiest bit immoral.) Christmas is nuts, and I’m just so torn and ignorant about course of action to take I … do nothing.

One morning in the grey light of early February I finally decide what to do. Although it’s the longest shot in the history of long shots, I will ring the Australian police force about a laptop belonging to a girl from the other side of the world, which was stolen in airspace, in yet another country in the world. I use Google to figure out the nearest Australian police station to the thief’s address. I set my alarm for 4am Irish time, I ring Rockhampton Station, Queensland, and explain the situation to a lovely lady called Danielle. Danielle is very kind and understanding but, unsurprisingly, doesn’t hold out much hope that they can do anything. I’m not Australian, the crime didn’t happen in Australia, there’s questions of jurisdiction, etc. etc. I follow up, out of sheer irrational compulsion rather than with the real hope of an answer, with an email 6 weeks later. There’s no response. I finally admit to myself the laptop is gone. Ever since he’s gone to Australia the thief has copped on and stopped using my login, anyway. I unsubscribe my stolen laptop from Backblaze and try to console myself with the thought that at least I did my best.

And then, completely out of the blue, on May 28th 2014, I get an email from a Senior Constable called Kain Brown. Kain tells me that he has executed a search warrant at a residence in Rockhampton and has my laptop!! He has found it!!! I am stunned. He quickly gets to brass tacks and explains my two options: I can press charges, but it’s extremely unlikely to result in a conviction, and even if it did, the thief would probably only be charged with a $200 fine – and in this situation, it could take years to get my laptop back. If I don’t press charges, the laptop will be kept for 3 months as unclaimed property, and then returned to me. It’s a no-brainer; I decide not to press charges. I wait, and wait, and three months later, on the 22nd September 2014, I get an email from Kain telling me that he can finally release the laptop to me.

Naively, I think my tale is at the “Happy Ever After” stage. I dance a jig around the kitchen table, and read my subsequent email from a “Property Officer” of Rockhampton Station, John Broszat. He has researched how to send the laptop back to me … and my jig is suddenly halted. My particular model of laptop has a lithium battery built into the casing which can only be removed by an expert, and it’s illegal to transport a lithium battery by air freight. So the only option for getting the laptop back, whole and functioning, is via “Sea Mail” – which takes three to four months to get to Ireland. This blows my mind. I can’t quite believe that in this day and age, we can send people to space, a media file across the world in an instant, but that transporting a physical object from one side of the globe to another still takes … a third of a year! It’s been almost a year and a half since my laptop was stolen. I shudder to think of what will happen on its final journey via Sea Mail – knowing my luck, the ship will probably be blown off course and it’ll arrive in the Bahamas.

Fortunately, John is empathetic, and willing to think outside the box. Do I know anyone who will be travelling from Australia to Ireland via plane who would take my laptop in their hand luggage? Well, there’s one tiny silver lining to the recession: half of Craughwell village has a child living in Australia. I ask around on Facebook and find out that my neighbour’s daughter is living in Australia and coming home for Christmas. John Broszat is wonderfully cooperative and mails my laptop to Maroubra Police Station for collection by the gorgeous Laura Gibbons. Laura collects it and brings it home in her flight hand luggage, and finally, FINALLY, on the 23rd of December 2014, 19 months after it’s been stolen, I get my hands on my precious laptop again.

I gingerly take the laptop out of the fashionable paper carrier bag in which Laura has transported it. I set the laptop on the table, and examine it. The casing is slightly more dented than it was, but except for that it’s in one piece. Hoping against hope, I open up the screen, press the ‘on’ button and… the lights flash and the computer turns on!!! The casing is dented, there’s a couple of insalubrious pictures on the hard drive I won’t mention, but it has been dragged from Turkey to Thailand to East Timor to Indonesia to Australia, and IT STILL WORKS. It even still has the original charger accompanying it. Still in shock that this machine is on, I begin to go through the hard drive. Of course, it’s radically different – the thief has deleted all my files, changed the display picture, downloaded his own files and applications. I’m curious: What sort of person steals other people’s laptops? How do they think, organize their lives, what’s going through their minds? I’ve seen most of the thief’s files before from stalking him via the Backblaze back-up service, and they’re not particularly interesting or informative about the guy on a personal level. But then I see a file I haven’t seen before, “ free ebook.pdf ”. I click on it, and it opens. I shake my head in disbelief. The one new file that the thief has downloaded onto my computer is the book “How To Win Friends And Influence People”.

A few weeks later, a new friend and I kiss for the first time. He’s a graphic designer from London. Five months later, he moves over to Ireland to be with me. We’re talking about what stuff he needs to bring when he’s moving and he says “I’m really worried; my desktop computer is huge. I mean, I have no idea how I’m going to bring it over.” Smiling, I say “I have a spare laptop that might suit you…”

[Editor: The moral of the story is make sure your data is backed up before you go on vacation.]

The post How Una Got Her Stolen Laptop Back appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Good Article on Airport Security

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/07/good_article_on_2.html

The New York Times wrote a good piece comparing airport security around the world, and pointing out that moving the security perimeter doesn’t make any difference if the attack can occur just outside the perimeter. Mark Stewart has the good quote:

“Perhaps the most cost-effective measure is policing and intelligence — to stop them before they reach the target,” Mr. Stewart said.

Sounds like something I would say.

Security Analysis of TSA PreCheck

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/06/security_analys_5.html

Interesting research: Mark G. Stewart and John Mueller, “Risk-based passenger screening: risk and economic assessment of TSA PreCheck increased security at reduced cost?

Executive Summary: The Transportation Security Administration’s PreCheck program is risk-based screening that allows passengers assessed as low risk to be directed to expedited, or PreCheck, screening. We begin by modelling the overall system of aviation security by considering all layers of security designed to deter or disrupt a terrorist plot to down an airliner with a passenger-borne bomb. Our analysis suggests that these measures reduce the risk of such an attack by at least 98%. Assuming that the accuracy of Secure Flight may be less than 100% when identifying low and high risk passengers, we then assess the effect of enhanced and expedited (or regular and PreCheck) screening on deterrence and disruption rates. We also evaluate programs that randomly redirect passengers from the PreCheck to the regular lines (random exclusion) and ones that redirect some passengers from regular to PreCheck lines (managed inclusion). We find that, if 50% of passengers are cleared for PreCheck, the additional risk reduction (benefit) due to PreCheck is 0.021% for attacks by lone wolves, and 0.056% for ones by terrorist organisations. If 75% of passengers rather than 50% go through PreCheck, these numbers are 0.017% and 0.044%, still providing a benefit in risk reduction. Under most realistic combinations of parameter values PreCheck actually increases risk reduction, perhaps up to 1%, while under the worst assumptions, it lowers risk reduction only by some 0.1%. Extensive sensitivity analyses suggests that, overall, PreCheck is most likely to have an increase in overall benefit.

The report also finds that adding random exclusion and managed inclusion to the PreCheck program has little effect on the risk reducing capability of PreCheck one way or the other. For example, if 10% of non-PreCheck passengers are randomly sent to the PreCheck line, the program still is delivers a benefit in risk reduction, and provides an additional savings for TSA of $11 million per year by reducing screening costs — while at the same time improving security outcomes.

There are also other co-benefits, and these are very substantial. Reducing checkpoint queuing times improves in the passenger experience, which would lead to higher airline revenues, can exceed several billion dollars per year. TSA PreCheck thus seems likely to bring considerable efficiencies to the screening process and great benefits to passengers, airports, and airlines while actually enhancing security a bit.

Arresting People for Walking Away from Airport Security

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/arresting_peopl.html

A proposed law in Albany, NY, would make it a crime to walk away from airport screening.

Aside from wondering why county lawmakers are getting involved with what should be national policy, you have to ask: what are these people thinking?

They’re thinking in stories, of course. They have a movie plot in their heads, and they are imaging how this measure solves it.

The law is intended to cover what Apple described as a soft spot in the current system that allows passengers to walk away without boarding their flights if security staff flags them for additional scrutiny.

That could include would-be terrorists probing for weaknesses, Apple said, adding that his deputies currently have no legal grounds to question such a person.

Does anyone have any idea what stories these people have in their heads? What sorts of security weaknesses are exposed by walking up to airport security and then walking away?

The Unfalsifiability of Security Claims

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/the_unfalsifiab.html

Interesting research paper: Cormac Herley, “Unfalsifiability of security claims:

There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: while the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures.

This is both true and not true.

Mostly, it’s true. It’s true in cryptography, where we can never say that an algorithm is secure. We can either show how it’s insecure, or say something like: all of these smart people have spent lots of hours trying to break it, and they can’t — but we don’t know what a smarter person who spends even more hours analyzing it will come up with. It’s true in things like airport security, where we can easily point out insecurities but are unable to similarly demonstrate that some measures are unnecessary. And this does lead to a ratcheting up on security, in the absence of constraints like budget or processing speed. It’s easier to demand that everyone take off their shoes for special screening, or that we add another four rounds to the cipher, than to argue the reverse.

But it’s not entirely true. It’s difficult, but we can analyze the cost-effectiveness of different security measures. We can compare them with each other. We can make estimations and decisions and optimizations. It’s just not easy, and often it’s more of an art than a science. But all is not lost.

Still, a very good paper and one worth reading.

Detecting Explosives

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/detecting_explo.html

Really interesting article on the difficulties involved with explosive detection at airport security checkpoints.

Abstract: The mid-air bombing of a Somali passenger jet in February was a wake-up call for security agencies and those working in the field of explosive detection. It was also a reminder that terrorist groups from Yemen to Syria to East Africa continue to explore innovative ways to get bombs onto passenger jets by trying to beat detection systems or recruit insiders. The layered state-of-the-art detection systems that are now in place at most airports in the developed world make it very hard for terrorists to sneak bombs onto planes, but the international aviation sector remains vulnerable because many airports in the developing world either have not deployed these technologies or have not provided rigorous training for operators. Technologies and security measures will need to improve to stay one step ahead of innovative terrorists. Given the pattern of recent Islamic State attacks, there is a strong argument for extending state-of-the-art explosive detection systems beyond the aviation sector to locations such as sports arenas and music venues.

I disagree with his conclusions — the last sentence above — but the technical information on explosives detection technology is really interesting.

Economist Detained for Doing Math on an Airplane

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/economist_detai.html

An economics professor was detained when he was spotted doing math on an airplane:

On Thursday evening, a 40-year-old man ­– with dark, curly hair, olive skin and an exotic foreign accent –­ boarded a plane. It was a regional jet making a short, uneventful hop from Philadelphia to nearby Syracuse.

Or so dozens of unsuspecting passengers thought.

The curly-haired man tried to keep to himself, intently if inscrutably scribbling on a notepad he’d brought aboard. His seatmate, a blond-haired, 30-something woman sporting flip-flops and a red tote bag, looked him over. He was wearing navy Diesel jeans and a red Lacoste sweater — a look he would later describe as “simple elegance” — but something about him didn’t seem right to her.

She decided to try out some small talk.

Is Syracuse home? She asked.

No, he replied curtly.

He similarly deflected further questions. He appeared laser-focused ­– perhaps too laser-focused ­– on the task at hand, those strange scribblings.

Rebuffed, the woman began reading her book. Or pretending to read, anyway. Shortly after boarding had finished, she flagged down a flight attendant and handed that crew-member a note of her own.

This story ended better than some. Economics professor Guido Menzio (yes, he’s Italian) was taken off the plane, questioned, cleared, and allowed to board with the rest of his passengers two hours later.

This is a result of our stupid “see something, say something” culture. As I repeatedly say: “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.”

On the other hand, “Algebra, of course, does have Arabic origins plus math is used to make bombs.” Plus, this fine joke from 2003:

At Heathrow Airport today, an individual, later discovered to be a school teacher, was arrested trying to board a flight while in possession of a compass, a protractor, and a graphical calculator.

Authorities believe she is a member of the notorious al-Gebra movement. She is being charged with carrying weapons of math instruction.

AP story. Slashdot thread.

Seriously, though, I worry that this kind of thing will happen to me. I’m older, and I’m not very Semitic looking, but I am curt to my seatmates and intently focused on what I am doing — which sometimes involves looking at web pages about, and writing about, security and terrorism. I’m sure I’m vaguely suspicious.

EDITED TO ADD: Last month a student was removed from an airplane for speaking Arabic.

What’s the Diff: Time Machine vs. Time Capsule

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/whats-diff-time-machine-vs-time-capsule/

Whats the difference between time machine and time capsule

What’s the Diff is here to explain in plain language what makes up the computer terminology we talk about, to help give you a clearer idea of what it is and how it works.

Apple tries to make things really easy and non-intimidating for people who aren’t computer experts. But backing up your data can be intimidating, no way around it.
Let’s try to demystify a couple of things related to backing up on the Mac that can be confusing to people new to the platform, and even not so new to the platform. This week we’re talking about Time Machine and Time Capsule.
To summarize, Time Machine is the Mac’s built-in backup software. Time Capsule is a network device sold by Apple that works with Time Machine, but does a lot more too.
Interested in finding out more? Come take a look.
What is Time Machine?
There are different ways you can back up your Mac – several companies offer backup software that does the job, including Backblaze. We’ll get to why Backblaze is important later. But Time Machine is Apple’s solution to this problem. It’s free, it’s included on the Mac, and it’s pretty foolproof.
Time Machine
You have to turn on Time Machine yourself, but that’s just a matter of flipping a switch. Time Machine works whenever the Mac is on. With Time Machine, your Mac keeps hourly backups for the previous 24 hours, daily backups for the previous month, and weekly backups for all previous months, until the Time Machine disk is full.
This means you always can restore your Mac to its most recent working state. Time Machine also gives you a window into the past with each of those snapshots, so you can restore deleted files or even previously saved versions of files.

For more about how to use Time Machine, read our Mac Backup Guide.

Time Machine works with external hard drives. Some Network Attached Storage (NAS) makers like Synology and QNAP enable their devices to be configured to work as network-based Time Machine servers. You can also use Time Machine with a stand-alone drive from Seagate or Western Digital, for example.
Time Machine is designed to work as a local, primary backup of your Mac – meaning the data stays physically close to the computer, and is intended to be the first line of defense should you have to recover. If anything happens to your computer, Time Machine and the hard drive it’s backing up to can be used to restore your computer to right where it was before the problem happened.
Apple has its own Time Machine network server, too. And this is where confusion sets in for some of us, because it’s so similarly named. I’m talking about Time Capsule.
What is Time Capsule?
Apple sells a network device called a Time Capsule which is designed to work with Time Machine. Time Capsule currently comes in 2 terabyte (TB) and 3TB capacities.
Time Capsule isn’t just a hard drive. It’s a full-on network router, one that supports IEEE 802.11ac networking, the same fast Wi-Fi networking supported on most newer computers and mobile devices.
Time Capsule
Apple makes it easy to configure a new Time Capsule using an app called AirPort Utility which you can find in your Mac’s Utilities folder. Once it’s up and running on your network, the Time Capsule is visible to any Mac on the network as a valid Time Machine backup location.
This makes Time Capsule a great way to make sure all your Macs are backed up all the time. While its backup features are Mac-specific, Time Capsule works as a network router with devices from other manufacturers too.
What’s wrong with Time Machine?
For many of us backing up to an external hard drive with Time Machine or using a Time Capsule on our network is as much backup as we think we need. In fact it’s probably more backup than we ever had before. Better safe than sorry, eh?
Well, as I’ve said before, Time Machine and Time Capsule are good primary backup systems. But they shouldn’t be your only backup. Because with either Time Machine or a Time Capsule, you’re depending on a single hard drive to store all of your precious data.

All hard drives fail. It’s just a matter of time. We at Backblaze happen to know something about this – we use a lot of hard drives, and we track which ones work and which ones don’t work so well. You’re welcome to read our latest Hard Drive Reliability Review for more details.

A single drive means a single point of failure. If something happens to your Mac and your Time Machine backup drive or Time Capsule isn’t working, you’re not going to be able to recover.
Your backup system is only as good as your last backup
22 days - no time machine
There’s one thing worse than having a Time Machine backup that doesn’t work, and that’s having one that’s out of date, or not having one at all. It’s not uncommon for someone to run Time Machine on an external hard drive once, put it in a drawer, and forget about it again until there’s a problem.
Network problems can disrupt the transfer of data to your Time Capsule. Time Machine will nag you to fix things that go wrong, but you can turn off the nags too.
At the risk of self promotion, that’s why adding Backblaze Personal Backup to the mix is so vitally important. You set up Backblaze and then forget it. And all of your important files are backed up safely, securely and quickly to our servers. The best part is that Backblaze will work with Time Machine or Time Capsule to provide both onsite and offsite data backup.
If you need one file back or an entire drive’s worth of files, we can deliver. You can download those files from any web browser and access them from your iPhone or Android phone, or you can even order a flash drive or hard drive to be delivered with your backup on it.
But enough about Backblaze. Hopefully we’ve given you some good info about Time Machine and Time Capsule. Still confused? Have a question? Let us know in the comments. And if you have ideas for things you’d like to see featured in future installments of What’s the Diff, please let us know!
Coming next week on What’s the Diff: Thunderbolt vs. USB
The post What’s the Diff: Time Machine vs. Time Capsule appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Един tweet, един мейл и една стая за повиване на втори терминал

Post Syndicated from Боян Юруков original http://feedproxy.google.com/~r/yurukov-blog/~3/qTi3jxymbRU/

Преди точно три седмици @StanBB пусна следната снимка от втори терминал на летище София:

Моята реакция беше следната:

До тук добре – насолих ги в социалките. По-късно се замислих обаче, че с обсъждане в твитерджийницата нищо няма да стане и писах направо на летище София. Разказах им, че съм минавал няколко пъти през терминала с бебе и всеки път в стаята за повиване или са спели хора, или е била изключително мръсна. Имаше дори мухъл по стените. Всъщност, в повечето случаи се наложи да отидем в едно от кафенетата. Попитах също защо на табелката пише „Baby room“ на английски, а на български – „Стая за майки с деца“. Българските бащи нищо общо ли нямаме със сменянето на памперси?

Седмица по-късно получих мейл, че се прави проверка. След още седмица получих следният отговор:

УВАЖАЕМИ ГОСПОДИН ЮРУКОВ,
Благодарим Ви за отделеното време и за гражданската позиция, която заемате чрез отправените коментари и препоръки.
Вашето мнение е ценна и полезна информация и Ви уверяваме, че то ще допринесе за подобряване качеството на предлаганите от нас услуги.
Веднага след подадения от Вас сигнал, стаите за деца в обществената зона и в граничната зона на Летище София бяха боядисани, почистени и приведени в приветлив вид. Възложено е на дежурни служители от отдел „Терминали“ да извършват постоянни проверки и да гарантират поддържането на стаите в изряден вид.
Във времето от 23:00ч. до 04:00ч. стаите за деца се заключват с цел да бъде избегнато неправомерно ползване.
Като се надяваме случаят да не остави у Вас негативно отношение спрямо „Летище София“ ЕАД, Ви пожелаваме приятни бъдещи пътувания.
С уважение,
Comments Sofia Airport

Това, разбира се, трябваше да се провери и помолих в Twitter, ако някой минава през летището, да ми прати снимки. Няколко души откликнаха в следващите дни. На снимките им стаята определено изглежда по-добре – поне спрямо състоянието, което си спомням. Дори табелката е сменена на „Детска стая“. Благодаря на @Zmeyche, @inovakov и @thefuriousdi за помощта.
След няколко месеца ще минавам през летището и ще погледна дали стаята се поддържа. Дали е чиста зависи до голяма степен и от обноските на ползващите я, но е задължение на летището да я пази в добро състояние. Радвам се, че реагираха на сигнала ми и се надявам, че ще отделят средства да направят поне още една стая в обществената зона. При такъв пътникопоток е странно да има само една отвън, макар в зоната след проверката за сигурност да има още. Всъщност, няма да е зле да сложат карта на летището на сайта си, защото стаята явно не се намира толкова лесно.


On journeys

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/03/on-journeys.html

– 1 –

Poland is an ancient country whose history is deeply intertwined with that of the western civilization. In its glory days, the Polish-Lithuanian Commonwealth sprawled across vast expanses of land in central Europe, from Black Sea to Baltic Sea. But over the past two centuries, it suffered a series of military defeats and political partitions at the hands of its closest neighbors: Russia, Austria, Prussia, and – later – Germany.

After more than a hundred years of foreign rule, Poland re-emerged as an independent state in 1918, only to face the armies of Nazi Germany at the onset of World War II. With Poland’s European allies reneging on their earlier military guarantees, the fierce fighting left the country in ruins. Some six million people have died within its borders – more than ten times the death toll in France or in the UK. Warsaw was reduced to a sea of rubble, with perhaps one in ten buildings still standing by the end of the war.

With the collapse of the Third Reich, Franklin D. Roosevelt, Winston Churchill, and Joseph Stalin sat down in Yalta to decide the new order for war-torn Europe. At Stalin’s behest, Poland and its neighboring countries were placed under Soviet political and military control, forming what has become known as the Eastern Bloc.

Over the next several decades, the Soviet satellite states experienced widespread repression and economic decline. But weakened by the expense of the Cold War, the communist chokehold on the region eventually began to wane. In Poland, the introduction of martial law in 1981 could not put an end to sweeping labor unrest. Narrowly dodging the specter of Soviet intervention, the country regained its independence in 1989 and elected its first democratic government; many other Eastern Bloc countries soon followed suit.

Ever since then, Poland has enjoyed a period of unprecedented growth and has emerged as one of the more robust capitalist democracies in the region. In just two decades, it shed many of its backwardly, state-run heavy industries and adopted a modern, service-oriented economy. But the effects of the devastating war and the lost decades under communist rule still linger on – whether you look at the country’s infrastructure, at its socrealist cityscapes, at its political traditions, or at the depressingly low median wage.

When thinking about the American involvement in the Cold War, people around the world may recall Vietnam, Bay of Pigs, or the proxy wars fought in the Middle East. But in Poland and many of its neighboring states, the picture you remember the most is the fall of the Berlin Wall.

– 2 –

I was born in Warsaw in the winter of 1981, at the onset of martial law, with armored vehicles rolling onto Polish streets. My mother, like many of her generation, moved to the capital in the sixties as a part of an effort to rebuild and repopulate the war-torn city. My grandma would tell eerie stories of Germans and Soviets marching through their home village somewhere in the west. I liked listening to the stories; almost every family in Poland had some to tell.

I did not get to know my father. I knew his name; he was a noted cinematographer who worked on big-ticket productions back in the day. He left my mother when I was very young and never showed interest in staying in touch. He had a wife and other children, so it might have been that.

Compared to him, mom hasn’t done well for herself. We ended up in social housing in one of the worst parts of the city, on the right bank of the Vistula river. My early memories from school are that of classmates sniffing glue from crumpled grocery bags. I remember my family waiting in lines for rationed toilet paper and meat. As a kid, you don’t think about it much.

The fall of communism came suddenly. I have a memory of grandma listening to broadcasts from Radio Free Europe, but I did not understand what they were all about. I remember my family cheering one afternoon, transfixed to a black-and-white TV screen. I recall my Russian language class morphing into English; I had my first taste of bananas and grapefruits. There is the image of the monument of Feliks Dzierżyński coming down. I remember being able to go to a better school on the other side of Warsaw – and getting mugged many times on the way.

The transformation brought great wealth to some, but many others have struggled to find their place in the fledgling and sometimes ruthless capitalist economy. Well-educated and well read, my mom ended up in the latter pack, at times barely making ends meet. I think she was in part a victim of circumstance, and in part a slave to way of thinking that did not permit the possibility of taking chances or pursuing happiness.

– 3 –

Mother always frowned upon popular culture, seeing it as unworthy of an educated mind. For a time, she insisted that I only listen to classical music. She angrily shunned video games, comic books, and cartoons. I think she perceived technology as trivia; the only field of science she held in high regard was abstract mathematics, perhaps for its detachment from the mundane world. She hoped that I would learn Latin, a language she could read and write; that I would practice drawing and painting; or that I would read more of the classics of modernist literature.

Of course, I did almost none of that. I hid my grunge rock tapes between Tchaikovsky, listened to the radio under the sheets, and watched the reruns of The A-Team while waiting for her to come back from work. I liked electronics and chemistry a lot more than math. And when I laid my hands on my first computer – an 8-bit relic of British engineering from 1982 – I soon knew that these machines, in their incredible complexity and flexibility, were what I wanted to spend my time on.

I suspected I could be a competent programmer, but never had enough faith in my skill. Yet, in learning about computers, I realized that I had a knack for understanding complex systems and poking holes in how they work. With a couple of friends, we joined the nascent information security community in Europe, comparing notes on mailing lists. Before long, we were taking on serious consulting projects for banks and the government – usually on weekends and after school, but sometimes skipping a class or two. Well, sometimes more than that.

All of the sudden, I was facing an odd choice. I could stop, stay in school and try to get a degree – going back every night to a cramped apartment, my mom sleeping on a folding bed in the kitchen, my personal space limited to a bare futon and a tiny desk. Or, I could seize the moment and try to make it on my own, without hoping that one day, my family would be able to give me a head start.

I moved out, dropped out of school, and took on a full-time job. It paid somewhere around $12,000 a year – a pittance anywhere west of the border, but a solid wage in Poland even today. Not much later, I was making two times as much, about the upper end of what one could hope for in this line of work. I promised myself to keep taking courses after hours, but I wasn’t good at sticking to the plan. I moved in with my girlfriend, and at the age of 19, I felt for the first time that things were going to be all right.

– 4 –

Growing up in Europe, you get used to the barrage of low-brow swipes taken at the United States. Your local news will never pass up the opportunity to snicker about the advances of creationism somewhere in Kentucky. You can stay tuned for a panel of experts telling you about the vastly inferior schools, the medieval justice system, and the striking social inequality on the other side of the pond. You don’t doubt their words – but deep down inside, no matter how smug the critics are, or how seemingly convincing their arguments, the American culture still draws you in.

My moment of truth came in the summer of 2000. A company from Boston asked me if I’d like to talk about a position on their research team; I looked at the five-digit figure and could not believe my luck. Moving to the US was an unreasonable risk for a kid who could barely speak English and had no safety net to fall back to. But that did not matter: I knew I had no prospects of financial independence in Poland – and besides, I simply needed to experience the New World through my own eyes.

Of course, even with a job offer in hand, getting into the United States is not an easy task. An engineering degree and a willing employer opens up a straightforward path; it is simple enough that some companies would abuse the process to source cheap labor for menial, low-level jobs. With a visa tied to the petitioning company, such captive employees could not seek better wages or more rewarding work.

But without a degree, the options shrink drastically. For me, the only route would be a seldom-granted visa reserved for extraordinary skill – meant for the recipients of the Nobel Prize and other folks who truly stand out in their field of expertise. The attorneys looked over my publication record, citations, and the supporting letters from other well-known people in the field. Especially given my age, they thought we had a good shot. A few stressful months later, it turned out that they were right.

On the week of my twentieth birthday, I packed two suitcases and boarded a plane to Boston. My girlfriend joined me, miraculously securing a scholarship at a local university to continue her physics degree; her father helped her with some of the costs. We had no idea what we were doing; we had perhaps few hundred bucks on us, enough to get us through the first couple of days. Four thousand miles away from our place of birth, we were starting a brand new life.

– 5 –

The cultural shock gets you, but not in the sense you imagine. You expect big contrasts, a single eye-opening day to remember for the rest of your life. But driving down a highway in the middle of a New England winter, I couldn’t believe how ordinary the world looked: just trees, boxy buildings, and pavements blanketed with dirty snow.

Instead of a moment of awe, you drown in a sea of small, inconsequential things, draining your energy and making you feel helpless and lost. It’s how you turn on the shower; it’s where you can find a grocery store; it’s what they meant by that incessant “paper or plastic” question at the checkout line. It’s how you get a mailbox key, how you make international calls, it’s how you pay your bills with a check. It’s the rules at the roundabout, it’s your social security number, it’s picking the right toll lane, it’s getting your laundry done. It’s setting up a dial-up account and finding the food you like in the sea of unfamiliar brands. It’s doing all this without Google Maps or a Facebook group to connect with other expats nearby.

The other thing you don’t expect is losing touch with your old friends; you can call or e-mail them every day, but your social frames of reference begin to drift apart, leaving less and less to talk about. The acquaintances you make in the office will probably never replace the folks you grew up with. We managed, but we weren’t prepared for that.

– 6 –

In the summer, we had friends from Poland staying over for a couple of weeks. By the end of their trip, they asked to visit New York City one more time; we liked the Big Apple, so we took them on a familiar ride down I-95. One of them went to see the top of World Trade Center; the rest of us just walked around, grabbing something to eat before we all headed back. A few days later, we were all standing in front of a TV, watching September 11 unfold in real time.

We felt horror and outrage. But when we roamed the unsettlingly quiet streets of Boston, greeted by flags and cardboard signs urging American drivers to honk, we understood that we were strangers a long way from home – and that our future in this country hanged in the balance more than we would have thought.

Permanent residency is a status that gives a foreigner the right to live in the US and do almost anything they please – change jobs, start a business, or live off one’s savings all the same. For many immigrants, the pursuit of this privilege can take a decade or more; for some others, it stays forever out of reach, forcing them to abandon the country in a matter of days as their visas expire or companies fold. With my O-1 visa, I always counted myself among the lucky ones. Sure, it tied me to an employer, but I figured that sorting it out wouldn’t be a big deal.

That proved to be a mistake. In the wake of 9/11, an agency known as Immigration and Naturalization Services was being dismantled and replaced by a division within the Department of Homeland Security. My own seemingly straightforward immigration petition ended up somewhere in the bureaucratic vacuum that formed in between the two administrative bodies. I waited patiently, watching the deepening market slump, and seeing my employer’s prospects get dimmer and dimmer every month. I was ready for the inevitable, with other offers in hand, prepared to make my move perhaps the very first moment I could. But the paperwork just would not come through. With the Boston office finally shutting down, we packed our bags and booked flights. We faced the painful admission that for three years, we chased nothing but a pipe dream. The only thing we had to show for it were two adopted cats, now sitting frightened somewhere in the cargo hold.

The now-worthless approval came through two months later; the lawyers, cheerful as ever, were happy to send me a scan. The hollowed-out remnants of my former employer were eventually bought by Symantec – the very place from where I had my backup offer in hand.

– 7 –

In a way, Europe’s obsession with America’s flaws made it easier to come home without ever explaining how the adventure really played out. When asked, I could just wing it: a mention of the death penalty or permissive gun laws would always get you a knowing nod, allowing the conversation to move on.

Playing to other people’s preconceptions takes little effort; lying to yourself calls for more skill. It doesn’t help that when you come back after three years away from home, you notice all the small annoyances that you used to simply tune out. Back then, Warsaw still had a run-down vibe: the dilapidated road from the airport; the drab buildings on the other side of the river; the uneven pavements littered with dog poop; the dirty walls at my mother’s place, with barely any space to turn. You can live with it, of course – but it’s a reminder that you settled for less, and it’s a sensation that follows you every step of the way.

But more than the sights, I couldn’t forgive myself something else: that I was coming back home with just loose change in my pocket. There are some things that a failed communist state won’t teach you, and personal finance is one of them; I always looked at money just as a reward for work, something you get to spend to brighten your day. The indulgences were never extravagant: perhaps I would take the cab more often, or have take-out every day. But no matter how much I made, I kept living paycheck-to-paycheck – the only way I knew, the way our family always did.

– 8 –

With a three-year stint in the US on your resume, you don’t have a hard time finding a job in Poland. You face the music in a different way. I ended up with a salary around a fourth of what I used to make in Massachusetts, but I simply decided not to think about it much. I wanted to settle down, work on interesting projects, marry my girlfriend, have a child. I started doing consulting work whenever I could, setting almost all the proceeds aside.

After four years with T-Mobile in Poland, I had enough saved to get us through a year or so – and in a way, it changed the way I looked at my work. Being able to take on ambitious challenges and learn new things started to matter more than jumping ships for a modest salary bump. Burned by the folly of pursuing riches in a foreign land, I put a premium on boring professional growth.

Comically, all this introspection made me realize that from where I stood, I had almost nowhere left to go. Sure, Poland had telcos, refineries, banks – but they all consumed the technologies developed elsewhere, shipped here in a shrink-wrapped box; as far as their IT went, you could hardly tell the companies apart. To be a part of the cutting edge, you had to pack your bags, book a flight, and take a jump into the unknown. I sure as heck wasn’t ready for that again.

And then, out of the blue, Google swooped in with an offer to work for them from the comfort of my home, dialing in for a videoconference every now and then. The starting pay was about the same, but I had no second thoughts. I didn’t say it out loud, but deep down inside, I already knew what needed to happen next.

– 9 –

We moved back to the US in 2009, two years after taking the job, already on the hook for a good chunk of Google’s product security and with the comfort of knowing where we stood. In a sense, my motive was petty: you could call it a desire to vindicate a failed adolescent dream. But in many other ways, I have grown fond of the country that shunned us once before; and I wanted our children to grow up without ever having to face the tough choices and the uncertain prospects I had to deal with in my earlier years.

This time, we knew exactly what to do: a quick stop at a grocery store on a way from the airport, followed by e-mail to our immigration folks to get the green card paperwork out the door. A bit more than half a decade later, we were standing in a theater in Campbell, reciting the Oath of Allegiance and clinging on to our new certificates of US citizenship.

The ceremony closed a long and interesting chapter in my life. But more importantly, standing in that hall with people from all over the globe made me realize that my story is not extraordinary; many of them had lived through experiences far more harrowing and captivating than mine. If anything, my tale is hard to tell apart from that of countless other immigrants from the former Eastern Bloc. By some estimates, in the US alone, the Polish diaspora is about 9 million strong.

I know that the Poland of today is not the Poland I grew up in. It’s not not even the Poland I came back to in 2003; the gap to Western Europe is shrinking every single year. But I am grateful to now live in a country that welcomes more immigrants than any other place on Earth – and at the end of their journey, makes many of them them feel at home. It also makes me realize how small and misguided must be the conversations we are having about immigration – not just here, but all over the developed world.

To explore other articles in this short series about Poland, click here. You can also directly proceed to the next entry here.

On journeys

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/03/on-journeys.html

– 1 –

Poland is an ancient country whose history is deeply intertwined with that of the western civilization. In its glory days, the Polish-Lithuanian Commonwealth sprawled across vast expanses of land in central Europe, from Black Sea to Baltic Sea. But over the past two centuries, it suffered a series of military defeats and political partitions at the hands of its closest neighbors: Russia, Austria, Prussia, and – later – Germany.

After more than a hundred years of foreign rule, Poland re-emerged as an independent state in 1918, only to face the armies of Nazi Germany at the onset of World War II. With Poland’s European allies reneging on their earlier military guarantees, the fierce fighting left the country in ruins. Some six million people have died within its borders – more than ten times the death toll in France or in the UK. Warsaw was reduced to a sea of rubble, with perhaps one in ten buildings still standing by the end of the war.

With the collapse of the Third Reich, Franklin D. Roosevelt, Winston Churchill, and Joseph Stalin held a meeting in Yalta to decide the new order for war-torn Europe. At Stalin’s behest, Poland and its neighboring countries were placed under Soviet political and military control, forming what has become known as the Eastern Bloc.

Over the next several decades, the Soviet satellite states experienced widespread repression and economic decline. But weakened by the expense of the Cold War, the communist chokehold on the region eventually began to wane. In Poland, even the introduction of martial law in 1981 could not put an end to sweeping labor unrest. Narrowly dodging the specter of Soviet intervention, the country regained its independence in 1989 and elected its first democratic government; many other Eastern Bloc countries soon followed suit.

Ever since then, Poland has enjoyed a period of unprecedented growth and has emerged as one of the more robust capitalist democracies in the region. In just two decades, it shed many of its backwardly, state-run heavy industries and adopted a modern, service-oriented economy. But the effects of the devastating war and the lost decades under communist rule still linger on – whether you look at the country’s infrastructure, at its socrealist cityscapes, at its political traditions, or at the depressingly low median wage.

When thinking about the American involvement in the Cold War, people around the world may recall Vietnam, Bay of Pigs, or the proxy wars fought in the Middle East. But in Poland and many of its neighboring states, the picture you remember the most is the fall of the Berlin Wall.

– 2 –

I was born in Warsaw in the winter of 1981, at the onset of martial law, with armored vehicles rolling onto Polish streets. My mother, like many of her generation, moved to the capital in the sixties as a part of an effort to rebuild and repopulate the war-torn city. My grandma would tell eerie stories of Germans and Soviets marching through their home village somewhere in the west. I liked listening to the stories; almost every family in Poland had some to tell.

I did not get to know my father. I knew his name; he was a noted cinematographer who worked on big-ticket productions back in the day. He left my mother when I was very young and never showed interest in staying in touch. He had a wife and other children, so it might have been that.

Compared to him, mom hasn’t done well for herself. We ended up in social housing in one of the worst parts of the city, on the right bank of the Vistula river. My early memories from school are that of classmates sniffing glue from crumpled grocery bags. I remember my family waiting in lines for rationed toilet paper and meat. As a kid, you don’t think about it much.

The fall of communism came suddenly. I have a memory of grandma listening to broadcasts from Radio Free Europe, but I did not understand what they were all about. I remember my family cheering one afternoon, transfixed to a black-and-white TV screen. I recall my Russian language class morphing into English; I had my first taste of bananas and grapefruits. There is the image of the monument of Feliks Dzierżyński coming down. I remember being able to go to a better school on the other side of Warsaw – and getting mugged many times on the way.

The transformation brought great wealth to some, but many others have struggled to find their place in the fledgling and sometimes ruthless capitalist economy. Well-educated and well read, my mom ended up in the latter pack, at times barely making ends meet. I think she was in part a victim of circumstance, and in part a slave to way of thinking that did not permit the possibility of taking chances or pursuing happiness.

– 3 –

Mother always frowned upon popular culture, seeing it as unworthy of an educated mind. For a time, she insisted that I only listen to classical music. She angrily shunned video games, comic books, and cartoons. I think she perceived technology as trivia; the only field of science she held in high regard was abstract mathematics, perhaps for its detachment from the mundane world. She hoped that I would learn Latin, a language she could read and write; that I would practice drawing and painting; or that I would read more of the classics of modernist literature.

Of course, I did almost none of that. I hid my grunge rock tapes between Tchaikovsky, listened to the radio under the sheets, and watched the reruns of The A-Team while waiting for her to come back from work. I liked electronics and chemistry a lot more than math. And when I laid my hands on my first computer – an 8-bit relic of British engineering from 1982 – I soon knew that these machines, in their incredible complexity and flexibility, were what I wanted to spend my time on.

I suspected I could become a competent programmer, but never had enough faith in my skill. Yet, in learning about computers, I realized that I had a knack for understanding complex systems and poking holes in how they work. With a couple of friends, we joined the nascent information security community in Europe, comparing notes on mailing lists. Before long, we were taking on serious consulting projects for banks and the government – usually on weekends and after school, but sometimes skipping a class or two. Well, sometimes more than that.

All of the sudden, I was facing an odd choice. I could stop, stay in school and try to get a degree – going back every night to a cramped apartment, my mom sleeping on a folding bed in the kitchen, my personal space limited to a bare futon and a tiny desk. Or, I could seize the moment and try to make it on my own, without hoping that one day, my family would be able to give me a head start.

I moved out, dropped out of school, and took on a full-time job. It paid somewhere around $12,000 a year – a pittance anywhere west of the border, but a solid wage in Poland even today. Not much later, I was making two times as much, about the upper end of what one could hope for in this line of work. I promised myself to keep taking courses after hours, but I wasn’t good at sticking to the plan. I moved in with my girlfriend, and at the age of 19, I felt for the first time that things were going to be all right.

– 4 –

Growing up in Europe, you get used to the barrage of low-brow swipes taken at the United States. Your local news will never pass up the opportunity to snicker about the advances of creationism somewhere in Kentucky. You can stay tuned for a panel of experts telling you about the vastly inferior schools, the medieval justice system, and the striking social inequality on the other side of the pond. You don’t doubt their words – but deep down inside, no matter how smug the critics are, or how seemingly convincing their arguments, the American culture still draws you in.

My moment of truth came in the summer of 2000. A company from Boston asked me if I’d like to talk about a position on their research team; I looked at the five-digit figure and could not believe my luck. Moving to the US was an unreasonable risk for a kid who could barely speak English and had no safety net to fall back to. But that did not matter: I knew I had no prospects of financial independence in Poland – and besides, I simply needed to experience the New World through my own eyes.

Of course, even with a job offer in hand, getting into the United States is not an easy task. An engineering degree and a willing employer opens up a straightforward path; it is simple enough that some companies would abuse the process to source cheap labor for menial, low-level jobs. With a visa tied to the petitioning company, such captive employees could not seek better wages or more rewarding work.

But without a degree, the options shrink drastically. For me, the only route would be a seldom-granted visa reserved for extraordinary skill – meant for the recipients of the Nobel Prize and other folks who truly stand out in their field of expertise. The attorneys looked over my publication record, citations, and the supporting letters from other well-known people in the field. Especially given my age, they thought we had a good shot. A few stressful months later, it turned out that they were right.

On the week of my twentieth birthday, I packed two suitcases and boarded a plane to Boston. My girlfriend joined me, miraculously securing a scholarship at a local university to continue her physics degree; her father helped her with some of the costs. We had no idea what we were doing; we had perhaps few hundred bucks on us, enough to get us through the first couple of days. Four thousand miles away from our place of birth, we were starting a brand new life.

– 5 –

The cultural shock gets you, but not in the sense you imagine. You expect big contrasts, a single eye-opening day to remember for the rest of your life. But driving down a highway in the middle of a New England winter, I couldn’t believe how ordinary the world looked: just trees, boxy buildings, and pavements blanketed with dirty snow.

Instead of a moment of awe, you drown in a sea of small, inconsequential things, draining your energy and making you feel helpless and lost. It’s how you turn on the shower; it’s where you can find a grocery store; it’s what they meant by that incessant “paper or plastic” question at the checkout line. It’s how you get a mailbox key, how you make international calls, it’s how you pay your bills with a check. It’s the rules at the roundabout, it’s your social security number, it’s picking the right toll lane, it’s getting your laundry done. It’s setting up a dial-up account and finding the food you like in the sea of unfamiliar brands. It’s doing all this without Google Maps or a Facebook group to connect with other expats nearby.

The other thing you don’t expect is losing touch with your old friends; you can call or e-mail them every day, but your social frames of reference begin to drift apart, leaving less and less to talk about. The acquaintances you make in the office will probably never replace the folks you grew up with. We managed, but we weren’t prepared for that.

– 6 –

In the summer, we had friends from Poland staying over for a couple of weeks. By the end of their trip, they asked to visit New York City one more time; we liked the Big Apple, so we took them on a familiar ride down I-95. One of them went to see the top of World Trade Center; the rest of us just walked around, grabbing something to eat before we all headed back. A few days later, we were all standing in front of a TV, watching September 11 unfold in real time.

We felt horror and outrage. But when we roamed the unsettlingly quiet streets of Boston, greeted by flags and cardboard signs urging American drivers to honk, we understood that we were strangers a long way from home – and that our future in this country hanged in the balance more than we would have thought.

Permanent residency is a status that gives a foreigner the right to live in the US and do almost anything they please – change jobs, start a business, or live off one’s savings all the same. For many immigrants, the pursuit of this privilege can take a decade or more; for some others, it stays forever out of reach, forcing them to abandon the country in a matter of days as their visas expire or companies fold. With my O-1 visa, I always counted myself among the lucky ones. Sure, it tied me to an employer, but I figured that sorting it out wouldn’t be a big deal.

That proved to be a mistake. In the wake of 9/11, an agency known as Immigration and Naturalization Services was being dismantled and replaced by a division within the Department of Homeland Security. My own seemingly straightforward immigration petition ended up somewhere in the bureaucratic vacuum that formed in between the two administrative bodies. I waited patiently, watching the deepening market slump, and seeing my employer’s prospects get dimmer and dimmer every month. I was ready for the inevitable, with other offers in hand, prepared to make my move perhaps the very first moment I could. But the paperwork just would not come through. With the Boston office finally shutting down, we packed our bags and booked flights. We faced the painful admission that for three years, we chased nothing but a pipe dream. The only thing we had to show for it were two adopted cats, now sitting frightened somewhere in the cargo hold.

The now-worthless approval came through two months later; the lawyers, cheerful as ever, were happy to send me a scan. The hollowed-out remnants of my former employer were eventually bought by Symantec – the very place from where I had my backup offer in hand.

– 7 –

In a way, Europe’s obsession with America’s flaws made it easier to come home without ever explaining how the adventure really played out. When asked, I could just wing it: a mention of the death penalty or permissive gun laws would always get you a knowing nod, allowing the conversation to move on.

Playing to other people’s preconceptions takes little effort; lying to yourself calls for more skill. It doesn’t help that when you come back after three years away from home, you notice all the small annoyances that you used to simply tune out. Back then, Warsaw still had a run-down vibe: the dilapidated road from the airport; the drab buildings on the other side of the river; the uneven pavements littered with dog poop; the dirty walls at my mother’s place, with barely any space to turn. You can live with it, of course – but it’s a reminder that you settled for less, and it’s a sensation that follows you every step of the way.

But more than the sights, I couldn’t forgive myself something else: that I was coming back home with just loose change in my pocket. There are some things that a failed communist state won’t teach you, and personal finance is one of them; I always looked at money just as a reward for work, something you get to spend to brighten your day. The indulgences were never extravagant: perhaps I would take the cab more often, or have take-out every day. But no matter how much I made, I kept living paycheck-to-paycheck – the only way I knew, the way our family always did.

– 8 –

With a three-year stint in the US on your resume, you don’t have a hard time finding a job in Poland. You face the music in a different way. I ended up with a salary around a fourth of what I used to make in Massachusetts, but I simply decided not to think about it much. I wanted to settle down, work on interesting projects, marry my girlfriend, have a child. I started doing consulting work whenever I could, setting almost all the proceeds aside.

After four years with T-Mobile in Poland, I had enough saved to get us through a year or so – and in a way, it changed the way I looked at my work. Being able to take on ambitious challenges and learn new things started to matter more than jumping ships for a modest salary bump. Burned by the folly of pursuing riches in a foreign land, I put a premium on boring professional growth.

Comically, all this introspection made me realize that from where I stood, I had almost nowhere left to go. Sure, Poland had telcos, refineries, banks – but they all consumed the technologies developed elsewhere, shipped here in a shrink-wrapped box; as far as their IT went, you could hardly tell the companies apart. To be a part of the cutting edge, you had to pack your bags, book a flight, and take a jump into the unknown. I sure as heck wasn’t ready for that again.

And then, out of the blue, Google swooped in with an offer to work for them from the comfort of my home, dialing in for a videoconference every now and then. The starting pay was about the same, but I had no second thoughts. I didn’t say it out loud, but deep down inside, I already knew what needed to happen next.

– 9 –

We moved back to the US in 2009, two years after taking the job, already on the hook for a good chunk of Google’s product security and with the comfort of knowing where we stood. In a sense, my motive was petty: you could call it a desire to vindicate a failed adolescent dream. But in many other ways, I have grown fond of the country that shunned us once before; and I wanted our children to grow up without ever having to face the tough choices and the uncertain prospects I had to deal with in my earlier years.

This time, we knew exactly what to do: a quick stop at a grocery store on a way from the airport, followed by e-mail to our immigration folks to get the green card paperwork out the door. A bit more than half a decade later, we were standing in a theater in Campbell, reciting the Oath of Allegiance and clinging on to our new certificates of US citizenship.

The ceremony closed a long and interesting chapter in my life. But more importantly, standing in that hall with people from all over the globe made me realize that my story is not extraordinary; many of them had lived through experiences far more harrowing and captivating than mine. If anything, my tale is hard to tell apart from that of countless other immigrants from the former Eastern Bloc. By some estimates, in the US alone, the Polish diaspora is about 9 million strong.

I know that the Poland of today is not the Poland I grew up in. It’s not not even the Poland I came back to in 2003; the gap to Western Europe is shrinking every single year. But I am grateful to now live in a country that welcomes more immigrants than any other place on Earth – and at the end of their journey, makes many of them them feel at home. It also makes me realize how small and misguided must be the conversations we are having about immigration – not just here, but all over the developed world.

To explore other articles in this short series about Poland, click here. You can also directly proceed to the next entry here.

Internet Routing and Traffic Engineering

Post Syndicated from AWS Architecture Blog original https://www.awsarchitectureblog.com/2014/12/internet-routing.html

Internet Routing

Internet routing today is handled through the use of a routing protocol known as BGP (Border Gateway Protocol). Individual networks on the Internet are represented as an autonomous system (AS). An autonomous system has a globally unique autonomous system number (ASN) which is allocated by a Regional Internet Registry (RIR), who also handle allocation of IP addresses to networks. Each individual autonomous system establishes BGP peering sessions to other autonomous systems to exchange routing information. A BGP peering session is a TCP session established between two routers, each one in a particular autonomous system. This BGP peering session rides across a link, such as a 10Gigabit Ethernet interface between those routers. The routing information contains an IP address prefix and subnet mask. This translates which IP addresses are associated with an autonomous system number (AS origin). Routing information propagates across these autonomous systems based upon policies that individual networks define.

Routing with BGP on the Internet

This is where things get a bit interesting because various factors influence how routing is handled on the Internet. There are two main types of relationships between autonomous systems today: Transit and Peering.

Transit is where an autonomous system will pay an upstream network (known as a transit provider) for the ability to forward traffic towards them who will forward that traffic further. It also provides for the autonomous system purchasing (who is the customer in this relationship) to have their routing information propagated to their adjacencies. Transit involves obtaining direct connectivity from a customer network to an upstream transit provider network. These sorts of connections can be multiple 10Gigabit Ethernet links between each other's routers. Transit pricing is based upon network utilization in a particular dominant direction with 95th percentile billing. A transit provider will look at a months worth of utilization and in the traffic dominant direction they will bill on the 95th percentile of utilization. The unit used in billing is measured in bits-per-second (bps) and is communicated in a price per Mbps (for example – $2 per Mbps).

Transit

Peering is where an autonomous system will connect to another autonomous system and agree to exchange traffic with each other (and routing information) of their own networks and any customers (transit customers) they have. With peering, there are two methods that connectivity is formed on. The first is where direct connectivity is established between individual networks routers with multiple 10Gigabit Ethernet or 100Gigabit Ethernet links. This sort of connectivity is known as "private peering" or PNI (Private Network Interconnect). This sort of connection provides both parties with clear visibility into the interface utilization of traffic in both directions (inbound and outbound). Another form of peering that is established is via Internet Exchange switches, or IX's. With an Internet Exchange, multiple networks will obtain direct connectivity into a set of Ethernet switches. Individual networks can establish BGP sessions across this exchange with other participants. The benefit of the Internet Exchange is that it allows multiple networks to connect to a common location and use it for one-to-many connectivity. A downside is that any given network does not have visibility into the network utilization of other participants.

Peering

Most networks will deploy their network equipment (routers, Dense Wave Division Multiplexing (DWDM) transport equipment) into colocation facilities where networks will establish direct connectivity to each other. This can be via Internet Exchange switches (which are also found in these colocation facilities) or direct connections which are fiber optics cables ran between individual suites/racks where the network gear is located.

Public and Private Peering

Routing Policy

Networks will define their routing policy to prefer routing to other networks based upon a variety of items. The BGP best path decision process in a routers operating system dictates how a router will prefer one BGP path over another. Network operators will write their policy to influence that BGP best-path decision process based upon factors such as the cost to deliver traffic to a destination network in addition to performance.

A typical routing policy within most networks will dictate that internal (their own) and routes learned from their own customers are to be preferred over all other paths. After that, most networks will then prefer peering routes since peering is typically free and often times can provide a shorter/optimal path to reach a destination. Finally the least preferred route to a destination is over paid transit links. When it comes to transit paths, both cost and performance are typically factors in determining how to reach a destination network.

Routing policies themselves are defined on routers in a simple text-based policy language that is specific to the router operating system. They contain two types of functions: matching on one or multiple routes and an action for that match. The matching can include a list of actual IP prefixes and subnet lengths, ASN origins, AS-Paths or other types of BGP attributes (communities, next-hop, etc). The actions can include resetting BGP attributes such as local-preference, Multi-Exit-Discriminators (MED) and various other values (communities, Origin, etc). Below is a simplified example of a routing policy on routes learned from a transit provider. It has multiple terms to permit an operator to match on specific Internet routes to set a different local-preference value to control what traffic should be forwarded through that provider. There are additional actions to set other BGP attributes related to classifying the routes so they can be easily identified and acted upon by other routers in the network.
policy-statement TRANSIT-1-IN {
term PREFER-OVER-PEERING {
from as-path-group TRANSIT-1-OVERRIDE;
then {
metric 1000;
local-preference 2010;
community set TRANSIT;
community add LOCATION;
accept;
}
}
term PREFER-OVER-OTHER-TRANSIT {
from as-path-group TRANSIT-1-HIGH-PREF;
then {
metric 1000;
local-preference 1010;
community set TRANSIT;
community add LOCATION;
accept;
}
}
term DEPREF-OTHER-TRANSIT {
from as-path-group TRANSIT-1-LOW-PREF;
then {
metric 1000;
local-preference 990;
community set TRANSIT;
community add LOCATION;
accept;
}
}
term DEFAULT-TERM {
then {
metric 1000;
local-preference 1000;
community set TRANSIT;
community add LOCATION;
accept;
}
}
}

Network operators will tune their routing policy to determine how to send traffic and how to receive traffic through adjacent autonomous systems. This practice is generally known as BGP traffic-engineering. Making outbound traffic changes is by far the easiest to implement because it involves identifying the particular routes you are interested in directing and increasing the routing preference to egress through a particular adjacency. Operators must take care to examine certain things before and after any policy change to understand the impact of their actions.

Inbound traffic-engineering is a bit more difficult as it requires a network operator to alter routing information announcements leaving your network to influence how other autonomous systems on the Internet prefer to route to you. While influencing the directly adjacent networks to you is somewhat trivial, influencing networks further beyond those directly connected can be tricky. This technique requires the use of features that a transit provider can grant via BGP. In the BGP protocol, there is a certain type of attribute known as Communities. Communities are strings you can pass in a routing update across BGP sessions. Most networks use communities to classify routes as transit vs. peer vs. customer. The transit-customer relationship usually gives certain capabilities to a customer to control the further propagation of routes to their adjacencies. This grants a network with the ability to traffic-engineer further upstream to networks it is not directly connected to.

Traffic-engineering is used for several reasons today on the Internet. The first reason might be to reduce bandwidth costs by preferring particular paths (different transit providers). The other is for performance reasons, where a particular transit provider may have less-congested/lower-latency path to a destination network. Network operators will view a variety of metrics to determine if there is a problem and start to make policy changes to examine the outcome. Of course on the Internet, the scale of the traffic being moved around counts. Moving a few Gbps of traffic from one path to another may improve performance, but if you move tens of Gbps over you may encounter congestion on this newly selected path. The links between various networks on the Internet today operate where they scale capacity based upon observed utilization. Even though you may be paying a transit provider for connectivity, this doesn't mean every link to external networks is scaled for the amount of traffic you wish to push. As traffic grows, links will be added between individual networks. So causing a massive change in utilization on the Internet can result in congestion as these new paths are handling an increased amount of traffic than they never had before. The result is that network operators must pay attention when moving traffic over in increments as well as communication with other networks to gauge the impact of any traffic moves.

Outbound Traffic-Engineering

Inbound Traffic-Engineering

Complicating the above traffic engineering operations is that you are not the only person on the Internet trying to push traffic to certain destinations. Other networks are also in a similar position where they're trying to deliver traffic and will perform their own traffic-engineering. There are also many networks that will refuse to peer with other networks for several reasons. For example, some networks may cite an imbalance in in vs. outbound (traffic ratios) or feel that traffic is being dumped on their network. In these cases, the only way to reach these destinations is via a transit provider. In some cases, these networks may offer a "paid peering" product to provide direct connectivity. That paid peering product may be priced at a value that is lower the price of what you would pay for transit or could offer an uncongested path that you'd normally observe over transit. Just because you have a path via transit doesn't mean the path is uncongested at all hours of the day (such as during peak hours).

One way to eliminate the hops between networks is to do just that – eliminate them via direct connections. AWS provides a service to do this known as AWS Direct Connect. With Direct Connect, customers can connect their network directly into the AWS network infrastructure. This will enable bypassing the Internet via direct physical connectivity and remove any potential Internet routing or capacity issues.

Traceroute

In order to determine the paths traffic is taking, tools such as traceroute are very useful. Traceroute operates by sending sending packets to a given destination network and it sets the initial IP TTL value to one. The upstream device will generate an ICMP TTL Exceeded message back to you (the source) which will reveal the first hop in your path to the destination. Subsequent packets will be sent from the source and increment the IP TTL value to show each hop along the way towards the destination. It is important to remember that Internet routing typically involves asymmetric paths – the traffic going towards a destination will take a separate set of hops on the return path. When performing traceroutes to diagnose routing issues it is very useful to obtain the reverse path to help isolate a particular direction of traffic being an issue. With an understanding of both directions traffic is taking, it is then easier to understand what sort of traffic-engineering changes can be made. When dealing with Network Operation Centers (NOCs) or support groups, it is important to provide the Public IP of the source and destination addresses involved in the communication. This provides individuals with the information they can use to help reproduce the issue that is being encountered. It is also useful to include any specific details surrounding the communication, such as if it was HTTP (TCP/80) or HTTPS (TCP/443). Some traceroute applications provide the user with the ability to generate its probes using a variety of protocols such as ICMP Echo Request (ping), UDP or TCP packets to a particular port. Several traceroute programs by default will use ICMP Echo Request or UDP packets (destined to a particular port range). While these work most of the time, various networks on the Internet may filter these sorts of packets and it is recommended to use a traceroute probe that replicates the type of traffic you intend to use to the destination network. For example, using traceroute with TCP/80 or TCP/443 can yield better results when dealing with firewalls or other packet filtering.

An example of a UDP based traceroute (using well-defined traceroute port ranges), where multiple routes will permit generating TTL Exceeded for packets bound for those destination ports:
[[email protected] ~]$ traceroute -q 1 www.amazon.com
traceroute to www.amazon.com (72.21.215.232), 30 hops max, 60 byte packets
1 ip-10-6-6-1.us-west-2.compute.internal (10.6.6.1) 0.736 ms
2 100.70.41.1 (100.70.41.1) 0.691 ms
3 100.70.41.34 (100.70.41.34) 0.458 ms
4 ip-10-177-64-9.us-west-2.compute.internal (10.177.64.9) 0.336 ms
5 100.64.12.64 (100.64.12.64) 0.484 ms
6 100.64.13.1 (100.64.13.1) 6.067 ms
7 ec2-50-112-0-20.us-west-2.compute.amazonaws.com (50.112.0.20) 1.521 ms
8 100.64.1.65 (100.64.1.65) 1.408 ms
9 100.64.0.84 (100.64.0.84) 0.903 ms
10 100.64.16.89 (100.64.16.89) 18.491 ms
11 54.239.48.192 (54.239.48.192) 1.379 ms
12 205.251.232.196 (205.251.232.196) 1.274 ms
13 54.239.41.26 (54.239.41.26) 58.497 ms
14 205.251.244.101 (205.251.244.101) 58.998 ms
15 72.21.222.157 (72.21.222.157) 68.459 ms
16 72.21.222.85 (72.21.222.85) 79.995 ms
17 *
18 *
19 *

Note that the last hop does not respond, since it most likely denies UDP packets destined to high ports.

With the same traceroute using TCP/443 (HTTPS), we find multiple routers do not respond but the destination does respond since it is listening on TCP/443:

TCP Traceroute to port 443 (HTTPS):
[[email protected] ~]# tcptraceroute -q 1 -w 1 www.amazon.com 443
Selected device eth0, address 10.254.10.179, port 39691 for outgoing packets
Tracing the path to www.amazon.com (72.21.215.232) on TCP port 443 (https), 30 hops max
1 10.6.6.1 0.790 ms
2 100.70.41.1 0.516 ms
3 100.70.41.36 0.440 ms
4 10.177.48.9 0.346 ms
5 100.64.12.76 0.519 ms
6 *
7 *
8 *
9 *
10 100.64.16.75 21.096 ms
11 54.239.48.194 2.077 ms
12 205.251.232.214 1.470 ms
13 54.239.41.28 58.619 ms
14 205.251.244.101 59.913 ms
15 72.21.222.87 61.425 ms
16 *
17 *
18 *
19 100.64.19.27 66.006 ms
20 72.21.215.232 [open] 59.023 ms

The hops revealed within traceroute provide some insight into the sort of network devices your packets are traversing. Many network operators will add descriptive information in the DNS reverse PTR records, though each network is going to be different. Typically the DNS entries will indicate the router name, some sort of geographical code and the physical or logical router interface the traffic has traversed. Each individual network names their own routers different so the information here is going to usually indicate if a device is a "core" router (no external or customer interfaces) or an "edge" router (with external network connectivity). Of course, this is not a hard rule and it is common to find multi-function devices within a network. The geographical identifier can vary between IATA airport codes, telecom CLLI codes (or a variation upon them) or internally generated identifiers that are unique to that particular network. Occasionally shortened versions of a physical address or city names will appear in here as well. The actual interface can indicate the interface type and speed, though these are only as accurate as you believe an operator is to publicly reveal this and keep their DNS entries up to date.

Interpreting physical locations in traceroute

One important part of traceroute is that the data should be taken with some skepticism. Traceroute will display round-trip-time (RTT) of each individual hop as the packets traverse through the network to their destination. While this value can provide some insight into the latency to these hops, the actual value can be influenced from a variety of factors. For instance, many modern routers today treat packets that TTL expire on them as a low priority when compared to other functions the router is doing (forwarding packets, routing protocols). As a result, the handling of the TTL expired packets and subsequent ICMP TTL Exceeded message generated can take some period of time. This is why it is very common to occasionally see high RTT on intermediate hops within a traceroute (up to hundreds of milliseconds). This does not always indicate that there is a network issue and individuals should always measure the end-to-end latency (via ping or some application tests). In situations where the RTT does increase at a particular hop and continue to increase, this can be an indicator of an overall increase in latency at a particular point in the network. Another item frequently observed in traceroutes are hops that do not respond to traceroute which will be displayed as *'s. This means that the router(s) at this particular hop have either dropped the TTL expired packet or has not generated the ICMP TTL Exceeded message. This is usually the result of two possible things. The first is that many modern routers today implement Control-Plane Policing (CoPP) which are packet filters on the router to control how certain types of packets are handled. In many modern routers today, the use of ASICs (Application-Specific Integrated Circuit) have improved packet lookup & forwarding functions. When a router ASIC receives a packet with the TTL value of one, they will punt the packet to an additional location within the router to handle the ICMP TTL Exceeded generation. On most routers, the ICMP TTL Exceeded generation is done on a CPU integrated on a linecard or the main brain of the router itself (known as a route processor, routing engine or supervisor). Since the CPU of a linecard or routing engine is busy performing things such as forwarding table programming and routing protocols, routers will allow protections to be put in place to restrict the rate of how many TTL exceeded packets can be sent to these components. CoPP allows an operator to set functions such as limiting TTL Exceeded messages to a value such as 100 packets per second. Additionally the router itself may have an additional rate-limiter to address how many ICMP TTL Exceeded messages can be generated as well. In this situation, you'll find that hops in your traceroute may sometimes not reply at all because of the use of CoPP. This is also why when performing pings to individual hops (routers) on a traceroute you will see packet loss because CoPP is dropping the packets. The other area where CoPP can be applied is where the router may simply deny all TTL exceeded packets. Within traceroute, these hops will always respond with *'s no matter how many times you execute traceroute.

A good presentation that explains using traceroute on the Internet and interpreting its results is found here: https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf

Troubleshooting issues on the Internet is no easy task and it requires examining multiple sets of information (traceroute, BGP routing tables) to come to a conclusion as to what can be occurring. The use of Internet looking glasses or route servers is useful to providing a different vantage point on the Internet when troubleshooting. The Looking Glass Wikipedia page has several links to sites which you can use to perform pings, traceroutes and examining a BGP routing table from different spots around the world in various networks.

When reaching out to networks or posting in forums looking for support for Internet routing issues it is important to provide useful information for troubleshooting. This includes the source IP address (the Public IP, not a Private/NAT translated one), the destination IP (once again, the Public IP), what protocol and ports being used (TCP/80 for example) and the specific time/date of when you observed the issue. Traceroutes in both directions are incredibly useful since paths on the Internet can be asymmetric.