Ok, as it has been a while since I last posted and will probably be some time until I next post, lets do two posts in one day. This one is just some miscellaneous items.
-
(Thats “diner” in the title, not “dining cryptographers and their problems”…)
I rarely talk about customer service with regards to places to eat. The main reason for that is I generally eat in my local neighborhood, and I learned a while back that talking about places you can be found reliably on a blog is not always the smartest thing to do.
That said, there is one diner in Manhattan that I make a point of swinging by quite often, namely Cheyenne Diner. Great customer service, including my absolute favorite waitress in Manhattan (I don’t think I have actually had to order for myself in over a year – my food just appears). Quality food and lots of it on the cheap. Open 24 hours, so perfect for a late night person (like me). Just an all around great experience.
Anyway, while I think I may be the only NY resident that absolutely loves this place, at least someone else has noticed it. (Unfortunately, the articles at the referenced site do not have separate links. Perhaps this will end up being the archive page for this month.)
On the block: Top 10 New York Classic Diners, a list of the best New York diners that haven’t changed much at all (including prices, interiors, and staff) in the last 20+ years. What you pay for one drink at some new fancy bar will get you a full meal (with bread, salad, and a side, of course!) at most of these places.
[...]
9. Cheyenne (Midtown West)
It is on the corner of 33rd st and 9th ave, a few blocks from Penn station (for those of us coming from, say Bayside 
). Being smack dab in the middle of mid-town, you find locals, commuters, and tourists alike pop in.
Needless to say, highly recommended. I always end up there some time well into the nightshift, and I can’t say enough good things about the late night staff.
-
This is a petnames plugin for Firefox. [recently resurfaced in this mailing list post]
It reminded me of an old post. I pointed out using your bookmarks and commented on an SSH style of bookmark where public keys (in certificates) were part of it. I also noted that such a thing might not mean anything to average end users over a regular bookmark, which was the tricky part.
Attacks based on user ignorance of anything to do with PKI or TLS will apply regardless of “high assurance” certificates or not. What really matters here is whether or not browser security indicators matter to users (e.g., do users know about the security indicators provided by a browser, what the indicators mean, and what should be done in response to the indicators?).
[…]verifying that you are in fact establishing an SSL/TLS session with the proper entity.[…]
[…]countering an SSL/TLS MITM attack.[…]
This is an active research area. Petnames have been proposed, which I like (think PGP web of trust in some form). This has similarities to the SSH-type trust model, which has also been proposed and which I also like. In recent minutes to an IETF-PKIX meeting, the Opera people were looking at “extended validation” certificates. There has been all sorts of talk, pros and cons, about “high-assurance” certificates.In this regard, while I like the idea of bookmarking a web site and its certificate(s), how exactly to inform a user that a certificate is changed, and establishing what actions a user should take in such a case, is the hard part. Every model I envision reduces to checking the digital certificates when the certificate presented is different from the one that is bookmarked, and then all the same problems come back into play – you might as well have just bookmarked the web site and left out the certificate.
So, I like the petnames plugin for Firefox, and I think most people familiar with the SSH way of doing things would be comfortable here. The plugin adds another layer to the advice provided here, and works well for me at least.
Bookmark web sites that you visit, especially where you conduct transactions like buying stuff, and then return to those sites only through your bookmarks (this is like what we do with server public keys in SSH). Now, when you receive that email, instant message, or embedded link in some rogue web site purporting to be from, or purporting to point you to, Paypal and you really do feel it necessary to log into Paypal in response, don’t follow any of the links provided – instead, use your bookmark for the Paypal web site. It doesn’t solve all these problems, but it helps quite a bit.
-
But, it looked real… [via the gold-silver-crypto mailing list]
Evidently, no one at Minnesota-based Supervalu bothered to confirm the authenticity of emails sent in late February. Purporting to come from two of the company’s suppliers, the messages instructed Supervalu to wire all future payments to new bank accounts. One email purported to come from representatives of Frito-Lay and the other from American Greetings. Both suppliers have established relationships with the grocery chain.
The emails were phony, but within two days, Supervalu began moving money into the accounts. Over the course of a week, the company transferred $10,128941.94 in nine separate payments. [...]
These kids have become my standard quote for this.
Teen #1: Hey, man, I think we should get our important stuff laminated. No one ever questions lamination.
-
Short article (behind a paywall) about talking tech to the non-techie.
Technology is very complex and intimidating, and technology folks are constantly getting knocked for poor communication and poor customer-service skills. It’s taking a lot of time, leads to a lot of frustration, and leads to a lot of money being misspent.
This brought to mind one of the core reasons I originally founded D-kriptik and the original point of this blog – bridging tech and non-techies. Customer service is still at our core, but we have wandered a bit off the general IT support course.
-
Perhaps its the Trek in me, but this reminded me of transparent aluminum.
By mimicking a brick-and-mortar molecular structure found in seashells, University of Michigan researchers created a composite plastic that’s as strong as steel but lighter and transparent.