Friday, December 16, 2011
Thursday, December 8, 2011
Fight for the Future
This situation is developing so fast that I can't keep up with it. All I can do is direct readers to one of my favorite sites on the internet, Techdirt. Floor64, the consulting company which hosts Techdirt, is biased strongly in favor of internet freedom.
Some of the recent developments include many Senators distancing themselves from this bill, at least until after their re-election is secured. Supporters of these bills have offered to not enforce the DNS blocking until after the technical issues are sorted out. As an aside, these DNS provisions are not viable in conjunction with a secure name resolution system. DNSSEC rejects the various versions of DNS modification proposed by these bills' supporters. Additionally, a domain name system that can lie on government orders can lie on anyone's orders.
Another major development in the news is that many sites including this one are voluntarily blacking out tomorrow, January 18, 2012, as a preview of what the internet could look like when it's censored by hostile business interests.
Many interested parties in both the House and Senate will ask for these bills to be tabled until "the issues can be studied". Meaning in this case after the election cycle is complete and representatives are secure in their jobs. This requires a renewed call to action from all interested parties. Push for these bills to be defeated on the floor of both the House and Senate. And hold their remaining supporters accountable.
Merlin
You start out dead to get that out of the way right off the bat. Then, you wake up in a nursing home feeling better every day. When you are kicked out of the home for being too healthy, you spend several years enjoying your retirement and collecting benefit checks.
When you start work, you get a nice gold watch on your first day. You work 40 years or so, getting younger every day, until you're too young to work. Then you go to school, date, drink, and party.
As you get even younger you become a kid again. You go to elementary school, play, and have no responsibilities. In a few years, you become a baby and everyone runs themselves ragged keeping you happy.
You spend your last nine months floating peacefully in luxurious spa-like conditions, central heating, room service on tap, the works.
Until finally, you end your life as an orgasm.
I rest my case.
Wednesday, November 16, 2011
American Censorship Day
The first part of this bill tasks the Attorney General with the requirement to censor foreign websites on the accusations of the content industry. The procedures that the Attorney General would be required to initiate do not involve contacted the accused infringer directly. Instead, the payment processors, search engines, ad networks, and domain name service providers across the internet with knowledge of or business relationships with the accused foreign website will be forced to cease operations with the accused. Search engines will have to remove the accused from their results, ad networks will not be allowed to disburse revenue to sites accused of infringing, and DNS providers will be prohibited from resolving domain names to IP addresses for accused sites. The second title of HR 3261 increases penalties for web site operators accused of copyright infringement.
Now that we've outlined what this bill is supposed to do, let's discuss why it won't do any of that and why it is a horrid piece of legislation.
First off, this bill is clearly just fellating the entertainment industry as a reward for their failure to adapt to changing market conditions. Copyright infringement is a result of a poorly implemented business model which does not monetize the audience to the level of the copyright holder's expectations. SOPA has no provision for removing infringing content. It only adds liability, and thus expense, to third-party service providers. These costs will be passed along to customers or used to raise the barriers to entry for innovative new companies entering the market. Nor are there penalties for false accusations or claims against non-infringing content.
Also, foreign governments will find themselves pressured to "meet their international obligations" in expanding protectionist copyright policies. And, as this bill is written to target foreign websites, so will it be used as the basis for laws used against American business interests.
Third, whenever the ability to censor is available there is always a desire to expand this ability and this bill will not stay in scope. SOPA has already been used to legitimize censorship by foreign regimes and the bill hasn't even passed yet.
If you believe your elected Congressperson still represents you, call them and ask them to oppose HR 3261.
Sunday, September 18, 2011
Decade-old memories
I was in college at the University of Maryland, College Park, in the 2001 Fall semester. Since 11 September, 2001, was a Tuesday morning, I was in an early lab class. After lab I had the whole rest of the day open so I went back to the IEEE lounge in the basement of the engineering building. That's when another student, well known for being a bit of a cut-up, said a plane had crashed into the World Trade Center.
Of course I said, "That's a really bad joke, James."
But I still walked to the computer lab down the hall to find out the story. I sat down at an open computer and thought about where to find the information I was looking for. You had to do that in those days. Remember that Google was only a few years old and hadn't overthrown the top search engines of the day, Lycos and Alta Vista. As this story was supposedly happening in New York, my first stop was the New York Times, the first New York-based newspaper I could think of. Their site wasn't available that day, my first indication that there might be something to this story. So I tried the Washington Post, our hometown paper there inside the Beltway. Also unavailable that morning. Now I'm thinking I need to try for a server well outside the supposed area. The LA Times was showing news from the night before. They hadn't even woken up yet to update their website. I finally hit upon the Tampa Tribune, who was both awake and online. That's when the towers started falling.
In the following years, many whitepapers would be written about dealing with surge capacity for news websites and many more about continuity of operations. The University's administration was castigated for not evacuating the school to which their response was, "Where are the students supposed to go? All the flights have been grounded and anywhere could have been a target." There was a campus-wide memorial on the 12th and classes were cancelled that day. Looking up and seeing military fighter jets on patrol instead of the normal passenger jet contrails was the eeriest part. We were concerned about reopening the world's oldest continuously operating airport.
Thursday, September 1, 2011
Chromebook 3
How did I manage this miraculous feat? Lots of wi-fi. There is no ethernet port on a Chromebook and it won't tether to an Android so unlimited data from other providers is not an option. This month, I stayed off the 3G network as much as possible and never used it for bandwidth intensive activities like streaming media. Even so, moderate web surfing, email, and social networking on the big screen (compared to my Android phone) used up almost the entire quota of data this month.
Because I work where I do, there's no wi-fi here at all. We have our own war-drivers roaming the halls sniffing out rogue access points. Even broadcasting cellphones get hunted down. Not a good place to have a misconfigured radio. I do have my own network(s) at home but the apartment complex nearby makes for very crowded airspace. But then the Elks Lodge where I'm a member has wireless. And no other access points nearby. Since those are the three places I spend all my time, and two of the three have wireless internet, I'm usually near enough to an access point to switch radios.
So that's my secret for making the shallow data pool last the month. Don't actually use it.
Friday, August 26, 2011
Testy
CompTIA provides certifications for IT professionals, such as A+ and Security+. (ISC)2 offers the CISSP for senior managers in security positions like a CISO. Of course, all the vendors like Microsoft and Cisco also offer certifications for their products. And they all offer all manner of tools to help your earn their certificates. But have you priced out some of these offerings? And that's not for the test to get the certificate, that's for the training to get ready to take the test.
And of course these test providers work hard to make sure their tests don't leak out to the internet. Some test providers are more aggressive than others but they'd all rather you didn't reveal their exams because otherwise what would people pay for. Which I why I won't talk about specific questions. But I will talk about some basic test-taking strategy and some differences I've noticed between vendors.
Tuesday, July 5, 2011
Charitable Lawyer
There is only one lawyer joke; all the rest are true stories.
The United Way realized it had never received a donation from the city's most successful lawyer. So a United Way volunteer paid the lawyer a visit in his lavish office.
The volunteer opened the meeting by saying, "Our research shows that even though your annual income is over two million dollars, you don't give a penny to charity. Wouldn't you like to give something back to your community through the United Way?"
The lawyer thinks for a minute before replying. "First, did your research also show you that my mother is dying after a long painful illness and she has huge medical bills that are far beyong her ability to pay?"
Embarrassed, the United Way rep mumbles, "Uh, no, I didn't know that."
"Secondly," continues the lawyer, "did it show that my brother, a disabled veteran, is blind and confined to a wheelchair and is unable to support his wife and six kids?"
The stricken volunteer begins to stammer an apology, but is cut off again.
"Thirdly, did your research also show you that my sister's husband died in a horrible car accident, leaving her penniless with a mortgage and three children, one of whom is disabled with severe learning disabilities requiring an array of private tutors?"
The humiliated United Way representative, completely beaten, says, "I'm so sorry, I had no idea."
"That's fine," the lawyer finishes. "So if I didn't give any money to them, what makes you think I'd give any money to you?!"
Friday, June 17, 2011
Special Offer
Chrome sleeve by Rickshaw |
Saturday, June 11, 2011
Chromebook Second Impressions
I like the software, too. Android is a great operating system for the type of hardware it's installed on and for using a lot of cloud services and Chrome does the same thing for bigger systems. It's fun to pick the differences between Chrome the web browser and Chrome the operating system. It's great code.
Friday, June 10, 2011
Chromebook First Impressions
Shiniest slab in the 'verse |
Tuesday, May 10, 2011
This (frost)bites
Warning, the following section includes graphic pictures of injury.
Tuesday, April 26, 2011
Ding dong
After closing time at the bar, a drunk was proudly showing off his new apartment to a couple of his new friends.
He led the way to the bedroom where there was a big brass gong and a mallet.
"What's up with the big brass gong?" one of his guests asked.
"It's not a gong. It's a talking clock," the drunk replied.
"A talking clock? Seriously?"
"Yup," replied the drunk.
"How's it work?" the friend asked, squinting at it.
"Watch," said the drunk man. He picked up the mallet, gave the gong a heavy whack, and stood back.
The three stood looking at each other a moment.
Suddenly, a voice from the other side of the wall cried out, "YOU ASSHOLE! IT'S THREE O'CLOCK IN THE MORNING!"
Security -
View from outside the security door. |
Yes, this sensor is installed on the wrong side of the door. Poorly, I might add; that's double-sided foam tape barely holding the sensor on the door jamb.
This may not seem like much of an issue but as an example, let's walk through a couple of ways I would, er, a malicious intruder could exploit this.
- Hold onto the information. If you learned anything from Indiana Jones and the Last Crusade, it's that the wired door is the important one.
- Simply cut the wire. The false alarm would tie up responders here at this door while an intruder was left free to operate at another location.
- Hack the sensor. The signal coming off that sensor probably isn't complex. It could be trivial to rig up a device to replicate it. Install the signal generator on a tap then cut the wire. The intruder is now free to breach the door while the "sensor" continues to report nothing wrong.
Standard issue cipher lock |
So how would you protect your facility against this sort of vulnerability? First, obviously, install your door sensors on the correct side of the door. Second, establish a security presence inside the building with guards patrolling the hallways and a camera on that door. Also, train the building tenants to approach unidentified personnel and confirm their identity. Third, standardize the appearance of all the doorways. If all the doors look equally secured, an intruder won't be able to pick out the high value targets easily.
Monday, April 25, 2011
Shifty
The following essay was written by Mark Pfiefer. It is often incorrectly attributed to Chuck Yeager, MG (ret.), also an American hero but not the author of this piece.
Shifty volunteered for the airborne in WWII and served with Easy Company of the 506th Parachute Infantry Regiment, part of the 101st Airborne Infantry. If you've seen Band of Brothers on HBO or the History Channel, you know Shifty. His character appears in all 10 episodes, and Shifty himself is interviewed in several of them.
I met Shifty in the Philadelphia airport several years ago. I didn't know who he was at the time. I just saw an elderly gentleman having trouble reading his ticket. I offered to help, assured him that he was at the right gate, and noticed the Screaming Eagle, the symbol of the 101st Airborne, on his hat.
Making conversation, I asked him if he'd been in the 101st Airborne or if his son was serving. He said quietly that he had been in the 101st. I thanked him for his service, then asked him when he served, and how many jumps he made.
Quietly and humbly, he said "Well, I guess I signed up in 1941 or so, and was in until sometime in 1945..." at which point my heart skipped.
At that point, again, very humbly, he said "I made the 5 training jumps at Toccoa, and then jumped into Normandy... do you know where Normandy is?" At this point my heart stopped.
I told him "yes, I know exactly where Normandy is, and I know what D-Day was." At that point he said "I also made a second jump into Holland, into Arnhem." I was standing with a genuine war hero... and then I realized that it was June, just after the anniversary of D-Day.
I asked Shifty if he was on his way back from France, and he said "Yes... And it's real sad because, these days, so few of the guys are left, and those that are, lots of them can't make the trip." My heart was in my throat and I didn't know what to say.
I helped Shifty get onto the plane and then realized he was back in coach while I was in First Class. I sent the flight attendant back to get him and said that I wanted to switch seats. When Shifty came forward, I got up out of the seat and told him I wanted him to have it, that I'd take his in coach.
He said "No, son, you enjoy that seat. Just knowing that there are still some who remember what we did and who still care is enough to make an old man very happy." His eyes were filling up as he said it.
And mine are brimming up now as I write this.
Shifty died on June l7 after fighting cancer.
There was no parade.
No big event in Staples Center.
No wall-to-wall, back-to-back 24x7 news coverage.
No weeping fans on television.
And that's not right!
Let's give Shifty his own memorial service, online, in our own quiet way.
Please forward this essay to everyone you know. Especially to the veterans.
Rest in peace, Shifty.
Sunday, April 10, 2011
Copyfright
So I went looking for a suitable image to use. I thought a picture of a creeper would go well in the bit of Minecraft fan fiction I wrote to illustrate a birthday attack. My first stop was obviously Minepedia, where I found a great picture of a creeper, but I also found a scary copyright warning on the same page.
What that notice is saying is that the Minepedia is hosted on a Curse server, but they don't have the copyright because that belongs to Mojang, the creators of Minecraft. More importantly for my purposes, I did not find anything like a Creative Commons license. It's not a requirement, but I'd be more comfortable using an image with a clear status.
Tuesday, April 5, 2011
Birthday Attack
The easy answer is 366 people. Since there are only 365 days in the year, any larger crowd will guarantee that two people in the group share a birthday. Surprisingly, you really only need 23 people to have a better than even chance that two people in the group will share a birthday. For a lot of cases, a 50% chance of finding a match is more than enough.
Let's consider a group of 23 people. We want to calculate the probability that they all have different birthdays. Remember, in probability, an event that will happen has a probability of 1 and you count down from there to zero as the event gets increasingly improbable. We'll ignore leap years and assume all birthdays are equally likely. Taking those into account would put the math even more in our favor.
The probability that the first person has a unique birthday, since you haven't recorded anyone else's birthday, is 1. The probability that the second person has a different birthday, out of the 364 days left, is (1 - 1/365). The third person, with two days already marked out, as a probability of (1 - 2/365) to have a birthday different from the first two. To get the probability that all three people have different birthdays, you multiply the individual probabilities, like so: 1(1 - 1/365)(1 - 2/365).
Continuing this way for the entire group, (1 - 1/365)(1 - 2/365)...(1 - 22/365) = 0.493. With a little extra math, 1 - .493, the probability that two people in a group of 23 will have the same birthday is 0.507 or 50.7%! That's interesting but how can it be applied?
False Positive
Security consultant Mohammad Hassan was using VIPRE, a malware scanner from GFI. VIPRE had reported a localization package as an infection called StarLogger. StarLogger is in a class of malware known as keyloggers, which record a users' key presses to collect information like user names and passwords as they're typed. StarLogger usually installs itself to the C:\WINDOWS\SL directory which, as it so happens, is also the installation directory of Windows' Slovenian language pack.
I don't do malware research on consumer electronics so I'm not familiar with how they're supposed to be reported. However, sprinting to a major tech blog to report the latest malware is probably not the preferred method. And anyway, computer malware is such a rapidly evolving battlefront that signature-based defenses have not been effective in quite some time. The list of blocked items is so long that system performance is often affected more by the scan than the infection. Heuristic (behavior-based) scans aren't much better, either. So many of the tricks the old code monkeys used to program with are practically worms and viruses in their own right.
So, while there is enough blame to go around most of it belongs on us. We get the blame for letting the story get ahead of the news and jumping at "cyber-threats" around every corner.
Monday, March 14, 2011
March 14th
Click through the page jump for an apple pie build guide.
Tuesday, March 8, 2011
The Dream
I sit up in bed but I'm not in my room anymore. It's night time and I'm in a clearing in the woods. There's a full moon up but the sky is cloudy, casting the world into deceitful shadow. The clearing is covered in deep grass right out to the tree line. That's where the shapes are moving, circling, surrounding me.
A slight breeze on the night air brings the scent of deep forest, verdant grass, and... them. An animal smell; fur, sweat, anger, and a touch of fear. They glance into the clearing occasionally, gazing at me with their pale yellow eyes.
These creatures have little concern for me. I neither incite anger nor instill fear in these dark beings. I know I am still dreaming but I am bound to these things somehow. Am I still dreaming?
It doesn't matter; I don't have their attention. These hounds are focused on something else; something out there in the forest. Something approaching.
It is the evil that stalks sleepers in the dark. This eternal curse.
Leaping out of bed I join the pack in tonight's chase. Now we are the hunters.
It's always the same dream.
Monday, March 7, 2011
Xoom will lose to iPad 2
Publicity still from Apple's iPad 2 press event. Surprisingly little poo-flinging. |
Apple recently unveiled their newest fondle-slab, the imaginatively named iPad 2. Apple has increased albedo by 0.17% for more shine, rendering all previous Apple devices obsolete. Continuing to use such outdated products can have dire consequences. It has been linked to dingy white socks, decreased fuel economy, male pattern baldness, and sagging porch steps. This new tablet device is pitted against the Motorola Xoom, the standard bearer for the Android 3.0 (Honeycomb) operating system.
Of course, Xoom is doomed to failure against the firepower of this fully armed and operational Apple product. Oh, sure, Android doesn't exert the same level of control over the user experience the way iOS does. Verizon's network has higher availability than AT&T can even dream of. And Motorola is edging back towards dominance of the mobile market.
The hammer that is driving nails into Xoom's coffin is price. The Motorola tablet costs $800 without a contract compared to $499 for the iDidntPayMoreThisTime. Speaking personally, I can't justify spending that much on a completely new form of technology. I've never owned a tablet, eBook reader, or even netbook. As such, I can't say if the advantage of the form-factor balances well against it's cost. If Motorola could bring the price down to $500, it merits a serious discussion about its necessity as another device in my computing ecosystem. If the price hit $250 it becomes an immediate necessity.
Disclosure: I own an Android-powered Motorola smartphone.
Heart Attack Grill
CBS News reporter Bill Geist covers the Heart Attack Grill in Chandler, Arizona. This video began circulating around Arizona just after the grill's 600 lb. spokesman, Blair River, passed away.
Geist begins, "Restaurants nationwide are paring down their portions and offering health choices." That's something the founders of the Heart Attack Grill couldn't abide. Blair River was a man with a vision and his field of view did not include his toes. This country is experiencing a backlash against the culture of excessive consumption that defined the previous generation. Citizens today are being told to cut back, to not take on so much. Whether it is debt or calories, we are constantly told we take too much. It's time for businesses like the Grill to remind us that our ancestors didn't claw their way to the top just so we could give it away to someone else.
They say, "It's not over 'til the fat lady sings." I say her crash diet turned her into a skinny waif! It's time to celebrate our excesses and remind ourselves how we got where we are today!
Friday, February 18, 2011
Dungeon crawl? Not exactly.
I recently had the opportunity to install an extension to the fiber backbone in the building. It was just a simple bridge between two computer labs, but it got me into some of the locked cubbyholes in, and under, my office building.
Tuesday, February 15, 2011
Team Tiffany
So now the obvious question is, why choose Team Tiffany? Well, I grew up with songs like "I Think We're Alone Now". This is what I'm talking about.
And here's Debbie Gibson in close second.
That's right; I'm a nerd for 80s pop music.