Whoa.

Wednesday 31 October 2007 at 10:36 pm Rending the Veil magazine published one of my articles!

Forged spam from the FTC contains keylogger.

Wednesday 31 October 2007 at 3:13 pm Someone out there apparently takes a dim view of the US Federal Trade Commission going after spammers (when it gets around to it) because they're sending spam forged from the FTC with malware attached. The spam takes the form of a complaint against the recipient, and asks them to open a document attached to the message. It's actually a keystroke logger that, when installed, records everything the user types from then on and sends it off periodically to someplace on the net. Understandably, they're not pleased with this stunt, and they're asking usres to forward copies of the e-mail (malware attached) to them and to delete the original copy.

A brother of the Bene Capsaicin lends his skills to the field of medical pain management.

Wednesday 31 October 2007 at 12:55 pm Pain specialist Dr. Eske Aasvang of Denmark is trying a new compound in clinical pain relief trials: Capsaicin. Yes, the very same compound that makes hot peppers hot, and unwary college students who've never heard of chicken vindaloo before want to shoot themselves. Capsaicin, as it turns out, bonds tightly to the receptors of C-type nerve fibres, which trainsmit status messages to the brain that are interpreted as pain. Those receptors will fire briefly (as anyone who's ever eaten chili can attest to) but then go silent because the nerves will have exhausted their supplies of neurotransmitters. It is expected that this numbness will last for a couple of weeks, long enough for surgical incisions to heal. The idea is that surgeons will bathe the surgical sites with capsaicin solution before suturing so that the patient will require less analgesia after the general anesthetic is reversed. This isn't the only clinical trial of capsaicin as an anesthetic, though: At Harvard Medical School they are trying capsaicin in combination with epidural anesthetics in an attempt to develop saddle blocks that still allow the patient to walk, and the National Institutes of Health are working on using a capsaicin analogue as a non-opiate painkiller for cancer patients.

Sayonara, Itojun-san.

Wednesday 31 October 2007 at 11:20 am Dragos Ruiu posted to the Bugtraq mailing list today that IPv6 expert Hagino Jun-ichiru, known to some as Itojun passed away yesterday. No details have been released about his death, and his family wishes to mourn in private for the time being. His funeral will be held on 7 November 2007 at Rinkai-Saijo in Tokyo, Japan.

"A feast for fire, and a feast for water; a feast for birth and a greater feast for death!"
--Liber AL vel Legis, II:41

You know, I could really go for some candy right about now...

Wednesday 31 October 2007 at 10:44 am Yep, once again it's October 31st, and Halloween, Samhain, whatever you choose to call it is here for a few scant hours.

No costume parties for me this year, I'm afraid - nowhere to go and no time to do anything. I can't honestly say that this sits well with me, but I guess that's a sign of getting older: You do what you need to do however you can. Oh, well. just like undergrad.

With that cheerful sentiment, I think I'll leave you with links to some of my favourite reading and listening these days. First on the list is a weird horror serial called Footnotes To A Species Once Called Humanity by a good friend of mine, Mr. Derek C.F. Pegritz. The story is told as a series of vignettes from the point of view of a slightly morbid country boy from western Pennsylvania who is one of a small number of humans left on the planet (who haven't gone mad or mutated beyond recognition) when the Elder Gods from H.P. Lovecraft's C'thul'hu mythos arise and claim Earth as their own once again after a conflict in the Middle East with a number of the other mythos races. When things that probably don't even recognize the existence of the human race, let alone care about them beyond their usefulness as a psychic foodstuff appear, there's really only one thing left to do: You take shelter wherever you can and see how long you can hold out. The narrator of these tales, a writer by trade and talent, leaves records of what has come to pass wherever he can in the subterranean world of abandoned mine shafts and natural caves that honeycomb much of southwestern PA in the hope that whatever race which claims the Earth as its own after the Elder Gods have moved on will find them. It's morbid. It's chilling and downright scary by turns. There is even the occasional moment of panicked desperation when things that would storm the gates of Hell because it would make a pleasant location for a family reunion come squelch-squelch-squelching at the front door. Fine, fine reading for a day like today, doubly so if you're into the weird and fantastic.

If the C'thul'hu mythos isn't your bag, then I recommend the podcast audio dramas by Sean Kennedy called Tales of the Afternow, in which a renegade historian and archivist from a post-apocalyptic world "sometime after now" records travelogues, cyberpunk folktales, and the history of his world in the form of audio broadcasts that an unknown party throws backward in Time in an attempt to prevent his world from ever coming to be. The world that Independent Library (Dynamic) Sean Kennedy VI lives in was devastated by a global war of some kind, leaving the last enclaves of civilization under the control of the few megacorporations that survived the nuclear/biological/nanotechnological conflict. In the storyline, everything is as tightly regulated as can be, because there is so little of substance left. The most precious resource of all, information - even basic knowledge, such as how to use a medical kit - is restricted to licensed, bonded technicians, though those outside of the arcologies who are still capable of learning wield considerable power on their own. The stories that the character of Kennedy (distinct from Sean Kennedy the author/actor who performs in the podcasts) are definitely worth giving a listen to if you like cyberpunk or dystopian science fiction. Personally, I think that listening to the first two seasons is worth it just to get to the story with the water bar...

More St. Louis restaurants.

Monday 29 October 2007 at 01:22 am Yeah, more restaurant reviews. I've got a lot going on right now, and this is all I really have time for right now. Hopefully I'll have time to write something more interesting in the next couple of days.

Okay. First up, the Rearn Thai Restaurant (7910 Bonhomme Avenue; Clayton, MO; 63105; phone 314-725-8870; fax 314-725-8809). It's a fairly good Thai restaurant a stone's throw from the hotel I'm staying at, and by fairly good I mean bring one or two friends, order two dishes and an appetizer, and you'll eat well, and not forget soon how good the food is. C- and I ordered the appetizer sampler platter in addition to our main courses, and two people can easily eat too much from the sampler platter alone. My pad thai, let me state, was made to perfection: It included chicken, pork, and shrimp, and the sauce was thick, tasty, and nicely covered everything on the plate. C-'s dish (the name of which escapes me because it's been a couple of days) was also reported to be extremely good. We weren't able to finish everything, and called it quits after demolishing two thirds of the sampler platter and about a third of our main courses. This place is a little difficult to find but not overly so. Overall: One and a half flareguns. If you're in Clayton and you like Thai, go here. You will not regret the stop at all.

Next, Super Smokers' BBQ, the barbecue joint that C- and his wife, coneisseurs of BBQ both, wanted to visit while we were here. It was a bit of a drive from the hotel (and the takeout menu I picked up doesn't have the address on it, but if you hit the link above you'll find it) so I don't know exactly where it is, only that it was a good half hour drive or so to get there on a Friday night. Their ribs are not the ribs you'll find in a city like DC or Pittsburgh - they're more meat than bone (one supposes that they're supposed to be that way), their pulled chicken sandwich isn't too bad (it was a bit moist around the edges but nicely textured and dry inside the bread), and the sauces are probably near the top end of those I've had because they're manufactured in small batches at the restaurant to very tight tolerances. The mustard-based sauce doesn't taste wholly of mustard, the hot sauces have just enough spice to stop by and say 'hello' but not overpower your sense of taste or the flavour of the meat, and the sweet sauces were sweet but not cloyingly so. I'm told that they all worked well with ribs, and I rather enjoyed sampling them on my pulled chicken sandwich. Verdict: Two flare guns. I'm not much of a fan of BBQ but I liked what I got, so check 'em out.

Last but not least is Il Vichino's (41 North Central; Clayton, MO; 63105; phone 314-727-1333), an upscale Italian eatery a couple of blocks away from the site. Somehow we keep winding up eating calzones in Clayton - I guess it's because there are so many good restaurants within a three block radius of wherever you happen to be. Their calzones aren't bad - the crust's a bit heavier than that of the others I've had around here and there's a lot more cheese in them than other places' fare. On the whole, Il Vichino's isn't too bad.. I much prefer the other Italian restaurant that we'd gone to around here (The Uptown Cafe') because they had a bit more range of flavour.. a bit more complex, a bit more varied, a bit less cheese covering it all up. Two and a quarter flareguns.

More evidence of official climate change 'editing' comes to light.

Friday 26 October 2007 at 2:42 pm Earlier this week, Dr. Julie L. Gerberding (director of the Centers for Disease Control and Prevention) testified before a Senate subcommittee about risks to the health of the public associated with climate change and global warming. As policy dictates, her testimony was recorded, transcribed, and entered into the public archives. As policy does not dictate, however, the transcript of her testimony was edited in interesting ways, with no evidence of redaction left behind. Dr. Gerberding has stated that such edits are routinely made before the transcripts are put online, and has no problem with her text being altered.

Major semantic changes are made to her testimony, but she's okay with this?? Somehow, I don't buy that.

What gets me, however, is that such official censorship has happened before, and it's happened often enough that are neither surprised nor particularly worked up over it... though they should be, because when last I checked, we all happen to live on the same planet.

Just when you thought it was safe to make your data safe...

Friday 26 October 2007 at 2:17 pm A common procedure at many companies is to send the backup tapes offsite, on the off chance that if the building burns down or something, the computers will be lost but the data can be restored to replacement hardware and business will pick up apace a day or two later. In the industry, this is referred to as 'disaster mitigation planning'. At smaller companies, either the tapes never get taken offsite (common) or one of the sysadmins takes the tapes home to put them into a safe or strongbox (a bit more common). Larger companies and organizations with more rules, regulations, and laws to follow often negotiate contracts with niche companies that specialize in taking backup media offsite and storing them in vaults, like Iron Mountain (which is practically a household word in the DC metroplex because they're famous for their four hour turnaround time on the bigger contracts).

However, even they're not perfect, though they had some 'help' from a customer or two who didn't encrypt their backup tapes...

Yep - the Louisiana Office of Student Financial Assistance contracted Iron Mountain to store their backup tapes offsite, but they didn't encrypt the data on the tapes, so whomever stole the tapes out of the back of the truck one of their retrieval teams was using (or, to be fair, lost the tapes in the warehouse (which is known to happen)) has gotten their hands on thousands of records containing names, addresses, Social Security numbers, and other personally identifying information (the acronym PII is coming into use as a result) of Louisiana residents. The driver of the truck didn't follow a documented procedure of some kind (they didn't say what, exactly, but I kind of think that it had to do with locking the back of the truck) and the container of tapes (helpfully and clearly labelled) went walkabout.

An announcement from your electronic lords and masters.

Wednesday 24 October 2007 at 10:38 am Gina Trapani over at Lifehacker posted this morning that at least some users of Gmail are showing support for IMAP in addition to the nifty-keen-like-wow AJAX web and POP3 interfaces to the service. Right now, only a small number of users have IMAP support available to them but Google's announced that it'll be opened up to everyone else within a couple of days. To see if you have support for it, log into your Gmail account, click on the Settings link (top-right corner, to the right of your e-mail address), "Forwarding and POP/IMAP", and scroll down to see if you have a configuration stanza called "IMAP Access". If you do, turn it on, save changes, and then check out their configuration instructions for your mail client of choice.

What's the upshot of this? You don't need a web browser to check your Gmail anymore (doubly handy if you're stuck with a very old browser, or if you're in an environment which restricts things all the way down to the level of the type of content that the browser can handle), just a copy of Mozilla Thunderbird (portable or otherwise), or a reasonably up to date cellphone.

It's about time, let me tell you...

St. Louis, MO restaurant reviews.

Tuesday 23 October 2007 at 10:55 pm First off, expect to pay in the neighborhood of $10us per meal if you're in the St. Louis area. Budget about $30us/day if you'll be here on a trip lasting more than two days maybe $20us if you only eat twice per day.

The first restaurant I went to on my trip to St. Louis was the House of Wong (46 North Central; Clayton, MO; 63105; phone 314-726-6291), a new-school Asian restaurant within spitting distance of the hotel. The waitstaff is polite and attentive, the atmosphere very pleasant, and the food excellent. Our crab rangoon was cooked to perfection, and I highly recommend a half-portion of Wong's Hot Chicken, which is a little bit like General T'sao's Chicken but with a lighter, spicier sauce. Theirs was easily the best food I've had so far into my trip, and they even have T'sing Tao Beer in stock. One and one-half flareguns. Go here for dinner at least once!

The next evening C- and I hit up Zuzu's Handmade Mexican Food (31 North Central Avenue; Clayton, MO; 63105; phone 314-863-6767; fax 314-863-7455). It's a smallish restaurant in the middle of Clayton that, like many places over here, has cafe' style dining in addition to takeout and the option for delivery. I have to admit, I wasn't terribly impressed with this place. Their hottest salsa is probably equivelent to the most mild that you'll find in a grocery store, my chicken burrito didn't have much flavor outside of the sauce, and the mahi-mahi tacos were about average. Not a bad place if you're in the mood for tex-mex, but definitely not top shelf. Two and one-half flareguns for so-so tex-mex food (and all that entails).

Next up: The Uptown Cafe' (105 South Meramec; Clayton, MO; 63105; phone 314-721-0393; fax 314-725-6746). They've got an excellent selection of fare, ranging from Italian to American to tex-mex and not a bit in between. They also have daily specials during the week. On Tuesdays, for example, their lunchtime special is a house salad and a calzone (which I strongly, strongly recommend). In fact, just about everything I've had there was pretty good. Get there early because the workaday force will invade around 1145 local time, and they have to start turning people away. If you'll be in the area, stop by here for lunch. Expect to pay between $7us and $9us for lunch. I highly recommend this place: One flaregun for tastiness as well as a responsive, attentive waitstaff during the lunchtime crush on a Tuesday.

Last, and so far least, was C.J. Muggs (200 South Central; Clayton, MO; 63105; phone 314-727-1908). It's your basic sports bar, with plasma televisions all over the place, bar food, drinks, and grilled faire. Their appetizers are rolls with butter and some sort of orange-ish buttery spread that neither C- nor myself could quite place (though C- suspects that grilled peppers are a major ingredient), and you can find charred meat in various and sundry forms on the menu for about $10us per plate. The turkey burger and fries weren't much better than what I had at Zuzu's the night before, the coffee is weak and warm (not hot), and the waitstaff on an empty evening must have been killing time out back while waiting for the game to start. To quote Fuscia, "Stunningly mediocre." Two and one-half flareguns for tasteless food and slow staff when they had a nearly empty house. Bring your TV-B-Gone if you must eat here.

Lake Forest, Washington 911 center compromised.

Tuesday 23 October 2007 at 10:32 pm The SWAT team charged with the town of Lake Forest in Washington state was dispatched to the house of a local family after being informed that a heavily armed drug dealer had killed at least one individual and was in possession of a large stock of distributable drugs on the premises. As one would expect, they geared up for a full assault and hit the house like gang busters. There's one important fact which they didn't have at the time, and this fact made all the difference: The original 911 call that alerted police to this house was faked. Computer forensics technicians discovered later (after the SWAT team found nothing at all but a terrified family on the premises) that someone had cracked into their network from the outside and forged a call from one of the phone numbers corresponding to the house. 19 year old Randall Ellis of Mukilteo, Washington was taken into custody after the 911 call center's data network was examined and evidence was gathered. They're pretty sure that he did it because SWATting has occurred in other places that he's been, and they say that he's got the skills and the chops to pull off such a stunt.

The story's thin on details: Someone could have placed a convincingly faked telephone call to the local 911 call center, or someone could have cracked their network from the outside and edited records of a recently placed call and bumped it to the top of the queue. Or someone could have inserted a fake record of a 911 call that carried maximum priority. Word of this particular incident has been scarce indeed, especially seeing as how US law enforcement doesn't want any more people getting any bright ideas, because SWATting (as they're calling it) is a fairly rare prank right now, but certainly not within the realm of isolated incidents anymore. Because of this, there are some things that I'm going to leave out of this article because I don't want anyone getting any fancy ideas, either, and wreaking havoc with them.

Faking the CID (called identification) headers of telephone calls is not exactly simple these days but it's a known technique, and is actually pretty common if you know where to look. You could use VoIP (Voice Over IP) technology to make it look like the call is coming from another number entirely, and so far as the destination(s) of the call are concerned the call looks legit. The easiest thing to use would be a softphone configured with false CID information, though it is also possible to hack an ATA (advanced telephony adapter) to do the same thing. However, when the hammer falls and Someone starts digging into the CDRs (Call Detail Records - logs that keep track of what happened during every phase of a phone call, from initiation to pickup on the other side to hangup) of the telephony switches that were used, they will start figuring out what really went on. It's a time consuming and annoying process (even with custom written utilities assisting) but it can be done. A major problem, however, is getting your hands on those records for forensic analysis, because they are also used to determine billing of customers, and not many communications companies are willing to make them available without a court order.

If someone doesn't want to go the VoIP route, there's a phone phreaking technique called orange boxing that can be used to fake the caller ID headers of an outgoing phone call, with much the same effect. The idea is that a phreak would generate the proper signal to blast into the phone line after the other party answered, and while they might see the real info before picking up (though dialing *67 would block it), they would certainly see the faked CID info if they looked at the LCD display. The biggest problem with this method is not generating the audio signals to play back but getting them into the phone line, because the microphones in telephone handsets are, as they go, not of high enough quality to make it work perfectly.

Of course, the classic fix would be to crack into the telephony switches (and possibly the record keeping systems) and edit configs such that calls from a certain line are given false caller ID headers. Might be easy; might be difficult. It would depend on how skilled the cracker was and the security of the phone company in question. Along those lines would be compromising the 911 call center's network and monkeying around with things. Again, there are a lot of factors at play in such a scenario, and with the limited information they've provided in the article, there's no way of knowing.

EDIT: FIXED - I took to the skies once again, and found myself in a strange, wonderous land.

Tuesday 23 October 2007 at 12:40 am A land in which traffic in the heart of the city is sparse at high noon, there are restaurants on nearly every corner (woe to my waistline and coronary arteries), and the temperature plummeted from 85 degrees Fahrenheit yesterday to a chilly 55 degrees Fahrenheit by the time C- (cow-orker and metalhead extrodinaire) and I left the site and headed for the hotel.

Yes, this is the Doctor again, writing to you from the outskirts of St. Louis, Missouri. The company I work for has sent me abroad once again on assignment, this time for two weeks straight in the field.

A few links have piled up over the past few days, so I'd best get those out of the way before I try writing anything else. It's a little bit like kicking the junk mail out of the way before you can walk into your apartment after being on vacation for some period of time.

Okay, the BBC has announced that this year's Children In Need special episode of Doctor Who will be a long-awaited crossover: Peter Davison will reprise his role as the fifth Doctor and join David Tennant's portrayal of the tenth Doctor in an episode called Time Crash (what a change from titles like The foo Doctors). If you've seen the final episode of season 29/3 of Doctor Who, you have an idea of what this means, though no one yet knows what's to come. As with all of the Children In Need episodes to date, it's going to be a doozy. The episode will air across the pond on Friday, 16 November 2007. Expect it to hit BitTorrent trackers across the Net within an hour after airing.

Next, if you've ever read the web comic XKCD, you might have seen a certain strip about a ninja raid upon the domicile of one Richard M. Stallman. The last time Stallman spoke at Yale University (last Wednesday, if memory serves), a couple of people in the audiene decided to re-enact the attack. No one was injured and RMS, from all accounts, enjoyed the joke immensely.

There. Now that those are out of the way, how about what happened this weekend?
More under the cut...

Gary McKinnon's leave for appeal granted.

Tuesday 16 October 2007 at 2:41 pm Gary McKinnon, the cracker famous for infiltrating NASA and United States military networks in search of information pertaining to UFOs was granted leave so that he could appeal his extradition to the House of Lords. McKinnon is facing multiple counts of violating the Computer Fraud and Abuse Act of 1986 (18 USC 1030) as well as the USA PATRIOT Act.. if extradited to the United States, in all likelihood he's facing years at Guantanmo Bay as they try to figure out to their own satisfaction what he was up to. Knowing the state of cyber-law enforcement these days, it'll take them decades. It's been said that law enforcement from the United States attempted to coerce McKinnon into not challenging the extradition, but because this is hearsay, it's anyone's guess if this really happened or not.

McKinnon's appeal will be heard sometime in early 2008.

Forget pizza money, how about chipping in to hire a bouncer?

Tuesday 16 October 2007 at 12:03 pm In London, England, someone posted details about the birthday party of one Stephen Worthy, age 18, on the Net, which was summarily read by some number of people Out There... the day of the party the location was invaded by over one hundred teenagers, who not only crashed the party but trashed the house and sent the poor guy to the hospital via airlift. His father, 53 year old David Worthy, was put on the shelf with a broken nose, provided at the hand of one of the party crashers. It was supposed to be a private 18th birthday party but someone leaked the information, and all hell broke loose.

Stephen's out of the hospital, incidentally, and up and around, as is his father. Six of the unknown number of teens were arrested; all were released on bail.

I have to ask this question: What in the almighty Hell would cause anyone out there to think that taking a party by siege was a good idea? No, seriously, I want to know what sort of person would do that.. leaking word of a party is one thing, and teens disliking one another quite another, but... why?

This sort of thing blows my mind. This is like a World of Warcraft raid gone horribly wrong. Have personal ethics in this day and age atrophied to the point where it's acceptable to invade someone's personal space and private gather, wreck the place, and steal things that don't belong to you just because someone's address found its way onto a website?? I'm about to have a "damn kids" moment, but when I was around that age doing anything of that sort was simply unthinkable. Unless you had a pair of stones the size of Cisco Catalyst 3800's, crashing a party that you found out about on the sly just didn't happen, because there was no way you'd get in any of the doors at the site. Maybe if it was a rough party you'd get bounced around a bit for trying, but socially speaking it never even occurred to any of us.

Like holding 'tea' and 'no tea' simultaneously. In a 'not' sort of way.

Tuesday 16 October 2007 at 11:37 am Notorious BitTorrent tracker The Pirate Bay somehow came into possession of the net.domain of an organization called the IFPI (International Federation of the Phonographic Industry), which is said to be one of the Net's foremost anti-piracy organizations. The IFPI's been a thorn in the side of Pirate Bay for years, even going so far as to try to get hold of files on the 'tracker held by the Swedish police force, with no success. Supposedly, black hat tricks weren't needed to get hold of the domain (somebody probably sniped the domain the moment its registration expired), and as result the Pirate Bay's going to hold onto it as long as it can.

First weekend update in a while.

Monday 15 October 2007 at 3:11 pm For the past couple of weeks, my weekends have been busy enough that there hasn't been much of interest to write about. Not that they weren't interesting interesting, but to be frank talking about driving around all over the place running errands, going to appointments, and things like that doesn't make for terribly gripping reading. This weekend, however, stands out in memory because it was the first really laid back weekend that we'd had in a long while.

On Friday night Lyssa and I went shopping to get the stuff to make a lamb stew, some of which we'd be bringing to the cookout over at the house of Hasufin and Mika that Saturday. Jarin came over that night and we wound up talking about the merits of various virtual machine applications (namely, Vmware and the beta release of the native MacOS port of same) and walking a couple of blocks to pick up dinner at Five Guys for the three of us. Along the way a discussion about the potential of a complex data system to spontaneously become self-aware started, and I started to wonder out loud if the first spontaneously generated machine intelligence would not be a search engine like Google reaching a flash point, but instead a massively distributed processing network, like the Storm worm botnet. The reason that I think that such a thing would come out of a malware network is because the Storm worm agent is not centrally controlled, relying upon a modified peer-to-peer networking protocol to disseminate code updates and commands, as well as the fact that the agent in question is updated periodically with new code modules... right now the Storm worm network is used primarily for carpet bombing the Net with spam, with a side order of DDoSing the networks of some researchers who capture samples for analysis and publish the results.

The thing about such a malware agent is this: Hypothetically speaking, it doesn't have to just do those things. Modules could be written analyze data of an unspecified type, in the same fashion as Seti @home or some genetic algorithms, or implement a number cruncher suited to parallelization on a massive scale, such as distributed.net. If anyone gets around to using such a malware network for things other than spamming, the sky is literally the limit for what it could accomplish. For years, people have been speculating about a virus or worm that silently cracks crypto keys in the background, but as far as anyone knows, no one's done it yet.
More under the cut...

Somehow, I doubt that many will mourn this guy's passing.

Friday 12 October 2007 at 12:08 pm The notorious Russian spammer Alexey Tolstokozhev was found shot to death in his apartment just outside of Moscow earlier this week. Apparently, someone took rather violent offense at all of the advertisements for Viagra that he was hammering out and shot him a number of times, including one head shot. Supposedly, Russian police forces think that this is the trademark of a hitman employed by Russian organized crime, who don't take kindly to people muscling in on their territory (or declining "polite requests" to become part of their territory). It is thought that Tolstokozhev was personally responsible for roughly 30% of all prescription drug spam on the Net today.

Again, it's anyone's guess if whomever did him in took over control of the botnet he was using to carpet-bomb the Net with spam.

I'm going to step out on a limb here.

Friday 12 October 2007 at 09:23 am Right now, it's de rigeur for people on the Net to make fun of the ingominous death of the Reverend Gary Aldridge, who was found dead in his home this past Sunday. Because the details in the news report may not be safe for work, I'm going to put the rest of this article behind a cut...
More under the cut...

HIPAA doesn't imply that you can trust those in control, now does it?

Friday 12 October 2007 at 08:35 am Joseph Nathaniel Harris, a former branch manager at the San Jose Medical Group in California was sentenced to 21 months in prison and fines in excess of $145kus for stealing medical data. When Harris left his position after allegations that he'd been stealing money and medication from the facility, he is said to have stolen two computers and a DVD-ROM disk containing sensitive information about 187,000 patients, including Social Security numbers, medical histories, and diagnoses. The computers were found to have been sold for cash, but kept the disk containing the patient data. Thankfully none of that data got out...

Okay. A quick lesson for everyone reading this: First of all, back up your data. Then back it up again to different media. This isn't terribly hard, people.... tapes are slow and expensive, but there are other ways, such as DVD-ROM disks and USB hard drives. Put one in a lockbox or safe on-site, and have someone take the other offsite - safe deposit boxes are good for storing backups.

Next, verify both sets of backups to make sure that they work before they're put into storage. The only way you'll know if a backup worked or not is to try to read from the tape to see what's on it. If your backups don't work, you may as well have not tried to back up your data at all, and you're right back to where you started.

Third, use the encryption function of your backup software so that if someone does steal the backup media, it won't be worth their time to guess the passphrase. That's the whole point of building crypto into backup software - so that rogue elements in the organization can't monkey with backup media that no one will look at for weeks on end.

This might not be a threat that you can avoid entirely, because people will be people, but you can certainly mitigate the impact of such a thing happening.

UPDATE: There is an excellent article on data backups over at the Internet Storm Center.

If anyone else did this, they'd have been fired faster than you can blink.

Friday 12 October 2007 at 08:07 am One Jerry Miller, head of the payroll team for the Administrative Knowledge System project of the Ohio Department of Administrative Services screwed up in a pretty major way - he let one of his interns take a backup tape containing, among other things, data on better than 130,000 employees of the state of Ohio, former employees and contractors of same, and sundry Ohio residents. Seeing as how it was payroll information, I'll leave it to you to guess what kinds of information were encoded on that tape. The tape was stolen from the back of said intern's car in June of 2007, which begs the question of why he was letting what amounts to a temp deliberately mishandle sensitive information...

Expected cost of mitigating the consequences of the security breach? In the neighborhood of $3mus.

The intern's probably been fired, assuming that $intern's tenue on the project wasn't up when school started up again in September.

Miller's punishment? He lost a week of vacation.

Remuneration and assistance for all the poor sods whose credit histories will probably wind up on a BitTorrent tracker within the next two years? Nada.

New releases from Steampunk Magazine.

Thursday 11 October 2007 at 2:19 pm The staff over at Steampunk Magazine have a pair of new releases for the edification and amusement of everyone out there. First off, issue number three of their 'zine has been released under the terms of the Creative Commons v2.5 license for download or purchase at the cost of $3us. Secondly, a short book entitled A Steampunk's Guide to the Apocalypse has hit both the Net and printing press (cost, $5us), and features the paintings of Mr. Colin Foran (XKCD-flavored technical drawings by Anonymous). Tongue in cheek in nature, it briefly describes how one would stay on one's feet after $disaster{'global'} with a distinctly steam-powered flavor.

A word to would-be presenters out there.

Tuesday 09 October 2007 at 09:33 am Unless it involves 0-day security vulnerabilities that amount to a global panic in the style of bad Hollywood action movies never, ever install updates of any kind on the laptop you're going to carry into the field with you the week before, or you'll spend every waking moment up until the time you go before the crowd trying to fix your laptop. Don't be That Presenter At the Con.

Working around patent licensing problems with evolutionary algorithms.

Monday 08 October 2007 at 3:12 pm Evolutionary computer algorithms are good at solving a relatively common set of problems through trial and error - the set of problems that we know of with a large number of equally valid possible solutions, of which some subset of those are faster or more efficient. The only way to see which of these solutions will do what you want is to try one and mess around with it for a while, and then try a slightly different approach. In other words, by tinkering, tweaking, and hacking around, which is great on a small scale but when you're looking at a few dozen to a few thousand possibilities, time, money, and materials make doing so prohibitive. As the name implies, evolutionary algorithms treat problems as sets of genes: They try one set, see how well it works, then change a variable (mutation) and try again. The lists of mutations that get you the farthest toward your goal are kept, while the rest are stored until their possibilities have been fully explored and pruned of dead ends. For this reason, some genetic algorithms (I don't know for certain because this isn't my field of expertise) are well suited for massively parallel computation, i.e., throwing lots of CPUs at copies of the algorithms and letting them churn for some period of time, because lots of attempts made at the same time are more likely to result in successes in shorter periods of time.

There was a pretty cool presentation done on this topic at LayerOne this year by Rooster - if you're curious, you can watch the whole thing here.

Genetic algorithms are being used to develop all sorts of things that you wouldn't ordinarily expect, such as optical fibres, antennae, flash memory, and tissue biopsy analysis because they involve, among other attributes, shapes and patterns that can be described with geometry, or with such methods as filling in cells on a grid (very much after the fashion of cellular automata). What would take a team of engineers and hackers weeks or months of constant effort can be done by these systems in days with current computation technology. They can also be used, it should be noted to design around certain parameters - the article gives as an example of this a research team at Stanford University designing an antenna for 802.11 wireless networking without licensing a patent from Cisco because the evolutionary development system they used was instructed to look at the publically available information in the text of the patent and then try everything not covered by the patent (exclusionary mutation).

Another step closer to artificial life - an artificial chromosome.

Monday 08 October 2007 at 2:28 pm

Geneticist Craig Venter of San Diego, California has made a significant breakthrough in genetics and bioengineering after it's been verified by the scientific community (I have to throw that disclaimer for reasons that'll be made clear in a moment)... he's built a chromosome out of raw materials in vitro.

Yeah. Not only did Venter's team, lead by Nobel Prize winner Dr. Hamilton O. Smith hooked synthetic nucleotides together one by one into a strand of DNA 580,000 base pairs in length, coding for 381 distinct genes, and then got the DNA to coil up into a chromosome. The synthetic chromosome is based upon a pared down version of the genome of the bacterium mycoplasma genitalium - to get a reference DNA sequence to copy, they removed roughly 20% of the genome to get at the nitty-gritty genes necessary to support life. If they can successfully transplant the artificial genome into a cell, the cell will take off on its own, eating, excreting, and reproducing with a genetic structure built by the hand of man.

If I can get my hands on the actual whitepaper for this, I'm definitely going to post it as a sequel to this entry. This is a significant step toward making true artificial life - genetic code from scratch.

(experimentally written with BloGTK. Category selection and keywording don't work, and it also messed with paragraph formatting and layout.)

Why blogging engines don't sit quite right with me in subtle ways.

Monday 08 October 2007 at 09:27 am On my way to the office this morning I was sitting in the car thinking about nothing in particular, and in my pre-caffeinated state my thoughts wandered in the direction of why blogging engines like Pivot and Wordpress make me uneasy in weird, peripheral ways, and why I find them so difficult to use, insofar as writing text is concerned. The reason is that they imply a sense of immediacy upon the user writing where sometimes there shouldn't be one.

Let me start off by saying that I'm not trying to bash blogging in general or any one blogging engine in particular.

Most but not all blogging engines require the author of content to have a network connection while writing - you go to a back-end page of the blog, log in, and type text and some formatting code into an HTML form of some kind. You can dodge this by writing offline in a text editor and then cut-and-paste the text into the engine when you next have net.access, however. There are also blogging clients that let you do the same thing, with varying degrees of success. Personally, I'm a big fan of the "write it in a text file and post it later" school of doing this. Long plane flights are good for long articles, though not necessarily so much for run-of-the-mill daily updates.

Secondly, the nature of blogs and RSS feeds is that going back and editing posts can be a dodgy proposition because, if you write a post and save it to finish later, it doesn't necessarily get published (in Pivot, posts can be Published (i.e., made public), Timed Published (whereupon the user specifies a particular date and time to make a post available), or Held for later). If you finish a post later and make it public, it may not go into the RSS feed, and so might not be picked up by readers. This is, depending upon your point of view, a limitation in $blogging_engine. Edits to posts may not be reflected in an updated RSS feed either, nor may the edits be visible at first glance to someone sprint-scanning a blog to see what's up lately. Edits to older posts (for example, say I had to correct some stuff in that Linux-with-soft-RAID post may go unnoticed unless someone specifically goes back and reads that post again. Blog admins can, of course, put 'edited' tags on the appropriate posts, or edit the titles of reflected posts.

Thinking about it, it should be possible to write plugins for blogging engines that change the coloration of edits in posts to make them stand out, much as wikis can do.

This is what I liked about a flat HTML weblog: For every day, text accumulated from the top down. To read the latest entries for a particular calendar day the reader had to scroll through the earlier entries for the day, and thus run into all of the new text, including edits and additions to the earlier ones. Maybe it's the narcissist that lives between my cerebral cortext and fingertips talking, but there is also the fact that getting eyes onto one's text is the only way that information will flow from point A to point B.

Now, where am I going with this? Am I saying that I'm a lazy so-and-so who doesn't go back to see if posts on sites I read have changed and that I want everyone to cater to my desires?

No, I'm not. I'm pondering, which is a far cry from "Cater to me because I'm lazy and won't take responsibility for keeping up to date." Maybe I've put an idea in someone's head that will turn into something great. Or maybe I'll learn enough PHP to write a couple of plug-ins that'll be of use to someone one of these days.

Working with software RAID in Linux.

Friday 05 October 2007 at 1:29 pm This post assumes that you've worked enough with Linux to know about the existence of software RAID in the Linux v2.6 kernel series, though not necessarily much about it.

If you're not familiar with it, RAID (Redundant Array of Inexpensive Disks) is a set of techniques that replicate data across multiple hard drives on the assumption that, at some point, a drive is going to fail. If the data can be found in some form on another drive, the data is still available. Otherwise you're out of luck unless you made backups, and if you're really unfortunate, your machine probably crashed as well, which means a full rebuild.

So, in a nutshell, this is how you'd get useful information out of those subsystems as well as how to fix things if they blow up.
More under the cut...

Not quite mind reading, not mind control the way people usually think of it, but significant nonetheless.

Friday 05 October 2007 at 10:45 am At the Massachusetts Institute of Technology biotech researchers have made progress on an area of prosthetics that most people don't think about because it's so obvious but is still very important nonetheless: The neural interface. Specifically, they've worked out an algorithm that converts patterns of chemoelectrical activity in the brain that signify intent of motion into commands for an external device. Current prosthetics aren't directly hooked into the central nervous system but the "network edge" of the peripheral nervous system via interface jacks connected to nerve endings. Let's be clear, interface jacks that accept only broad sorts of input, such as tensing the left pectoral muscle to cause an end effector to close, and relaxing it to open the gripper. This interface algorithm represents a means of control with a far finer resolution than anything available today. To be fair, research teams across the world are using different techniques to monitor brain activity (EEG, MRI, and optical, just to name a few), but they're also all using very different methods of interpreting the results. This algorithm is sufficiently generic that it can accept data from any of these methods and process it in a useful manner.

Is it ready for production? No. Can we finally get our cyberlimbs ala $cyberpunk_novel here? No. Can we see the Singularity on the horizon?

...don't ask me that. I don't know!

All kidding aside, this is a major step in the right direction, as well as a field of research that's worth keeping an eye on.

Somebody tell the Browncoats - there might be hope for a second Firefly movie.

Thursday 04 October 2007 at 2:51 pm A recent interview with Alan Tudyk by Moviehole.net let slip an interesting piece of information, namely, that there was a pretty good chance that a sequel to Serenity would be made by Universal Pictures because the collector's edition DVD of Serenity is selling so well. Even if it's a straight to DVD release (which is something of a fad these days), it would probably still sell well.

We can only hope.

That's some chili.

Thursday 04 October 2007 at 2:36 pm Fire fighters in central London were called out in full hazmat gear when they received a report that a) something was on fire, and b) it was causing knocking down everyone that was within range of the cloud. Knocking down as in, "couldn't breathe, couldn't see, in lots of pain."

At 1900 local time they had pinpointed the location (the Thai Cottage Restaurant) and the source of the noxious smoke: A cooking pot containing about nine pounds of nam prik pao, which is a Thai dipping sauce made up of super-hot chili peppers that are fried until they are burned, almost until they are on fire.

Gee.. those symptoms sound a lot like getting maced, come to think of it.

As it turns out, the people who work at the restaurant are used to the smoke, so they didn't notice that it was causing immense distress in everyone within range of the outlet of the restaurant's ventilation system.

It's plain to see where this man's priorities lie.

Thursday 04 October 2007 at 2:05 pm George W. Bush has vetoed only four bills during his terms in office, which is unheard of for any President of the United States. The first three involved two bills that would have expanded stem cell research and withdrawing troops from Iraq. Unfortunately, the latest bill that he's shot down was SCHIP, the State Children's Health Insurance Program, which would have renewed and expanded mandates that would made it possible for families that aren't poor enough to get Medicaid but can't afford health insurance to get coverage for their children. The bill would have added an additional $35bus of funding to the program over a period of four years, which would have raised the federal cigarette tax to $1us per packet. This bill made it possible for states that couldn't cover such programs on their own to cover constituents' children with less trouble.

As if that weren't enough, the House of Representatives will probably not override the veto if push comes to shove. In a head count of supporters, they're short about two dozen reps.

Health insurance is damnably expensive, even if you earn a decent amount of money for your area. If you're lucky, your employers will split the cost with you by getting a group plan for their employees and their families - let's say that a particular health plan costs $800us per month (which is on the cheap side for good health insurance) for a family of three. The company pays $600us of the monthly tab, and your paycheques are docked $200us for the rest.

Sometimes, though, even $200us is too much. Let's say that you only make $2kus every month. In some areas (like Pittsburgh), you can live comfortably on that much money if you live alone. In northern Virginia, on the other hand, two thousand dollars American every month will get you a single bedroom in a crack house if you're frugal and living alone. If you have a family, however, you're SOL. SCHIP would have lessened the impact by picking up more of the monthly tab for health insurance if children were involved.

You've probably read about my insurance woes. For a package that covered basic health, basic dental, and no vision, I was paying $400us out of pocket every month through COBRA after I left Sunrocket. When Sunrocket tanked (you've all seen the news), my COBRA coverage was over. That meant $800us/month out of pocket. The company I was contracting for at the time reimbursed for insurance after the fact, which meant spending three weeks out of every month down $800us.

Think that's bad? Now imagine making $35kus per year and having that hanging over your head. Without the possibility of reimbursement.

So much for no children being left behind.

At last, the post you've all been waiting for...

Wednesday 03 October 2007 at 2:34 pm Exoteric life being what it is, I've been waiting for the right time to post about Pretend to be a Time Traveler Day on 8 December 2007. The day is just what it sounds like - it's a Saturday where you wander around someplace pretending to be a time traveler, ideally kitted out in costume and in character but not actually telling anyone what you're doing. The original thread on the Koala Wallop forums goes on to describe a couple of possible schticks that you and your friends can try, such as "We came from a Utopian future but we don't quite get what you're all about" mode and the "Dystopian refugee looking like an extra from a Front 242 video" gag ala Tales of the Afternow (which I highly recommend, by the way). An interesting one comes in the form of "Time travelers from the past visiting future history", which is actually pretty easy to accomplish because it doesn't necessarily imply that you need Edwardian or Victorian clothing - your grandparents' clothing would work just as well (think early 20th century).

I wonder how many people out there are going to try the Gary Larson "time traveling cavemen" gag....

I could quote the rest of the thread but I'm not going to, even though there are a lot of interesting ideas in it. Instead, I'm going to go off a little on the sort of thing that I have in mind behind the cut, but before I do, I'd like to say that I'm organizing a group of people in the DC metroplex to join me on the 8th of December, 2007 on a walking tour of downtown Washington, DC. Hopefully we'll make it to the Smithsonian to check out all the quaint exhibits, and if possible I'd like to put in a visit to Dupont Circle, not only because it'd be a good place to have dinner after a long day of exploring the past, but because there are a couple of stores there that you post-apocalyptic types would probably like because you could add to your street armor. If you're interested either reply to this post or e-mail me, and we'll work out the details. You can expect updates as they develop.

Okay. Now on to what I've been kicking around...
More under the cut...

Why not? I forgot last year.

Wednesday 03 October 2007 at 10:41 am Don't forget - 3 October '10

.plan file update - the usual warnings apply.

Wednesday 03 October 2007 at 10:22 am As suggested by the title, I've updated my .plan file.

Here's looking at you, kids.

Wednesday 03 October 2007 at 10:17 am For unknown reasons, someone in northern Europe is leaving odd gifts for people all over the place - carved stone heads with rhymes taped to them. Each head (face, really) is carved into a large rock, about one foot in height, and from looking at the pictures of the faces they've been finding, they're very well done. Not exactly life-like, mind you (a little stylized), but each is unique and recognizable. So far 13 of them have been left on the doorsteps of random people, and each has been at least 100 miles from the others.

Supposedly, one of Britain's public securicams recorded the unknown prankster leaving one of the stones, but nothing more's been said along those lines.

Hail Eris.

Artists hide apartment in mall; Parker Lewis applauds.

Wednesday 03 October 2007 at 09:42 am Back in 2003, a small group of artists in the state of Rhode Island attempted a daring art hack: They snuck into the Providence Place Mall and hid an apartment in a corner of the parking garage as part of a guerilla documentary they were making on mall life. Michael Townsend and his cohorts, from all reports I've been able to dig up, set up a wall of cinderblocks which blended in with the rest of the structure to hide the 750 square foot chamber. A standard utility door allowed entrance and egress. The interior walls were also plastered and painted, the floor covered with laminated wood, and was furnished about as well as you'd expect a bachelor's apartment to be, down to the home entertainment center and Playstation 2 console. At one point, it was even broken into by people unknown and the Playstation was stolen.

The jig was up when mall security waited for Townsend and associates to return to their lair.

Townsend pleaded no contest to tresspassing and recieved probation and a lifetime ban from the mall.