You are: CATWOMAN!
Which Batman Villain Are You?
brought to you by Quizilla
Last night was rather productive, I'm happy to say. To make some extra money over the holidays I'm doing a bit of home office consulting for some colleagues of Dataline's this week. I'm not going to pass up the chance to make some extra gift money... I've never heard of Dell giving people such a hard time, though. Oh, well. I didn't buy it, I just have to put it together. Alexius came over last night to help me clean up around the Lab, in particular behind the bar. I discovered where all of my satchels and backpacks have been running off to, apparently to breed. I should put a few of them up for auction to free up some more space. Maybe I'll modify them somehow to jazz them up some. We managed to sort out the snakes' nest behind the bar that is composed of the power and audio cables of my sound system. As I probably mentioned before, I'm spinning at the Promise of Iris Solstice Social ball this Saturday - stop by the Friend's Meeting House with a masque and get your groove on. *plug* *plug*
Hey, if I don't help get the word out, who will?
My sound system, insofar as the CD players and turntables is fine. I didn't try out the tape deck; then again I don't plan on bringing it with me because trying to cue up tapes is hard, even more so when you've got less than five minutes to do so. They're just not worth the hassle. The mixer should hold out nicely. It doesn't break down often, and when it does a quick trip to Radio Shack for parts gets the job done. The amplifier, such as it is, isn't the best anymore, and I don't think it'll do the job. That's why PoI got hold of a PA system for me to use on Saturday. Hear me not complain because I don't have to haul an amp and speakers around with me for a change. Also, my speakers are just about shot. Of the original six, only three are still working and I doubt that I can repair the other three, seeing as how they're older than my body is. If I ever get a chance I'll probably replace them with a handful of small high yield speakers for in-Lab use only and forget the PA. I don't spin much anymore anyway, so it's no skin off my nose. The odd thing is, by the end of it all the Lab actually looks much better.
'lex and I also sat down to try to figure out why the PoI domain doesn't resolve properly. The DNS configs look good to me - they're actually not too different from the Network's zone records. We messed around on the registrar's control site to figure out what's giong wrong but neither of us saw anything wrong. Leandra seems to think that it's a matter of the DNS caches around the Net expiring their records eventually. At least their website is accessible somehow. I'll have time to figure it out on Sunday, I hope.
Once we'd finished up I spent the evening catching up on the day's news, as sparse as it was, and checking on a few other project's I've got going. I'm hoping that my eBay auctions will start getting some hits soon. I glued and pressed the cardboard to make the cover boards of Fern's Book of Shadows Sunday night. When I checked last night the glue had set and the boards were holding up. I'll probably make the time to measure and cut them tonight in preparation for drilling the pages on Thursday or Sunday, if my plans hold up. I spent more of last night working on a gift for Pegritz for Yule. Given what he teaches and is a scholar of, I think he'll get a kick out of it.. this is the first time I've ever worked with Sculpey, so this is as much a learning experience as it is a mission. It's amazingly easy to work with; I'm still surprised that I can do anything at all with it. I remain hopeful.
I stil have to make my masque for the Solstice Social. I'm considering a black and silver motif (for a technomancer? whodathunk it...?) with some faux gemstones. And my red contact lenses.
Just when you thought it was safe to register a vanity domain... the website of Global Name Registry, designated top-level registrar for the .name TLD was cracked last weekend through the use of an exploit in the Apache webserver. Specifically, the front page of the website was altered. No other changes were found in their systems. They say that they've tightened their security and everything is right with the world once more.
Congratulations to Robyn of PoI! She gave birth yesterday afternoon to James Joseph at 1437 EST. Little James weighed 6 lbs. 9 oz.
Here's a neat hack for you: Paul V wrote an article on distcc, a distributed C compiler for OSnews. Sometimes compiling large code trees can take a long time on a single system, even a fast one. Good examples of this are compiling the the Linux kernel or Mozilla. To speed things up you can install a faster CPU and more RAM, add more CPUs to the system, or you can have a bunch of computers compiling different parts of the code tree at the same time and assembling the separate modules at the end, which is what distcc does. The article really doesn't have much to it, it's just about the fact that Paul got it working and compiled the Linux kernel and WINE with it. You can check out the project's homepage at http://distcc.samba.org/.
A serious vulnerability has been found in the Linux kernel, and has been implicated in the compromise of some of the Debian project's computers several days ago. The vulnerability is an integer value overflow in the brk(2) system call, which changes the size of a programme's data segment. The call as implemented does not check for bad values, allowing a user to gain root access. An exploit is in the wild at this time: An encrypted exploit was discovered on one of the Debian project's machines currently undergoing analysis and decrypted. All Linux kernels earlier than v2.4.23 are vulnerable; pre-release kernels later than v2.6.0-test6 and kernel v2.4.23 are not vulnerable. Download the updates from your distribution of choice's mirror sites and install them.
Following its purchase of Ximian in August of 2003, Novell, Incorporated is hiring coders in India to work on Ximian. How about hiring some of the coders in the United States who've been searching for jobs for almost two years now, guys?
If you've been keeping up with the Diebold electronic voting machine fiasco over the past two months or so you've no doubt heard that they've been suing people for putting up copies of the documents that leaked out, criticising their methods, and going through the copies of the code that have been making their rounds. Needless to say, this hasn't made them very popular, and it's damaged their credibility a lot. Recently they agreed to stop suing. Several dozen computer science researchers and students have been told that they will not be sued, which is causing quite a few people to breathe sighs of relief. Understandably, the EFF is all over this, as well they should be. Voting is a right in the United States, and accountability of those votes is important. If you cast a vote for Greg Dean and it gets counted toward someone else, not only is that basically stripping you of your right to vote (because whoever was behind that decided that your vote should go to someone else instead) but it is dishonest. I think that the fact that these holes are being made known far and wide is keeping the voting system honest.. the proof's out there for anyone who looks for it. Now Diebold has to fix the problems that have been made known; keeping them secret will only hurt everyone in the long run (the political system, the people whose votes theoretically decide what's going to happen, the politicians, the cororations...) Now they have to answer for what's going on.
Paul Starzetz has posted a formal writeup of the Linux kernel vulnerability I've been talking about.
Greetings fellow Frank Herbert fans from army.mil!
It looks like the home stretch - Yule's coming up and the usual rush is starting to build. During my shopping expedition yesterday I picked up the last of the art supplies I'll need to make gifts for a few people, now I just need the time to get to work. I've got the cover boards for Fern's Book of Shadows glued and pressing right now. Dataline found some wallpaper glue around the house that I'm trying out.. I'm gluing two thicknesses of cardboard together to make the cover boards because I can't find the high-density cardboard usually used for bookmaking anywhere. I hope that works. I also need to make a masque for the PoI Solstice Social this weekend, and Alexius is coming over tonight to help me test my sound system and get it unplugged from behind the bar so it can be moved on Saturday. Dataline wants me to help her pack some stuff up tonight as well; I hope it doesn't take too long, this is the only chance I'll have to get everything tested and disconnected this week. I picked up the stuff to make a gift for an old friend yesterday, as well... I think he'll be pleased with it.
I also found a Chinese cookbook for $5us at Michael's yesterday. Needless to say, it's now sitting on my bookshelf.
Jerald Sheets wrote an excellent article on rolling out Linux on a large scale. In it, he talks about moving the desktop systems in the hospital he works at over to Linux en masse by using the Kickstart system. If you've never messed around with it (and most home users don't just becuse there isn't much need to clone a single installation, at least not very often), Kickstart is an installation method where you boot from a floppy disk that has a configuration file in which every detail of the installation process is outlined from start to finish, all you have to do is switch CD-ROMs now and then (or not ever, if you do a network installation from a local server, as Jerald did). He put the contents of the Redhat CDs up on a local webserver, made a bunch of boot disks, and had them pull their packages across the network. He also talks about setting up archives of security updates and new application RPM files for the systems on his network. One thing I wish he'd done was use Kickstart to actually make the systems for him; he doesn't talk about making and debugging a Kickstart configuration file (which is a bit of a black art). He says that he's working on that right now. I hope he writes an article on that, I know that there is a considerable need for a good tutorial right now...
An interesting tidbit about Jon Johansen cracking Apple's iTunes: He released the code to do so only days before he's scheduled to be formally acquitted for writing DeCSS. Jon.. don't you think that's pushing your luck a little?
The Chinese government has released net.dissident Liu Di, age 23, along with Wu Yiran (age 34) and Li Yibin (age 29) the Qincheng prison for political detainees outside of Beijing last Friday on bail. The three were incarcerated for publishing articles critical of the Chinese Communist Party. This event is highly unusual in that political prisoners in China are rarely, if ever freed for any reason. They were never formally charged with anything. Prosecutors have decided to reject recommendations on the part of the Chinese net.police to indict her for subversion, stating that there is a lack of evidence against her.
The Commodore-64 emulator Frodo has been ported to the Palm Pilot. I've always been more of a fan of VICE, but this is still pretty cool. Frodo for the Palm requires PalmOS v5.0 or higher.
While we're on the subject of emulating Commodores, the CBM4Linux project has released v0.3.2. The latest revision is up to date with the latest kernel revision (v2.4.23), fixed for use with the GCC v3.3 compiler, and ready to rock with the v2.6 kernel series when it comes out. There are also Debian packages that might or might not work - I've added the APT lines to Leandra's configuration, I'll see how they work out tomorrow. Rock on.
Last night turned out to be more fun than I'd expected.. we'd gone to B'witche's Tavern in North Versailles. It's a little hard to find because the building's kind of plain but once you find it you'll never forget it. I'd expected to be bored out of my mind - I do not like bars; never have. This place is set up like a mediaeval tavern (under ordinary circumstances, another theme I'm not a fan of). The help's in garb and very friendly, and never too busy to hang out and talk with folks for a while. A group of us went to the place last night and wound up staying almost until last call. First of all... they've got mead. Lots of mead. So much that the eight of us killed somewhere around six bottles by ourselves (one bottle of Chaucer's is enough to fill three average-sized wineglasses, so it wasn't as much as you might think). They've got Goldschlager.... I don't think that I need to say anything more on that subject. Their chili was served in a bread bowl, which I dearly love, but they need to learn to make chili, I think.
I can fix that.
The atmosphere is very friendly and the place is well-lit. If this place isn't pagan friendly, I'm Kevin Mitnick. It's also extremely comfortable for family... B'Witch's also has specialty nights, which I think everyone should keep in mind: Every Sunday evening starting at 1830 EST is Auction Night, where merchandise (unspecified on the schedule) will be on sale for the holiday season. The first Saturday of every month is Fetish Night (meet and greet, no hardcore, no sex acts, body parts must be covered). It's a good sign when you see a St. Andrew's Cross when you walk in, though... As it turns out, Caroline (the proprietrix of B'Witches's) and Don at The ER Room are good friends... I think I'll be showing up there more often. The second Saturday of every night is Ren Garb night, where Renaissance and re-enactment folks are more than welcome to show up full dressed.. think I'll pass on that. The fourth Saturday of every month is Pagan night, with music, Tarot readings, et certa... sounds like fun (we were at that last night, incidentally). The cover's $5us.
On the other hand.. I completely forgot about the Bisexual Pittsburgh meeting at the GLCC yesterday. I got a voice mail from John sometime yesterday afternoon that I didn't pick up until I was on the road that they were looking for me..
Dammit.
I hate it when I do that.
I think Dataline will be happy... I'm tired of her crabbing at me that I'm getting too skinny and looking anorexic. I decided to put on about fifteen pounds of body weight to fill out my exterior. She's stopped bitching, which is a plus, but now a lot of my clothing is very uncomfortable, to say nothing of the fact that I can feel things moving that really should be. It's very disconcerting, and I see it as a major step backward, but at least she's no longer climbing all over my back about looking sickly. The less yelling that goes on, the more I can actually get done.
I need to get the hell out of here. This charade is really starting to piss me off.
I've just put some stuff up on eBay for sale. Right now I've got a couple of hard drives up for auction, and more stuff will appear soon. Check them out.
22 back issues of Odyssey Magazine (a children's astronomy magazine) are now up for auction on eBay.
Today hit the ground running, unfortunately, though I managed to get things slowed down eventually. I was hoping for a restful, relaxing weekend and it might turn out that way eventually. At least, I hope so.
I had planned on a leisurely day of wandering around the area hitting all of the hobby stores to find stuff for the diorama Dataline does every Yule with the tree platform and a few trains. One of the most difficult things to find anymore is green textured paper to cover the platform, which approximates a grassy landscape. Try finding it these days. I got lucky and found it at a hobby shop that specialises in HO-scale model trains and picked up a few hundred square feet of it for her. However, she also asked me to do food shopping for her, which meant that I had a time constraint: Get to the store before it's shopped out. Thankfully we really didn't need all that much so ten minutes later I had that taken care of.
I havn't had a chance to consider what I'm going to get everyone for Yule this year. I think I'm going to wind up going with gift certificates and home made sweets for everyone because I just don't have the money right now. I hope to have some time tomorrow afternoon to think about things.
Right now I'm getting a pile of stuff together to put up on eBay to free up some space in the Lab. I realised something last night: I'm DJing the Promise of Iris Solstice Social Ball this year, and I can't even get behind the rack to disconnect my gear to move it, let alone stand and practise with it due to all the stuff that's piled up in the space. Lowmagnet picked up the server I'd been hosting for him last night, which opens up a lot of room but there's still a lot of stuff that needs to be taken care of. I'm going to be putting up some SCSI hard drives, magazines, some pewter models, some modems from the old dialup pool, and whatever else I can find to free up room and raise some cash. I'll post the links when that's done.
I was hoping to spend some time close to home tonight; Fern mentioned wanting to have a movie night, which I was really looking forward to, but Alexius is calling folks together to go to a new bar with a mediaeval theme.
I'm not a fan of mediaeval, or of the Renaissance... I also don't like to go to bars. I promised everyone that I'd hang out with them tonight, but on the whole I'd much rather not go. I was hoping to spend one night close to home for once. I'm really tired of traipsing all over Creation.
Really tired.
The man who stole that laptop computer from the Wells Fargo Bank was arrested after the FBI traced him logging into his America On-Line account from one of the stolen laptops. Edward Krastof of Concord, CA confessed to stealing the computer after he was raided; during the raid authorities also found a considerable amount of equipment that could be used for scanning ID cards (not easy these days given the white-light holograms embedded in the plastic, among other measures) and bank cheques.
Today's going slow but steady. The office is on a skeleton crew today; everyone else took today off to do whatever it is that people do over the Thanksgiving holiday.
It's weird: It's been so long since I've actually had a vacation day after Thanksgiving, I have no idea what it is that people do. I'm used to having to hack all day on a project or write a paper. That's what I did for almost eight years. Today I'm in the office making sure everything's running properly and waiting for all hell to break loose.
Analysis of the break-ins at debian.org continues. James Troup posted to the Debian Developers' mailing list earlier today to post what he's found so far.. The compromise was discovered when a kernel module installed from the suckit rootkit caused the affected systems to report "oops" errors (basically, the Linux kernel says "Uh-oh, something's not right inside me - think the T-1000 in T2 when he gets hit with that grenade) all over the place. Because all of the affected machines were throwing the same error in the same place, eyebrows were raised and the investigation began. An unknown intruder used someone's password (probably collected from another compromised machine where someone was reusing that password.. very, very bad idea) to log into the server "master" and broke root somehow (I'd guess with the GNU Screen vulnerability that's been going around because the usual maintainers aren't responding) and installed the rootkit in question. Then, the intruder began reaching out to other Debian Project servers and compromising them.
When the break-in was discovered the systems were shut down and their hard drives were imaged (perfect binary copies were made for later analysis). Three of the machines were torched and rebuilt from pristine media and patched. It's taking a long time to verify the Debian archives from its mirrors around the world - there's a lot of files to go through. No one's sure how many of the developers' other accounts are compromised - the suckit rootkit has an ethernet sniffer included as part of its toolset, so any number of login IDs and passwords could have been captured if people were sourcing out from those machines. All of the Debian developers' account are locked out right now, so work's slowed to a crawl. I'll post more as I find out what's going on.
Someone's posted SCO's start-paying-us-for-Linux letter to Groklaw. There's a lot of misinformation in here, so much so that anyone who's even partially familiar with Linux as a phenomenon will wonder exactly what SCO is trying to pull. Commercial software tends to vary a lot in security these days; sometimes trying to convince a vendor of the existence of a security hole in their software is impossible until after the exploits start flying. I have to wonder how many of us who code on Linux machines really did have access to AT&T's original source code for System-V... a lot of the folks I know must have good plastic surgeons.
Something I've wondered for a long time is the age spread of Linux developers, to be honest... what is the age range like, anyway?
Okay, that's not one of my better posts. I was hoping to make it a bit more coherent but I'm multitasking again.
Cosmicity's facewell album, Escape Pod for Two has been officially released. Check out the television commercial for it.
This evening after work I was the only one on the bus headed home; everyone else was off today, I suppose. In the office I was one of four people who came in, which I found rather unusual - I'm not used to that. I'm used to wherever I'm working being full of people and noisy and not having a sub-skeleton staff around. I guess that goes to show how long I've been out of the IT game; ordinarily I'd jump at the chance to get maintenance done and over with for the Thanksgiving break. But that's neither here nor there.
By the time I got home the bus driver had decided to drop me off in front of the building; because there was no one else on the bus she skipped the rest of her route out my way and called it a nice. I don't mind not having to walk up the hill in the snow... oh, did I mention that it's been snowing all afternoon? It's still coming down outside, though not very hard.
Lowmagnet and I went out for dinner this evening. He's in town for a couple of days and we spent time together, catching up and generally having a good time. In accord with what seems to be tradition for us, we went out for Mediterranean for dinner and then wandered around a bit, only to discover that most of the nearby stores were closed for the night. Failing that, we headed back to the Lab and watched movies - the DVD of The Breakfast Club that I'd picked up a few weeks ago. If you're a fan of the Brat Pack, grab it - they remastered the soundtrack, and it sounds quite good on a surround sound system.
It's definitely one of the defining movies of my life, up there with Pump Up the Volume, Wargames, and The Adventures of Buckaroo Banzai (you're surprised?). To this day I still have to think back to what I can recall of high school, and what a hell it was. But that's in the past, dead and buried. E nomine patris, et feli, et spiritu sancti...
Happy Thanksgiving, everyone.
Today's been a slow one.. I got up somewhen around 0900 EST, did basic maintenance, and then headed outside for breakfast. Thanksgiving is one of my favourite holidays simply because most of the day is spent sitting around relaxing. Even cooking is mostly waiting for the food to finish on the stove or in the oven. Last night I made a batch of lemon bars for my grandfather, caught up on my e-mail, and got my webcam working. Lyssa's at her brother's for Thanksgiving today, she was en route most of last night. I also had a chance to watch the X-Men 2 DVD - excellent image quality, sounds great on a surround sound system, but a little over halfway through the sound desynchs due to my DVD player choking on the odd frame. It's a little anoying, reading lips when the sound's out of kilter. The bonus DVD keeps crashing the DVD player, however, so watching the deleted scenes and flipping through the image gallery got on my nerves in fairly short order. Still, it's worth the $15.00us.
This morning I rolled up my sleeves after breakfast and started to work on the pumpkin tortes we're going to have for dessert. I think the graham cracker crusts turned out rather well, if I do say so myself.. we accidentally bought twice as much pumpkin as we needed (the recipe calls for 15 oz.) so we wound up doubling everything else and making two, one in the springform pan and a second in a pie tin. We still have pumpkin custard left over; it's in the freezer cooling as I write this to make.. well, custard. Waste not, want not. The turkey's in the oven and the stuffing's made. The rest can wait a few hours.
Lately, I've been thinking about moving my site over to a content management or portal system, like PostNuke or PHPnuke. I've worked with PostNuke at work and I really like how well it works; granted, it too me about three weeks of hacking around with it before I figured out how to do anything, but I'd like to give it a try. One of the biggest misgivings I've got about setting it up is that my site's indexed by search engines six ways from Sunday and a lot of people go through my memory logs to look stuff up. I don't want to hose all of those search engine hits just because I feel like shuffling stuff around. I might be able to get around that with a rule that'll re-write requests for .html files into requests for .php files, though. The other thing is that I won't be able to easily update it remotely (i.e., from work) and I don't know if I'll be able to use a text mode browser (like Elinks) to update the entries as I usually do. Also, the news article format that portal sites use seems a bit.. unsuited, I suppose, to the style of entries I make (a stream-of-consciousness narrative). I haven't decided yet. On the up side, it'll have a search engine built-in, which I could add right now but don't have the time to, and because it's built entirely out of PHP code it's easy to write extensions that pull data from a database. Also, more and more I like the idea of people being able to comment upon and discuss the stuff I write about in here (especially the privacy, civil rights, and technical information). Information wants to be free and all that.
It'll also make permalinks a bit more finely grained, so you don't have to read through a single day's entries to find what you want. As if that weren't enough the stuff I do write could be syndicated with an RSS feed (basically a news ticker). Also, I can set it up to automatically make certain words hyperlinks so I can save myself a lot of typing (for example, making the words Jinx Hackware a link to the site the first time I type it so I don't have to remember to do so all the time).
Anyway, I leave it up to you, my readers. Up at the very top of this page (and at the top of my front page) there's an e-mail link to let me know what you think about that. Un-spamblock the address as usual and tell me. I'll make the final decision over the Yule holiday.
A major security compromise has been found in the GNU Privacy Guard, an open-source cryptography utility. A particular kind of key, called an ElGamal signing key, is vulnerable to an attack which can reveal your private key. If your private key is revealed, everything you've ever encrypted with your public key can be decrypted and read by anyone who feels like it... and from what Werner Koch and Phong Nguyen (of the GnuPG project) say, figuring out the private key takes just a few seconds. Don't consider this a theoretical attack. This attack affects keys used to both sign and encrypt; most ElGamal keys are only used to encrypt. You can find a patch for this vulnerability that will remove ElGamal signing keys here. The patch is against v1.2.3 of GnuPG. This patch will be incorporated into the next revision of GnuPG.
Koch says to consider any keypairs made with GnuPG v1.0.2 or later to be vulnerable. To see if your key is one of them, issue the command gpg --list-key "<your name here>" and look for the size of the key in bits, followed by a letter and then a slash:
pub 2048G/xxxxxxxx 2001-xx-xx Mallory <mallory at example.net>
(I've taken this directly from the post to the GnuPG mailing list; sorry, Werner)
If you see a capital letter 'G' after the size of one of your keys, you should consider it compromised and revoke it as soon as possible. To generate a revocation certificate if you havn't done so already (which is actually good policy but nobody's perfect), use the following command: gpg --gen-revoke your_keyid > foo.rev. If your key does not have that capital 'G' after its bitsize, do not worry.
The import the revocation certificate into your keyring to mark your key as persona non grata: gpg --import < foo.rev
Now get your revoked key out there so that everyone else who has your public key can revoke it on their keyrings: gpg --keyserver some.pgp.key.server --send-keys your_keyid. You can also export your now-revoked key (gpg --export -a your_keyid > mykey.asc) to send to people and put on any websites your key's posted on to expedite the process.
Once again, if your key is not an ElGamal sign+encrypt key as described above do not do this. You don't have to. I would, however, recommend running the command gpg --refresh-keys once a day for the next week or so to catch any revocations from folks on your keyring, though.
Last night turned out to be a lot more hectic than I thought it would be. Yesterday morning we finally got tired of the coffee maker leaking all over the countertop while it was making programming fluid, and while this isn't ordinarily an emergency as most people reckon it (nor Dataline or myself) it does constitute an electrical shock hazard.. and my grandfather can neither see nor hear particularly well. While we could mitigate the risk of being lit up like a bank of LEDs reasonably well he could not, and so we decided to scrap the current one and get a replacement. For the halibut I hit the highway and started northward to a strip mall that's all but died since Wal-Mart moved in and started eating everyone's lunch, figuratively speaking. Anyway, they had a good deal on a coffee maker that's got a white housing (so it's easy to see) and is simple to use (a single on/off switch), both criteria for my grandfather's impaired senses. While I was out there I went hunting for corrugated paper with a brick pattern printed on it (for the Yule tree platform) and green grass-like paper for the railroad display. Wal-Mart carries neither. I went to a few craft stores last weekend to see if they had anything fitting those descriptions but came up null there as well. I might have to prowl around the hobby shoppes this weekend; a few near me carry model railroad supplies, which is basically what I'm looking for. I also picked up the two-disc set of X-Men 2 yesterday.
To its credit, Wal-Mart also has the season one boxed set of Forever Knight, which I've been slavering over since I heard it'd been released. For a good price, too.
After that I started picking up around the house, doing general cleaning to get ready for Thanksgiving (and because I'm generally sick of looking at the clutter and exercised to blow off some accumulated steam from this week, as well as stretching the muscles that have been cramping up lately. I think it's the cold and trying to write documentation at work (parallel revisions - ugh). And then I made the mistake of working on Lucien...
I patched Qmail on Lucien with the QMAILQUEUE patch, which basically lets you specify what programme you want to run to drop incoming mail into a holding queue. Ordinarily, one of Qmail's modules (called qmail-queue) does this: It takes an incoming message from the smtp daemon (which sits on a network interface and handles mesages from the network) and puts it into a directory to sit, where another module then walks through the queue in the order the messages were recieved in and delivers them to the right mailboxes. Something that spammers have been doing was sending mail to nonexistent users on Lucien using bizarre usernames (like <> and <<>>) from nonexistent points of origin. Qmail ordinarily accepts mail and tries to deliver it for some period of time; if it can't it sends a bounce message to the sender (which, in this case, doesn't exist). The only problem is that these messages sit in the queue for a week or so wasting disk space, memory, and CPU time (when Qmail attempts to deliver them but can't). The QMAILQUEUE patch lets you put another utility between qmail-smtpd and qmail-queue, which for the Network happens to be Qmail-scanner (an interface for a virus scanning system and anti-spam system; it's actually pretty slick).
So now, the way things work incoming mail hits qmail-smtpd and gets handed off to qmail-scanner, which checks to see if the destination address exists on Lucien (if not, it drops it on the floor due to the amount of sheer crap that comes in every day), scans the mail for viruses if it does, and then passes it off to qmail-queue to go into the queue delivery. Trying to set all of this up in a hurry, however, left me making mistakes left and right, and also nearly losing a configuration file for TCPserver (which I think is the neatest thing since sliced bread), and whcih took me a few hours of hand-hacking to get right a while ago... and this morning when I logged in to check my mail I found over three thousand messages waiting in my inbox, all of which are "My bounce message bounced" warnings from Qmail. I just deleted those en masse because Qmail scanner will handle that from now on.
Sheesh.
Jon Johansen of the Masters of Reverse Engineering, famous for DeCSS has done it again: This time he's figured out how to crack the digital rights management system of Apple's iTunes service. The utility is called QTFairUse. The utility dodges the subsystem which forces you to pay $0.99us per downloadeed song. Expect the fur to fly for this one, folks..
There's an excellent article on computer viruses over at CNet that I recommend to everyone. It starts off with Fred Cohen and his 1984 research paper that was rebuffed by the National Science Foundation. I guess they're still kicking themselves over that because he described the threat that viruses can pose to computers and networks.. the article goes on to relate some of the history of self-replicating programmes and how they started out not as malicious code but as classic "neat hacks" and research experiments. In the early 1980's no one thought that this had ever been done before (it had, incidentally, at Bell Labs in the early 1960's) and resurfaced as part of a game in the mid 1970's. Also mentioned is Core Wars, in which programmers write viruses that run in a virtual machine and battle for compute cycles and space in a simulated memory field. Something else mentioned is the first Apple II virus, called a cloner by its creator (Rich Skrenta of Pittsburgh, PA) and how he used it to play jokes on his schoolmates by having it copy itself onto their data and game disks. The article finishes, predictably, with viruses becoming more and more malevolent toward the end of the 1980's and on into today. There are lots of other articles linked off of this one, sit down and give them a read.
1026 EST: Number of messages in Lucien's remote queue: 87. Number at this time yesterday: 3,122. Success.
This happened about as rapidly as I'd expected: Three US Senators introduced a bill on Tuesday that defines marriage as between a man and a woman only, which would nullify the Massachusetts court decision. Senators Wayne Allard, Sam Brownback, and Jeff Sessions are behind what is referred to as the Federal Marriage Amendment. Yes, 'amendment' - this bill, if passed, would modify the Constitution. This bill was actually introduced to the House of Representatives on 21 May 2003 by Marilyn Musgrave so it's actually notall that new, but it's picking up supporters rapidly, now having over 100 people backing it.
You know, this reminds me of a joke someone told me once: A gay man and a straight man are sitting in a bar sharing a friendly beer and catching up on old times. The straight man's lamenting his third divorce in five years, the gay man, when asked how his life's going, remarks that it couldn't be better because he and his partner had been together for almost fifteen years, never fight, and generally are loving life. The only problem is that they can't be legally married. The straight man frowns and says "That's sick."
Well, I thought it was funny. The whole pot-and-kettle thing.
Linus has spoken - the v2.6 kernel is due to be released in late December. This is going to be the biggest release in a long time (since v2.4, in fact), featuring loads of new features and fixups. The final beta release hit mirror sites a few days ago, and bleeding edge crew is pounding on it night and day. Enterprise distributions of Linux are not expected to make the switch until later in 2004, when all the kinks are worked out. Among the improvements are much faster performance, better USB and Firewire support, and increased scalability (up to 64 CPUs per system and full support for 64-bit processor cores). Time to start scrounging around for a test box...
Tales about Indian fakirs who do seemingly impossible things have been going around for literally decades, if not more than a century. Rarely have they been scientifically studied, however.. until this gentleman, at least as far as I know. He claims that he's not eaten nor drunk water for several decades now. Prahlad Jani has been under constant observation for ten days now in a hospital in India, and true to his word he's neither eaten nor drunk anything. He does, however, have a hole in his palate (the roof of his mouth) through which he says that droplets of water filter into his body. I really don't think that mere drops of water are enough to sustain a human body, seeing as how humans succumb to dehydration after slightly less than a week or so without any liquid water (the article to the contrary). I don't have a scientific explanation for this. This is one of those things that makes you scratch your head and say "Wow." If anything else comes up about Fakir Jani I'll post it here.
Kuro5hin has picked up the story about iTunes being cracked as well.
Always treat someone right on home soil. They're nice enough to let you in. If they didn't let you in, watch your six, because they're under no obligation to give quarter nor take quarter. Two teens in Poole, Scotland broke into the home of an 80 year old woman, who wrestled with one and went after the other with a ceremonial sword that once belonged to her husband. Mrs. Jean Freke was only slightly banged up in the scuffle, walking away with only a few bruises but the burglars ran off into the night after meeting up with more resistance than they'd expected to encounter that evening.
I like Mrs. Frake.. she reminds me of my grandmother, down to taking no shit from anyone and having no qualms against rolling her sleeves up to tumble with someone who gives her trouble.
I miss you, Gramma.
Congress is giving the FBI even more power to act by increasing the reach of the USA PATRIOT Act and cutting the amount of overhead that the FBI has in terms of hoops they have to jump through in terms of getting their hands on transaction related documents, everything from business deals to what you mail-order without having to get a warrant. Lovely. I wonder how they're going to handle all the traffic from the holiday season?
I just discovered something truly broken about IE6. They've changed things around at work so that no other web browsers can be used; because we go through a proxy server, I think the proxy server examines the User-Agent line sent with each request by the browser and stops anything but IE6 dead in its tracks, which incidentally breaks a couple of web applications.. not because the apps don't work with IE, but because they don't work through the proxy server for reasons of authentication. They've overridden the directive which tells IE "Go through the proxy server for all but these (internal) sites" with "Go through the proxy server or go frag yourself." But that's just my complaining because I can't do my job.. what I discovered was that this is considered valid HTML code by IE6:
Is treated like this:
The former was a mistake on my part, a typo in my personal startup page. That should return an error, and actually is by any other browser out there but IE6. Whose bright idea was that? And they say Unix gives you more than enough of a chance to shoot yourself in the foot...
Diebold's coming under some more heat.. first the fisco with their voting computers, and now word's gotten out that many of the ATMs they manufacture were infected with Nachi during the outbreak. The advanced models they make run Windows XP Embedded Edition but were never patched for the RPC DCOM vulnerability. All it took was a few ATMs to fall prey to Nachi or Blaster and they began scanning for other vulnerable systems, which set off IDSes all over the place. To their credit, most of the machines were disinfected later that day, but that says a lot for planning on everyone's part (always plan for having to install patches in the future, no matter what you're running) and how tightly interconnected things are getting these days. I don't think anyone even suspected that a work could make its way into a theoretically isolated computer network like an automated teller system. It also says a great deal about the dangers of rogue network connections: An isolated network isn't if someone installs a modem and a PPP server on their workstation, or if a DSL line installed in an emergency network outage is never disconnected. As the connections multiply, so do the dangers inheent in them.
In a similiar vein, the Department of Homeland Security ran a simulated terrorist attack on computerised services not too long ago to see hwo well their infrastructure would hold up. They found some gaps in their structure that I really hope they're working on, giving the result of the exercise a grade of B+ - not excellent but not poor, either. At a guess with no background data to draw from, I'd say they ranked around "good" on a relative scale of terms. Many of the organisations that took part in the simulation weren't even aware of it until after the fact, which adds verisimilitude to the exercise: Terrorists usually don't telegraph their runs, so neither should dry runs. One thing that bothers me is that the simulation probably used techniques and research that DHS knows about; if they know what these so-far-mythical cadres of net.terrorists have up their sleeves, they aren't talking (and understandably so - if someone knows what you've got up your sleeve, it's not as effective because they can plan for it; you lose the element of surprise). This article doesn't have enough information for me to make a judgement call one way or the other.. at least they're working on it.
Being mistaken for someone else is rarely a good thing, moreso now due to the anti-cracker laws Singapore has instituted. Never folks to do things partway, the government of Singapore has passed laws allowing for pre-emptive strikes against crackers. The article's pretty thin but it has all the buzzwords you've come to know and love in the past two years, like "cyberterrorism", "national security", and "essential public services" Agencies may now patrol the Net and take out people they think are going to commit acts of "mass disruption".
Something else to hate about Office XP: Say you've got four documents open at once. You close one of them: Alt+F; Close. It closes all of the documents you've got open. Whoever thought that 'close a document' and 'quit' were synonymous needs pimpslapped.
The US Department of Energy was supposed to have released a preliminary report regarding the massive power failures on 14 August 2003 across the eastern seaboard, but this morning I tried to access it, and was thrown over to a 404 document: "The page you are lokoing for doesn't exist or might have been removed." How convenient. However, if you hit this posting on Bugtraq from a few days ago, you can read a few things that Geoff Shivley wrote about the document. I wonder if this was pulled in the same way that so many other freely accessible documents are these days "for reasons of national security."
PAT Transit has done it again.. in response to some of their drivers complaining about downtown (in particular the only straight road in the entire bloody city) they've changed a number of routes, including the buses I ride to and from work every day. My bus going in now swings around the block to drop me off another two blocks from work every morning, and I've got to retrace my steps back to that stop to get my bus every night. They hadn't even finalised it until last Friday (the day of Light-up Night in Pittsburgh, which is always a nightmare). Thanks a bunch, Port Authority. Spank you very much.
At Stanford University this past weekend computer security researchers gathered to discuss responsible disclosure: How and when to tell vendors that they'v found vulnerabilities in their software and when to tell the public about what they've found. Generally speaking, the accepted practise is that a researcher tells the company that they've found a bug, sometimes how they found it, the circumstances under which it can be exploited, and either a proof-of-concept exploit programme or the technique they used. If the company's on the ball they fix the bug, release a new version or a patch, and after some period of time the researcher tells everyone. The grey hats tend to tell everyone else first, and the company finds out later (or along with everyone else), so there's a scramble to isolate the vulnerability, patch it, and get the patch out there (that's been happening a lot to the OpenBSD project lately, mostly due to their claims of being 'secure by default', code audited, and other things that make you trust them; check out their website sometime). David Mitchell said at the conference that he's sworn off telling the public due to the impact of his last find: The Slammer worm.
Frankly, I think he's being hard on himself. It's not impossible to find a bug, write an exploit, and sit on it until someone else finds it just to mess with their heads. It's pretty improbable, but it still has a non-zero probability. Frankly, I'd rather have the exploits out there because then I can make sure that I'm covered, or that I've got to get my butt in gear, but that's just me. This could turn into another holy war, along the lines of vi-vs-emacs.
Snort v2.0.5 is out. Time to upgrade. Among the new features are thresholding for memcap rules and information leakage between concurrent packets. Not much has changed since v2.0.4, I can see.
Speaking of power grids and security, the US-Canada Power System Outage Task Force (sheesh.. sounds like something from a Cyberpunk 2020 supplement) has stated that crackers were not to blame for the power outages in August of 2003 but the power grid's controlling networks' reliance on the Net for connectivity does indeed make it vulnerable. There were a number of factors behind the outage, they say, among them computer failure, policy violations, poor maintenance on the part of FirstEnegy Corporation of Akron, OH, and plain old screwups. The article's pretty thin but if you're hoping to be reassured it's a good one.
Earlier this month an analyst working out of Concord, CA for the bank Wells, Fargo, and Company had a computer containing sensitive customer information stolen from his office. The bank is offering a $100kus reward for informationleading to the arrest and conviction of the thief. Names, addreses, and social security numbers are said to be part of the data that was stolen. The bank has admitted that there is no evidence that this data is being misused but due to California due diligance laws they're supposed to be notifying their customers. Anyone know for sure if they are?
Word's gotten out that the compromise of some of the Debian project's servers didn't include any of the source code. It didn't stop them from releasing Woody v3.0r2 last Friday.
Mother Nature threw us another curve ball in Pittsburgh today. When I got up this morning it was a pleasant, if slightly chilly 55 degrees Farenheit with a beautifully clear sky.. the kind of sky where the clouds are few and far between, at best accents carefully brushed onto an azure and cerulean canvas. Definitely one of my nicer sense-memories this year.. anyway, in the nine hours I was at work the temperature plummeted over twenty degrees Farenheit, it rained for a time, and it even snowed for some indeterminant period of time (which I realised walking to the bus stop this evening through a thin crust of snow atop the cracked concrete sidewalk next to cars leaving a disgustingly expensive outdoor parking lot covered with snow). Even through two shirts and a lined duster I still froze my six off waiting for the bus... I wasn't even sure it was the right stop to begin with (seeing as how my bus stop changed) but I'd guessed correctly and just a few minutes later I was happily reading on the bus back to the Lab. Mental note: Hoodie. Wear the hoodie tomorrow. That, or get around to making a cowl for my duster.
Today was unusually short and to the point. I'm still tired from running around all day yesterday but someone had to go out and finish restocking for the week.. I picked up a couple of things at the supermarket and then drove out to the new Joanne's Fabrics to see what I could find. Dataline asked me to look for polyfil stuffing so she can fix the couch and stuff for the Christmas tree platform. I was only able to find the polyfil, they didn't have much in the way of holiday stuff that wasn't fabric. Failing there, I wandered down to the new Wal-Mart (those things are popping up like mushrooms after a rainstorm) to see what they had. Aside from a light-string tester and the special metal box edition of Terminator 2 (which is quite good; there are sixteen more minutes of footage, meaning a good eleven or twelve new scenes) I came up bust there as well. Maybe it'll start appearing the closer we get to Yule.
All told, I was out for about two hours today. Dataline remarked to me that she'd expected me to be out all afternoon. I just told her, "I do what I have to do."
As much as I'd love to be away from the house for a couple of days to relax, I don't think it'll happen. I don't want to air any dirty laundry in here (gods know, I do enough of that in a backhanded manner), all I'll say is that if I don't stay local, I don't want to see what things will be like when I get back.
Debian GNU/Linux v3.0r2 was released on 21 November 2003 (named 'Woody', after the Toy Story character). This technically isn't a new release but a sub-release which fixes some security vulnerabilities and some bugs in the system in general. The announcement has a large list of the updated packages and bugs repaired, as well as a list of packages that have been removed from the distribution for one reason or another (usual licensing conflicts). You won't find a new set of installation CD-ROMs or ISO-9660 images for it; you'll use the same installation discs, but after you install you can run a distribution upgrade with the APT utility and it'll bring your new system up to par.
The Pet Shop Boys have released a new single, called Miracles. There is a b-side on the same disk called We're the Pet Shop Boys, amusingly enough, which is an autobiographical piece. You can get it through the folks at A Different Drum. While we're on the subject of synthpop, Neuropa just finished recording a new album (titled Born). I don't know when it's going to be released but it's projected that it'll be near the beginning of 2004, depending on when the discs leave the factory.
Speaking of CDs, I got Roxio 6 working on Dataline's deck today. For the hell of it I fired up the Shockwave tutorial and walked through it, and at least the drag-and-burn applet works perfectly. I ran a quick backup of her documents and wrote them out to a regular CD-R disk without any trouble. I'd say she's good to go. The menu application doesn't work so well but I think activating each individual application should work. Failing that I've got a copy of Nero as well that we could try.
Well, life's decided to start throwing curveballs lately. Lucien's remote mail queue is clogged with over 2200 bad e-mail messages from idiots who think that spamming to the addresses <>@every.domain.on.the.net and <<>>@every.domain.on.the.net will actually reach someone. I'm now looking into modifying Lucien to detect brain-dead attempts like this and toss them without even queueing them. Incoming e-mail is recorded, it will just take Lucien time to process the queue and find them.
If only there was a jury in the world who wouldn't convict me..
On top of that, Pittsburgh's Light-Up Night, when the light the big Yule tree is tonight. This means that festivities start at 1700 EST, when everyone's getting out of work. This also means that public transportation is going to be completely hosed. They've cancelled a few dozen bus routes for the next day or so (including all the ones that actually go to beyond the boundries of the city proper, like the one I ride home every night). Quite a few places are closing their offices at 1500 EST today so their staff can actually make it home before sunrise; Dataline's is one of them. My own, in all probability, is not but I'm trying to leave early today to get around the traffic jams in general and lack of a bus heading to my area in particular.
I saw a new street sign this morning: "Please don't gridlock."
a) When did 'gridlock' become a verb? b) You can't tell people to not cause something which evolves naturally.
The Council of Europe Cybercrime Treaty that the US is thinking of signing has quite a few provisions in it that do not bode well for US citizens. As the treaty is written right now, there isn't much which protects anyone's privacy. The treaty makes it possible for foreign governments to access the dossiers (an easier way of stating "your personal information") and communications records of whomever they like whenever they like for whatever reason. E-mail logs, phone records, and cellphone location data can all be examined by investigative organisations in every country that signs this treaty. Moreover, there really isn't much in the way of authentication (ensuring that the records are accurate and have not been altered) or a standard of investigation (justifying the reason for accessing the records). This one looks as if it might sneak by unless the word gets out. Hit Google and start the research, folks.. this one could hit kind of close to home.
The White House was evacuated yesterday? Since when?
Uh-oh.. some of the Debian Project's servers have been compromised. They've narrowed the intrusions down to their bug tracking system, their mailing list server, their web and CVS (concurrent versioning system) server, and the web search/web master/security update/non-us update archive. The boxes are offline and being scrutinsed at this time. The security archive is offline until they can either verify that nothing's been altered by comparing against known-good backups or they can reconstruct it from known good backups. The hell of it is that they were getting ready to announce the release of Debian v3.0r2, the next release.
Goood luck, guys.
In response to Darl McBride's missive at Linuxworld a few weeks ago, some of the open source folks at Growlaw wrote a rebuttal to McBride's remarks. In it, they state that the organisation of the open source community is wholly different from a corporation in that there is rarely, if ever, a controlling entity. The kernel project is a rare exception in that Linus Torvalds is chief developer and has final say-so over what does or does not make it into the kernel source tree. They go on to state that SCO is in violation of the GPL (GNU Public License) in that they continue to distribute the source code to the kernel even though it is accused of being in violation of intellectual property laws (sort of like having your cake and eating it, too), and because they are trying to force Linux users to purchase binary-only licenses to Linux software, which directly violates the GPL (GPL code may be redistributed in binary form (compiled executables) but the source code it was compiled from must be made available). Because they continue to distribute GPL'd Linux software (in this case, a distribution of Linux) but are at the same time not making the source code available, they are breaking the GPL. They also state that SCO is setting itself up for civil and possibly criminal prosecution by sending out these invoices. Moreover, if they recieve any invoices from SCO they're prepared to sue under Section 22-A of New York's Business Protection Law. They also take the obligatory shot at SCO by saying that without producing the source code which infringes upon their intellectual property (i.e., evidence) their claims are at best attempts at extortion. The letter is long and involved but easy to read. Check it out.
After several weeks of daily study and quite a few hilighters I finally finished reading my MySQL book. It's taken me a little under a month (about twenty-nine days, actually) of reading it on the bus in the morning, at work to rest my wrists, and occasionally at breakfast but I've finally made it through. Now I can stop carrying that sucker around with me and leave it at work to use as a reference manual.I'm starting to wonder about the CD/DVD writing software that came with Dataline's burner. It's manufactured by Roxio, who also made her original CD writing software, so I was hoping that it was compatible because it detected the CD writing software and uninstalled it to perform an upgrade. Unfortunately, aside from popping up a pretty window whenever you try to actually access the application it just sits there and sucks up CPU cycles. Oh, and it also hangs the system whenever you try to shut it down, and it just crashes Win2k if you resort to the task manager to kill it. That's not good... I might not have time to look at it tonight but I plan on removing it entirely, using regclean to blow the cruft out of the registry hives, and then reinstalling the DVD writing software from scratch, without the presence of Roxio CD Creator 5 this time. I suspect a few .dll files and maybe a registry key or two weren't removed, and installing over parts of an old version is never a good idea. We'll see what happens..
Gadget fiends will find this interesting, though because of what made this possible and not the court ruling itself. A US appeals court has limited using automobile navigation systems for audio surveillance because doing so causes the functionality to no longer perform its required task (which is permitting a roadside assistance company to keep track of cars in trouble). The FBI has a technique which turns this device into an infinity bug, a radio microphone which records everything going on in the passenger cabin of a car. This was originally meant to communicate with the passengers and driver of a car in case the vehicle is in an accident, but by remotely activating the device it can be used to spy on the passengers by relaying the signals to a listening post and not a roadside assistance switchboard. The name of the car manufacturer wasn't put in the final ruling of the court case in question (which makes me wonder how many car companies have such devices installed by default) but OnStar (part of General Motors) says it wasn't them; analysing court records suggest that ATX Technologies of Texas, manufacturer of the Tele Aid system installed in Mercedes cars was involved in the situation at hand. Even the cars have ears these days..
It makes me wonder if my own car has such a telemetry device installed. Playing Knight Rider with the FBI sounds like a fun way to pass the time on long road trips. *grin*
Securityfocus has an excellent article by Sarah Granger for home users and home officers on why computer security is important at home. Among the reasons she gives are identity theft and hijacking of your computer for nefarious purposes (and sticking you with the blame for what goes on) and how you can protect yourself (patches, patches, personal firewall, encryption, and a few other things). It's a good article for everyone, sit down and give it a read.
Qualcomm, Incorporated is one of the largest manufacturers of cellular equipment in the world, and it has recently stated that current cellular communication technology using the CDMA (code division multiple access) method of transmission (instead of sending samples of sound from someone speaking, an encoded burst of data which is error resistent is sent; the encoding is not meant to protect the voice data but prevent corruption of the signal en route; hit Google for a better explanation) can indeed be monitored. One of the side effects of CDMA encoding is that you can't just use a scanner to listen in, you'd have to reconstruct the stream of data in realtime. I'd theorise that one would have to modify a cellphone to act as a passive tap, but not being a cell maven I really don't know.. anyway, Qualcomm has finished a security system that would make cellular conversations much more secure than even the US government requires for its hardware, though if you've got an extensive knowledge of cellular technology you could theoretically build a device that could pull it off. The article tends to waffle back and forth and can be confusing (then again, I'm trying to do three different things at once right now), you might want to read it through two times to make sure it's clear. In a nutshell, don't worry about your cellphone being monitored unless someone really knows what they're doing and really wants to listen in on you. Just know that it's possible.
Here's a lurid thought for you: The Korean National Police Agency has exposed what amounts to a vast conspiracy (4,400 members) of systems crackers called Wowhackers. The upper echelons of Wowhackers are described as professionals at their trade and have a reputation for being able to crack government systems and the computer networks of "professionals" (I'm guessing that means corporate nets). They did have a data haven of sorts but the group's organiser is suspected of having trashed the data stores when he found out that they were being investigated. The Wowhackers have been around since May of 2000, it is said, and used cracker wargames to find new recruits. There were two leaders, another seventeen 'top professional hackers', each of which controlled another cadre fo twenty crackers, who then acted as liasions to hundreds of comparatively unskilled crackers and apprentices. Sheesh.. somebody call R.A. Wilson. I remember hearing rumours about stuff like this a year or two ago but never really thought that it was possible to organise such a large group of crackers because of personality and territory conflicts, to say nothing of secrecy difficulties. I must say, I am very impressed by this. These folks were and (until the last arrest is made) are a force to be reckoned with. I wonder how much stuff they were responsible for In Here.
Redhat's discontinuation of Redhat v7.1 through v9 so that the company can concentrate on its enterprise distributions is starting to draw a lot of heat from users and fans alike. The Fedora project is being readied to take over for the Redhat Linux we all know and love by placing it in the hands of the users themselves with only some oversight on the part of Redhat itself. Frankly, I'm not sorry to see Redhat v7.x go because of how much of a pain it was. v8.0 was a little better. I rather like v9.0 due to its stability and general lack of hacks to make some packages fit in better. A lot of people will disagree with me; that's fine. We all have our opinions. Redhat's discontinuation of end-user Linux really doesn't bother me overmuch, because I've always gotten better support from the Linux community than from Redhat, and if the community will have to support Fedora, then where, exactly, is the difference?
I'm not the only one who didn't like the end-user support for Redhat Linux, admit it.
I think the community will do as fine a job of maintaining what comes after, if not a better job. Anyone who's a part of the Linux community in general and the Redhat user community in particular has either a certain love for the distro or a vested interest in keeping it going for some period of time (enlightened self-interest, if you will). Either of those motives are enough to make one take on the task of holding the distro together, making RPM packagss (net.gods only know, there are enough unofficial ones out there that there are ports of APT to manage all of them (I've just linked to my favourite, check out Freshmeat for more of them), and writing documentation and workaround text files for the distribution. I say, more power to them. Let's get hacking.
I know this is a few days late, but I've been busy.. the Massachusetts court struck down a ban on gay marriage. On Tuesday the highest court of Massachusetts voted four to three that the ban on gay marriage is unconstitutional and stated that lawmakers had 180 days to come up with a way to make it completely legal. The seven same-sex couples who originally filed the suit weren't granted marriage licenses by the court, however. If this makes it through before it can be struck down (and people are trying to do so at this very minute, you can rest assured of that) married same sex couples will have all of the legal rights and privileges that heterosexual couples do. Mitt Romney, governor of Massachusetts, was quoted as saying "Marriage is an institution between a man and a woman. I will support an amendment to the Massachusetts Constitution that makes that expressly clear." He went on to state, however, that he felt that basic civil rights and benefits should apply to 'nontraditional couples' as well, which basically means that he's not in favour of legalised homosexual marriage but he would extend the same rights to homosexual couples.
Sorry, Mitt, but I've got to disagree with you here. All or nothing. Either legalise marriage for gay and lesbian couples or don't, but don't try to force the creation of yet another social class by granting one but not the other. If you're married, you get the legal rights and privs as well or you don't get married. Enough of this half-measures dreck. The House of the United States, interestingly enough, has been contemplating a Gay365.com there's an article up that says that similiar laws in Arizona and New Jersey are being challenged right now as well (thanks, Meryl).
Something surreal happened to me a couple of hours ago: I started getting pain in my hands so I locked my workstation and walked around in the NOC for a while to rest them, and in the course of my wandering I happened to see a bright patch on the floor, looking very out of place in the context of the rest of the chamber. Curious, I messed around with it for a while, putting the toe of my boot into ti to see what would happen, looking up at the ceiling and at all the cabling to see where it could be coming from. Then I realised that it was the tiniest patch of sunlight sneaking in from someplace. At a guess I started looking at all of the walls around me and discovered that the panels were on hinges, and the walls were actually glorified, rigid window blinds blocking off big picture windows facing the outside. I nudged one of them back and caught a glimpse of the building across the street, the strange powdery coating on the outer sides of the panels, the message that someone had tried to write in said coating, and a beautiful ray of sunlight coming from on high.
I think that's the first sunlight I've seen at work since I started there.
Scroll all the way to the bottom of this article. Remember Jonathan Brandis, who played the designated computer geek on SeaQuest DSV all those years ago? They found him dead in his Los Angeles apartment on Wednesday of unknown causes. Damn shame.. I remember back when they were making him out to be the latest teenage star, his face on the cover of magazines and all that.
Today's shaping up to be a long one. We've got a deadline to meet and I have a mountain of documentation that has to be written before then, so I probably won't be writing much, nor will I be responding to e-mails in a timely manner, save after I get home in the evenings. Sorry, everyone.
Sometimes the truth leaks up unexpectedly (but then again, when doesn't it?) about many things, including the SCO-vs-Linux controversy. Yesterday SCO filed its worst-case-scenario documentation with the SEC in which it strongly suggested that revenues from IP licensing may be important to keeping the company afloat. In each of these filings there is a section which outlines the risks that a company is facing and what they play to do about them; in SCO's there is a telling paragraph in which they admit that the Linux community is in some ways enticing the market to purchase less software (presumably in favour of open source applications), which results in decreased revenues for SCO (because one of their major products is the operating system UnixWare, a closed-source commercial version of Unix). Linux is costing them a considerable amount of customer base and they're starting to feel it.
While walking through the halls looking for someone after lunch today, I happened to walk past the office of the highest in the food chain in the department, and heard an oddly familiar song.. I stopped to listen at the door to see if I could place the tune, and realised that it was Plainsong by The Cure. Unfortunately I couldn't tell if he was listening to a CD or .mp3 file, or if he was listening to the radio. Maybe he's a closet fan; you never know.
I didn't get torn up on the snort-sigs mailing list, I found out yesterday. Brian Caswell, who is the ruleset maintainer of the Snort project had some helpful comments and criticisms on the rule I'd written. I can see that I really need to sit down with the documentation more because the rule isn't very portable to other environments, which can make using other people's rules difficult. I wound up justifying the offset into each packet I used, though I don't think it matters much in the long run. I also decided to track by destination IP (to which the response I was scanning for is going to); it was suggested to me that I track by the source IP address of the requests, which still doesn't make any sense to me because the rule doesn't look for attempts from an attacker, it looks for responses to failed attempts headed back to the attacker. I'm going to have to work on it some more. Still, it's not a bad first attempt at writing Snort rules.
Last night I managed to get a little work done on Dataline's deck in between returning phone calls from Tartan and Lowmagnet. I installed the Firewire card in her machine with relatively little trouble (I say relatively because I had to un-bolt the slot bulkhead which had the serial ports protruding from it that really aren't used anyway; her computer's mainboard isn't ATX, so there are headers on the board for plugging wiring harnesses into). Once I powered her deck back up Windows 2k detected the IEEE 1394 interface and configured it right off the bat. Yay - something worked. This evening I'm going to install the DVD writer in her system (replacing both the IDE hot swap tray and the USB CD writer at the same time) and get the software installed. I think I'm going to move the CD writer over to Leandra, replacing the CD-ROM drive in all probablity if it's ATAPI, pulling the bad CD writer and replacing it if it's SCSI, going USB if absolutely necessary.
A few months ago a few colleges started to offer virus writing classes as part of their computer science curriculum. This is now really starting to draw some heat from law enforcement and folks in the industry with credibility in general. I must say that I disagree with Dr. Bontchev when he says that stopping virii is the job of law enforcement and not CS grads. Law enforcement can't even catch the designer of a computer virus or worm unless they do something incredibly stupid, like brag about their work openly or autograph the code with their real handle. Second, being able to hunt down a criminal does not mean that you're capable of stopping the spread of an infection across a network. Now, if someone in law enforcement is knowledgable of computers (say, a CS grad or postgrad) then yes, I'd say they know how computers work, are hopefully clueful about viruses, and know how to take care of business. Dr. Bontchev is cutting too broad a swath here (though the reporter might be misquoting him, to be fair). I also disagree with his standpoint that antivirus researchers don't need to know how virus designers operate. Knowing how virus designers work is critical because it gives you insight into why a virus spreads in the manner it does, likely methods of unleashing an infection (and hopefully stopping them, like good e-mail filters), and possibly conditions under which a virus or worm may be contained, so that those conditions may be fostered in network environments. I am inclined, however, to agree that "there is no such thing as a 'good' virus" because it's all too easy for a virus to get out of control. All it takes is a single bug for an activity restriction to not work and then all hell can break loose across the Net. It's cliche' these days, but RTM's worm back in 1988 is a classic example of this.
Computer manufacturer Gateway has announced that it will be selling and supporting SuSE's enterprise edition of Linux. Customers (who will probably be corporate) will get a one year maintenance contract on patches and driver updates. Neat.
Web technologies are still evolving, and making the Net more accessible to everyone. Two new web logging applications have been released, with a distinct aim toward corporate and organisational use. The first is called TeamPage v3.0 by Traction Software, and features a modular architecture that makes it possible to plug new features into the system, like new authentication methods and compatibility with in-house search engines. The other is Workspace v1.0 by Socialtext, and is designed to make web logs and wiki systems more suitable for corporate and organisational use (which is something that is important right now, speaking from experience). Workspace is designed to integrate e-mail, personalisation of web sites, and secure access into a single application, which the customer either pays Socialtext to host and manage for them, or as a dedicated appliance (which would be much easier to maintain, as well as set up (the learning curves for many portal and web logging systems are steep, and a lot of the time there is no or scant up to date documentation)). If making information available is your thing, give this article a read. It might give you some more options.
I spent the evening hacking hardware in the Lab. First things first, crack the chassis of Dataline's deck to install the DVD writer. I realised soemthing about it while I was removing the faceplate: While it may be one of the cute "I want to be an iMac when I grow up!" cases that were all the rage about three years ago, you can't remove the drives in the 5.25" bays without removing the faceplate. The faceplate is badly molded, and it rips the faceplates off of any and all of the devices in those bays when it goes. It destroyed the CD-ROM drive, in fact. The front of said CD-ROM drive is cracked and I'm pretty sure that the geartrain that opens and closes the tray is wrecked. I yanked it (ripping off the faceplate of the DVD writer as well, much to my dismay) and roundfiled it, then began to cannibalise Burn for a replacement. Ten minutes and one new CD-ROM drive later (and one rescued laptop hard drive with adaptor harness, lest I forget it was inside her) and I had it replaced and had everything put back together. Next was installing the software. Thankfully, Windows 2000 successfully detected the drive and I installed the Roxio software without any trouble. I still have to register it but I don't know Dataline's login credentials for the Roxio registration programme so that's going to have to wait. Once it's all set up, I plan on testing the unit.
Anybody have a spare IEEE 1394 cable I could borrow?
Once that was done, I disconnected the USB CD writer and jacked it into Leandra to see if I could get it to work. After running the command modprobe usb-storage to load up the drivers for the external writer, I ran the command cdrecord -scanbus to see if Leandra had detected the drive properly (the output from the kernel message buffer is one thing, but whether or not it'll work is something else entirely) and lo and behold, device 1,0,0, a Polaroid BurnMAX 40EX was detected and working. Just for kicks I created a quick ISO image of my backup directory and wrote it to a blank CD in the SCSI CD writer.. and it worked. For whatever reason, it wasn't working for all those months, and now it is. Not that I'm complaining, in fact I hope it keeps working for a while yet. Writing to the USB CD writer was also a success. I wonder if it's possible to shotgun burn cycles and back up twice as fast. I'll have to give it a try..
So tonight was a success insofar as hardware is concerned. Leandra's happy, Dataline's deck is happy, and I'm happy. I made the time to go through my usual exercise routine tonight, made some berry tea, and there's a new episode of Queer Eye for the Straight Guy tonight.
I still think if the Fab 5 showed up at my Lab, they'd turn around and leave, calling the day a write-off. Victorian/Cyberpunk with a side of Technomancer wouldn't be familiar ground for them, I don't think.
AMD announced not too long ago that they're going to stop manufacturing 32-bit processor cores by the end of 2005. As the price of the 64-bit cores falls as time passes, they say that consumers really won't have any reason to keep buying the at-the-time-dirt-cheap 32-bit CPUs, so the migration to a 64-bit CPU will be trivially cheap. AMD's 64-bit CPUs are designed to run 32-bit code just as well as the native 32-bit CPUs do now, so theoretically this shouldn't pose a problem at all. Frankly, I can't wait for the 64-bit Athlon CPUs to become more prevelent, so I can upgrade Leandra. Mind you, that's a long-distance goal, within three years or so. Only time will tell for sure for the public at large.
For some reason it was unusually warm in my room last night; it was difficult sleeping, and I kept finding myself waking up every hour or so to toss and turn to let some of the heat out. I don't think it was a fever, but something else. Maybe the central heating in the house was turned up too high.. everything seemed to be fine in the morning, though. The weather's been a bit warmer than usual lately (though not by much), which I've been rather enjoying. It was actually comfortable this morning, and I didn't have to wear gloves to keep from losing the feeling in my hands so rapidly.
I forgot to turn in my hours for last week at work. Uh-oh. I think I can get them in by this evening if I hurry. Mental note: Put the assignment data into my PDA tonight so I don't forget again.
On the bus this morning I gave Dataline a copy of the latest issue of The Linux Journal to read when she has a chance. There are some articles on working with DVDs in it (appropos because we just bought that DVD writer), on playing DVDs under Linux (something that I have yet to try to really get working, even with XINe, and a fairly good selection of articles on other topics, some of them technical, some of them not. Maybe she'll be interested in trying Linux out as a desktop for a while. You never know.
Chris and I spent the morning ripping apart a rack-mounted KVM in the isolation chamber at work. Specifically, the new one that I'd put in which somehow wound up with a set of bent rails. I was, needless to say, unhappy that the only KVM module in the NOC that actually locks in position was messed up.. after taking the unit apart again (and crawling around beneath the raised floor in the dinosaur pen to retrieve a lost Torx bit) we managed to get the rails un-bent and reinstalled properly. When you're given a packet of screws to put something together, do yourself a favour and use all of them. You won't be sorry in the long run.
Is it just me, or does the fact that the e-mail abuse account at SWBell.net is pointed to an e-mail address at Prodigy strike anyone as strange?
The flood never ends.. spammers are now posting ads in the comment sections of weblogs and transmitting advertisements via SMS text messaging. I hate to break it to the news, but spam-over-IM isn't new. It's actually the reason that I stopped using ICQ back in 1998, but now I'm digressing.. posting comments in people's blogs is just going too far. It's actually pretty easy to get around, all you have to do is turn off anonymous posting and require everyone to set up an account, but that can also deter hit-and-run posters (like myself, admittedly) who might only have one thing to say ever. The big reason that people are so angry over SMS spam is that people with SMS-enabled cellphones have to pay on a per-message basis, sometimes on a per-byte basis. If your ID gets out there, you can count on your phone bill getting pretty high due to the spam. It just never seems to end.
It's amazing where old-school hardware pops up these days, like a bus terminal in Brisbane, Australia. One of the video display units in the terminal had to be rebooted for some reason (someone probably kicked the plug out) and when it came back on line, everyone saw the famous banner "COMMODORE 64 - 64K RAM SYSTEM - 30719 BASIC BYTES FREE". That really does my hearts good to see...
And more stuff on the Commodore front - C=64 case mods! Transparent resin cases for transplanted C=64 circuitry... is it not nifty? Edeikles either has a C=64 II (with a chassis very much like that of the C=128) or has transplanted his C=64 mainboard into a C=64 II chassis (probably one of the aftermarket ones they sold for a while) and then cast a replacement top half for it out of plastic resin. He's also tricked out the insides with super-bright LEDs to show off the insides. While this isn't a terribly practical modification (he mentioned on the Homestead mailing list (hit Google to find it, I'm too tired to recall the URL to the homepage out of my level 1 cache) that the plastic's very fragile). Check out some of the other hardware mods this guy's done - he does some excellent work. I'm impressed with it.
It makes me want to go spend some quality time with SAL...
A little less than an hour ago I made it back to the Lab from roaming around the city for most of today. Today's Sunday, which means a resupply run at the local supermarket for the family. While having breakfast, Dataline came out of her room and brought the newspapers with her - she likes to read the paper while drinking her morning coffee, and on Sunday she leafs through the advertisements to see what's on sale this week. She happened to see at Best Buy a DVD writer on sale for an excellent price ($149.00us after applicable rebates), and because it's been one of her goals to be able to burn some of her home movies to DVD to preserve them, she started bouncing ideas off of me. I answered them as best I could and eventually we decided to go in half-and-half on the writer and whatever would be necessary to get it running. One the shopping list had been hammered out I pulled on my coat and hit the pavement, heading in the general direction of the supermarket.
I think I spent a grand total of two hours running around the supermarket getting stuff. The place was packed and maneuvering the shopping carts wasn't easy. There were lots of people running into each other and the aisles were clogged with carts and people reading their shopping lists or labels. It wasn't a terribly difficult thing to do, it was just time consuming. Also, unless you get to the store in time the place is going to be shopped out, i.e., everything essential is going to be sold out and the stock team generally doesn't refill the shelves until late in the evening (if not early Monday morning), so there's a bit of a time constraint at work there. By the time I made it out of the store it was around 1400 EST, and with Pennsylvania blue laws just about everything closes at 1700 EST so I had to work fast. My next stop was the mall to visit a jeweler about getting some wristwatches repaired. Dataline's got three or four watches that she can't wear because they're damaged, and much to my dismay I discovered this morning that my La Crosse wristwatch's power cell had gone dead some time last night (now I remember why I never wear watches on my left arm...), so I planned a quick trip to the jeweler to see what could be done. As it turns out, two of the watches were fixable: The power cells just needed replaced. Two of Dataline's could be repaired with some expense because they'd have to be sent out to a specialist. A third with a damaged bracelet couldn't be fixed, but I think that I can cast a new bracelet for it without much trouble. I left a fourth behind to be examined (which the guy wound up breaking by losing the watch stem; if he can't find it they'll repair the entire watch at their own expense). While the watches were being examined, I headed out to run another few errands, and spend more money.
Yep. I bought that DVD writer, along with a spindle of 25 blanks (which cost me a pretty penny) and a Firewire interface card for Dataline's deck. Total cost: Just shy of $300.00us, which I can just barely afford. Thankfully there are some rebates that I plan on taking advantage of, and we aggreed to go halfsies on it, so I should be able to pay my bills this week. It's an ATAPI drive, unfortunately, but neither of us are willing to argue right about now. Dataline can make the content, and Leandra will burn it. I'm setting up a private web-based interface for burning for Dataline as I write this, so she doesn't have to worry about having an account on Leandra, just the credentials to access the service. But that's neither here nor there (for certain)...
Dave and Mark made it, D20 screwed it up: Whoever thought that it would be a good idea to port BESM (Big Eyes, Small Mouth - the Anime RPG) to the D20 system needs their wetware reformatted. I was wandering around B. Dalton Bookseller's in the mall today and came across a copy, and felt ill as I picked it up. BESM has one of the simplest formal RPG systems out there, hands down. Why someone would turn it into a D&D-like RPG, complete with classes, is completely beyond me. I guess there are some people on this planet for whom simplicity and not having to open the book even once in a given session are anathema. That's fine. Just don't ruin it for the rest of us.
A few days ago I cooked up another batch of tea to wet down Fern's Book of Shadows and poured it into a spray bottle to finish the pages. I sprayed every couple of pages in the stack and pressed them under a couple of servers (yes, I'm serious) for a few days so that the fibres of the individual sheets would lay flat and organise themselves into a more or less neat matrix so that they'd bind properly. A 32 ounce spray bottle is only about a dollar American at a grocery store and I've got so much bad tea left over I don't know what to do with it all. I pressed the pages of the Book for a couple of days under what I estimate to be about fifty pounds of weight and removed the servers last Tuesday to give the pages a chance to air dry, which they've actually been doing ever since then. It did an excellent job, evening out the nap of the pages and I think evening the colouration out in a few places. I'm going to drill bindery holes in the packet of pages sometime this week and begin assembling them into signatures (bundles of fifteen or twenty sheets of paper) little by little this week. I think I've finally worked out a reasonable method of binding the pages by sewing the first signature to a piece of high density fibreboard (the back cover) and then using a Coptic bindery to attach the subsequent signatures to one another, finally ending with the front cover. Once that's done I'll glue in a length of leather or ribbon for a bookmark and then began cutting the leather for the book jacket. I've even got a few sheets included that will be glued to the insides of the covers to act as endpapers once it's all said and done.
I havn't decided if I'm going to rig up an assembly to hold it closed with a padlock yet. I'll decide that next weekend, once I finish binding the pages.
Today was one of those days that stays in first gear, and mercifully stays there the entire time. I awoke this morning around 1030EST to the sound of the mailman outside delivering the day's bills... last week's paycheque has been spoken for in its entirity, unfortunately. We spent the morning talking about what's been going on, something that we havn't done in too long. We hardly talk anymore... more and more I keep thinking about somethig that Alexius told me once, and that was that his relationship to his family wouldn't be as good as it is if he hadn't moved out years ago.. People change as they grow older, and it's possible to change in ways that make it difficult to live together, even though you're from the same blodline. That's not a bad thig, that's just the way things turn out.. but that's not what I wanted to talk about.
We sat and watched the Food Network, our Saturday morning ritual, and made note of all the tasty Thanksgiving recipes, some of which we plan on trying out this year. Afterward I went out to Borders to price some study books for the CISSP certification. A few days ago I sat down with Chris at work and had a long talk about what it takes to get a job as a security professional, and not just as a ronin. He suggested getting the CISSP certification (which I'm actually still trying to learn the meaning of... some FAQ) if I'm going to break into the industry, and he's right. The code of ethics and body of knowledge that one must have to be worthy of the certification is considerable. I like to consider myself the sort that stays bought (once I've thrown my hat into your ring, it stays there), this just formalises the sentiment. So be it. Anyway, I found some good study books for the certification, but they're very expensive, starting at $60us and going upward from there. I copied the titles and authors' names into my PDA (who still needs a name, incidentally) so I can look for them on Amazon, hopefully for less (or used, for that matter). I hate being a cheapskate, but I'm not rich. I'm just a temp. I do what I can.
Anyway, once I finished that I picked up the latest issue of Ghost In the Shell 2: Man-Machine Interface, which is really starting to get good, but is confusing until you figure out what exactly you're seeing, and the novelisation of X-Men, which isn't drippingly fanboyish, like the novelisation of the second movie is, but once again I digress. I spent some time in the cafe' drinking coffee and reading GITS 2 and the D20 version of the Call of C'thul'hu RPG for no other reason than because I can. I don't have the opportunity very often to kick back and live in slow motion. Later in the afternoon I drove down to Goodwill to see what they had, and wound up finding a pair of posters for $2us each (The Matrix Reloaded) which you can find elsewhere for several times that price and, of all things, a long silver coat which I think Lyssa is going to find amusing. That stuff aside, they really didn't have much that struck me. I was half-nosing around looking for cosplay stuff but did't find anything that quite fit in with what I had in mind. I hadn't expected the mother of a couple of high school folks in the parkig lot to call my manner of dress 'cute' (black canvas baggies, a tight turtleneck, ankleboots, a leather motorcycle jacket, mirrorshades, and my hair down around my face - not quite Proteus but definitely blended enough to be comfortable) but.. so be it. She was taken with my contact lens (I was wearing my whiteout contact to get used to it for tonight, but I'll get to that).
After some wandering I headed back toward the Lab.. I played my grandfather's lottery numbers and then picked him up an Italian hoagie for dinner and got myself some Chinese takeout (which is giving me a headache all these hours later, oddly enough - are they using MSG now?). Dataline was going out for dinner thought, though she did sit with us while we ate and talked. We seem to be doing a lot of that lately.. she left to go to dinner and I changed to go to the library's anime mini-con that I wrote about weeks ago. I went as Sakurazuka Seishirou again... from the blind-eye contact lens to the baphomet pentacle ofuda. I hadn't expected so many people to recognise my character. One thing that I hadn't expected, however, was that I'd be the oldest person there. There comes a time in life, I discovered tonight, when seniors in high school are no longer comrades in arms. I've never felt like such an outsider anywhere before tonight. I think I'm fully twice the age of a lot of people who were there tonight.. but the ones I was talking to were very intelligent. Even though I was older, I felt connections to them.. the same interests, the same points of view, the same sense of "what am I doing in life?" And most of all, I saw hope there. I see a little of myself in them, and I hope that those same traits never gutter and die in them. There's hope for the world yet.
Hi, guys. You're probably going to read this if you click around my site for a while.
I spent a lot of time talking to folks, posing, dropping the names of series that some folks might like, and more importantly learning the titles of a few that I'd like to take a look at.. one of these days I'll get into Chobits... I also caught up on some of the stuff that's been happening in the area.
I feel old.
After sitting and talking with everyone for a while because the movie that was being shown didn't really interest me, I gathered up the stuff I'd brought to display (I'm really pleased that so many people loved my copy of Angel Cage) and headed back to the Lab. My original plans were to join Seele and Slowjo in the strip district, but after I got home and changed out of my suit and tie ad removed my contact lenses (eight hours is enough, even for neat prosthetic lenses) I checked my voice mail and found a message from Seele. She and Slojo weren't able to make it tonight, so I decided to call it an early night and curl with Kabuki in the Lab. I'm not terribly concerned with what I'm going to do tomorrow.
Geez.. this episode of Justice League has some hardcore H.P. Lovecraft references. I can't be certain, but Hawkgirl's verbally fencing with a manifestation of Azathoth, and Solomon Grundy was fighting a pack of Deep Ones unless I miss my guess.
Wow.. after all these years, there's now a Unicron toy. It's for Transformers Armada, but it's Unicron. Neat.
Now playing: Alphaville - Big In Japan (Culture Mix)
Well, no one's flamed me yet on the snort-sigs mailing list... I tried my hand at writing a few rules to watch out for the SMTP AUTH bruteforce login attempts happening right now (scroll down a bit to find that particular writeup) and posted them to said mailing list for some C&C and hopefully a correction from someone more knowledgable than I in using the threshold functionality of Snort. Time will tell if I get to go home today with my eyebrows intact.
Given all the stuff that's happening with SCO in the Linux community right now, it's good to see that most everyone's sticking together. The Open Source Development Laboratory, which is the current employer of Linus Torvalds (the creator of the Linux kernel) and is funded by too many companies to mention with the feeling gone from my hands has stated that it's paying for any of its employees' legal bills incurred through SCO's actions. Yesterday, SCO announced that it would be filing subpoenas for Linus Torvalds and Richard M. Stallman (oh, boy, are they going to have a fight on their hands...) among other open source luminaries to get them on the stand in US court. The plot coagulates...
Concerns about electronic voting are starting to make themselves felt in more than just personal privacy and freedom circles.. the article starts off by talking about the fiasco down in Florida during the 2000 US Presidential Election and Congress enacting the Help America Vote Act of 2002, part of which made provision for helping the 50 states upgrade their voting equipment. Predictably, the US began moving over to computerised voting machinery. And then there's Diebold... out of 55k voting computers around the USA, there are 328 known loopholes in their security, 26 of those big enough (and unfixed, incidentally) to make you wonder if using these machines is really such a good idea. Not too long ago an election was held in Houston, TX using the Diebold machines. A dozen of them malfunctioned. Voters were given pieces of paper; many left without voting at all. In California, voting machines were used that weren't certified for use as legal, throwing the validity of the election into considerable doubt. It gets better, ladies and gentlemen: An election held in Fairfax County, Virginia was held with voting machines manufactured by Advanced Voting solutions of Texas; out of every one hundred votes for one candidate was actually subtracted from the votes counted for another, thus altering the tallies unfairly. In the 2002 elections in Georgia the Diebold machines were found to be registering votes for one candidate only, regardless of whom the voter actully picked! Later it was found that Diebold had flashed the firmware of the units without telling anyone, and when the election was over, they wiped the memory cards that held the votes, so now no one can tell what was really going on!!
Tell me.. is this legal? Is this democratic? Is this what we've come to expect from an election in the United States of America?
Check out the rest of this article, folks, and hit every link inside it. As citizens, you need to know what's going on. If you don't live in the US, you still need to know what's going on, because we're not going to hear about it on the news; someone has to know, and the more the better.
I just found out that Liz (of Zard Biomatrix and Liz) is pregnant. She's expecting somewhen around the end of May 2004. Congratulations!
I know what I'm watching when I get home tonight.. my namesake has a new adventure available from bbc.co.uk, done by Cosgrove Hall (the creators of Dangermouse) in Flash.
Blood isn't always thicker than water - sometimes it's miscible. A case of human chimaerism was reported on recently, and it's not only got doctors scratching their heads, but the family as well. A 52-year old woman (location unknown, presumed the UK due to the URL of the article) was knocked for a loop when genetic testing to determine if she was a compatible kidney donor revealed that two of her three sons aren't genetically related to her. After extensive research, testing, and saying "What the hell?!" doctors have concluded that she's a chimaera: A hybrid of the cells of at least two distinct individuals. As near as they can tell, at some point during the woman's embryonic development, she had a twin with her in the womb, and at some point they fused into a single distinct fetus, composed of a mixture of cells from both fetii, each with a unique DNA sequence. I would say that more than two is possible, though highly unlikely, but now I find myself straying from the topic. The DNA-carrying cells of the woman's blood are of a single genetic sequence, but the other tissues of her body are of two different sets of DNA entirely, coexisting peacefully. They say that one son came from an egg from the one genetic code, the other two sons came from cells from the other genetic sequence. This is an extremely rare phenomenon; only about thirty confirmed cases are known to have existed.
As if the article regarding electronic voting foul-ups wasn't bad enough, check out the current issue of RISKS. And pour yourself a stiff one, you'll need it.
Here's something that I have a feeling lots of people will find interesting: Scientists have created a biological virus from scratch in a little under two weeks' time. The virus is technically a bacteriophage, a virus which infects bacteria (specific to the strain of 'phage) and hijacks the cell's mechanisms to reproduce itself. The US Department of Energy is funding this project, with the ultimate goal of enginerring microbes that will leech carbon dioxide out of the atmosphere (which sounds like a bad idea to me, because some amount of CO2 is necessary in the atmosphere to maintain balance).
Most of today was spent with a sickly feeling in my stomach.. shortly after I'd left for work this morning the Lab lost power, and the Children were knocked out. Leandra and Lucien were offline until I got home this evening and rebooted them. For some reason, Lain came back up when power was restored some time this afternoon. I found this out the hard way trying to log into the Network today, and failing miserably. I suspect it was the wind that's been whipping the land all day today, in fact since last night.
The temperature plummeted yesterday, and around 2200 EST the wind began to blow, harder and harder.. I fell asleep last night while the wind sang to me. On and on it went, a high wail, between a C and and E in an upper octave. It sounded beautiful.. I havn't heard that song for months, and I must confess, I love the coming of winter solely because the wind blows harder and harder, and it whistles past the house like the tune of a score of pipers... I slept well last night, and woke up feeling quite refreshed. This morning we were all surprised to find that it was snowing hard enough to notice even in the early morning, pre-coffee grogginess. For once, the weather around here is right on the button: Cold, grey, windy, and snowy. Yay, Pittsburgh.
To those of you waiting for e-mail responses, please be patient. Lucien (my mail server (send the packets to me....)) was offline all day today. Messages will get through as mail servers Out There retransmit. To everyone who couldn't log in to Lucien to get their e-mail.. sorry about that. There's nothing I could do to restore the power from work. I need a much, much larger UPS, and I can't afford one right now.
Now playing: Brian Tyler - Summon the Worms - Children of Dune soundtrack
A review of the Sharp Zaurus SL-C860's been published. This device looks like a sweet little piece of gear, let me tell you.. running Linux and Metrowerks' OpenPDA system, it's packing 128MB of flash memory (65MB of which is available to the user, probably more if you use a custom-built OS image, like Open Zaurus) and a VGA display running 640x480. If the images are accurate it's built like a laptop, though you can fold the display around and give it the configuration and form factor of a PDA. Interestingly, the unit will come standard with English-to-Japanese-and-back-again translation software built into the OS. I wonder how accurate it is... it's got the standard compact flash and secure digital slots for expandability and additional storage, which really makes me happy (compact flash GPS, here I come!) The processor core is what floors me, though - it's an Intel XScale PXA255 clocking in at 400MHz. Damn. If it comes with a decent speaker built in (so I don't have to plug a pair of headphones in to listen to .mp3's) I'll start saving up for it this moment. The power cell has got a lot of potential too - it's a 1700 mA lithium-ion batter with a continuous runtime of eight and one half hours if they're not talking through their hats.
Hell, just give me the power cell for my current Zaurus.
A company called EmergeCore Networks, LLC now has in production what could easily be the Swiss Army Network Appliance. The device si called IT In A Box, and it looks pretty slick. It's basically a small computer running a Transmeta Crusoe 544MHz CPU and 128MB of RAM, and a flotilla of essential services to LANs of today, like an e-mail server (no word on how you're supposed to pick up your mail, like POP3 or IMAP), a web server, and a DHCP server. It's described as being an ethernet hub as well (which can get kind of slow, I'd feel better about it if it was a switch instead, because they don't replicate traffic to every port on the unit), a wireless access point (yay! another rogue AP to annoy and confuse the IT staff!), and quite a few other things. The configuration is managed through a web-based interface (probably the aforementioned webserver). The AP functionality, to its credit, doesn't broadcast its ESSID, so an attacker would have to listen for a time to pick it up. While the device has VPN (virtual private network) functionality, this capability isn't extended to any wireless clients accessing the unit, which is a shame because WEP (wired equivelence protocol; an encryption scheme which is supposed to give 802.11b the same security as using a cable) is very insecure. VPN support would go a logn way toward locking it down. The hard drive built into the unit is only 20GB in size, which is in all probability shared between the OS, any web pages stored on the unit, any e-mails stored on the unit, and whatever files are copied over. It's probably possible to modify the unit to use a larger drive but I'm just speculating at this point; give me one and a screwdriver and I'll let you know. The firewalling support is very limited, which makes me not want to trust it overmuch. I'd rather be able to sit down and define a firewall schema and not have to trust "high", "medium", and "low".
Microsoft's taking another stab at opensource security by trying to claim that their turnaround on writing patches for security vulnerabilties is faster than that of opensource (in particular, Linux) code. Their argument is that it could take days or weeks, sometimes months to find holes in open source code, while it takes them only days to release a patch for Windows. What they fail to mention is that those holes in Windows have been present in the system for days, weeks, or months as well. You don't know a hole's there until you find it and play around with it to see a) where it is, b) what it breaks, and c) what impact b) has on the system. Microsoft also conveniently fails to mention that not a few times in the past they've had to pull and re-release patches because they either broke things worse or just didn't fix the bug in question. They're arguing from a fallacious position while trying to cover their butts.
I love this.. I've been reading the writeup of MS03-046, the memory exhaustion DoS attack in Exchange v5.5. Workarounds: "Only accept authetnicated SMTP sessions." That kind of implies that contacting the server to deliver mail (the reason for Exchange in particular and the SMTP protocol in general) will be harder. "Use a fireall to block the port that SMTP uses." If other systems can't get to port 25/TCP, they can't deliver mail at all. While internal mail is itself useful, communication with the Net is still pretty important.
Sorry. This just struck me as borderline absurd.
As if there wasn't enough drek to put up with right now, spammers are hunting for new and annoying ways to inundate the Net with their advertisements. Now they're cracking Exchange servers (and I'd wager other authenticate-to-relay systems) to reflect their crud. The way that e-mail relaying works in theory is that you connect to a mail server and instead of specifying an account on the server you specify an e-mail address someplace else. The mail server takes the message and relays it to the address you told it. This is good because POP3 users often have to rely upon the mail server to transmit their replies for them, but bad if the mail server will relay messages for anyone Out There who connects and asks nicely. That's originally how spamming got its start. Nowadays any e-mail server that's worth being called one will only relay messages coming from the same IP subnet it's on (often done behind firewalls) or for people who've logged in somehow, thus providing valid credentials. Exchange handles this with the SMTP AUTH LOGON command, other e-mail servers work differently (I'm kind of partial to how Qmail can do it, myself). The thing about passwords is that they can be guessed, rapidly if the user chose an easy password, not so if they chose a good one, but any password will fall if you work at it long enough (even the good ones that look like line noise will fall eventually, though it might take a couple of years of continuous guessing). There's a good writeup of the what and wherefore here, I strongly suggest that all admins give it a look just in case. In a nutshell, the Guest account should be disabled (wow.. 'guest'... that takes me back..), along with any other accounts that really shouldn't be recieving e-mail directly.
If there's any comic book character I can see busting out the Ritual of the Star Ruby, it's Constantine.
Reading this article on star hackers made me think of the song Star Trekkin', for some reason... a filk of a filk?
I know I havn't been writing much light of late; I'm havn't felt up to it. I think part of the problem is that the weather's getting colder and my wrists are acting up no matter what I do. Even if I don't jack for a day or two straight my wrists trouble me, which I can only chalk up to the cold and changes in air pressure. Today wasn't a particularly rainy day, but it was chilly and wet, two things that traditionally don't do bad joints a whole lot of justice. It's slowed me down on the console, and more and more I just want to sit with a hot cup of coffee, my kittyband, and a good book. Maybe I'm betraying my heritage as a cyb, but if I can't move my hands (or, more to the point, feel anything with my hands) it's kind of pointless.
Dataline and I went to pick up my car at the garage tonight. The bill came out to a hair over $340us. Winterising the car didn't take much at all, it was the least of the bill, in fact. They worked on my brakes, re-doing the front ones and doing a little work on the rear brakes. I'm hard on them, what can I say? Maybe I should start being more careful about that.. they wound up replacing the rear left lamp assembly, which topped out around $120us. From what I could tell in the parking lot they had to replace the entire housing and most of the part that gets bolted to the body. While I'm all for modular design this is nothing more than a means to make more money by making it impossible to replace just the part you need (in my case, the red refractive plastic lens covering the entire assembly). I could have taped it up, but that looks like hell (okay, my car's as vain as I am) and it would probably obscure the light so much that I'd get pulled over for driving with a burned out brake light, knowing my luck. So I bit the bullet and had it replaced... I think insurance will cover the tail light.
It was only a matter of time, I guess... crackers in Eastern Europe are blackmailing small companies by threatening to DDoS them unless they cough up tens of thousands of dollars in the latest incarnation of the protection racket.
Audiophiles will be pleased to note that the SID chipe in the C=1 are up and running. Check out the .mp3 files that Rob Parsons put online for yourself.
v0.65 of ClamAV, the open source virus scanner, has just been released. Among the latest changes are stability fixes all over the place (I don't know, v0.60 is rock-solid by my reckoning, and Lucien beats on it 24/7), many new documentation files (a new HOWTO, instructions for running clamd under DJB's