Which Phase of the Greek Tragic Cycle Are You?
Take More Robert & Tim Quizzes
Watch Robert & Tim Cartoons
I don't know if it's the chronic lack of sunlight these days, the low temperatures, or what, but it's back - the distinct lack of desire to do much of anything. No, not lazing around to relax and recuperate, but the infamous final line of Ministry's Jesus Built My Hotrod; that's been deliberately left vague so my readers behind content-filtering web proxies can read this (sorry, everyone). Maybe I'm just getting selfish in my old age, or burned out at work. I haven't figured it out yet. Anyway, that's how things have been going lately. Maybe I'm just too individualistic, requiring too little social contact and too much time to do things I find fulfilling in life. The curse of consciousness... It's getting harder and harder to work up the energy to do much of anything.
Checkpoint's at it again, this time releasing a worm activity detector that uses a database of activity signatures of worms and monitoring network activity for signs of their presence (kind of like a specialised IDS). The appliance is called InterSpect, and uses a frequently updated database of vulnerabilities to sniff network traffic. If a system starts sending out packets that fit the profile of a particular worm it quarantines the system from the rest of the network and sounds an alarm (like a knowledge-based IDS/dynamic packet filtering firewall combo, then - the IDS sees something shady going on and tells the firewall to change its set of filtering rules to block the traffic in question). The InterSpect network appliance is aimed at the intranet and not the perimeter, because it's very easy for infection to sneak in on someone's laptop (which I've seen happen a couple of times; finding one infected laptop out of a few dozen is a royal pain in the six when everyone's breathing down your neck), and I say more power to them. It makes our lives a lot easier in the long run, and for fewer semi-drunken rants at the pub after work. The appliance costs between $9kus and $39kus, and can be purchased immediately. Yay, 2004 budgets.
When I was younger, there was a phenomenon that appeared occasionally called the crazed weasel effect: If you were going down, you'd grab onto the person you disliked the most and dragged them down with you, hopefully to screw them over worse than you were. SCO's doing something very similiar by suing Novell for slander of title. They are claiming that Novell has done great, irreperable harm to SCO's good name (I though they were doing an excellent job of that themselves, personally) by saying that they, and not SCO, owned the copyrights to Unix and UnixWare, and that they'd made statements intended to keep people from doing business with SCO. First of all.. when did this happen? Did I miss a newsfeed in the past few days (which is, I will admit, entirely possible)? Did someone on their legal team change the dosage of something? As for getting people to not do business with SCO, I thought that was called advertising: "Buy our stuff, not theirs!" SCO is demanding that Novell sign away the copyrights they've registered and retract everything they've said about owning said copyrights. It's too early for this sort of thing. I'm going to get some coffee. SCO, you're going to overload my forebrain soon...
The infamous Gartner organisation is at it again, this time warning everyone about cyber attacks. Ooh.. ahh.. forgive me for being cynical, everyone, but every time I read something about an "electronic Pearl Harbor" or "the 9/11 of the Internet" I feel like retiring and getting a job at a gas station. This is mostly due to being sick and tired of being told to be afraid because the alert level's gone up a notch or because people walk around carrying the Old Farmer's Almanac (which I have been known to do while reading the latest release of, incidentally). Potential catastrophe, Internet-based technology.. guys? Reality check, here: Why, exactly, would anyone hook systems that control such critical functions as the control rods of a nuclear power plant, a hydroelectric dam, or a hospital's C&C (command and control) network into the Net? Logic dictates that isolating critical functionality to prevent it from being attacked from outside is the proper strategy here. This isn't an episode of TekWar, people (and my hats off to those of you who not only remember that show, but know what episode I'm thinking of). Yes, there are networks of critical systems - that's been proven. But those networks aren't connected to the Internet; you can think of them as running parallel to the Net, or alongside it, without points that touch. If there are, then someone's screwed up royally.
That would be like connecting the environment control unit of a department store to a modem so it could be controlled remotely.. oh, wait. K-Mart used to do that (and probably still does). Okay. Bad example.
The article goes on to talk about all the lovely hazards of today's Net striking control nets that are also running TCP/IP. Yes, such a thing would be possible. What they don't tell you is that you'd have to get into those isolated control nets, first, and therein lies the rub. And to do that, first you have to find them. They also talk about voice-over-IP being disrupted if those nets go down. If any net goes down, communication across it will be disrupted, not just voice-over-IP. That statement sounded to me like they were overhyping the importance of VoIP in the near future. They even mentioned SS7 (switching system 7) in their report as being a target. Guys, SS7 has been a target since the early 1990's. Look up the MoD (Masters of Deception is the most common expansion of that 'nym)/LOD war of the late 1980's/early 1990's for more information on that. In conclusion: This isn't anything new, and it's missing a healthy dose of common sense.
What the hell.. seal noises, now?!
Early this morning I taped part of the OAV of Fist of the North Star (Hokuto no Ken). This is delightfully bad anime, if there can be such a thing. There are only a few basic archetypes of character, visually speaking, there's lots of violence and blood and only a few different kinds of plot lines. It's fun to watch because it's mindless. The dubbing is just funny, and if you are a fan of old-school anime (sort of like Voltron or the first Vampire Hunter D) it'll be a walk down memory lane. There are even mullet-children in the series.. ye flipping gods. This makes me happy. There is quite a bit of tech-step in the soundtrack, and of course there are overly verbose, almost poetic names for special maneuvers... fun fun fun.
I've decided to start taking St. John's Wort again. I think I need something to alter my neurochemistry just enough to get me on the up and up. Willpower alone won't cut it, neither will tweaking my mental programming. I also plan on turning in early tonight, because I've been having trouble sleeping lately. When I start running on a sleep deficit, I tend to get depressed. I've also cut back my coffee intake in favour of the Good Earth herbal teas that Lyssa gave me a few weeks ago.
Better living through science and chemistry, and all that.
I woke up this morning to a song that'd been looping in my head from a dream that I must have been having - Final Countdown by Europe.
Lord Morpheus has an odd sense of humour.
It's actually days like this that make me look back on life and smile, if only because at the time I'm thinking about them they were either so challenging or so surreal that I have to laugh. For example, right now I'm remembering why I love Unix so much: With a handful of simple commands, all strung together in the proper order, one can reduce fifteen megabytes of raw data to a text file containing twenty-five entries, no more. Impressive? I think it is. I have only what I need, no cruft to ignore in the data, and best of all I didn't have to re-type anything. Time necessary to figure out what I wanted to do (and remember what utilities to use): Twenty minutes. Time for the system to analyse the data: Less than three seconds. Time to write the report: Ten minutes.
Let's hear it for grep, cut, sort, and uniq, ladies and gentlemen!
The deadline for the test run is past, and I'm one happy camper. It wasn't a failure, but we did find a lot of things that we're going to have to work on for the.. next.. one... <sigh>
I've never quoted the Litany Against Fear to anyone before. It seemed appropriate.
While nice to think about, I really don't think that this'll ever be used: The US federal government is asking for suggestions for sentencing for spammers that violate the CAN-SPAM Act. A team appointed by the president is soliciting the public's opinions on this matter.. CAN-SPAM doesn't make it illegal to transmit spam, but it does make many of the obfuscatory practises employed (such as forging points of origin, spamming from five or more fake names, or hijacking five or more IP addresses) illegal. I wonder how many people will demand the death penalty.
There's a new virus making the rounds called W32.Beagle.a (alternatively spelled 'bagel') that's another mass-mailer: It scans for .wab, .txt, .htm, and .html files on your deck's hard drive looking for e-mail addresses, and sends itself to the ones that don't match certain criteria (like having domains ending in hotmail.com or microsoft.com). Theoretically it'll stop itself automatically on 28 January 2004 but if your system clock's wrong you've got a problem on your hands. It does the usual 'add keys to the registry' song and dance and opens a back door on port 6777 (which can change) so someone can access your system remotely, uplod files, and terminate the worm remotely. If you get an e-mail with the subject 'Hi' and message body of "Test =)" followed by junk, for gods' sake don't open the attachment! That's how it spreads. When the attachment is run by the user the first thing it does that you see is start the calculator utility so it looks like someone sent you a legitimate piece of software. A lot of us are going to have a long week, I fear.. thankfully there's a removal utility avaibale from Symantec to speed things along. You might want to download a copy and keep it handy in case you're accidentally infected with it.
19 year old Joseph McElroy of Woodford Green, East London, UK will be sentenced on 2 February 2004 for cracking the computer network of the Fermi National Accelerator Laboratory in June of 2002. McElroy, charged under the Computer Misuse Act, plead guilty to seventeen county of cracking US government computers. He claimed that he hoped to use the lab's bandwidth to download movies and music. Needless to say, the US Department of Energy, which runs the lab, isn't too happy about this - they had to cut off their net.access for three days when the intrusion was detected. The US government is seeking approximately $37kus in damages for McElroy's actions.
It's the little things that get you, sometimes. Recently (and quietly) the licensing terms of the MySQL database system changed subtly. The license of the client libraries, which let applications connect to the database server to do things, changed from the LGPL license (which lets anyone, commercial project or not, use the libraries without having to release their source code to encourage use) to the GPL license (if you use the libraries you have to open your code) and developers are taking this as a sign of bad faith. A lot of perfectly good, quite possibly nifty applications that happen to be closed source are now in a jam. Already, someone's written an LGPL-licensed wrapper for the MySQL libraries to get around this, but it's the principle of the thing: Unless developers re-read the license file that came with the latest release, they'd be stung by this. Many are shaking their heads and asking, "What were you thinking?!" More on this as it develops.
Tonight was an interesting one, as times go. I made it through today in one piece and bundled up to hike down to the bus stop. Some time later, at the bottom of my hill, a powerful stench filled the air, the scent of burning heavy petroleum products, probably engine oil. The bus made it as far as the top of the hill before pulling over and giving up the ghost. The bus following us up the hill, headed in the same direction pulled over and the driver leaned out.. to tell us that we were on our own, because he didn't actually go into the neighborhood. Gimp. Dataline got off the bus, and nearly collapsed due to the fumes irritating her still tender lungs (after the flu). Thankfully, the husband of one of the other women who ride our bus arrived to drive us the last few miles back to the Lab.
Greetings, readers from the Department of Veterans' Affairs!
Last day of vacation, Martin Luther King Day. Got up late, had breakfast, and I'm just hanging out right now. I'm going to check on Fern's book of shadows, take a few pictures, and then probably go roaming around today while I have the chance. I've got to do some shopping to stock up for the week as well, so I might as well make a day of it. Right now I'm just going through the day's news and listening to the Jeff Rense archives. I think I'm going to jack out and start...
Microsoft's at it again - they're suing someone for copyright infringement. While this isn't ordinarily something to write about, their target is 17 year old Canadian high school student Michael Rowe, who owns the domain mikerowesoft.com. He wonders how anyone could mistake his personal site for microsoft.com; they're saying that a phonetic spelling is stepping on too many toes. Rowe, unfortunately, asked for one thousand times the cost of the registration of his domain ($10k Canadian), which is probably why they're coming down hard on him, because they think he's in it for the profit. "Bad faith," they call it; because he would have made a profit, they're assuming that he did it only to make money off of its sale. As much as I'd like to see him keep his personal site, he made a serious mistake doing that. He should have stood his ground and not asked for money. If anything, people hearing about him would have gone to the Microsoft homepage and not his own.
Pictures of Fern's BoS are taken, and I've just finished gluing the rear endpaper. I'm going upstairs to take some pictures of the Deep One and then I'm heading out for a while. I'll put the pictures up tonight.
Pictures of Fern's Book of Shadows are now on line.
Pictures of the finished Deep One embryo are now on line.
Well, the afternoon was well spent, as I reckon things. I left shortly after noon EST to wander around the area and see what there was to see. I stopped at the supermarket to stock up for the week because they've been talking about a winter storm rolling through some time this week; due to the unusually low temperatures (less than twenty degrees Farenheit) I left everything in the trunk of my car and went off to do my own thing. First stop was the local cafe' to drink more coffee (probably more than I should have had today, to be honest) and study for a while. I reviewed the first chapter of my CISSP textbook and took quite a few notes on the high points. I also started writing down the memories that I've been finding here and there inside my head, in the hope that at some point there'll be enough to form a pattern, and I'll be able to draw some conclusions from them. After that I wandered over to Barnes and Noble on a lark to see what new stuff they had. They've having a huge 75% off sale on some of their stock; I picked up two fairly thick books for less than $5us. As if I don't have enough to read right now...
As I mentioned earlier, after I got home I put the writeups of the book of shadows and Deep One embryo projects online. After that was dinner. Right now I'm just getting everything ready for work tomorrow. <sigh> Tomorrow's the deadline - into the crucible.
Another lazy day, yay.
The entire day's been spent in the Lab lazing around, reading, writing, working on perfecting a technique, and watching the last DVD of the Sci-Fi Channel's version of Dune. Life is good.
The back cover of Fern's Book of Shadows sealed perfectly - the glue didn't soak the leather, it just bonded it in place. When I took the clamps off of the edges they stayed down, and they're quite smoothly joined. I glued the end flaps of the cover this morning and clamped them to dry. They should be done by tomorrow morning, when I plan on gluing the end papers to the covers to lock everything in place (and mostly hide the bindery job I did on the signatures. I have to be honest, the seams where I stitched the three pieces of leather together for the spine, front, and back covers annoy my sense of aesthetics (the leather Fern gave me to work with wasn't large enough to make a contiguous book jacket, so I had to cut it up and sew them together into a large enough piece) because they nestle the sides of the binding.. only just. The seams can move around a little bit and mess up how the cover looks. I also didn't glue the binding to the back cover because I wasn't even sure that it would work that way (though there's nothing that says that I can't inject glue or liquid epoxy into the resulting space and weight it on end to lock it down). The way the covers are glued, the hindmost edges are still loose, so the spine's cover can move too much.
I'll figure out what to do about that once the front cover's done.
I also hope that the marks from the clamps fade as the leather relaxes. There isn't much I can do if they don't, though.
Another airline has decided to sell out - Northwest Airlines has been sharing its passenger information for months, after telling everyone that they did not hve such a policy. On Friday, they finally admitted that they'd turned over three months worth of airplane reservations to NASA's Ames Research Center for analysis. The reason they gave for this is that they are hoping that the data they have released to the government can be used for improving airplane and airport security. They haven't said how many people's records, exactly, were made available. Another company to stop trusting, I think, and to stop patronising as well.
Remember the rumours going around about there being a live-action movie of Neon Genesis Evangelion that were making the rounds? Weta Workshop, the same company that worked on The Lord of the Rings has published some concept art for such a project. The images are amazing, as good as some of Gainax's concept art that's been released over the years. The first image appears to be Unit-00 (judging by the eye configuration), the second is Unit-02, and there are some cool images of the evas in the storage tanks (and what might be maintenance restraints or the launch platforms). There are a couple of sketches of the NERV control room and some of the Angels, and a few sketches of the children.. with the names changed to fairly generic American names ("Kate Rose"?! "Asuka Langley Soryu"!) Sheesh. Anyway, it's interesting to note that some folks are thinking about it seriously.
While we're on the subject of paranoia, check this out, cats and kitties: The US is planning to recruit 1 out of every 24 people to act as spies. They're calling them "domestic informants". Personally, I can't help but wonder why they're getting ideas from accounts of World War II. Civil liberties groups are already crowing about this, and as well they should. One man's "suspicious behaviour" is another man's "I locked my keys inside my car." And you know that grudges of all sorts are going to flare up and people are going to rat out other people that they just don't like, very much like the witch hunts. Domestic spies would be recruited from groups of people who would have access to the insides of people's homes, like landlords, utility workers, delivery folks, and truck drivers. An alpha version of this programme (excuse me while I mix my metaphors) is scheduled to start in February of 2004 in 10 of the largest US cities. What in the hell are they thinking?!
Earlier today I decided to try to make a headband of wiring, leather, and some cables (sort of like the hair extensions that are de rigeur in the clubs these days). I don't know how well it's going to work out, but if it doesn't look too bad I'll post some pictures of it.
Aside from a minor annoyance this morning, I'm actually doing pretty well. I'm in the lab watching the theatrical edit of Army of Darkness on DVD, there's a stick of soda-scented incense burning next to the candles on my altar, and I'm wearing one of my kitty bands. Two more books came in the mail this morning, which I've been steadily reading from cover to cover, the second edition tradition books Sons of Ether and Virtual Adepts for Mage. Today is a day for lazing around the house relaxing; I don't plan on doing much of anything right now, and hope to keep it that way. The most intensive thing I've got planned is perhaps heading out to Swift Fox's for game tonight, even though John and Lara are on their way down to Maryland to visit Lyssa (or hopefully; they mentioned having problems with the brakes on their car earlier today). Lyssa and I spoke for a couple of hours earlier today. She's doing well, about as well as I am right now (which is pretty good, to be honest). I wish I could be down there to spend the weekend.
If I may digress for a moment about next week, something that I promised myself that I wouldn't, one of the reasons I couldn't go down to Maryland was because I've got a pair of deadlines on Tuesday: A trial-by-fire test of a plan that we're long overdue working on, and a traffic analysis report that's fairly important as things go. They're short-handed right now; I know what it's like to run part of a department short handed, and it sucks rocks; I also can't leave a job unfinished. If I'd gone down I'd be fried and/or sick by the time I got back, and that's not good.
Please keep in mind, this is not the only reason. I rarely do anything for a single reason.
Anyway, I'm staying home to rest, and I'm mostly enjoying it.
The fever blisters on Dataline's back are almost gone. The skin's just badly discoloured where they were, and the weakened tissue is torn in places, which is normal for this stage. The new skin should start growing in a day or so. Thankfully, all the fluid underneath has drained on its own, which is the first sign that the tissue is regenerating.
That's the first time I've seen fever blisters someplace other than the face and lips.
Because the microwave's broken, this morning for breakfast I made turkey bacon in the skillet. I haven't had bacon from a skillet for a very long while. I'd forgotten what it looks like when it's cooking - the amount of.. I don't know what that stuff is, but the stuff that boils out of it is amazing. I just sprayed the skillet with Pam before putting it in and when I turned around a minute or two later, the skillet was full of dun-coloured foam. Still, when it was done it was quite tasty (after blotting the strips on paper towels, mind you - that stuff might be good to cook in but it's still nasty). Anyway, that was one of those everyday things that fascinates me.
Swift Fox called - apparently it hasn't stopped snowing all day (I've been in the Lab all day, so I haven't looked outside much) and the roads are pretty bad. Judy called Dataline and said that she had a lot of trouble driving, and she's got a four-wheel drive truck. Anyway, game's off tonight, so I think that I'll be staying home this evening. Maybe I'll finish Fern's book, and I've got to research a few things - I'm in a mood to write.
Last night wasn't that great, what with the snow coming down and the roads remaining hazardous until well into the evening. The ride home from work took a good bit longer than usualy because so few of the roads had been cleared. I had to head out to pick up a few things after dinner, and the main roadways in my area were still pretty bad. A jaunt down to the bottom of the hill and back took a good hour or so. Still, sometimes you have to stock up to keep going. This morning I awoke to sub-zero temperatures (4.8 degrees Farenheit without the wind chill, some value much lower than that with) and a sense of dread about today. Thankfully I've been able to keep the mask of 'deep hack mode - don't disturb' up since I got in and what happened yesterday seems to have been forgotten, though I doubt forgiven. Cie la vie. I think going back to silence is the best tactic right now.
Apparently, yesterday was Personal Firewall Day on the Net. The heavy hitters in the industry, like Microsoft and Zone Labs got together to put together a public service site (I think that's the URL) to educate end-users about the dangers of the Net and why personal packet filtering software is a good idea.. I've got to hand it to them, the opportunity for advertising aside, this was a really good idea. More people should know how to secure their workstations and how to protect them from viruses, and most of all how to install security updates. I wish this had gotten more press, more people could have benefitted from this.
It looks as if SuSE is making a grab for the enterprise Linux server market with the release of SLES recently. SLES is a heavily optimised version of their standard Linux distribution, aimed at the big-budget 24/7/265 server market. The review I've linked above is a fairly decent one, and would be of great help to someone deciding what server OS to run and which distro to go with if they chose Linux. The documentation is said to be excellent, which is a must if you're building a server of any serious complexity. The package selection subsystem, also like many server OSes, tends to pick everything and leave the admin to remove the unnecessary stuff. This is unfortunate, mostly because it can take a lot of time to uninstall the stuff you don't need on a particular box. As for installing X and a desktop environment on a server, I still have to take issue at this, not because it's Windows-like, but simply because it's more overhead that a system has to deal with. A server of any kind should be a dedicated-use system (only for e-mail support, only for serving web content, only running a database.. you get the idea), so that every last compute cycle goes to the application at hand. Installing X takes up more memory and CPU time that could otherwise go to your application.
But then again, maybe I'm just a throwback to the times of building a mail server or a MOO on an 80486 and optimising the hell out of it to make it run better than it otherwise would.
Anyway.. there's also an installation method which isn't quite as automatic, and will give you much more control over what happens. I like the sound of that. The usual server-type software comes with SLES (Apache, MySQL, Samba, et cetera), along with YaST (Yet Another Setup Tool, screwy capitalisation not my doing), which not only manages packages but lets you configure everything as well. YaST's functionality include package updating (ala Redhat's up2date utility), editing the core system configuration file (/ec/sysconfig), timed backups of the database of installed RPM packages (some revisions of RPM like to corrupt the database; can we say "ouch", cats and kitties?), a firewall configuration tool, and the ability to tweak the kernel through menus and not poking values directly into /proc (I'm impressed that they thought of that). This seems like a good one to experiment with if you get the chance.
On the research and time-killing fronts, Mozilla v1.6 is out. Lots of nifty changes have been made, hit the link and look at the changelog. There's too much for me to go in to right now.
More on SCO's stall tactics: Ryan Tibbits claims that he began complying with the court's orders to produce documentation on 12 December 2003, one week after the orders had been issued. They didn't bother trying to get things going until then.. what does that say? That going on holiday is more important than a court order?
In the best of all possible worlds, I suppose it would, but this is far from being such.
The versions of AIX and Dynix that IBM produced for SCO were so old, they say, that they couldn't be used for the purposes of comparison. As the affadavit says, "Our engineers have reached the conclusion that parts of Linux have almost certainly been copied or derived from AIX or Dynix/ptx." That's all well and good... but isn't the issue whether or not IBM put SCO code into Linux and not AIX or Dynix? Maybe I missed something here, but this doesn't make any sense. Is SCO after the rights to AIX or something?
At this point, I must confess myself completely confused. What the hell's going on here? When did they start demanding the source code to AIX?
I've been laying in the Lab most of the evening watching VH1 Classics on cable. My word.. the music takes me back. Melody, rhythms, lyrics that hint at something more to life, something that scares us, or make us want to get up and dance and forget that things hurt in life. Rock music with horns and accoustic guitars, a sharp contrast to the power chords, distortion pedals, and vocoders used to add noise to otherwise pure sound. Not bad, not broken, just different from what things were then. Still, I feel the same thrill that I once felt the first time I ever heard the sound of a synthesiser, like a stream of cool water from a hose down my back and over my scalp. I can feel my nerves light up with pules of octarine light and the wiring seems to hum in sympathy. Oh, and don't forget more mullets than you can shake a pair of hedge clippers at.
I know this has been going around for a while, I haven't had a chance to talk about it: HOPE 2004 has been announced. 2600 Magazine has made it official. The convention will be held 9-11 July 2004 at the Hotel Pennsylvania in New York City. Details regarding The Network's meetup will be announced as soon as we get around to planning it.
At long last, goatse.cx has been taken offline. If you've never heard of it before, I envy you. It was a fairly tiny website with a single, now famous image file on it that would make anyone cringe in horror.
One month after the latest Internet Explorer bug was announced publically, one which makes it possible to fake the URL shown in the browser, it still isn't patched. By including the character %01 (which is a character code, if you've never seen this format before) in a URL (uniform resource locator - the most commonly encountered kind is a web addres) everything following that character will not be shown to the user, but will still be followed if you click on the link. For example, the URL http://www.openbsd.org%01@nonexistent-example.virtadpt.net would be shown as http://www.openbsd.org/ in your browser's URL window, but would throw you over to http://nonexistent-example.virtadpt.net/ without your realising it. Identity thieves only needed a week to figure out how to exploit this particular bug, and folks are falling for it. A Microsoft spokesman has gone on the record as stating that a patch for this particular bug-of-the-week will be released whenever it's ready. Microsoft has written a knowledge base article about this bug detailing ways to confirm URLs that you are sent; it's a good one, too, so check it out if you use IE.
I think the phrase "fucked up" has officially become a technical term. As the saying goes, "profanity is the one language all programmers know best."
I think it's amusing that they're finally catching on to something we did years ago using stunnel. A new breed of VPN (virtual private network) is arising, built not out of IPsec or anything like that but the same SSL technology that protects web transactions. For starters, it's much easier to set up and use than IPsec VPN links are, and much more flexible as well. It's also much cheaper to implement SSL than it is to set up everything required for IPsec, and much more rapid as well. Because there's less to configure there's less to have to support. The only thing you have to remember is that there's no filtering done on SSL connections: If something happens to sneak through your link in one direction or another there's nothing stopping it.
It's official - Redhat's AFbackup, which we're not using at work, incidentally)). MySQL is a lot of fun, don't get me wrong; it's got some nice utilities for dumping the contents of databases and even making hot copies of running databases, but when it comes to running someone else's data backup and archival software there's a problem: How to make what already exists work with it. mysqlhotcopy is great, but some of our databases are so large that it doesn't work on them. mysqldump, which I'm playing with right now, will back up anything, but spitting the contents of each database out to a text file of SQL (structured query language: the native language of most (relational) databases these days) statements can take a while. At least I'm in the process of benchmarking right now and not trying to run an emergency backup. I wish I knew about how long it's supposed to take to back up a database of this size; I can't find any references anywhere to even base a guess off of.
Well, I guess that's something to write about. I still feel bad about last night, though. I always seem to do stuff like that at the worst possible time.
I think I learned a valuable lesson today: When trying to sound intelligent and get someone to tell me something about something I've never seen before (one of my variants on "What is that?") I sound like an idiot who "says the first thing that comes to mind", and a few refinements on that theme. The grille marks covered my back and thighs pretty well up until I hit the coals and started going end-over-end, if I may be facetious for a moment.
And here I was thinking that I was doing well, trying to be personable and all. It looks like that plan's a failure. I guess I'm going to have to fall back on my usual plan of keeping my head down and my mouth shut at work. Let the folks who actually work there do the thinking; I'm just hired help. Point me at the problem and I'll get to work on it.
Gods only know what'll be waiting for me tomorrow morning because of this. I should have started bringing my books home tonight; I forgot.
Now that I think about it, perhaps I should be slightlu more specific as to why I "don't need this right now." Further consideration of the connotations of that sentence fragment leads me to conclude that perhaps I should disable that particular part of my linguistic cache, because I really don't feel like explaining the reasons for it to people who really don't have a need to know.
On the bright side, I glued the front and back covers of Fern's Book of Shadows tonight. The leather's in place as best I can get it and the glue is drying at the moment. I'll fold and glue the edges tomorrow night (if the roads are okay) or sometime Saturday (if I get the chance), and the endpapers after that. I should take a few pictures of that soon.
Maybe I'm going to stop taking quizzes.. this isn't a good time.
Greetings readers from the United States Postal Service. Happy New Year.
Ye flipping gods.. l33tsp33k in an inter-office memo. I suddenly feel very ill.
Last night was one of those weird ones.. I didn't do a whole lot of anything but it still feels like it was productive for some reason. Dataline's shoulder was acting up due to how she'd fallen asleep on it, and I had to work the muscle away from the scar tissue so it would move again. After a few stretches it seemed back to normal. She said that she was going to try to go to work today. By the time I left this morning she wasn't up yet, so only time will tell on that. How the weather went from a relatively balmy 36 degrees Farenheit yesterday evening to 17.6 this morning is beyond me. It's been snowing intermittantly the entire time. I don't think it'll really pile up, so it shouldn't be a problem right now. I got the bookmark of Fern's Book of Shadows glued last night; I'm hoping to glue the front and back covers in place tonight the end-flaps tomorrow night, and the endpapers sometime this weekend. I think I'm going to line the parts facing the pages with waxed paper or foil to keep excess glue from seeping onto the pages and then press the book again between a few spare computers for a day or so. Since I've started working out again my body's muscles haven't been sore afterward like they have lately. It doesn't take long to get back into the swing of things.
SCO's still playing games with the court order that says that they have to start showing their evidence. They filed their 'notice of compliance' with the court order a few days ago, but they still haven't complied. The court demanded that SCO release another set of documents as requested by IBM, including identification of the alleged misused trade secrets, documents stating everyone who had rights to the code, the nature of SCO's rights, documentation of SCO's efforts to preserve the confidentiality of the information, all agreements, copyrights, patents, and whatnot of those trade secrets, documentation of the origin of those trade secrets (who came up with them when and where).. the list is pretty long. Read it for yourself. They have not yet produced what was asked for by IBM in the fourth demand: The actual source code that SCO says was illegally released under the GPL.
Ummm.. guys? That's what you're basing your entire case on. The more you backpedal and stall, the less anyone believes you. Besides, internal e-mails were released and authenticated that say that not only did management know they had coders working on the Linux kernel source, but they had the go-ahead for their release to the public at large under the GPL.
SCO has stated that they have not yet reviewed all of the documents they were asked to release due to the Yule holiday of 2003. In other words, they haven't complied by their deadline. Funny, how they keep stalling on the same thing every time... the evidence.
I've been trying to figure something out.. I've got a three-day weekend coming up due to Martin Luther King, Jr. Day (it's a government holiday), and Lyssa asked me to drive down to Maryland for the weekend to see her. On one hand, I'd love to drive down and spend the weekend. On the other, I'm tired and I'd really like to stay home and rest for a while. I haven't gotten much downtime lately and, lifestyle maintenance aside, I'd really like to just stay local and relax. I'm afraid that if I drive down this weekend I'll overtax my reserves and disable my immune system.. and I've seen what the flu that wants to grow up to be a plague can do, and I have no desire to fall to it. It's a long drive, and it takes a lot out of you if you don't have the time to recoup after you get home.
There might be other reasons for Microsoft having changed its collective mind on terminating Windows 98. There's a good possibility that if they did kill off 98, the people who currently rely upon it around the world might look into other OSes to replace it. Makes sense to me: If you can't get fixes for your OS, chances are you are going to start considering an OS that not only is still supported, but might run better than what you've got right now. Lars Ahlgren, a senior manager of marketing at Microsoft, stated that they hadn't made any money off of 98 licenses for a while now, but they'd still like to keep the userbase as long as possible, the better to bring them into the fold. Also, I would think that 98's system requirements, which are much less than those necessary for Windows 2000 and XP, are keeping outdated hardware around and running Windows; one of the hallmarks of open source operating systems like Linux and BSD is that you don't need bleeding edge hardware to run them on. They're perfectly happy running on something as old as an 80486. Userbase is everything when you sell licenses of something...
It could be said that there is such a thing as going too far. Guillem Jover has developed a script that will convert any Linux install into Debian automatically. All kidding aside, he wrote it to transform a server housed in a colocation facility into a Debian box without rebuilding it from scratch. What it does is install a base system from a package of some sort (maybe a .tar.gz or .zip compressed archive, maybe a Redhat .rpm package; when you run the script you have to supply a location and file of your own), remove the unique parts of the old distro, and transform some stuff (like parts of the /etc directory) into a configuration matching that of a native Debian system. It's been tested on Redhat and SuSE so far, and more ports are on the way. You can examine the tool here - note that the site's crawling right now due to the Slashdot effect. I'm half tempted to build a quick Redhat system at home tonight and give this a try to see what happens.
Some days I really hate my lives... I spent most of the evening paying the bills for the house. Paying the bills for an entire house always looks grim, there's no two ways about it. But that was two hours that I was going to use for working on sundry projects that I've been putting off for a while. On one hand, the bills have to get paid to keep everything running.. on the other.. well, I just hate it when my plans get taken out from under me. It's the principle of the thing.
But that's not what's getting me right now.. Lyssa read one of my earlier entries, about probably not being able to drive down and visit her this weekend. I really feel bad about that.. she had to read about it in here and not hear it from me first hand. It's understandable that she's upset. Now I'm not sure of what to do - I can stay at home and probably hate every last moment of it, or I can drive down and spend the weekend. I'm not sure what I should do. Travel takes a lot out of me; it might knock me flat. But it would help fix things with Lyssa... which should I do?
I wonder if wrecking one's life is an in-born talent, or if it's a skill that I learned along the way without realising it.
Holy cow.. these are chalk drawings on sidewalks!
Someone on the Bugtraq mailing list posted something interesting this morning: There was a serious compromise of the computer network of the Israeli Post Office not too long ago. The author of the message states that the IPO acts as something like a bank; several thousand shekels were stolen as a result. Supposedly, someone snuck a wireless access point into the building and plugged it into a core switch. The intruders rode in through that AP and went to town. This only went on for a couple of days before the AP was discovered by someone on staff there. Not much else is in the message, presumably due to the international embarassment factor and the fact that this is an ongoing investigation. Gadi Evron's post also hints at other stuff going on over there, such as the theft of a number of servers hosting the databases used for face recognition systems and something about industrial espionage.
There was a very intelligent response or two to this post on Bugtraq today but I can't seem to find the relevant posts in the Securityfocus archive. Maybe they'll appear tomorrow.
"You just can't trust anyone anymore."
You know, the number of people who just jump onto mailing lists to ask about stuff without doing web searches (or reading the FAQs on the project's website) is amazing. I just read a post to the snort-users mailing list filled with questions that could be answered easily by reading the FAQ and online documentation. If I were playing the Snort Drinking Game I'd be having my stomach pumped right about now. Sheesh.
SCO's got incredible stones to release letters like this, I'm sorry. Maybe it's the glue fumes from the change of carpeting outside my office, but this is for the birds. SCO claims that it's been forthright with the Linux community, yet they still refuse to say what code is infringing upon their rights, which means that if there is any trouble it can't be fixed! Through the legal firm of Boies, Schiller, and Flexner, they plan on opening fire on companies using Linux in the middle of February 2004. If you go to http://www.sco.com/ibmlawsuit/ you can look at the IBM court case documents and the seven .pdf files labelled "Exhibit [A-G]", which is exactly what I plan on doing when I get home tonight. Maybe something's changed in there. However, I strongly doubt it.
I nominate this Perl module for the WTF?! 2004 award.
When they say "In the spirit of.." what they really mean is "It's nothing like it, we just wanted to fish you guys in."
<cheering> Two! Four! Six! Eight! Everybody caffeinate! Twitch! Twitch! Twitch! </cheering>
I took a couple of minutes during lunch today to do a few quick web searches on why the Calendar application of the v3.13 Sharp Zaurus ROM crashes whenever you examine an entire month at a time. I found this bug report in their database as well as the fix: If you have the Zaurus port of OpenSSH installed, you have to install it to the internal data store; you can't put it on an SD or Compact Flash card. When you install it, it creates a directory called /home/zaurus/Documents/OpenSSH, which is owned by the user "root" and group "qpe". Everything else under /home/zaurus/Documents is owned by the user "Zaurus" and the group "qpe". For some bizarre reason, even though the calendar app shouldn't try to access the OpenSSH directory, it tries to and crashes. If you install the Console application (which basically runs a shell for you in a window) and change the ownership of the Documents/OpenSSH directory to "zaurus.qpe" (su root ; chown zaurus.qpe documents/OpenSSH ; exit ; exit) this will fix everything. I've been playing around with it and it does the trick. Yay! Now I can dump the port of Korganizer, which doesn't even handle repeating events!
Waking up this morning to discover that the temperature outside was a balmy 36 degrees Farenheit did my hearts some good today. That's practically a heat wave, considering that over the weekend it was cold enough to freeze everything solid and shatter plastic as if it were glass. I shouldn't be alert this early, and I can't chalk it up to the coffee I usually have before I step out the door. I vaguely remember a few dreams last night, though I can't recall what went on in them. They must have been relaxing to put me in this kind of mood.
No, I don't think they had anything to do with the serial Catwoman dream I've been having.
I even didn't mind spilling coffee down the front of my white button-down this morning. No big deal, just throw it in the wash and change shirts... must be a good day on the horizon. Maybe it was just getting stuff done last night (like cleaning, at long last), finishing laundry, exercising, and paying my bills. Getting all of that out of the way removed a lot of worry. Applying for five or six jobs helped, too. I'm carpet bombing the east coast again with resumes; here's hoping that something comes of this.
It figures. I brought in my French press and a small bag of Viennese blend this morning because I sometimes would like a cup of coffee partway through the day (usually after lunch) and they started ripping up and replacing the carpet in the office. The first thing that was taken out (aside from normal access) was the water cooler, along with its hot water dispenser.
The fur's flying over Microsoft's latest marketing effort, called "Get the Facts on Linux". The FUD factor (fear, uncertainty, and doubt) is a part of that, to be sure, but the information they present is based upon out of data information and obsolete studies. The gist of the campaign is that enterprise Windows servers are cheaper to maintain in the long run than open source alternatives. Whomever wrote that particular report must not have seen the licensing fees for Windows 2000 Server and Datacenter Edition, nor the fees for Windows 2003 Server (which are considerable). Per-CPU and per-seat licensing are not cheap, even for smaller companies who only need a few workstations. Linux distributions are much less expensive than Windows licenses (even for Redhat Enterprise Edition I've seen, from administering it at work); they can also be downloaded from the Net for free. Server and application software cost out the wazoo for Windows servers: IIS comes bundled with each installation, but don't think about all the security vulnerabilities that have been reported. Apache for Linux, Unix, and even Windows is free and generally more secure.
Windows needs to be courted constantly; Linux just runs, smoetimes for years at a time. Windows machines need to be rebooted when they're patched. This means downtime (sometimes hours or days if something went wrong). You only have to rebooted a Linux or Unix machine if you update the kernel; everything else happens in userspace, so you don't have to take the entire system offline to install a patch. At most you only have to deactivate two or three services to upgrade something, and if something does break you can have multiple copies (usually different versions, though sometimes not) of the same services installed at the same time in parallel directories. Downtime: Minimal. Because I'm at work writing this offline, I'm going to stop here and advise you to read the article I've linked. It does a better job than I can from the trenches.
In response to SCO's legal shenanigins lately Intel has thrown its hat into the ring by forming a legal defense fund for certain users of Linux. SCO has threatened to sue people (usually companies) for intellectual property infringement who are using Linux; this defense fund would go toward legal fees for the defense of these companies. The Open Source Development Labs hopes to raise $10mus for this fund; so far is has $3mus, raised from a number of companies.
Microsoft Windows 98 has been granted a reprieve until 30 June 2006. Previously, there were no plans to continue support of the OS past the second quarter of 2004, but critical security vulnerabilities will be patched and telephone support will still be available (I thought you could only get support from your original vendor..) The decision to keep 98 alive for a while was made because of all of the desktop installs still out there that are still in use. Microsoft is trying to bring 98 and 98 Special Edition <bites tongue to avoid making smart-ass remark...> into line with their current software lifecycle policy, which is now seven years before support is terminated.
On one hand, I'm glad that they're still going to be patching 98 for a while. On the other hand.. just kill this fork(2) bomb of an OS. Put it out of its misery (memory?)
I've learned something in the months that I've been hacking around with IDSes. First, I've learned that I've got a lot yet to learn about security in general and IDSes in particular. Computer security isn't an easy thing, especially when there are systems on the line that not just a department counts on, and not just an organisation counts on, but thousands of people. Security is paramount in situations like these, and everything you do has to be justified in writing. If you change a setting, you have to write down somewhere what you changed, why you changed it (sometimes citing sources, sometimes not), what the change will do, what problems it might cause, what benefits it will have, when you did it, and why (again) you changed that setting. The idea is so that there is a record of who did what where at such-and-such a time; there's a record of events, so if something does happen (say, the security admin gets hit by a bus) there's enough information for the admin retracing his steps to figure everything out. If something breaks suddenly, you go back to that record of events, see what the last changes made were, and un-do them, hopefully fixing what broke.
But I'm straying a little bit from where I was taking this.
IDSes are only as good as the sets of rules that they're using to analyse traffic. Some rules are less accurate than others, and go off more often, resulting in false positives (alerts that really aren't alerts at all). Other rules are very exact in their detection criteria, and will only go off when they match a bona fide situation (for example, the first thirty packets of a SYN flood). No matter how well you tune your IDS, regardless of which one it is, you're going to get some false positives, it's the nature of the beast. If you somehow manage to eliminate false positives completely, there's an excellent chance that you're no longer listening for enough possible situations. A good way to test this is to run a vulnerability scanner (like Nessus) against one of your boxes neighboring your IDS; if it alerts on your scan, chances are that you didn't cut too much stuff out; if not, there's an excellent chance that your IDS won't pick up on someone trying the same exploits from outside of your network).
There's a variable in Snort's config files that lets you define what your network address range is; there's another one that lets you define what the rest of the Net should be when you take out your own network. Let's say your network block is 4.4.4.0/24. The HOME_NET variable looks like this: var HOME_NET [4.4.4.0/24]
Knowing that, there are two ways to set up the EXTERNAL_NET variable: var EXTERNAL_NET any, meaning that every IP address possible falls into this category (including 4.4.4.0/24), and var EXTERNAL_NET !$HOME_NET, meaning that every IP possible address on the Net but those that are a part of your home network falls into this category. If someone on the outside fires an exploit at your LAN, it should be picked up by the IDS and logged. However, let's look at the very real and unfortunately common example of a worm that uses an exploit to propagate itself across a network. In the former case, the IDS would see the worm fire its exploit at some IP address that's a part of your address space (whether or not a system's actually using it at the time) and let you know. In the latter case, however... it wouldn't notice the exploit because it would actually be looking everywhere but its home network for attacks.
When you set up an IDS, you're going to have to think about stuff like this. You're also going to have to think about the other things that you might run into, like seeing traffic from addresses that really shouldn't be talking to your LAN (like 127.0.0.1, the loopback address that every system running TCP/IP has). Usually, this means that you've got a network appliance, like a printer, that's not configured properly. Find it and fix it to make the noise go down somewhat. You also have to decide how much noise you're willing to put up with: Techncially speaking, a box that responds to pings is actually a security vulnerability because an attacker can ping addresses on your LAN to see which ones are active as the prelude to an attack. You can either deal with alerts from pings (which are perfectly legitimate network traffic) or you can turn off that rule in the IDS and ignore them. The same thing goes for FTP traffic to a server: It used to be that Linux and BSD boxes had an FTP server running by default after installation; this is no longer the case, but there are enough old distro CDs floating around out there that someone who grabs an old version and installs it might be leaving themselves open to attack (remember WU-ftpd?). As a result, FTP traffic is included in the rule sets of a lot of IDSes. Someone tries to access the FTP server on one of your boxes and you find out about it. Great. Now let's say that you deliberately put up an FTP server, and secure it so that the old exploits floating around are ineffective. Legitimate FTP traffic will still set off that IDS rule. Disable it or deal with the false positives?
IDSes take a lot of research and forethought to get running well. They're twitchy beasts, but incredibly useful once you get them tuned and learn how to configure them properly.
Holy cow.. I met another technomancer tonight at the North Hills Pagan Discussion Group. Greetings and salutations to Flagg!
I'm leading the next discussion.. it's on Discordianism. Take cover, cats and kitties...
Well, today's gone much better, all things considered. I've spent almost the entire day downstairs. Everything's done and out of the way and I said "screw it" and cleaned. I feel a lot better now that I've pitched a lot of empty boxes and shelved a few things. I'm on my last load of laundry, a second episode of Coast to Coast AM, and my second job application. I've also gotten Mplayer working properly on Leandra, and playing back at 30 frames per second on a 1600x1200x16 bit display (by using the XV extension to XFree86).
I think the Lab's got a background count after this weekend. Ick.
I'm doing everything I possibly can to get out of here before I lose what remains of my sanity. I'm hunting for jobs not only in Pittsburgh but in the states surrounding Pennsylvania, and I'm willing to move farther to find steady employment.
Enough's enough.
I'm truly glad that I was able to get out for a few hours last night. I'm glad that I didn't go to B'witche's Tavern, a) because I can't find the place without a navigator, and b) because drinking (or anything addictive, for that matter) would be a really bad idea right now due to my stress levels. I drove down to Swift Fox's den last night to hang out with he, Sil, John, Lara, and Azanti. No sooner had I gotten in the door that I just stopped and listened to the quiet. The blessed quiet. I could drop the masque that I have to wear at home and be myself and not "who I'm supposed to be." Ironically, it was D&D night. However, the chance to let my hair down for a while and decompress was welcome. I think I ranted for a good hour or so after I took my parka off (damn, it was cold last night). I might take John and Lara up on their offer of asylum soon. I got to relax a little gaming last night; the running gag of the night was my dice mojo taking a serious hit due to stress. After game was over and we'd divvied up everything out came the DDR pads and we played a couple of rounds of Konamix 2. I'm amazed that Swift did as well as he did with two injured ankles. I threatened to take Azanti to Club Chemistry soon to expose her to rhythm.. I was serious about that, though gods only know when that'll happen. The snugs from li'l S'ifty were muchly welcome; unfortunately, I couldn't stay for the night to play. I got home some time around midnight and spent the next two hours jacked in. Something that I have to take care to avoid when stress builds up, I become quite the escapist. I synched for the first time in months last night, and had to tear myself out of the Net before my body fell asleep on me.
Sleep's been bringing me serialised dreams again. Something about getting a tour of Catwoman's private vault, hidden somewhere in a hillside, and catching a group of local teens trying to follow us in to loot the place. I hope it continues tonight, I want to see how this ends.
The CAN-SPAM bill passed at the beginning of this month has had almost no impact upon spam. And we're surprised because...? The company MX Logic has analysed a miniscue portion of the spam sent every day (1000 e-mails is a drop in the spam bucket) and found that only three of them comply with the CAN-SPAM Act. I think spammers are taking the name of the act to mean that it's open season for them.. and it's going to wind up open season on them if they're not careful. The chances of spammers who don't comply with this law being caught and prosecuted are infintesimal, and so much comes in from overseas, where this law doesn't apply it's going to wind up one of those laws that nobody will bother to repeal.
A few days ago I set up Spamassassin on Lucien a few days ago and configured it to filter traffic coming to my personal account. It's caught a lot, I have to admit. I'm going to have to tweak it a lot to get it working as well as I'd like, though. The single thing that's had the greatest effect has been using UCSPI-TCP to block incoming SMTP traffic before it even hits the mail service on Lucien. I've blacklisted most of China and a good bit of Korea, which has cut the amount of spam over 80% in just two weeks. Every once in a while I put the latest revision of Lucien's tcp.smtp file up in case someone'd like a place to start. Feel free to download it once in a while and use it on your own server. Soon I hope to put up a page of domains that don't listen to mail abuse reports or that have non-working abuse reporting mechanisms in place, so you don't waste time and bandwidth trying to contact them (save with a magnetic pulse weapon...) I also hope to put up a page of domains that do listen and where to send reports to, so you don't waste time trying a bunch of different possible e-mail addresses at each.
Spammers are the cockroaches of the Net. I only hope that if nuclear war comes, they won't survive with the rest of the planet's cockroaches.
Uncharacteristically blood-thirsty and violent of me? Yes. I'm sick of what's been going on, and I'm sick of the bullshit that's been going on lately, and possibly my least-favourite denizens of the Net are a perfect target to take it out on. Now ask me if I care.
Greetings, readers from Los Alamos National Labs. Please don't mind yesterday's nervous breakdown.
Today is certainly a day that was designed for one thing and one thing alone: To piss me off.
First was shopping. That wasn't so bad in and of itself, save that it kept me from studying as I'd hoped, as well as from doing my laundry. I'm trying to prepare for the CISSP certification, which is going to take me a while. The book's pretty thick (up around 750 pages of information, not counting the index) and there are review questions, as well as practise tests. Not a rapid process, by any means. Of course, there's already a load of laundry in the washer that needs rewashed because it's been fermenting for two weeks now. As I write this, I'm half wishing that the stench had knocked me unconscious. And then there was cleaning out the fridge (stuff from Yule dinner?! Ye gods...) to make room for the groceries and having to make dinner tonight.
Making dinner has been complicated by the fact that the microwave decided to roll over and die sometime this morning. I made breakfast in it; Dataline did the same about an hour later. Now it refuses to even heat a mug of water to make tea. And don't get me started on not being able to do laundry.. they've had laundry in the washer for two weeks now. I had to re-do theirs before I could even start my own. After being told to hunt down something while down there and bring something else back up (am I the only one who can hear the damned dryer go off?!) I gave up in disgust. I'm sick of this.
I'm really starting to hate life right about now. I came back why, exactly?
He really did it - on Thursday Adrian Lamo plead guilty to cracking the New York Times network. Lamo could be sentenced to five years in prison and a $250kus fine at most, depending on the direction the case goes in. Lamo is currently out on bail and awaiting sentencing.
I still can't believe how cold it is. I put out the garbage today and the garbage can outside shattered and fell apart. PVC plastic doesn't do that normally.
The January 2004 Netcraft survey of web servers is complete, and the numbers are looking good for the first month. Of 46,067,743 web servers surveyed, over 31e6 of them are running some version of Apache, with Microsoft IIS in second place at 9.6e6 detected installs.
The hijinks in the office have progressed to real flatulence. What did I do to deserve this?
Everyone's favourite owner of fibre and copper, Verizon is planning on spending over $1bus on a nationwide wireless net.access project planned to require at least two years to implement. Ironic, considering that just last year they said that there was no need for such a thing.. their wireless access system, if it goes according to spec, will be between five and ten times faster as standard dialup access; a few major cities will be ready to go by summer of 2004. Verizon has also announced plans to invest another $2bus in voice-over-IP technology, to take advantage of the already dense Internet framework already in place (as well as cut costs for carrying voice traffic; a tactic that hundreds of fly-by-night calling card companies have mastered already).
Never ones to leave a good thing alone, the US FBI and Department of Justice are also concerned about voice-over-IP technology and are trying to coerce telecom companies into altering their networks to make eavesdropping of the (probably, if people have any sense these days) encrypted voice traffic possible; at any rate, they want to be able to monitor the conversations with as little trouble as possible. Legal eagles, privacy advocates, and cypherpunks have undoubtedly already made the comparison to CALEA, the Communications Assistance for Law Enforcement Act of 1994, which made telecom companies do the same thing to the POTS (plain old telephone system - no, I didn't make that acronym up) network, which at the time was becoming more and more computerised. Of course, they're playing the "criminals, terrorists, and spies (oh, my!)" card to make their efforts more palatable. The US Drug Enforcement Agency is also getting in on this. In July of 2003 an attempt was made to weaken VOIP technology such that it could be more easily monitored; this attempt focuses upon the providers of VOIP service. In general, the companies involved in this field have agreed to go along with their demands but a group of twelve smaller companies have refused, stating that they won't make any changes until this becomes official. Way to go, guys.
D-, one of the guys next to me, has perfected his electric guitar imitation. I have to admit, a chorus or two of The Chicken Dance, sounding as if it were played by Jimi Hendrix, can pass the time quite nicely.
The article I mentioned yesterday about target-based IDSes has provoked a response from one Martin Roesch, an employee of Sourcefire (best known for Snort). He posted a few criticisms to the focus-ids mailing list today, among them that the original article didn't review any TBIDSes per se, only the correlation systems of true TBIDSes. Roesch also had some words to say about simplifying certain aspects of the discussion for public consumption - IDSes aren't a simple topic, and by not getting the brunt of the blow you're missing out on a lot of important information. As I found out the hard way, the devil's in the details with these beasties. He references a post he sent out in November of 2003 justifying his statements. This isn't your usual oil-and-vitriol defense, this is actually a well thought-out and executed rebuttal. Feel free to skip this one, but it caught my eye.
At last, the Debian packages website appears to be back on-line after its hiatus due to a system compromise.
After a lot of playing things cool (and by cool I mean the temperature of liquid helium) this week, I feel the need to vent.
Once again, it appears that life as I know it has been placed on the back burner. Work has been hitting hard lately, and with little time to sit and think due to a laundry list that could be printed in Flyspeck-8 font on several boxes of fanfold paper and not have room left over for margin notes, I've been treasuring the time I've got to myself to reflect and unwind. Since Dataline has been at home sick the busrides home from work have been a string of all too short respites from stress. The Sight has given me fleeting glimpses of beauty in the past few days, images that I'll treasure for the remainder of my life. The beautiful sunsets over Pittsburgh, for one thing: As the frigid wind comes in winter the sky becomes crisp and clear, revealing a twilight sky coloured the deepest purple you can imagine, with tiny stars peeping through holes in the shroud of the heavens. The sky just over the horizon has been a rich, bloody orange colour, almost a shocking counterpoint to the darkness overhead. Each and every tree and building as far as the eye can see was perfectly outlined in the rapidly dying evening glow. Through the gaps between the tree trunks I could see, quite clearly, the hilltops the trees stand upon.
I just sat and stared at what I could see, slackjawed with awe. How could such beauty exist on a planet like this?
Like all good things in life, the experience was fleeting. Coming home at night is just more of the same that work throws at me - get this done, do that, something else comes up... the Sight departs as abruptly as it sees fit to gift me with something. Right now, I suppose that I should not complain much (even though I shall) because Dataline's been knocked flat by the flu that has aspirations to become the next plague. However, I strongly resent being the only one who has to do things. Even when she's well, she sits around after dinner watching bad sitcoms (oh, how I've come to despise those wastes of RF bandwidth knows as Everybody Loves Raymond and Dharma and Greg - a curse of satellite downtime upon the both of you!) and munching potato chips. I still fail to see why she asks me what I've got planned for the night because I always wind up having to do something. Just once I'd like a chance to sit and unwind. Just once. Even on the days where work has me so tightly compressed that I could explode like a faulty scuba tank there's always something to do, even though Dataline is perfectly capable of getting up and doing it herself. She is not the only one who has bad days, who would like nothing more than a sympathetic shoulder to cry upon ("Everyone hates their jobs; deal with it."). Anger and frustration, I have been told my several different people at several different times, are perfectly reasonable emotions in context and may be expressed reasonably. Being told that they are not valid emotions is not.
Having nothing more than wanting to sit down and look at a book (not even reading one!) planned to come down from a particularly rough day does not translate into "I'm not doing anything, what do you want done tonight?" in any language that I am familiar with.
Months ago, I gave up meditation because the fights over "I was calling you for a half-hour! Where the hell were you?!" became too much. If you'll please excuse my vulgarity, "I shut myself the hell off!" Adam Sandler on a god-damned moped..
What I've come to realise in the past year or so is this: What I want is irrelevant. I exist to carry out orders as if I were some sort of relatively unintelligent (make that 'nonsentient') servomechanism, when the comptroller is in fact capable, though unwilling, of acting on his/her/its own. Stress management for emotional stability is one of those irrelevancies that gets in the way of performing tasks, I've gathered. At this point I've pretty much discarded the idea of having an existence apart from being someone's son, the last hope for the family, the one who gets things done around the house, and the one who has to stay calm when everyone else is fighting (when in fact I'm anything but; I've got my problems too, just no time to fix them). Most of the avenues of relief I had are closed to me now; even the simple pleasures of sitting down with a cup of tea and a book are rapidly vanishing. The Sight seems to taunt me with things that offer only a momentary sense of peace.
I wonder if it's possible to divest oneself of self-awareness... that would make handling this much easier.
And for the record, no, I cannot move out, because I have no time to hunt for a job that will pay well enough to let me pay rent, pay bills, and eat simultaneously. I can live off of my savings, but the added drain of rent will bankrupt me within seven months, even living in a college slum near Pittsburgh. Then I'd be right back where I started.
Fuck. I gave up cutting for this?
The next time I open my mouth about a good thing, someone please hit me before I actually have a chance to speak.
The bus was late yesterday morning and continued to be so all day. Standing in sub-zero temperatures for extended periods of time isn't fun. I was frozen solid by the time I got in yesterday, but the ride home was even worse. Some time in the past two days (I'm writing about yesterday, by the bye) a water main near my usual bus stop in the city ruptured and the city department was all over the place trying to fix the line and clean up the mess. This required blocking off two streets, which snarled traffic up but good during rush hour yesterday. My bus home was almost 40 minutes late in arriving, which actually was helpful because many of us had to figure out where our bus stop had been relocated to.. Then it was just a matter of standing around waiting. Not a few people (myself included) took to sharking up and down the sidewalk in search of the relevant bus; generating more heat by doing so was just icing on the cake. Once the bus arrived, however, all was right with the world, or at least the workday.
Dataline's still on the shelf but at least she's now able to keep some soup and crackers down. That's an excellent start. Motrin's about the only thing that's helping the head- and body ache.
Possibly the only thing that's keeping Linux from taking computer users as a whole by storm is the fact that there's no desktop environment, no GUI that everyone can use (or figure out how to use) easily to get everyday tasks and general screwing around on the Net done. Well, actually there is. There are actually quite a few of them out there. The best known is Gnome, which is extremely modular and reconfigurable. Gnome's appearance can be easily changed, there are dozens and dozens of applets out there (not unlike all the widgets that can be placed in the task tray in the bottom-right corner of the screen or next to the start button), and it integrates every application that uses the Gnome libraries (of which there are so many I've lost count; hit Freshmeat.net and do a search on 'gnome' and see what you find; then remember that Freshmeat isn't the end-all-be-all of open source software indexes...) Then there's KDE, the Kommon Desktop Environment (which started life as a clone of the Sun Microsystems CDE for Solaris) and grew into a fully featured desktop environment in its own right. I've never used KDE before so I can't comment on it; I will say that the folks I know who use KDE have fallen in love with it. Then there are sundry window managers out there like Enlightenment, Afterstep, Openbox, Blackbox<... the list goes on and on.
Because so many people are unwilling to try a new desktop, and often because the applications that people are used to are not yet available on Linux (or because they don't want to spend the time learning a new application), this has stopped many people from trying something new. On occasion, however, orders come down from on high that there will be some changes made - this time it's one of the heavy hitters in the computer industry calling the shots. IBM has declared that they're going to start using Linux on their desktop systems by the end of 2005 along with sundry open source applications. Quite a jump. Good luck, folks... you're paving the way for a lot of other places (and possibly families) to do the same thing.
It's official: The British Mars probe Beagle 2 is MIA. The diminutive space probe has yet to transmit a signal back to Earth or to its original host, named Mars Express. Controllers in Germany are not hopeful that any signal will be received; if all other attempts fail the mission will be written off. There will be a number of flyovers in the days remaining in January but if there's no response by 22 January 2004 that's it. Some time tomorrow the orbiter will scan the surface of the planet for any sign of Beagle's deployed landing gear (bad mental image of the parachute not opening, there), and the spectrometer on the Mars Express will search for any signs of the ammonia gas used to inflate Beagle 2's landing airbags. Strangely enough, all word about Beagle 2 has vanished from the national news in my area (and I suspect most of the United States in general) because the US Mars probe landed safely and is roaming around as I write this, their first success in many years. The timing feels a little weird to me, but what are you going to do?
Will whatever gods there be please preserve what remains of my sanity? The other guys in my office have a new toy: An Old Fat Bastard talking stuffie from one of the Austin Powers movies. The bloody thing won't shut up. As if that's not bad enough, they somehow managed to track down a George Bush parody website, featuring enough samples of flatulence to make one want to break their eardrums with an icepick.
One of the hot technologies in information security right now are IDSes, intrusion detection systems. An IDS is basically a system that sits on a network and listens to all the traffic it can reach, like a big packet sniffer. It then checks each packet it picks up against a set of rules to see if any show signs of being a part of an attack in progress (like an IIS or SSH exploit coming in from Out There). They're a great technology, don't get me wrong. I work with a couple Snort boxes every day. There is one drawback, however: They don't often tell you if an attack was successful. An attacker can run an OpenSSHOpenSSH exploit against a random IP address on your LAN but if there isn't a vulnerable copy of OpenSSH running on that system then it's not going to do anything. The more popular scanning scripts these days just fire the exploit at every IP address they can reach, whether or not a copy of SSH is even running. The IDS, however, will still dutifully report that it detected someone trying to break in with that script, though. It is possible to fine-tune your IDS to only log alerts going to certain IP addresses (those of systems that you know are running certain services) but on a big enough network that's really not feasible.
A few enterprising folks have found a way around this problem, however. Now on the market are a couple of what are referred to as target-based IDSes, which take the output from IDSes and analyse the alerts to determine if each one is applicable. Target-based IDSes keep an internal map of every IP address on your network, what kind of system is using it (Windows workstation, network switch, BSD server, firewall, et multiple cetera), and what services each has running (the Linux box is running proFTPD and OpenSSH, the Windows machines have file and printer sharing enabled, the OpenBSD box is just running OpenSSH because it's your firewall...) From this information, it determines which alerts should be at the top of the list (a copy of the Slammer worm just hit your SQL server) and which should be at the bottom (someone threw an Apache exploit at your IIS 5.0 server). The idea is to save time when analysing all the alerts by giving the analyst the alerts that they should be worrying about first and keeping most of the noise at the bottom of the stack. It's a cool idea, I must admit. It'd save a lot of time every day when going through the records for the past day or so. The article is a review of some of the rising stars of the TBIDS scene, manufactured by Cisco, Internet Security Systems, and Tenable Network Security. The products manufactured by each company all act in pretty much the same manner (re-filtering and reclassifying the alerts before they show up on the analysis console) and all use pretty much the same three components: A network scanner, IDS sensors, and an analysis console of some kind. The shortcomings of each product are also broken down in a fairly nontechnical manner. It's an interesting article, and I don't want to quote it here - give it a read if you've got some time.
Heh.
Read more of my memory logs. The entire plan's in there, if only you can find it...
The phrase 'bitter cold' has never been more applicable. Since this week started the temperature outside has plummeted to the low teens if we were fortunate, in the negative low teens if you count the wind chill factor. I ran around searching for my parka this morning before work without success. Consequently I froze my six off outside while waiting for the bus. Of course, since I mentioned the bus being on time lately it won't be so anymore. I jinxed something, surprise surprise. Dataline's still on the shelf with the flu, she's having a hard time keeping anything down at the moment (which is a shame because a friend of hers dropped off some chicken soup for her). The Theraflu seemed to help her, but I didn't realise that it was the non-drowsy kind, so she was up most of the night.
Something occurred to me this morning: Theraflu is the medicine to take when you're so sick you can barely get out of bed, let alone face the world. It knocks you out and keeps your respiratory system in comfort while your body's immune system can do the work, right? The non-drowsy form of Theraflu is formulated that way so that you can go to work while you're sick but still get stuff done. Does this strike anyone else as a bad idea on a number of fronts? If you're sick you should stay at home to get better and so that you don't give everyone around you what you've got. That's nature's way of saying "Catch up on your sleep." Why in the hell would anyone who's got the flu, especially this one, go to work? If you take out the rest of the office with the bug du jour what have you accomplished? For gods' sake, people, take the day off for what it is and let your immune system do its work. Being at work won't help it do its job any faster, and the extra expenditure of energy will probably hinder it. Even I know when to sit on my six and rest...
Correction regarding the Linux kernel bug I was talking about yesterday: The mremap(2) bug has to do with resizing memory segments that have no size (0), rather than of size two. Sorry! My kernel-fu is quite rusty.
Incidentally, proof of concept code for this bug was released to the full disclosure and bugtraq mailing lists on Monday. Now it's really time to get those updates in place. No doubt this exploit is already being refined into an attack tool by the underground, and systems are going to start falling to it.
Just great... after a while at work I realised that my body's still feeling a chill, despite having been in a warm environment for an hour or two. When I stood up my head started pounding, and I'm seeing flashers in my peripheral vision that often hearald a migrane. My body's temperature is slightly elevated at this time, too... I think I caught the flu.
Dammit. Life's going to suck for a while.
The SCO Group has found itself under the gun as the court has decreed that they have until the end of this week to show IBM's lawyers the code that they claim was put illegally into the Linux kernel. Oblivious to (or perhaps uncaring of) the precarious legal position they're in right now, they've stated that they will begin filing copyright infringement claims against one (so far) customer by the end of February 2004. They also sent cease and desist letters to a number of Fortune 1000 companies late in December of 2003, claiming that these companies were illegally using ABIs (application binary interfaces; think 'code libraries') written by SCO. It's time for them to put up or shut up, and the way things are going for them, I think that they're going to put up, but the court's going to tell them to shut up.
Chances are, if you've ever worked with computers on a network someone in the IT department has warned you never to write down your passwords because they could be stolen by someone and used to compromise security. Ironically, people who listen tend to cause a lot of trouble by doing just this. As it turns out, all those jokes about "In case I get hit by a bus" are turning out to be true. In this article, one Jon Hansen was en route to the hospital with a near-fatal case of encephalitis and spent the entire unpleasant time telling his wife about passwords to various documents and services that she'd need to know in the event of his death or incapacitation. Mr. Hansen survived, but this anecdote makes a point: If you're the only one who knows a password, and you happen to wind up on the shelf or in the junkyard (so to speak), other people who need that password are screwed. There are companies out there who will decrypt data or break passwords in cases like this, usually for a fee, but depending on how complex the password is the cost of data recovery might be prohibitive. There's also the chance that the password used is too complex to be broken, which means that you're up a certain creek without a means of propulsion. With the rise of electronic banking and stock trading, portfolio management, webmail, encryption, and web journals, important data of all kinds might be held hostage by a bad situation. In the first few examples I gave, this could make the difference between keeping the house and being thrown out on the street. What's worse, the laws governing electronic security and privacy can work against people with a legitimate need to get in; great care must be taken when trying to break into the computer of the deceased if someone decides to make a case of it (which has happened on occasion). The laws governing the estates of people who died without leaving a last will and testament are even more hairy in situations like this. It seems like the safest thing to do is to write everything down but put it in a safe or a safety deposit box down at the bank anymore. Either that, or use an encrypted password storage utility like Password Safe by Counterpane Labs to store everything. Keep in mind, however, that not all passwords may be stored on paper or in a database. Not everyone writes everything down...
Greetings, readers from atstake.com!
There's a new version of the Adore rootkit out there, called ng v0.31 (probably for 'next generation'). Rootkits are the bane of any sysadmin's existence, as they are left behind by crackers who want to ensure that they keep their presence unknown and their access intact by replacing certain system utilities with modified versions that keep certain files and running processes invisible. Nowadays they also tend to include kernel modules that patch the OS at such a low level that it becomes extremely difficult to detect the presence of an intruder, unless something happens to draw the admin's attention (like random crashes or seemingly unrelated system errors in the logs). You can get the latest revision of Adore here. This new version runs on all Linux systems running a v2.4 series kernel as well as the v2.6.0 kernel and is safe for use on multiprocessor systems. It is capable of hiding files, directories, processes, and sockets; it includes a fully functional backdoor, can filter out system log entries from hidden processes, and can even survive a reboot of the system.
A serious vulnerability has been found in the v2.2, v2.4, and v2.6 Linux kernels in the do_mremap function. This vulnerability, while not easy to exploit, could possibly allow a local user to increase their access privileges to that of the root user (system administrator account). A common operation performed by computer programmes is to increase or decrease the amount of RAM that they're able to access; this is done by allocating a new block of memory and copying the data from the old segment into the new one, and then freeing the old segment for later re-use. The vulnerability as I understand it, and if I'm wrong please let me know so I can correct myself, occurs when two pages are remapped, leaving a hole of one page of RAM that isn't claimed by anything. This memory hole, because it's not watched over by anything, can be used to mess around with the kernel in fairly subtle ways, though the one that everyone is worried about is being able to break root. Because processes don't have to be running with any particular access privileges to exploit this, theoretically any account on the system can take advantage of this.
Proof of concept code has been written but so far as I know not distributed yet. If you hit your favourite news site you'll no doubt read more. It is strongly suggested that you upgrade to the latest revision of the kernel, either from source or from a package acquired from the group that maintains your distribution of choice, like Redhat or Slackware.
There's an excellent chance that you've heard about Redhat dropping support for its end user-oriented Linux distribution (Redhat Linux, currently at v9.0) in favour of its Enterprise distributions that are geared toward big business and big-bore projects (like massively parallel computing clusters and high availability servers), with a correspondingly huge price tag. They've replaced this with a community-supported Redhat-like distro called Fedora, which is right now still in the development and testing phases. Robochan of linuxbeginner.org has written an account of his/her (?) first week of experimentation with Fedora. Day one was rife with re-downloading the installation disk images and rebooting. It took a few tries before Anaconda (the Redhat/Fedora installation system) would even start, which isn't a good sign at all. It appears that some of the problems that Robochan was encountering were due to the mirror site that (s)he was using being overloaded, and consequently not being able to download packages in a timely manner. It appears that they're going with a Debian-like installation method this time around (at least, this is strongly suggested by downloading packages as necessary from a server somewhere Out There). Once the installation process was done the test box came right up on its own. Always a pleasant sight.
It appears that the set of packages installed by default for a given system profile (workstation, desktop, server.. general uses for a computer) leaves something to be desired, but then again you can say that of any distro. Some people will find everything they need/want, some won't. It's a fact of life. There appears to be a Windows-like "Add/Remove Applications" utility of some sort, in which the user can pick and choose what they'd like to (un-)install on their system. However, it tends to ask for a distribution disk for Fedora, of which there isn't one yet. The yum utility can be used to install things as necessary, though, so while that might be daunting for a new user for someone who's got a bit of Linux experience under their belt it shouldn't be too bad. I wonder if apt4rpm would work on Fedora...
Everyone's favourite kernel problem, getting the sound card working, is unfortunately still present. Sad. Oddly enough, plugging in J. Random USB Scanner worked perfectly. It doesn't look like it's too bad for a distro that's still in the testing phase, but it's not polished enough for most end-users yet. I think it's got a lot of potential, though. I think I'm going to try to find a spare box someplace and give Fedora a try, so I can write my own review of it. Should be an interesting exercise.
This gave me a bit of a start this afternoon: The core developers of the XFree86 project are disbanding soon. XFree86 is an open-source version of the X Windowing system, the de facto GUI for Unices of all flavours as well as Linux; it could be said to have been one of the earliest of the 'well-known' open source projects because it was ported to just about every platform there was years before 'open source' became a buzzword on the Net. One of the more powerful features that it's known for is the ability to run across a network: A programme can run on one system but project it's user interface to another system somewhere else on the Net so it can be operated remotely. X is also well known for being a royal pain in the six to program in due to all the features and library calls.. it's one of those systems that you either (learn to) love programming in or hate with a passion, but once you get used to using it you start to wonder how you ever did without it. David Dawes, developer and release engineer of the XFree86 project announced quietly that a vote to disband was taken on 30 December 2003 and the resolution was passed. There was no explanation given. Now the question remains: What happens next? There is another X server project in the works, called Xouvert but how far it'll make it and how compatible it'll be with all the software built upon the X framework (and the dozens of derivative libraries that try to make X easier to work with, with various degrees of success) is anyone's guess.
Remember Adrian Lamo, the homeless systems cracker who surrendered back in September of 2003? He's supposed to appear in court on Thursday, 8 January 2004 to accept a plea bargain. If he really goes through with this, and I see no reason that he wouldn't, he could face up to six months of home detention. US Federal Guidelines do not mandate a specific penalty in cases like this, but they do give the sentencing judge a considerable amount of leeway in sentencing; the plea bargain doesn't say anything in particular about this. Lamo's hearing is scheduled for 1130 EST in New York City, before US District Judge Naomi Buchwald. Good luck, Adrian.. we're pulling for you at the Network.
Well, today's been a far cry from the weekend. The temperature's been hovering in the low teens all day and it's been trying to snow off and on all day today. Thank the gods the bus has been on time; let's hope it keeps up the good work. Dataline's on the shelf right now, she's caught the plague that's been making its rounds, and it's looking like a nasty one. I'm already taking zinc supplements to augment my body's immune system. No sense in tempting fate, is there? I ran to the store tonight to pick her up some Theraflu; nothing else has worked so far, perhaps this will. I finally re-sewed the buttons on my new trenchcoat earlier tonight. Whoever did the original work did a pretty poor job of fastening them in place, the threads were all but pulled through. I've fixed things as best I can, which is pretty good if I do say so myself. For the first time in about three weeks, I had a chance to exercise tonight. I couldn't do as much as I normally do, mostly due to my muscles being out of practise (but that'll change in the days to come) but I did work up a good sweat to work the kinks out. I'm still feeling a pleasant buzz from the endorphins running through its bloodstream.
Sometimes it's the little things that make life all worth it.. like a good workout.
Around 0330 EST today my trip came to an end; I pulled into the driveway of the Lab after a five hour drive back to Pittsburgh after spending the evening with Lyssa at her home down south. All was smooth driving through Maryland and Virginia after I departed well after dark to take advantage of the relative lack of traffic on the highways and quietness. The fog rolled in around 2330 EST last night as I entered Virginia, which slowed me down considerably; instead of merely raining and cutting visibility, which is easy to handle, the mist only smeared the windscreen and cut visibility badly. It was almost a relief to hit actual rain as I crossed the border.
Driving at night is one of the few special joys that I partake of whenever the opportunity presents itself. There usually aren't many people on the roads after 2200 EST or so, which makes the roads not exactly deserted, save in certain spots, but very empty. A perfect time to travel and reflect. It's just me and the road.. Good music on the radio makes the trip go much faster, and it makes the Sight easier to concentrate upon. I love the sound of the engine on the highway, and the way the trees look under the starlight. There's something special about the way the miles are chewed up beneath the tires and the flashing of the roadway lines as the highway passes beneath me. If there was a perfect life, it'd be that journey.
The evening of New Year's Day Lyssa and I set off for her home down south,
on the outskirts of the college she's attending the masters programme of. The
part at John and Lara's place wrapped some time early on New Year's Day, none of
us really know when. Most of New Year's Day was spent lounging around talking
and eating the remains of the feast we'd bought at Whole Paycheque
Foods the night before. At some point we headed back to the Lab to
see my folks again and wound up hanging out and talking with them. I took a
quick shower and packed for the trip south, and then we set off from her
family's home in Pennsylvania to shorten the trip. Lyssa packed and we got the
car loaded up in what felt like record time. Her proximity to the border
shortened the journey considerably.
Our first stop was at a nearby Chinese restaurant for dinner before we set out for Maryland called Lam's Garden. Their food was quite good; the pot-stickers were cooked to perfection, the hot and sour soup not too spicy, and the kung pao chicken done to perfection. I need to ask Lyssa the name of the shrimp dish she had that night.. afterward we aimed southward and headed for the border and a well-deserved vacation. The trip down to Maryland took us about four hours, counting a stop-off for petrol somewhere in Virginia. I think we arrived at her apartment shortly after midnight EST, and after emptying the stuff in the back seat of my car we collapsed in bed from exhaustion.
The next day was spent roaming around the campus. First we stopped off at Plato's Diner (I don't know if there's really a website there, I'm guessing there is because they've got a valid domain; yes, I'm lazy today) for lunch. They've got excellent Greek food there, I strongly recommend stopping in for a meal or two if you're in College Park. Next was a trip to the local comic book store (come on, you're surprised?) called The Closet of Comics, at which we happily browsed the shelves looking at all the new stuff. I picked up a bunch of back issues of Ghost in the Shell 2: Man/Machine Interface to fill out my collection and found issue #6 of X by CLAMP in a clearance box. Because I was wearing Lyssa's Gem and the Holograms t-shirt (which I've got to pick up, now that I know I can pull it off <grin*>) we got into a conversation with the owner (Steve?) about 80's cartoons. As it turns out, he's also a fan of one of my favourite series, Galaxy Rangers. He's looking for episodes on tape; I've got a few squirreled away. We're going to talk again soon...
It felt good, wandering around the city with Lyssa.. we were wearing the clothes that we'd picked up a few days before, the bondage pants that she'd bought for me at Torrid. It felt good to go around in my war jacket again.. just like old times. Some days I feel like a throwback, others like my body's sixteen again. Dupont Circle is one of my favourite places in the country, hands down. Yes, we got lost; it's been a while since I've been there. We eventually found the Lambda Rising bookstore down on Connecticut Avenue and wandered around for a while looking for a particular book. It felt both strange and oddly natural to be hanging around an LGBT bookstore. There has to be at least one in Pittsburgh but I don't know where it is. The other reason is that I'm bisexual but hanging out with the 'mainstream' of queer society, as some would put it. Maybe I'm on the fence, but I really don't care. If people have a problem with me there's a certain device node in /dev called "null" that they can send their comments to.
Anyway, they've got some good stuff there. If you're in the area check out the store and get a business card, because there are actually four Lambda Rising bookstores in the general area (DC, Delaware, Maryland, and Virginia). E-mail me privately if you'd like to find out more.
I sort of regret not looking up Rialian while I was down there. Oh, well. Time being what it is, we didn't have much time to do so, anyway.
By the bye, please forgive the slight disjointedness of these updates. I'm trying to do a number of things at once right now on about six hours of sleep. Also, the memories are not quite as fresh as they usually are, which helps little.
Lyssa and I wandered for a good couple of hours around the Circle, seeing what there was to see. The weather was beautiful - not too warm, not too cold. A wonderful day to get lost if there ever was one. We found the stores that we were after and picked up a few toys for later.. while they weren't the ER Room, Pleasure Place and the Leather Rack come pretty close. Pleasure Place is mostly clothing and novelties; not much in the way of toys but they do have a small selection of hard to find scene-related books. They're worth seeking out only for that reason. The Leather Rack has a lot of nice toys at a fairly decent price. Their clothing, while nice, is a bit overpriced. Stay local for that sort of thing if you stop in while you're travelling. Lyssa and I met some nice folks who were also from out of town while we were there, and spent a good hour or so talking shop and making friends. They gave us a few leads that I plan on running down. Good folks. Later that night we nosed around the Oriental shoppes and picked out some munchies for the ride home. There are some good delis in the area as well, where you'll pay relatively little for extremely fresh produce. Try the Asian pears; they're the size of softballs, firm, and juicy. They also tend to go bad rapidly, so don't save them.
Saturday was spent on the road. We were supposed to hook up with the.Silicon.Dragon and Elwing while we were down there but Lyssa and I slept in and consequently we were late. We didn't get going until the early afternoon, where we were snared by traffic for the better part of two hours. My lack of knowledge of the area's roads didn't help any. The beltway, apparently, is made up of two concentric rings of roads (one inner, one outer, leading in opposite directions). We got on the wrong ring and wound up far out of the way. Thank the gods for decent cellular coverage in DC, we called Elwing and she managed to lead us in the right direction. This pushed our plans back a few hours, which wound up not being such a bad thing. Running on empty as we were, we hit up Eatzi's, which is a strange mixture of grocery store, deli, coffee shoppe, and restaurant. The premise of Eatzi's is that you walk in and pick up or ask for whatever you like, pay for it, and then either take it with you or eat at one of the tables up front. It's easy to be overwhelmed there due to the sheer variety of stuff both in the deli and sitting out to be picked up. You can drop $30us there and get enough food for four, though. Everything they have is excellent; try it all, but not all at once.
I enjoyed Return of the King very much. It wrapped up the trilogy of movies nicely. To reiterate, the rumours of there being footage of the razing of the Shire or the razing of Isengard Keep are false. There is no footage after the credits. Pass it on. I really don't have too much to write about the movie because a lot of it would wind up being spoilers. That aside, I'm also really not that much of a Tolkien fan. I can read him and appreciate his work, but I'm more of a sci-fi fan.
After the movie was over the five of us (Brian, friend of Silicon and Elwing was with us) went to Hinobe (I think; the typeface on the card is weird), which is a Japanese hibachi restaurant in Rockville, MD. The food there is excellent, but be prepared to spend at least $50us for two. The chefs prepare the food at your table, and they're very good at what they do. The one who was cooking for us had a definite sense of style; once he put his 'game face' on there was no distracting him from his task. It was a pleasure to watch him in action. No wasted motion. No break in concentration. Tasty food, too. Afterward the urge to play pinball struck us after a discussion of the Revenge from Mars pinball game, so we drove to the local Dave and Buster's (don't feel like finding a link to the homepage) to get our fix. We spent about three hours there playing pinball and sundry other games and having a good time. Elwing cleaned up when it came to tickets (I forget which game), and I got to do something that I've never done before: Gun-fu on a shooter game. Got through three levels before getting bored with the game, too. Try it some day.
The next day was, thankfully, spent mostly lazing around the city. Lyssa and I went out in search of an Indian restaurant near the college campus, and stumbled across a small Afghani deli called Food Factory II after we found the restaurant that we were looking for closed. FF II isn't much to look at either inside or outside, but those are the best places. The food is nothing short of amazing, down to the kebabs piled waist-high in the display case. The chicken jalfreezi is nothing short of amazing, and the samosas are pretty good, too. If you're ever in the area, pick up a few as a snack. The gentlemen behind the counter were very patient with us as we looked around and eventually made up our minds (mostly because I can't remember the names of many dishes, as much as I love Indian food they escape me for some odd reason). It's definitely one of College Park's best kept secrets. Their selection of sweets (ye flipping galloping Elder Gods, my sweet tooth has been on a rampage this past week) is quite tasty, and sold by the pound. Lyssa doesn't much like Afghani desserts because they're too sweet for her tastes; personally, I love them. I love the taste of rosewater and honey. It's an uncommon combination. I avoid eating them because I love them... you see where this is going.
Basically, I deliberately backslid for New Year's. In a lot of ways, it's time to start over, and that's one of them. I need to hammer through some problems if I'm going to get anywhere, and I may as well start warming up for the challenge now.
I don't stop.
Which brings us more or less up to the present. Last night Lyssa and I watched Pirates of the Caribbean and ordered pizza. That was a perfect way to finish vacation, with a couch picnic and someone I care deeply for. The goodbyes get longer and longer...
Okay. Now we're caught up. I took today off to recuperate from the trip home. I'm catching up on everything now, and I go back to work, if the gods are feeling kind, tomorrow.
The Lovers often refers to a relationship that is based on deep love - the strongest force of all. The relationship may not be sexual, although it often is or could be. More generally, the Lovers can represent the attractive force that draws any two entities together in a relationship - whether people, ideas, events, movements or groups. For a full description of your card and other goodies, please visit LearnTarot.com |
What tarot card are you? Enter your birthdate. |
Dead on.
2004/01/04"No! Stop! I still function!"
I'm still alive, everyone. I haven't had to regenerate; I haven't been killed by a rampaging cult or someone from my past; I'm relaxing on vacation, enjoying good food, good company, good toys, and good movies. I plan on heading home this evening (Sunday, 20030104) and staying at home to recuperate the next day.
One entry while I'm connected: There is nothing following the credits of the theatrical release of Lord of the Rings: Return of the King. Nothing. There is no footage of the razing of the tower. There is no footage of the razing of the Shire. There is nothing but the big, blue screen that says what the movie is rated. The rumours of things following the credits are false. You do not have to stay all the way through them; go ahead and leave the theatre by way of the bathroom.
Happy New Year, everyone.
I'm in DC right now and it's actually very early on the second. More to write when I get a chance.
I honestly hadn't expected yesterday to be so busy or stressful as it turned out by the end of the day. Things haven't been going well at work lately and there's a lot to do before the end of the year to make sure that nothing breaks over the holiday. By the time I got home I was run ragged and feeling like crying for the first time in a long, long while; a situation which amounts to having Demonseed Elite in geostationary orbit over one's head has a way of doing that. The specifics of this I'm not allowed to disclose due to my NDA, but suffice it to say that I'm not sweating bullets, I'm sweating enough molten lead to make enough to fill a clip or two. Enough.
I was greeted at the end of the day with a voicemail from Lyssa; she'd planned a dinner outing with some folks and asked me to meet them at John and Lara's after I got home from work. After getting in the front door and fending off Sadie I jumped into the car and headed out there with some trepidation (the stuff that I needed to get done last night). Lyssa and Azanti were already there and John shortly after left to pick up Lara from work. Much of the time was spent trying to come to grips with what had been going on and figure out what would be happening that night. We eventually settled on a small Italian restaurant that I'd never heard of before, Mariani's. Mariani's is small and simply decorated, though the wealth of scents in the air was telling: This was a family restaurant, with food done right and in fairly large quantities. The food is not only done right, it is excellent, and extremely affordable. Coffee, a salad, and a plate of four different kinds of pasta came out to $12us, with plenty left over for a meal the next day. The marinara sauce was excellent, down to the chunks of tomato in the sauce (the fact that all that usually gets made around the Lab is meat sauce made it even more welcome to my palate), and the bread was tasty and moist. I really think I like that place... afterward we stopped off at Whole Foods to pick up stuff for tonight. I'm going to be baking tonight for New Years and I need supplies. Unfortunately I wasn't able to get anything because I just didn't know what I needed.
That's the problem with going places: I don't get done stuff that I need to (in this case, checking the pantry to see what I had to get and copying down the recipes I was going to prepare so I knew what would be necessary). As expensive as Whole Foods is (I can see why people call it 'Whole Paycheque'), most of it is organic and seems to be excellently prepared (like the stollen.. ye gods!).
By the time I'd gotten home it was almost 2200 EST and I was in a rush to get a few things done. I scribbled down the two recipes I was going to make for everyone in my travel journal and gave some thought to what I might need, though not nearly as much as I should have. That's going to have to wait until tonight, when we head out again to stock up. I still haven't balanced my chequebook, which is going to be necessary for vacation in a few days' time. Fern's book of shadows is nowhere near complete, and probably will not be until after I get home. I have to finish taking pictures of Pegritz's Deep One in a Bottle and get it to him somehow; shipping wi
I am The Lovers