Well, I made it through another week, a little shaken up but otherwise all right and I sincerely hope getting back on the right track.
I learned another lesson today, and one that I'm going to put here lest I forget it again. One of my basic axioms of life is that whenever you go for help of any kind, be it stabilising one's position or looking to change it, the ripple effect applies. There will be repercussions.
Another lesson that I learned, more or less at the same time, is that these repercussions are both positive and negative. Yes, they hurt. But they can also help you orient yourself, no matter what you're doing. That's something that I'm going to have to reprogram myself to keep in mind, but more on that later.
Yesterday, my manager at the temp agency came to the office to talk to me with regard to a phone call placed before then - I was asking for reassignment. The two of us had a good conversation, and he explained to me what was going on and exactly why I was still there.. that straightened everything out for me. Because my boss at the county was MIA (his office was being redone by the work crew, leaving the staff therein temporarily displaced), I didn't know where he was, and I wasn't able to tell my manager at the temp agency where he was.. so they didn't meet up. And word wasn't exchanged...
That turned out to be bad.
My boss at the county was under the impression that I was leaving - no word, no message, just gone. I thought my manager at the temp agency had gotten in touch with him to tell him, and failing that I had planned on telling him at the meeting scheduled for this morning.. which I did. Later than I'd hoped and not under the circumstances that I'd been hoping for, but I did.
The biggest problem is communication. I'd better explain myself on this one.
I'm a low head on the totem pole. Moreover, all of my experience has been in relatively small networks (30-50 nodes, counting network infrastructure (hubs, switches, what have you)). I'm now working in an environment where there are so many nodes, I don't think anyone knows for sure how much stuff is out there. With that increase in size comes an increase in personnel, and an increase in stuff going on, day to day activity to keep everything running smoothly. Because I'm low on the totem pole, it seems to me like their stuff is more important than anything I've got that's not an emergency; hence, I try not to bother folks higher up than I am. Seems logical, right?
Not really. Nothing could be farther from the truth, in fact.
Communication, I am coming to understand, includes the "Hi, how's your father?" stuff as well as "Hi, is there anything that needs to be done?" and the inevitable "Oh, shit."
There's been a lot of the third, not enough of the second, and little of the first. That's not good. Some of that is situational, but a lot of that is my natural tendency to try to avoid bothering people unless there's no other way. Yes, this has lead me to fuck up in the recent past; I admit that freely. I wish I knew how to make it up, but it's dead and buried. The only thing left is to pick up the pieces and see what comes next.
While I'm posting what amounts to the source code for my social programming, I get panicky in situations that appear antagonistic (whether they really are or not - perception, flawed as it can be, is everything). This leads to two things: A return of the stutter that I spent so many years fixing, and panic, which leads me to babble like an idiot. This usually takes the form of trying to give background to explain the (convoluted) logic (or what passes for it) behind what I've done. This just makes things worse (seen playing back today in full recall a few times).
In panic, anything is possible, little of it good. This not only drags out the situation, it makes things worse. It's also impossible to explain at the time that I'm not backpedalling, I'm having a panic attack. If someone else who is involved is angry, that doesn't help things any.
Even as I write this now, with my perceptions filtered through the state of mind required to type, I can still feel the atavistic effects of a panic attack in my body, fuzzy and far away though they may be: Elevated pulse, increase in body temperature, and difficulty breathing. If I take my fingers away from Leandra's console I can see its hands shaking visibly. The memories alone are enough to trigger the response. If anyone is curious about the origins of this, please contact me privately. Suffice it to say that several years of percussive mental programming can do unusual things to one's interpersonal skills.
The solution to that problem is simple in concept, but will be lengthy in practise: Reprogramme my mind so that confrontation or confrontation-like situations do not cause panic, thus, not leaving me a babbling idiot who could possibly have a cerebrovascular accident at any time.
To distill it (more for my benefit than anyone else's, bear with me here), the reason I'm a fuckup is because I'm scared out of my wits, and being scared isn't conducive to either rational thought or clear communication.
There, I've said it. I'm damaged goods.
Now to figure out how to fix this... aversion therapy, while difficult and just as likely to give me a stroke, will eventually burn this fear out of me. The odd flashback I think I can handle, or at least I think so. I handle them at least twice a week, and have for quite a few years. If I can explain to those who really should know (bit of an oroborous there), that'll kickstart the process, though it'll take a few starts before I get anywhere. That would best be done outside of work - at least in the beginning stages, it has no place there. I could use biofeedback to arrest part of the fight-or-flight response triggered if I had a minute or two to concentrate (biofeedback is one of the things that I'm glad I learned along the way because it has so many uses; it's practically the Swiss Army Discipline); keep the hearts' pulses down and regulate breathing, and the feedback loop will lessen the surge of adrenalin. My body's feedback and control systems (speaking of cybernetics in the original definition of the term, systems that control themselves by using feedback from the environment and their own responses as input) will eventually learn that there's no reason to be going off. Learning some useful social skills beyond the bare minimum is also in order.
That's it in a nutshell, I suppose. Those of you who've never met me face to face are now thoroughly confused and might think that I'm a loon. Those of you who do know me are probably nodding your heads thoughtfully and saying, "It makes sense now." To those of you who this has befuddled for some period of time, I would like to apologise. I hope that it makes sense of some things. I sincerely hope that you'll stick with me as I work through this.
Heads up, con-goers: Registration is now open for HOPE 2004. The con will be held 9-11 July 2004 at the Hotel Pennsylvania in good old New York City. The 2600 crew is rounding up speakers and volunteers, so if you've got something interesting to talk about or just want to help out let them know soon. You might want to reserve your hotel room soon, too. Registration is $50us per attendee, and can be done either on line or at the convention.
Here's something that's thirty-one flavours of creepy to think about - in the Pinellas school district children riding the bus will have to have their fingerprints scanned with a biometric reader to disembark. That's right, to get off the bus they have to press their thumb against a scanner (there's an excellent image of one such unit at the head of the article). The idea behind it is that they'll be able to keep track of who gets on and who gets off (and where, thanks to a GPS unit correlating stops to geographic positions). Barry Steinhardt of the ACLU was quoted as saying that this conditions children into thinking that they have no privacy or right to same, and I'm rather inclined to agree with him. It's one thing to keep track of kids but bus drivers have never been particularly good at even keeping buses under control (at least where I attended school), let alone keeping track of who gets off the bus and where. Also, just because you know a kid got off at a certain point doesn't mean that they're safe. If someone's going to kidnap a kid they're going to grab him or her after they get off the bus; knowing where it happened won't be of much help in recovering them. It also won't deter possible bus hijackings (like the one that happened in Pennsylvania back in 2002, which the article mentions).
This should have made the national news but didn't.. a bunch of high school kids figured out how schools and businesses in Raleigh, NC posted closure and delay notices on Channel 14 during the snow storm a few days ago and decided to have some fun with it. The television station has a website that you had to register for online; once that was done it was possible to then change the essential information on that account (name, address, et cetera) and post your own messages. Some of them were screamingly funny, others were in-jokes or bad net.humour. Warning: Some of the images aren't work safe, so view at your own risk. l337sp34k is all over the place, and such businesses as Unnatural Intrusion Security and Tutone, Incorporated ("Call Jenny at 867-5309") appeared on the morning news, much to everyone's consternation. Way to go, guys.. that's one of the most amusing things I've seen yet this year.
Greetings, readers from Oracle!
I'm up, around, and mobile. Nothing's changed yet. I've done all that I can from my end of things, now it's up to those I've spoken to. I can feel it swirl around me like a wisp of smoke, now - the sense that something's going to happen soon, though I do not yet know what. I want to say that it feels like possibility but I don't know what it is yet. It's change on the road before me, but in what sense I do not yet know.
I'm sick; I'm tired; I'm worn out like an old but somehow reliable tool. But somehow this emboldens me. I can still feel a little hope.
Well, I got a response from my phone call to the temp agency yesterday. Not the response I'd been expecting, exactly (I thought they were just going to call the office and talk to the guy in charge of the temps) but a response just the same - my manager at the temp agency came to the office to talk to me.
I was quite surprised by this development, and not only because the wiseass who came to let me know that my manager was there told me that the county police were standing outside and wanted to speak to me. It's not just pianists that can train-wreck.
It took us a while to find a quiet room to talk in. Suffice it to say that we had a fairly involved conversation about what I'm doing at work right now as opposed to what I was originally hired to do. From what I was told, I'm working as an analyst at the county only because they can't afford to hire a real one, but I'm the closest thing there is. Okay. I can understand that; having never had a staff of my own I'm fully aware of how much it sucks to be the only one doing everything. A few things about my job performance also came up in conversation, which we put to rest in fairly short order. Suffice it to say that I'm just a temp.. I was given the opportunity to resign if I chose, but if I did there's no guarantee that I'd ever get another assignment due to the number of people in the agency's queue. On one hand, I'd like to go off on my own for a while; on the other hand, however, I have to pay the bills and somehow squirrel away money for the future. Suffice it to say that I'm still working there.
I'm still searching, but I'm still there.
At least it's not my head on the chopping block, or if it is it's somewhere off to the side and not squarely over the basket. I'm really hoping that we can get some more lines of communication open so I at least have a better idea of what's happening, and more importantly, what's supposed to be happening. But now I'm rambling.
Not only odd, but very addictive: Grow. Be prepared to spend a few hours playing around with this.
After a discussion with Lyssa last night, I've decided to cut my exercise regimen back to two days per week (from three). Lacking the time to do quite a few things, I'm going to have to free up some time to get them done (i.e., studying for my CISSP certification (coming back into the foreground next week) and job hunting). I'll lose an outlet for tension and excess energy (not that I actually have any excess energy these days) but I'll hopefully have less stress and get some more done. Also, if I bottom out again, I'll hopefully have programmed my mind to spin down a little bit to rest. I have yet to figure out how to build a liquid cooling system for my headware (though I'm working on it in those moments between clock cycles) but once I do I'm off to the patent office.. <grin> Then again, that might be a bad idea: They might become mandatory enhancements to IT folks just to stay active longer.
So tonight I'm on the prowl, unfortunately with no bass growl (tip of the pin to the folks who get the referece). But at least I feel better about life for the immediate future.
Not even close.
I was going to write something intelligent and sound about today, but the truth of the matter is, I'd be lying.
I'm burnt, fucked, and ground up, excuse my language.
I'm in well over my head right now and I can't keep my head above water. It has taken me several months to come to this conclusion, but I'm no analyst. As much as IDSes interest me, I don't have what it takes to keep up with them and find the necessary patterns in them. It's difficult enough learning one's way around a new network, but I've found it downright impossible to learn one that's fully the size of this state. I think I've found a pattern of interest, and it really isn't. I think one's not, and it winds up being a nightmare of a puzzle to unravel. I'm best in MIS, management information systems. You want a system built to spec, fine. I can do that. Recable a LAN? Sure, I can do it. But as a full-time security officer, I can't cut it. I don't have the temprament or the experience to do it.
Earlier today I put in a phone call to my temp agency and asked to be reassigned. I explained it as best I could on the phone; now it's out of my hands. I'm just concentrating on keeping things held together at this point.
This isn't an easy thing to admit. It's a serious failing of personal honour to not be able to do something, for me. I can't do it. There. I've said it. That's the last of my credibility and my inner strength right there. I'm out of my league.
I'm going to bed.
Today seems to have gotten off to a good start. Only time will tell.
I'm still amazed at how nice it's been lately. It was rather cold yesterday morning but the day finished in the mid 60's Farenheit, and this morning it started at 52 degrees Farenheit. It's so nice, all you need is a turtleneck and a coat to be comfortable while walking around. I've been getting some wear out of the leather duster that Dataline gave me for Yule lately. I just have to add my rose pin to it.
I really hope this keeps up. I'm sick of all the cold weather. It's time for a change. It's also nice to see some sunlight in the mornings whlie waiting for the bus into the city. I'd almost forgotten what it was like, watching the sun rise over the city.
In leafing through the issue of Previews (which is cross between a trade magazine (in this case, for the comics industry) and a teaser collection) I noticed that the final trade paperback collection of Transmetropolitan will be out on 19 May 2004. Neat.
You can build all the security in the world into a system, but if the users accidentally turn off some of that security you're just as vulnerable as if those countermeasures weren't even there. The latest slew of worms for Windows is proof of that - they don't exploit anything but the users' tendency to open attachments. As tech support folks say offline, PEBCAK - "Problem exists between chair and keyboard." I'm not one to throw stones when I'm standing in the middle of a field - I've done exactly the same thing. Stupid things. I've had to rebuild systems as a result. I'm not throwing slag randomly, I know that I'm going to have to dump some on my own head. That said, there's a lot to be said for the user interface, and for making it difficult to turn off security options - Microsoft does a good job of that (when those security options are on by default, or when an admin sets a global policy to lock things down on a domain). The point is, it's easier to exploit the users than it is the code. Once you've got a good plan worked out and ready to go, you have to start changing things to implement that plan. That's actually the hard part, not breaking what you change, given how tightly interconnected system modules get after a while. One thing about this article is how poorly the author tries to use The Lord of the Rings as a metaphor - it just confuses the issue. If I may clarify his point on this, the point is to use what you've got as best you can before you start bringing in additional measures from the outside. If your systems' password policies can be configured, for example, then exploit that as much as you can before you start bringing in modules written by third parties. If you want to set up a firewall on each host, see if your OS supports this natively before you start looking at buying licenses of personal firewalling software. Purely technical fixes are not always what you need - sometimes you have to sit down with the users and train them, and hammer policy into their heads until they get it. That way, if and when something does fail, they've at least got the knowledge to know what went wrong and won't blame the firewall when it's an Outlook bug.
The powers that be are going to have electronic voting machines put into use one way or another, regardless of what anyone tells them. If you read my memory logs regularly you've no doubt noticed that I've been keeping an eye on the general insecurity of electronic voting apparatus in America and what's being done about it - plastic sealing tape is being done about it. As far as anyone knows, the bugs aren't being fixed in the code, and no one's offically auditing the code. The only measures being taken are wrapping the units in tamper-visible tape and setting them up. There's nothing that says that someone can't score another roll of tape, mess around with the units, and wrap them back up again. There also isn't anything that says that an unscrupulous insider can't tamper with the results after the units are packed back up and shipped out. This isn't going far enough, I'm sorry. There is too much opportunity for abuse as things stand right now.
Technology afficionados have been talking about RFIDs, radio-frequency identification tags, which are minute tags that respond to certain radio frequencies with a coded signal that uniquely identified whatever the tag is attached to, like an item in a grocery store or a credit card. Because these tags respond to radio frequencies with varying degrees of accuracy, they have been known to cause all sorts of trouble, in this case the RFID tags embedded in US currency were setting off antishoplifting security measures in a truckstop. They can also set off the hand-held detection wands carried by private security officers. The folks who wrote this article were so annoyed by this that they decided to try to wreck the tags on the cash that set off the alarm by putting them in the microwave fo ra few seconds. The pictures attached are most interesting - the money is badly burned, centered upon the right eye of the image of president Andrew Jackson, where the RFID tag is locatedon each bill. This seems kind of paranoid to me, and the name of the site (Prison Planet) reflects this, but I find the pictures interesting. The US government's been talking about using RFID tags as anticounterfitting measures for a while now, so I can't say that this surprises me too much. However, the emitters inside microwaves are tuned so that most of the RF energy they output goes toward a single rather large point in the middle of the chamber. These bills were placed in a stack in the middle of the microwave; hence, the burn pattern is consistent with several beams of microwaves converging near the bottom of the stack of bills, so it might not have been the RFID tags going up but the paper combusting as a result.
That's assuming that the whole story's not jetwash to begin with, which I would not say is impossible either. Or at least, the product of not knowing much about RF technology.
Target: Human! Mission: Destroy!
You would think that someone who had a thing for time (like me) would have been all over yesterday, which happened to be 29 February, the hallmark of leap year.
As far as I'm concerned, yesterday didn't happen. On my one day to sit and rest and do something that I generally give a damn about (like studying or going for a drive) I got hijacked to clean the house.
Hijacked by someone who doesn't have the energy to carry two bags out of ten or twelve of groceries, but you can bet the last bit in your registers that she has an extra bag of potato chips in the house and she knows exactly where to find it in a hurry.
And now, I think she's looking into the Atkins Diet. The irony tastes of something, but it's certainly not bourbon.
At least I had the house to myself for a little while last night. I got some stuff cleaned up, had dinner, and did a little reading.
As far as I'm concerned, that's not home. That's just where I happen to sleep at night. I've got a lead on an apartment nearby but my assignment at the county is almost up and knowing my luck, it'll be over the day I move my stuff out of the house and into the apartment.. and then I'll be screwed.
I never thought it would be possible to hate someplace so much.
I'm not the only one who's in a bad mood right now - Fyodor, creator of the portscanning utility nmap has pulled SCO's rights to distribute the utility on their open source software supplemental CD-ROMs. A few days ago he posted to the mailing list Bugtraq as well as to the nmap website that because SCO refuses to honour the GNU Public License, he's revoked their rights to redistribute it in any form. He's also pulled support for SCO Unixware from the utility's source code, so it cannot be trivially recompiled on a SCO box by third parties (read: SCO's customers).
Sometimes the gifts that keep on giving bring more than joy the whole year round. Not too long ago, a message infected with the Netsky.B worm was accidentally sent to a mailing list for the UK partners of the antivirus software firm F-Secure. The copy of the worm was sent by a list member who hadn't yet realised that he was infected. The SMTP server that hosts the mailing list isn't set up to scan incoming messages, so it snuck through without any trouble. F-Secure posted an apology to the same list not long after that. Oops.
As time passes things seem to get smaller and smaller and smaller.. and not just the stuff made in factories. The Pixelito is a miniature remotely-controlled helicopter that masses about 6.9 grammes, is made entirely out of off-the-shelf microelectronic components and carbon fibre twisted into a frame, and is about the size of your average pet hamster. That's right - some of the pictures on the page show a hamster posing next to the Pixelito, and they're about the same size. Even the tiny gears that drive the prop and tail rotor are made out of carbon fibre and the odd scrap of recycled plastic. The electric motor that drives the props is a vibrator motor from a pager; the tail rotor was formed out of a sheet of ABS plastic and is so light that it doesn't even register on a chemist's balance. Instead of radio frequency circuitry to provide the control channel, an infra-red reciever smaller than the builder's thumbnail is used to relay control signals to the craft. This is one of the coolest examples of hack value that I've seen in years..
In sitting here trying to ignore the fun and games going on because the office manager is away on a business trip, it has occured to me that I could blow the minds of everyone in this office without even trying. I won't get into exactly what it is that they're asking each other or what they're joking around about, but suffice it to say that I've actually done enough of it that I could give them a fairly deatailed how-to, including what not to do and why. It would get me thrown out, in all probability, but their facial expressions would almost make it all worth it.
Suffice it to say that baby oil and a brand new razor are the best things you could use when shaving...
That's it. I'm putting in for a transfer.
Tired. Burned out. I feel like I've got a memory leak in my headware and the kernel's slowly swapping the contents of my mind to disk and forgetting where it put everything. Everything's running in slow motion or at least it feels like it. It's not easy working up the volition to do anything complex, I just want to shut my mind down and leave it off.
Still trying to orient myself in life. I've not been too successful, at least not yet, but I'm trying. That's all I can do - try.
About a week ago, the First Child sent me a belated Yule gift. The local mail carrier wasn't able to deliver it because it'd come from abroad and needed to be signed for. Due to the fact that I tend to not be home more than I am, I wasn't able to do so, so he returned the package to the local post office for pickup on my part. Jump forward about a week; I finally made it out to the regional post office, two days after the drop-off slip said that the package would be shipped back to its sender, and after a short conversation with the chap behind the counter picked up my package.
Note to self: Accelerate the completion of my plan. My interim state of existence is posing some difficulties when dealing with government employees in post-9/11 America.
After my weekly trip to the supermarket to stock up I hit the local comic shoppe to check on my subscriptions. The latest Kabuki series isn't out yet; the latest edition of Voltron was waiting for me, along with the latest edition of Previews (which is a comic book trade magazine that talks about what's coming up, unsprisingly), and to pad out the minimum card order volume eight of Transmetropolitan.
By the time I got home, got everything unloaded and put away, and cleaned Ziggy's litter boxes, I sat down to crack open the parcel that First Child had sent me.
Chocolate. Lots and lots of chocolate. Enough to get me through every hormonal crisis laying in wait for me this year.
Ye flipping gods, First.. thank you. Thank you so much, from the bottoms of my hearts.
Now I need to figure out how I'm going to reciprocate without going broke in the process. I may have found a lead or two on a good price for shipping, but then I have to figure out what to send. I can always make another batch of cookies...
Chirp chirp chirp!
Today's been a bit of a bust. I was supposed to take Silaria and Deb to B'witche's Tavern tonight, but Silaria's up to her neck in schoolwork right now and not able to make it. Consequently, Deb's incommunicado. Swift Fox is out and about right now. Needless to say, it didn't happen. My next plan was to go on the monthly Bi Night Out, but that fell apart somewhen this afternoon. I wish I'd known before I drove all the way out there, but oh, well. It happens. I drove home and sat down to fix things up a little. I bagged a load of comic books, and rebagged the old ones with acid-free cardboard backings to protect them more, then threw some old stuff out and stuffed some documentation into a binder to get it out of the way.
Damned carpal tunnel syndrome. Damn it all.
In one of the last things I expected to read this morning when I hit the news feeds, one David Jeansonne of Louisiana was arrested and charged under the USA PATRIOT Act for crafting and transmitting a malicious e-mail attachment that targetted users of WebTV (now MSN TV) - the exploit, disguised as a utility to change the colours of the WebTV interface, actually caused the units to dial 911, resulting in false alarms. This little nasty was written to get back at 18 users whom Jeansonne was said to be in a disagreement with In Here. The exploit was designed to mail itself to the other users he was fighting with, to ensure that he got them, though it was forwarded to three other people not involved, resulting in twenty-one separate incidents. Because this stunt involved the 911 service, which is used in the US for reporting emergencies to request assistance (no jokes or rap lyrics, please) the Department of Homeland Security is coming down on this guy like the proverbial tonne of bricks. Jeansonne was released on $25kus bail, and is expected to appear in federal court sometime today. As much as I love a good practical joke, what he did was stupid. The twenty-one people whose units were dialing 911 were typing up phone lines in the 911 centre that could have accepted calls for help for people who had been in car accidents, having heart attacks or strokes, or were bleeding out. It might have cost some lives - we'll probably never know. I have a problem with the USA PATRIOT Act being used against him (I don't think that it was on a large enough scale to be called 'terrorism') but he does need to be punished.
Just a quick update: America On-Line says that they've got the Bizex worm under control. Users don't have to upgrade or download any patches, they've taken care of it on the server side. Kaspersky Labs, interestingly enough, says that it hasn't recieved any reports of the worm from their customers - so how did they write this yesterday?
Well, it's the end of another day. What's more, it's Friday, at long last. Today passed in a haze of music from my CD/MP3 CD-ROM player, IDS alert trend analysis, and good old-fashioned Perl coding. For some reason, there are really two things that get me through my day, music and hacking code. I don't get to listen to music as often as I would like to anymore, so every chance I get I take it. I decided not to cram my brain with more CISSP stuff today, partially because I felt mentally exhausted and partially because holding a heavy book open with one hand and writing with the other, the whole time trying to keep from sliding bodily out of my seat on the bus, coupled with typing for nine hours every day (at a minimum) has been destroying my wrists. I've taken to dosing my body with Tylenol Arthritis again just to make it through work.
That's not good. Ordinarily I dislike using drugs of any kind for any reason, preferring to use biofeedback and self-hypnosis, but I haven't had the mental clarity to do so lately. When the preferred tools are lacking for whatever reason, use the ones you have as best you can. So it's aspirin cut with a large dose of caffeine instead of inert cornstarch.
Ironically, I'm now laying here typing. But I digress.
I'm hoping to spend the weekend resting and recouping whatever strength I can. I've been relaxing with comic books, mindless movies (Mortal Kombat), and ice cream.
I noticed something watching Mortal Kombat tonight: In the credits, there is a position listed that was filled by a Colonel somebody-or-other that came as something as a surprise. A movie censor. Yep, in those words, 'movie censor'. Censored what, I have to wonder.. the violence? Something more subtle? It makes me wonder what ws cut out. Or if anything was cut out, and the listing was an easter egg of sorts, to see who would stay long enough to notice it. Or if anyone would notice.
But now I ramble just to have something to say. Bedtime.
I must admit, I could be wrong in my opinion on cyberterrorism. Just because no one's tried any Tekwar-style stunts yet doesn't mean that it can't happen in the future. However, I still wonder why people tie such critical systems as building alarm computers into the Net where the possibility of penetration is very real. In a few days' time the US government will be releasing an NIE document (National Intelligence Estimate) on the possibility of attacks against the US information infrastructure. The going opinion of senators John Kyl (chairman, US Senate Subcommittee on Terrorism, Technology, and Homeland Security) and Dianne Feinstein, who are fairly highly placed in the US government, is that DHS isn't taking the idea of cyberterrorism seriously enough. Okay. Fine. That's understandable - Achilles didn't pay attention to his heel in combat, why should they make the same mistake? The thing about the story that gets me, mostly because I haven't been able to verify it yet, was that they mention a specific incident that occurren on 3 May 2003, where two people operating out of a net.cafe in Romania had cracked the network of a trucking company in Pittsburgh, PA (which also wasn't mentioned anywhere that I know of) and then hit the National Science Foundation's network. So the story goes, they compromised a network that controls the life support systems of a research facility in Antarctica (McMurdo Sound?) and also copied some sensitive information, which they used to prove their claims in an e-mail to the NSF itself. They threatened to expose the information they'd stolen unless they paid some amount of money to them. The FBI tracked them down and arrested them in June of 2003.What bothers me is that something of this magnetude would have hit the news. This tale seems very deus ex machina to me - appearing out of nowhere to make a point. It'd also be a serious enough incident that it would be talked about in a lot of places (like the risks digest, the vuln-dev and incidents mailing lists at Securityfocus, and probably the full-disclosure mailing list (read that one at your own risk) as the prime example, which would have put to bed the 'is there or isn't there?' controversy right off the bat. Also, the fact that there are (or were) computers controlling critical life support systems accessible from the Net doesn't wash with me. Why would you make such a computer accessible, when you know that its failure or compromise could cost human lives? Even the DoD orange book standard mandates that systems above a certain level of importance should not be hooked up to a network at all.. this doesn't make sense.
Afficionados of instant messaging take note: There's a new worm making its rounds called Bizex which uses the popular instant messaging software ICQ to travel. The attack begins when an infected system contacts someone in the contacts list on the system via ICQ and sends a message containing a URL to go to a particular website. The website is engineered to exploit a pair of vulnerabilities in Windows to install and execute the Bizex executable, which starts the process all over again. Please note that the worm only attacks true-blue ICQ clients, not clients that are only compatible with ICQ (like Trillian). While the worm is installed on the system it scans all open windows in the hopes of finding information regarding a number of different online payment systems, which it records and later transmits to someone Out There. It also sniffs SSL-encrypted web traffic in the hopes that the user will, at some point, go to a bank's net.services website and log in. There's an excellent writeup of this little nasty here.
I honestly don't know what to say to this, a claim that exploits are released after patches are because crackers are too lazy to find holes on their own. Crackers do not reverse engineer patches, they dig through code to find the latest and greatest vulnerability to exploit. Typically, proof-of-concept exploits are released on any number of security related mailing lists; they're often included with bug reports to companies as evidence that something is amiss. Crackers often take these proof of concept exploits and modify them into something more malevolent. Just as often, crackers find bugs before security researchers or companies do and write 0-day exploits, which take advantage of bugs found on the bleeding edge and tend to get passed around a little before word of the vulnerability gets out and patches are written. If David Aucsmith is to be believed, he's saying that software manufacturers (I'm not naming any names because it's not limited to just one company, it's a part of software development) are ahead of the game when it comes to security, and the underground is tailing behind. Nothing could be farther from the truth. His statement, "We have never had vulnerabilities exploited before the patch was known is an out and out lie. There have been vulnerabilities in Windows and IIS going around for weeks before any mention hit the research community and the bug report addresses at Microsoft. What was the L0pht's tagline before they were subsumed by @stake? "Making the impossible practical"? This article is pure spin, and nothing more.
Lately, I've been reminded of a conversation that I had with Alexius a few weeks ago. We were discussing the nature of time; in particular I was lamenting the lack of it anymore. He said something that stuck with me:
The reason [years seem shorter] is because you're getting older. When you were ten years old, a year was fully one tenth of the life you've lived thus far. You'd look back and it was a huge expanse of your life. Now, a year is barely one twenty-fifth of your life; it's not such a large part of your history anymore.
I'm still amazed when I think about that.
I also feel old.. much older than I really should, I suppose. My body just turned twenty-six years of age - a hair over a quarter-century. When you look at the short term, that's a long time. A small town can grow into a city in that time. A car can be manufactured, drive one or two hundred thousand miles, and be traded in for a new car two or three times in that time. A child can grow up and move away in that time to start their own life. That's an entire generation. When you take the long view of things, though, the spacing of events seems much closer together. Hardback books used to be more common, and much less expensive. Paperbacks were much cheaper back then. I know what you are all waiting for me to say, so I'll get it out of the way now - home computers used to be almost all 8-bits with almost no mass storage (floppies don't count as mass storage, just cold storage - I'm talking hard drives) and about as much memory as a wristwatch does now.
Now it seems like things are changing faster than we can keep track of them, and I don't just mean due to Moore's Law. In four years we can fight an entire war and end it. A news story can infuriate millions... for about a week. Protests last a day and then are forgotten. Newspaper headlines are mentioned once, if we're lucky. Getting a bachelors' and a masters' degree at the same time is much more common than it once was. Kids in my state get their driver's licenses at the age of 16 and have usually been driving for a year or two before that (legally or not). Many paperback books are in print for less than a year before vanishing utterly - some titles don't even see the light of day unless it's at a surplus store or flea market because they never hit the shelves. I look back at the newspaper articles that I've collected in high school and wonder why no one else remembers these people or those events.
The future will happen, as it always has. But it doesn't have to shove the present out of the way to get here.
It wasn't long ago that I could come home, make dinner, read the mail and a magazine or two, play a game, do some cleaning, read my e-mail, and talk to friends, all in the span of one evening. Now I can barely read my mail and get some exercise if I'm lucky.
I'm still not sure what I'm going to do about that. I don't even have the time to think about what to do about it.
As the character of Galen on Crusades once said, "There's always hope. It's the one thing that no one's figured out how to kill yet." That can be said about a lot of things, including the $250kus bounties placed on the the authors of viruses, in particular SoBig, Baster, and MyDoom. Microsoft created a $5mus fund in November of 2003 to pay rewards for information leading to the arrests of these worms; so far nothing's worked, and the culprits are still at large. Clues have been found and trails followed, but all of them have either been dead ends or had long gone cold. Only time will tell.
Something that puzzled Albert Einstein during his life was where so much of the mass of the universe was. In his calculations, he determined that to keep from contracting once more into a single point the universe had to have much more mass than could be seen, but he didn't know where it was. There is now some very strong evidence that suggests that it might not be mass preventing the recollapse but energy, dubbed 'dark energy', meaning that it cannot be seen with the naked eye (or eyes technologically enhanced in some way, such as with telescopes). This dark energy, if it exists, counteracts the net gravitational field of the universe (Einstein's 'cosmological constant') and prevents the Big Crunch from occurring, at least not anytime soon. Very little is known for sure about dark energy, let alone whether or not it really does exist outside of mathematical models of cosmological activity. The going theories are that dark energy is coming from everywhere at once without a point of origin, or that dark energy is associated with an omnipresent, constantly oscillating energy field referred to in the article as 'quintessence' for lack of a better term (amazing, how things tend to come full circle, isn't it?) (I would think that this 'fifth essence' would be a counterpart of the four fundamental forces of physics, the strong and weak nuclear forces, electromagnetic force, and gravity). Until harder data comes in, the jury's still out.
I got a pleasant surprise today - I ran into Vlad, who works for Dell field service. He was in the office this afternoon fixing some desktop machines.
Well, it's been conclusively decided: One's feces would not be large enough to appear on an aerial photograph of a parcel of land at 1/24,000 scale. I need to get out of here.
I don't think I've ever bitten my tongue so much in one night. As my family is wont to do over dinner, we were discussing politics and current events of the day (and you wonder why I'm a news junkie...) and the discussion, of course, turned to George Bush's announcement that he will try to amend the Constitution to make it impossible for gays and lesbians to marry. Infuriatingly, John Kerry is a proponent of 'separate but equal', meaning he's all for civil unions but not actual marriage. He's also against the constitutional amendment but I think that's a reactionary position to pit himself against Bush in the upcoming election.
I'm sorry that I keep talking about this, but this hits too close to home for me. So close that I actually feel physically ill when I consider it.
My grandfather is a staunch supporter of the 'old school', if you will. He is very against the concept of homosexuality and the idea that two people of the same sex would even want to get married is abhorrent. "They're getting bold.. they're getting greedy.. they had all the rights we have when they were in secret, now they're trying to change everything."
Dataline is very much a 'live and let live' kind of woman. As long as you're not hurting someone (which I would extend to 'non-consensually'), so be it. She hasn't said that she is in favour of homosexual marriage, she hasn't said that she's against it. I think it's because she just doesn't want to deal with the possibility that a fundamental facet of society could change so radically, and in a way I can understand that. Change of that magnitude is scary, and when you've had a lifetime to get settled in and figure out how the world works a change like that makes you sit down and reevaluate life as you know it, which is a slow process that can take years to settle.
"They." "They." "They."
It took every ounce of strength I had to not correct them: "We."
It actually makes me angry to hear them talk like that. Lesbians, homosexuals, and bisexuals aren't another species (well, most of us, but that's a different story), nor are we something that everyone's heard about but no one has ever seen, like Bigfoot, a humble ant, or a time where Richard C. Hoagland is talking about something empirically verifiable. We are people, just like you. We laugh. We cry. We bleed. We hurt. We love. We work alongside you. We go to church (or our equivelent). We read the same magazines, newspapers, and books as you. We watch television. We listen to music. We dance. We complain about the weather. We walk alongside you down the street and drive next to you on the road on our way to work, school, and the store. We ride the same buses, trains, planes, and boats as everyone else.
We're not to be feared or hunted or made fun of, and we sure as hell don't want you making our choices for us. Some of us want to marry for all the same reasons as a heterosexual couple, because we're in love. We don't want a civil union which legally gives us the rights to share the benefits of one's partner but none of the respect or recognition that only straight people get. We don't want to see the Constitution of the United States changed to redefine the concept of marriage to mean only a heterosexual couple. We just want to live our lives, just as you do, only without having to look over our shoulders and without living in a world where 'separate but equal' means 'equal'. If we're not given the same respect and rights as you, we're not your equals. We're second or third class citizens; i.e., we are not equal. That's all we want - to be equals under the law and in society.
As you've no doubt read, last night was a haze of panic, phone calls, and wondering whose security was breached. Once that clusterbombing was cleaned up I spent part of the night trying to cancel my subscription to PC World magazine because of all of the stuff that comes in the mail, it's only marginally more useful than the credit card applications that pile up at the end of the week (which I shred, incidentally, and use to stuff my beanbag chairs in the Lab). The first thing I noticed was that when I called the 'cancel my subscription' 1-866 number it was answered by a computer. A very sophisticated computer, no doubt, which was able to understand my body's speech patterns (even with a sizeable dose of adrenalin coursing through its bloodstream). The second thing I noticed is that it goes out of its way to keep you from actually cancelling your subscription. Understandable, really - they want to keep every last subscriber, and the more they have, the more money they make. Simple corporate logic there. The third thing I noticed, however, is that I wasn't actually able to cancel the subscription, I was only able to keep it from be renewed at the end of this year. Net result: I still get charged for this subscription cycle. Dammit.
If I wasn't at work right now I'd try to get in touch with a real human being or two and bend a couple of ears. $25us is two tanks of gas, less if the state of Pennsylvania decides to raise its gasoline tax.
In imitating the cycle that worked so well for me in college (read and highlight, take notes, make margin notes, re-read notes) I've decided to stop progressing in my CISSP book and go back to the beginning to take notes. I've got a blank notebook and I've started going through the review sections of each chapter, hunting down the facts they talk about, and making notes. In doing that this morning, I noticed that the ride was oddly smooth about a half hour out from the Lab, which is most unusual on Pennsylvania roads. This was because the bus had stopped - traffic was backed up and over the radio we could hear the dispatcher reading detour directions over the airwaves. There was a fire in Sharpsburg this morning, and traffic was snarled for miles around it (due to the positions of the highways). Eventually, we drove past what I think was an old warehouse billowing a thick cloud of black smoke into the chilly morning air. Down at the base of the building, from our vantage point on the highway deck (and abouve the street in a bus), we could see what looked like a thick mat of flames roiling like oil on water and backlighting the smoke with an eerie orange light. Through the occasional breaks in the smoke an occasional tongue of fire could be seen trying to claw its way toward the sky. There was little wind so mostly everything just rose straight up, up and kept going.. almost as an afterthought, there was a not-unpleasant scent of burning wood on the air, something not ordinarily associated with building fires.
Swift Fox probably got that call this morning, Sharpsburg is his stomping grounds. I hope he's okay.
I think I forgot to enclose a copy of my resume' with that job application last night. Dammit.
Strange, strange dreams last night. I wonder what stirred up those images?
There is an excellent article over at 2cpu.com talking about hyperthreading processor cores under Linux that every hardware junkie should take a look at. Hyperthreading is the name for Intel's new CPU architecture which basically puts two processors onto the same silicon chip, meaning dual-processor power (well, slightly less, but not much) without having to buy a mainboard that has multiple processor sockets on it. We use CPUs similiar to these at work (1.4GHz Intel Xeons with hyperthreading) and they're slick as teflon when it comes to crunching numbers. Redhat Linux and Fedora Core 1 both recognised them right out of the box and treat them as dual-CPU systems without even batting an eyelash. But back to the review.. it briefly goes over the latest generation of processor cores, code-named Prescott, talking about the increased amounts of level one (8KB -> 16KB) and level two (512KB ->1MB) (level one and two cache are used to temporarily store instructions and data on the CPU itself, so it doesn't have to waste time re-fetching them from RAM later; it speeds up processing immensely), on-board buffers to store data before it's moved onto the mainboard's bus, and two sets of registers, one per logical CPU (registers are the fastest memory in a computer, and are used to store data while it's being operated upon directly).
The reviewer goes so far as to state not only what software he used to test these CPUs but how he compiled it and even the configuration files used, in some cases (such as the kernel itself). I'll break down the numbers for you: In the kernel recompilation test, the Prescott CPUs with hyperthreading turned on and off were neck and neck, with the 'on' trial coming out ahead in a straight rebuild (i.e., no funky options were passed to the make utility). With the '-j 2' flag passed to GNU make, Prescott CPUs with hyperthreading active stomped those with the functionality turned off soundly. In the MP3 encoding competition using Blade Enc (which was written to take advantage of multiple processor cores), the two modes of the Prescott CPUs were again neck and neck. When it comes to hammering the Apache web server software until it falls over, hyperthreading again ate the lunch of the CPUs that had it turned off. However, in the MySQL shoot-out, the Prescott CPUs were beaten by the 'plain Jane' Xeon CPUs without hyperthreading functionality. In the Java VolcanoMark test runs, a standard 3.2GHz Pentium-4 CPU beat the pants off of the Xeon version and just edged out the Prescott CPUs. If you've got the cash to spare and you're building a system to handle some serious computing, like number crunching or 'nothing but source' en masse compilation, you might want to look at the Intel Prescott CPUs. If you're just building a home system you'll probably want to save your money for a more pedestrian CPU.
Everyone who runs a server of some sort, be it a webserver for friends, an IRC server to chat on, or some other type of publically accessible system wonders occasionally what would happen if one of their users went rogue and did something that would attract the attention of the authorities. Most people don't worry about it because they trust their friends pretty far. But what if it happened just the same...? The same worry applies to companies that make money hosting servers for people, only they've got lawyers to help them out, right? Sometimes it doesn't make a difference. On 21 February 2004 CIT Hosting was raided by the Federal Bureau of Investigation. What's more, because they couldn't comply with the FBI's demands that they turn over information about users of an IRC (Internet Relay Chat) network they hosted in their facility the FBI decided that instead of sitting in the NOC sifting through gigabytes upon gigabytes of data, they pulled a couple of trucks up to the building's loading dock and stripped every last computer out of the building to cart back to regional HQ for analysis. Every last computer. Of course, the FBI says they will return it all once they've picked them apart to see what they could find, but until they do that company's effectively dead in the water. There's no telling how long it'll take them to go through everything. It doesn't just happen to kids anymore...
Here's something that sci-fi fans will sit up and take notice of: Dr. Hunter Hoffman of the Harborview Medical Centre of Seattle, WA has been using virtual reality simulations to help treat burn patients. The VR programmes were used to occupy the minds of burn victims while nurses were changing the dressings on their wounds, traditionally an extremely painful procedure. The patients' minds are so deeply synchronised in VR that they really don't notice the pain; they are aware, of course, that something is happening but exactly what doesn't register, hence, less pain. The screenshots of the simulations are extremely detailed and the landscapes are very realistic, so I can see how easily the users of these simulations accept the programmes. Dr. Hoffman's theory is that physical pain has a strong psychological element, which is what makes it so difficult for many to handle. By replacing that psychological element with something much more benign, the body can more readily adapt to short periods of increased pain. He is also experimenting with using VR simulations to treat people suffering from PTDS, post-traumatic stress disorder. By exposing patients to highly detailed virtual replicas of the original situation which caused their brains to associate internal states with higher levels of stress hormones (basically, training the brain to function normally at higher levels of excitation, rather than relative states that most would equate with 'calmness'), the mind gradually adapts to the stimulus and thus the memories, and stops using them to cause the states of excitation.
Fascinating. It reminds me a lot of stories from feudal Japan, where samurai would play chess to distract themselves from the pain of battlefield surgery. With enough mental discipline, it is possible to control the signals of pain that one recieves from one's body to the point where it is no longer felt, or at least interpreted as bodily discomfort. Advanced states of hypnosis are occasionally used for this when patients are, for whatever reason, unable to undergo anesthesia. Deep meditative states can also be used for this. I'm inclined to think of this as another way of controlling the mind so that it can have better control over the flow of information from the body.
I realise how hideously late this is, but it's been said face to face, and I'd like to write it here. Happy birthday to Dataline, who turned.. older than I.. on 15 February 2004.
I would also like to wish my grandfather a happy birthday, who turned 85 today. Wszystkiego najlepszego z okazji urodzin - kocham cie, dzi-dzia.
|Asexual reproduction is love.|
Another day in the trenches, another middling paycheque to spend on bills, bills, and maybe a buck or two to put away for a rainy day (which are frequent around here, so even that doesn't last). More and more I'm starting to wonder if there will ever be a way to break through to something more, something that will give me a chance to get out of here. There's still hope, there is always hope. But it fades daily, and the routine has a way of crushing any aspirations one might have toward becoming more than someone's tool. The few breakthroughs tend to be dead ends or illusions, and I'm starting to get tired of trying to make things happen. No matter what I do, how hard I try, how much energy I pour into things, it doesn't make a difference.
Just when you thought things were a bit more sane in other countries, everything changed. The Parliament of the European Union has drafted a mandate of intellectual property laws in secret session, releasing the text only six days before the vote is to be taken (shades of the USA PATRIOT Act, anyone?) This is the first chance anyone's had a chance to look at it, and things are looking pretty grim. In the words of one presenter, "You just have to trust us."
Riiight... the scope of the laws has been broadened frmo counterfiting and piracy to encompass all intellectual property related disputes, including peer-to-peer file sharing and everyday interoperability problems (and solutions, presumably). Article 8, which allows for secret court authorisations of raids, sounds a lot like 'black ops', of the sort allowed for in the US. Article 10.1 allows for the freezing of any and all assets before a case has been brought to court not only paralyses companies and people in much the same way that a broken neck can, but without access to one's money makes it damned difficult to even retain a lawyer to defend oneself. Can we say 'sitting duck', boys and girls? Article 8.5 is one that I hope never catches the eye of anyone over here in that statements by anonymous witnesses can be admitted into evidence to denounce on-the-record witnesses. Otherwise known as, "A little birdie told me you're full of it." The FFII (Foundation for a Free Information Infrastructure - UK) thinks that this mandate opens the field for opportunistic legal threats to shut people up or down whenever one of the big boys in the sandbox doesn't like the new kid. If you're curious about what's happening on the other side of the pond, hit the links at the bottom of this article and gift them a read. It's interesting stuff, in a David Cronenberg sort of way.
The US Department of Defense is in the market for upgrades - they've just purchased a 2,132 CPU massively parallel computing cluster running Linux as part of a programme to upgrade their high performance computing facilities. The system they've just purchased contains 1,066 computers, each containing two Intel 3.5GHZ 64-bit processor cores connected to one another using a gigabit Ethernet network fabric.
In case you're curious, there are two basic ways of using computers to solve extremely large mathematical problems (such as calculations used in engineering and probability). You can either put the problem on a single computer, usually a big one, and let it chug away until it find the solution. Due to the nature of such problems, this tends to be a bad idea because they tie up a single system for extraordinarily long periods of time. However, also due to the nature of these problems, they can be readily decomposed - you can break them down into lots of smaller problems which are much simpler when compared to the big picture. Once you've done that, you can start farming out each smaller problem to other computers and let a pack of systems all working at once solve the different parts of the problem simultaneously. When they're all done, you put the small solutions together into the big solution you're looking for. That is how massively parallel computing works, by breaking down very complex problems into lots of simpler ones, putting individual computers to work on each sub-problem, and the assembling the end result. That's how their new cluster works.
Never ones to let go of something easily, bits and pieces of the now-defunct TIA (Total Information Awareness fnord) project, once lead by retired Admiral John Poindexter are alive, kicking, and under the jurisdiction of other government agencies now. The TIA programme was gunned by congress after projections showed an unacceptibly high false positive rate in their setup's constant search for public activity that might signify oncoming Terrorist Attack(tm). There is another ongoing project called Intelligence Community Advanced Research and Development Activity which has as some of its developers those attached to Poindexter's TIA-related projects. Odd. Word's gotten out that Congress, while killing TIA, has not terminated funding to projects that could still potentially be used to find terrorists, collectively referred to as the National Foreign Intelligence Programme; exactly which intelligence agency has control of it is classified. Another 18 data mining projects (once part of the TIA programme) are also still funded and operating. Like the Laernean hydra, if one head is cut off, two will sprout in its place; that's what this feels like.
It's about time.. Microsoft is releasing a CD-ROM of Windows updates, to facilitate getting systems patched up and secured. It's being aimed at end users whose links aren't fast enough to download all of the necessary patches in a timely manner for XP, ME, 2k, 98, and 98 Second Edition. However, they still advocate using Windows Update because the patches on the disk only date up to 15 October 2003. Users can order the CD at no cost and it should be recieved between two and four weeks afterward (well, at least they're faster than CERT); the update CD-ROM is available only in selected countries (basically, the biggest ones). A version that covers the rest of the world will be available after today (23 February 2004).
Brain back on line. Blood concentration of caffeine circulation system now minimal.
While paying some of my bills this evening, I got an unexpected and unwanted surprise in the form of an unauthorised charge on my credit card. Needless to say, I called the company to cancel the charge and when the cancellation goes through I'm going to cancel the card entirely and sit down with the credit agency to figure out what's been going on. I don't like surprises, especially ones like this. At least they were nice enough to listen to me, and had offices open late enough that I could get in touch with them after work.
For the rest of the night I've been applying for other jobs, in the hope that I'll find something more substantial, but only time will tell, really.
I've taken the pride banner down from my memory log page because of the bandwidth required to send so many copies. Sorry, everyone. It's still on the index page, though.
Today's been another bad one. Not because of anything that's happened but because of how I woke up. I had a reasonably good night last night, heading out to Swift and Silaria's for D&D night (and finishing up with a round of Chez Geek, sans instructions), checking in with everyone, and then crashing for the night. I woke up this morning feeling, once again, like getting out of bed was probably the worst thing that I could have done. I hate living at home, I hate being the only one doing stuff around here (though simply stonewalling them into getting off their asses has met with some success in recent days), and I hate having time to myself when it's deemed appropriate - this includes hunting for a better job, mind you.
Most of today's been spent doing laundry and trying to get my head screwed back on straight. Mostly I've just been reading, or trying to read. I wound up breaking to exercise this afternoon to clear my head and get my blood pumping for once (gods only know, it's about the only thing that even vaguely resembles physical activity anymore, and hiking across the city to get to and from work doesn't really count as such) and get raked over the coals because "I'm looking anorexic again, and I've never heard you out of breath from exercising before."
This coming from a woman who didn't get dressed until 1550 EST or so, napped on the couch off and on all day, and routinely eats a quarter-bag of potato chips as an evening snack.
So here I am, with a stack of bills and a cup of coffee wondering what, if anything, I should do next.
I finally got Leandra upgraded to v2.4.25 of the Linux kernel. v2.4.24 just didn't work out too well.. well, maybe it could have, if I'd had the time to hack around with it and see what was going on, but never did. Anyway, I'm going to stress-test it for a while and then if all works out install the GRsecurity patch and benchmark it. One of these years I'll get the time to digest all that data and write up a formal report of some kind. Maybe it'll happen.
Well, that settles that question...
Kept under wraps a lot of the time, but not necessarily dead...
I like boots so much, I even have a pair or two that go well with a business suit.
Well, this would make Charles Fort (RIP) sit up and take notice: For the second time hundreds of electronic locks in Las Vegas, NV have up and died, stranding many by locking them out of their vehicles. By the evening of Friday, 20 February 2004 locksmiths' shops all over Las Vegas were swamped with people calling for help because the electronic locks in their cars, trucks, and SUVs were completely dead. No one's sure why or how it happened, but there is no dearth of theories attempting to explain the phenomenon. Radio frequency interference, magnetic pulses, radiation of sundry kinds, static electricity, electrical activity, terrorist activities, Those Evil Hackers(tm), Big Brother's Black Ops(tm), Jake Day, solar radiation.. you name it, people are suggesting it. The solar observatory in Big Bear, CA, shot down the solar radiation theory by saying that solar activity was actually subdued yesterday, not more pronounced. The location of the now-defunct military base known as Area-51 is rather close to the Vegas core, but as far as anyone who can get anywhere near that place knows, it's been cleaned out, packed up, and abandoned (though there is the odd Camo Guy patrol still on duty out there).
Weirder than Tupperware ladies on acid, I tell you.
The excitement never ends. The price that must be paid for a single good, restful, relaxing weekend is too high. It's not worth it.
I hate my lives.
Surprisingly, it was rather pleasant Outside this morning, with a temperature in the high 30's (Farenheit) and clear skies. It's strange, not having to wear a parka to work. Of course, they're predicting snow for later tonight or early tomorrow, so you can't even count on the weather around here to cheer you up.
Okay, have to pull myself together. Something reasonably complex and technical...
Those of you waiting for direct neural interface technology, the direct connection of computing equipment to the human brain, will find this interesting: A team of researchers at the University of Calgary have made an interesting discovery. Nerve cells grown on silicon chips are capable of retaining information, which can then be passed on to the rest of the brain. Neurons attached to these chips were observed to grow much more dense dendritic networks (dendrites are the structures in neurons that actually store information by forming connections to other neurons) than normal. Even more interestingly, these neurons were found to have actually stored information inside themselves, probably through mRNA deposits and changes in internal chemistry (which are also methods used to store information by neurons, only internally instead of externally). These information stores were later read back from the neurons by the substrate chips... basic input/output functionality between a computer chip and organic nerve cells. Tiny electrical charges produced by minute capacitors on the chips induced the cultured neurons to communicate with nearby cells; equally minute transistors were used to read the information from the cells later.
Since the source code for Windows was leaked onto the Net a few days ago, hundreds if not thousands of people have been poring over it to see what lies hidden inside a CD's worth of material. some of the comments therein are interesting enough to warrant an article all their own, this one at Kuro5hin. The files released appear to be a cross-section of the entire codebase, covering the networking subsystem, the command shell, and even a few screensavers. Some of the comments are just vulgarities, coders blowing off steam for one reason or another. Others are complaints about the development environment used at Microsoft or particular hoops that the developers have to jump through to work around quirks on other hardware platforms (some of which aren't even supported anymore but are too deeply embedded to just tear out). I find it interesting that a few companies (but more third-party software packages) are referred to as 'idiots' or 'morons'. There are even clear warnings to code maintainers that some portions of the code are hacks, and ugly ones at that, and to tread lightly around them lest something critical get broken as a result. Contrary to rumour, the portions of the Windows 2000 code examined so far do not show any signs of purloined open source code, at least as far as anyone can tell.
Who would've thought the guys in my office would be fans of Thundercats? If they're not, they seem to like Snarf's voice a great deal...
As far as I've seen, no one's confirmed the allegations made in this article, so I'm posting a link to it here to see if anyone out there knows anything. A little over two weeks ago, Bank Leumi, one of the four biggest banks in Israel reported on Channel 10 that someone physically broke into their NOC (network operations centre) and compromised security; as the old adage has it, "if they have your keyboard your electronic security's worthless." A laptop was said to have been jacked into their network and two copies of a datafile containing information on the debts owed the banking firm was deleted; there was a backup copy of this datafile that they missed. Without this data, there's no way of knowing who owes money to the Bank Leumi, how much, when it's due, or what the interest rate is, thus crippling the bank's day-to-day operations. Bank Leumi also did not report the break-in, contrary to Israeli law (assuming that it happened). Bank Leumi hired an outside firm to see if there was indeed a break-in; none was found, but no formal report was ever filed (either way) with the Israeli office of Banking Supervision (I'm guessing at the terminology here, the properly capitalised stuff is what I'm certain of). Either way, this could make them look very bad in the public eye. What is it with Israeli offices being hit this year?
I'm not sure if I should feel as if I've been kicked in the groin or if there remains a tiny spark of hope in the vast space between my hearts.
After a fairly serious mix-up earlier this week, I took today off because I had a telephone interview with a company somewhere in Virginia for an administration position. I've been clinging to the possibility of finally getting out of here and moving on with my life with this job, even going so far as to ask for help moving down there and laying preliminary relocation plans. The interview lasted all of five minutes, and consisted of my being asked if I had a number of Microsoft related certifications to my name. I can barely pay my student loans and I'm already working on my CISSP, so needless to say the answer was 'no'. I'd been told by the recruiter that this was a Unix administration position, not a Windows admin position.
What a screw-up.
Needless to say, I'm already out of the running for this. The gentleman I spoke to told me that he'd pass my resume' on to another organisation that uses a considerable number of Unix machines as their back-end, but now I'm not so hopeful.
Pictures from the William Gibson book signing on 16 February 2004 are now on line. I tried to enhance some of the pictures to make them more readily viewable, though how good a job I did remains to be seen.
Today's been spent, for the most part, offline. I drove my grandfather to get a haircut (he doesn't get them all that often, and doesn't have much hair left), and then after taking him back home hit the grocery store to pick up a few things that we'd run out of around the house, like milk. Much of the afternoon was spent editing photographs (my concession to not disconnecting entirely), catching up on my reading, or breaking one hell of a sweat exercising. As much as I love Lyssa's tastes in particular and fine food in general, it's bad for me. I need to start watching how much of it I partake of. I can't lose sight of what I've done, and I'm bloody sure that I'm not willing to let all those years of work go to waste. I could carefully say that perhaps this is a sign that I need to make some changes in life soon before too much time in a static situation starts driving me nuts again.
I did some more reading tonight and then played around with The Gimp for a while, as evidenced by the pride banner at the top of this page.
For a while now, I've been trying to figure out my reasons for making that banner. It might sound trivial to everyone out there, but sometimes I do things and don't know why. Part of it is that I'd like to make known that I stand by other folks out there, gay, bisexual, polyamorous, what have you. After quite afew years, I'm finally becoming comfortable with who I am, and now it's becoming safer to poke my head up out of the foxhole, so to speak. Or at least it feels safer; I don't get the sense that I have to be watching my back all the time. There are folks on my side and I'm on theirs. There's also the matter of finally coming out and admitting that I am bisexual, instead of being quiet about things and sneaking around the fringes of various groups, which I am wont to do out of insociability as well as a general sense of nervousness. This is probably the biggest reason - for once coming right out and saying something. No allusions, no letting people figure it out on their own this time.
One of my screenshots was referenced in an Ask Slashdot column a few days ago. It feels weird, people finding one of my older desktops interesting. No flames have appeared yet, either, which I find truely odd given that it's Slashdot.
Another day in the trenches, this time to play catch-up, fix the stuff that broke while I was gone, and touch base with everyone to see what happened to whom and when. It's going to take me a little time to get back into the swing of things, as evidenced by almost getting on the bus this morning without my ID card for work, without which I cannot even enter the building. Thankfully, there's a second bus stop a few streets away, so I was able to run back to the Lab, get my ID card, and still make it to the bus and thus to work.
I'm still wondering why everyone in the city, it feels like, are driving like madmen today. Buses are cutting each other off. Cars are honking at each other almost ceaselessly (even going so far as to produce a nifty Doppler effected noise while passing through a tunnel) for no reason that I can tell. Hell, shortly after arriving downtown we were treated to the sight of sights: A team of paramedics scraping up a jaywalker on the main drag and loading him onto a backboard. Even without the Sight I felt a chill pass down my spine as I turned and watched the paramedics work calmly and efficiently. They didn't show any hurry, but then again they never do. They're taught to work fast and work well, and most of all make it look like there isn't any hurry to keep all concerned calm. There was no sign of the car that'd hit him, no vehicles pulled over other than a police car or two and three ambulances (which seemed overkill to me, but then again you never know what is procedure and what is paranoia).
I could have done without that today.
I hope that guy will be okay.
Some days I hate missing work.
I still don't know why the trip back home is longer than the trip down. When driving down to Maryland to see Lyssa this weekend, it took me slightly over four hours and three-quarters of a tank of petrol to go the entire way without any stops. The trip back was almost six hours (though, to be fair, that counted a thirty minute break for coffee, petrol, and Transmetropolitan). Still, four hours down and five back up? Thinking about it, it could have been a number of things: Workaday commuter traffic, the fact that it was dark and we were travelling through the mountains south of Pennsylvania amidst road construction in places, caution of the other drivers, the colder air impeding engine performance somewhat.. it could be a lot of things, some combination of factors, and probably a few that I haven't thought of yet.
Anyway, by 2200 EST I was back at the Lab, the car was unloaded, and I was merrily scarfing the remains of Lyssa's sweet chicken curry for dinner, with the last slice of birthday cake for dessert. Long road trips tend to make me hyper, especially if I've been on the road for a while: My mind tends to run as fast as the car did, and it takes a while to slow back down. I'll write about meeting William Gibson when I get home tonight, because that'll take a good deal longer than I normally have while multitasking at work. After a quick hunt through the baggage for things I'd need today (like toiletries and the charger for my cellphone) and a shower, I tossed and turned in bed for a good hour or so until my brain finally put itself into warm shutdown mode for a few hours. Waking up this morning was remarkably easy, probably because I'd caught up on my rest while in Maryland.
In a slightly frightening display of the maxim that enough eyes will find many the bugs (time finding the rest), the first vulnerability found as a result of analysing the leaked source code to Windows was found and announced over the weekend. The vulnerability in question affects IE5 and Outlook Express and is found in the subsystem that handles the processing of bitmap files. In particular, an offset into a referenced bitmap can be used to push executable code onto the process' stack, which results in remote code execution. Lovely. IE6, thankfully, isn't vulnerable. A proof of concept exploit was posted to the mailing list full-disclosure, almost as if to hammer the point home.
In an unexpected twist, the famous virus programmer Gigabyte was arrested last Monday in her hometown of Mechelen, Belgium. Gigabyte is known for her virus development prowess and sense of humour, and the fact that she is a female in the almost entirely male virus development scene. She was out on bail less than 24 hours after being arrested, questioned, and brought up on charges of computer data sabotage, a crime which carries penalties of six months to three years in prison and a 100k Euro fine.
The FBI's been called in to figure out how the source to Windows got out. Microsoft internal security has stated that the leak of the source code was not due to a security breach on the part of Microsoft, but perhaps due to one of the organisations included in their SSI, Shared Source Initiative. The SSI allows member organisations to gain access to certain portions of the source code to Windows for various reasons, usually to assist their programmers in writing applications more effectively. It could very well be that a developer somewhere released the code for some reason. Microsoft's press release states that "there is no known impact on customers"; that's not true, if you'll scroll back a few lines and check out the first security vulnerability discovered as a result of auditing the leaked code.
If you're still curious (read: not burned out) by SCO's Linux kernel lawsuits you might want to check out this article at Computerworld that's short, sweet, and to the point. There's no legal or technical language in it, it's written for everyuser. SCO says that because they own the rights to the original SYSV source code, they also own the rights to every extension ever written for that code. Because Linux has some of the SYSV code that was released to the public in it, they say that they own it also. They also say that because IBM wrote a brand-new file system for AIX (IBM's version of Unix), SCO owns the rights to that, too. If you look at the documents from AT&T that Novell dug up, however, it says in clear text "to assure licensees that AT&T will claim no ownership in the software that they developed -- only the portion of the software developed by AT&T." i.e., if you licensed SYSV code somehow and wrote extensions to it, AT&T doesn't own the extensions, you do. Because SCO has the rights to the SYSV code under those licensing provisions, they do not own the extensions to that code anyone's written, either.
I think I'm in a position to write now. I've spent the evening, in order, dozing on the bus home because my mind is dead-tired, eating dinner, taking the garbage out to the kerb, picking up Dataline from the garage (where she's just dropped off her car for its yearly inspection), and watching the director's cut of the last few episodes of Shin Seki Evangerion, which I highly recommend watching, but I'm afraid it's not worth the $29us price tag. Rent it or pass the hat with some friends and buy it, but don't drop the cash all on your own.
But as I was originally going to write about Monday evening, I shall begin. To wit, it is not an easy thing, meeting the man (or woman) who made you what you are. It's downright scary, in fact, and can crash your brain but good if you're not careful.
I feel that I should explain myself on that point.
William Gibson is, without a doubt, one of my heroes. I've been a fan of his work for going on sixteen years now. I first read Neuromancer at the age of ten, or somewhere therabouts. To be precise, I read the paperback edition edited by Terry Carr after finding it in the local library. I pretty much grew up a computer geek, having been given a Commodore-64 at the tender age of six, after They (meaning, the local school district) discovered that I had natural talents for mathematics (a proclamation which they later came to regret), logical reasoning, and strangely enough computer programming as a discipline. Gibson's vision of cyberspace captivated me - an entire universe made up of computers and the sum of the knowledge, experience, and wisdom of the human race, liberally spiced with the secrets that might be needed one day struck me as a simply amazing concept. I promised myself that one day I would see cyberspace, or at least come as close as I possibly could to doing so.
To make a long story short, it's left me with a fascination for computers and virtual reality that has stayed with me to this day. But I once again stray from the topic at hand.
On Monday afternoon Lyssa and I bundled up in our cold weather finery (she in her social engineering t-shirt, I in my Cray Research t-shirt, both of us in our trenchcoats) and we set out toward the state of Virginia to find a Borders franchise; in particular the one which William Gibson would be signing books and talking about his latest work, Pattern Recognition. We also came bearing equipment (namely, my pocket computer, shortwave scanner, and digital camera) and things to get autographed. The first thing we did when we arrived was jump into line to get numbered tickets for the book signing - numbers 75 and 76. While Lyssa stood in line I roamed around finding copies of books to get signed for people who, regrettably, could not be there, as well as a few people who are in for a surprise.... The store's selection of books by Gibson was picked clean by the time I checked out; only a few trade paperback copies of Pattern Recognition were left on the shelves by the time I got back into line. I spotted some folks who were definitely kindred spirits in the building, if the Defcon jackets were any indication.
That proved to be the first of several trips to the checkout counter that night.
We spoke hurriedly to the.Silicon.Dragon and after straightening out exactly what was meant by "getting tickets" he set out to join us, arriving about halfway through Mr. Gibson's presentation. As we recieved our line tickets (to organise the book signing) we had to present the things that were being autographed to be checked in and tagged as "yours, not ours". The Neuromancer game box drew a few raised eyebrows from curious onlookers, but now I'm getting ahead of myself.
The first thing I noticed is that Mr. Gibson is tall, at least 6'5" if he's an inch. The second thing I noticed is that he's aged extremely well, and his voice hasn't changed overmuch from the interviews and recordings of Neuromancer that I've heard in the past. He spoke briefly about the background of Pattern Recognition and read a short passage from one of the early chapters of the novel. Following that he expounded a bit more on the setting of the novel, and capping it off was a Q&A period from people in the audience, which by the time he began the presentation was standing room only. The most prevelent questions asked were about the writing process and why he decided to bring P- R- into the now-just-past. One person asked him which of his novels were his favourite. He replied that he doesn't often go back and read his own novels, though Idoru is his favourite. I had a few questions to ask him, such as "What kind of research did you do when you were preparing to write P- R-?" and "How does it feel that you, to some extent, predicted the flow of events fifteen or twenty years down the line in your novels?" but unfortunately I wasn't called upon.
After that, the three of us loitered around to kill time because people were called up in blocks of twenty-five for the book signing part of the night. It was at this point that I found my copy of the Evangelion Director's Cut DVD and the soundtrack to Transformers: The Movie, and also spent time discussing the .//HackSIGN drinking game (which I think that Silicon really should write up). The folks at the checkout counter were becoming more and more amused by our repeated trips to buy things. When it was our turn in line, Silicon stood with us and talked, mostly to keep me calm, I think. We had a very good discussion about musicians' rights and indie record labels, and joked a great deal about my nervousness. Lyssa was cool as the proverbial cucumber and took everything in stride.
I stood dumbly, almost mute as it was my turn. Mr. Gibson autographed the hardbound copy of Neuromancer that Lyssa had given me for my birthday, as well as my hardback edition of P- R- and Idoru for a friend. He was slightly taken aback when I asked that he autograph them to the Name I Call Myself (The Doctor), though when it came time to sign the game box he wrote in feltpen "The Doctor is in! --Wm. Gibson" on the cover.
My hearts skipped beats at this.
I recall asking him if he planned on writing any more short stories in the future, and was rather surprised to hear that writing short stories requires a mindset different from that of writing novels. He didn't have any plans to write short stories anytime soon.
At this, I said goodbye, packed my things, and walked back to my seat.
When Silicon's time came, Lyssa and I positioned ourselves nearby with my camera at the ready. We got a few good pictures of Silicon meeting Gibson, and when everyone else had gone he was nice enough to take a group picture with us. I've got the images on Leandra right now and I am in the process of editing them to put them on line. Before we'd left Lyssa asked him if he was interested in joining us for dinner at a nearby restaurant, because authors on tour don't often get to do much besides return to their hotel and crash. Gibson thanked us but declined, saying that he had to be in Philadelphia, PA early the next morning. Flattered yet respectful, we said good-bye and walked downstairs to the front of the store to leave.
It was at this time that the realisation hit me: I'd just met William Gibson, the man whose works shaped my life. Speech became impossible; my hearts began to pound. Ye gods, this was like meeting one's maker.
I managed to recover and calm down. He's a man. A gifted man, a talented man, but a man. A hero, but not a god.
Plans were laid - dinner nearby, Lyssa and I following Silicon to the restaurant. No sooner had we set off toward our respective cars, than a tall, familiar looking figure got into a sedan at the front of the store... yep, William Gibson, on his way back to the hotel. We waved good-bye and headed out for a bite to eat, whereupon we met up with Elwing and talked into the wee hours of the night about the day we'd just had.
Back in Pittsburgh. Unpacking and getting ready for work tomorrow. Will write when I have a chance.
It is done. It's happened. I'll write and post the pictures when I'm on a link that's not slow as Oracle on an 80386 box.
Well, I'm in DC. I got in safely.
I got up early this morning to share breakfast with Dataline. Last night we celebrated our birthday early because I was going to be visiting Lyssa this weekend. I baked her a cake using organic cake mix (which I was skeptical about, I must admit), a two layer deal using two pans; she frosted it with whipped frosting and topped it with coconut (her favourite). I'd picked up a few pouches of decorative frosting to ice the cake, but I should have read the instructions: They required cake decorating tips to do anything useful with them. After tying a plastic bag over the nozzle with a rubber band and cutting the corner off, I had a perfectly servicable icing bag, which I used to write our names on the frosting. A search of the house unfortunately did not reveal any birthday cake candles, so she plucked one of the tapers from the candleabra on the counter and drilled it into the centre of the cake. What fun is a birthday if you can't improvise a little?
I gave her a nightgown, a flannel bathrobe, and a porcelin doll as gifts for her birthday; she got me an Amazon gift certificate. She fell in love with the doll immediately; she collects dolls. We spent the night eating cake and talking with my grandfather, reminiscing about the year past and everything that's been going on. We don't do that as often as we should, we just don't. I think I'm going to make time to do that more.
This morning she was going to visit some of her friends around town and have her hair done. After breakfast I'd packed some things for the trip down, cleaned the car out, and geared up to hit the highway. After a quick stop off for petrol and pocket money, I took the maze of back roads that is my neighborhood to the highway and set off for Washington, DC. Lyssa called around 1300 EST to check in and make sure that all was well. We spoke for a time and then parted ways so she could get a few things done and I could make headway across the countryside. After a few CDs in the radio I gave Pace a ring on her cellphone to see what was up in her sector of the Net. I caught her on a layover in Memphis, TN with two friends who were on their way to San Francisco, CA to get married.
Good luck; all my best!
While we didn't have a chance to speak for very long, we did touch base briefly. Pace has something big, very big on the horizon, and I wish her well with that.
Somehow, I made it to DC in record time, a little under four and one quarter hours, to be precise. I didn't stop for rest breaks for some reason. Once I hit my stride I just didn't want to stop. I love singing too much on long trips, and I did quite a few CDs on the way down. I'm getting pretty good at Iris tunes. Perhaps I'll start without music when I get a chance, I have to start building confidence in my own voice. Anyway, one quarter of a tank of gas (and one hell of a delay after getting stuck in traffic) and I pulled into Lyssa's driveway. My cookies went over big; I'm going to have to bring another batch down I have a feeling (because we tore into them shortly after I got in). I got her book six of Transmetropolitan as a Valentine's Day gift, as well as a copy of Immortals and a kit of face paints. When we went shopping for dinner tonight, I picked her up a bouquet of roses at the store. She'd gotten for me a set of Prydonian Academy ROTC dog tags, a nifty blinkylight keychain that throws off quite a bit of light when it's turned on, and three books: A Six Doctors retrospective, the Doctor Who Technical Manual, and gift of gifts.. a leather bound hardback copy of Gibson's Neuromancer, which I plan on having autographed on Monday afternoon.
Dinner's ready. More later.
Last night I headed out for a bit to do some research, namely, finding a few books for a colleague of Dataline's who's interested in getting into Linux. He's fairly technical (I think he's one of their IT ninja) so a type-by-numbers book wasn't right for him. The Redhat Linux 9 Bible and Redhat Linux Fedora All-in-One Desk Reference For Dummies (which actually assumes quite a bit of computer literacy and ability to think logically) were at the top of the list. I'm also going to suggest to him that he read at the very least the Linux FAQ (which, if I read the revision history correctly, needs updated soon). While I can't be sure, he seems genuinely curious and would like to do some experimenting; he's got the right idea, gathering as much information as he can before deciding what to do and how to go about it. I hope he's serious about it.
I'm pointing him in the direction of Redhat in general and Fedora in particular because they're generally the most user-friendly of all distributions, with excellent documentation (both dead tree edition and softcopy), excellent user support, and excellent GUI configuration tools. In recent years of working with computer users (read: desktop support) and having to support Redhat Linux for both users and as a backend, I've learned a few things (many of them while trying to figure out Redhat myself). First, it's really not as bad as it seems at first. Yes, it's simple. Once you start actually poking around, though, it's actually quite complex on the backend. If you're used to other distros or new to Linux in general, it's quite daunting. I like a challenge; end users, on the other hand, might not. They have things to do that don't include picking apart config files and staring at directory listings, like writing reports and sending e-mail. The GUI tools are good for setting things up if you're not familiar with The Redhat Way, or if you're just starting out in general. One of the things I did when I was getting started with Redhat was to make a backup copy of /etc (at first, individual configurations' subdirectories later), use a text tool (like redhat-config-network-tui) to change something, and then use the diff utility to find the differences between the backup and the new version. It's long and messy but if you want to see what something changes it's the way to go.
It's also the one that people tend to go to when they need tech support from the company and not a bunch of newsgroup postings. When last I was on IRC, it was pretty much a waste of time when it came to trying to get help. If you're not computer savvy, using search engines to try to find a solution to a problem when you might not even know the right words to search on is only going to be frustrating. Many ISPs don't even have Usenet feeds anymore, so searching the Linux related newsgroups probably isn't going to happen (unless you use a service like Google Groups, and even then its user interface leaves a lot to be desired). In a lot of cases, having a real book with a real index sitting next to you is the best thing. Also, you can make notes in the book, highlight important things.. academic stuff.
I'm hoping to push him toward Fedora because technically Redhat 9 will be discontinued soon due to Redhat's trying to stay in the black. Fedora's already in excellent shape (at least, Fedora Core 1 is; I can't even get to the release announcement for Fedora Core 2 because it made the front page of Slashdot last night) and it's sufficiently like Redhat 9 so that the same books and files will still be mostly accurate. Some things have changed, to be sure, but the vast majority of it has to do with the user interface end of things. If you start digging into the OS itself it's actually very much like Redhat AS and Redhat 9; only the software revision numbers have changed, not so much the file system layout or the config files. If you know one, you basically know the other at this point in time. Besides, it'd be nice to have him in a position to learn utilities like yum and apt for managing packages on his machine. It's easier, let's face it. I ran Slackware for years, but at this point in time I'm sick of compiling everything to upgrade; besides, my wrists can't take it anymore. apt-get install big-hogging-desktop-environment is faster and easier if you're on a Debian box or using apt for Fedora. Once he gets some experience under his belt he'll probably start compiling his own stuff (like I did), but after some period of time, which appears to be different for everyone, you eventually get tired of compiling everything and want it to Just Work(tm). Enter network package repositories and automatic installers.
Anyway, he knows how to reach me; I'll help out however I can.
Remember the blackout in the summer of 2003 that took out a fairly large chunk of the northeastern United States and part of Canada? As it turns out, a previously unknown bug contributed to the problem. Software engineers have been going over the code for months and they've finally found it buried inside of several million other statements. The alarms intended to alert the operators of exceptional situations didn't work, so they didn't know that something was wrong. When the primary controlling computer died, the secondary kicked in as it was supposed to but because events pile up in a queue to be serviced, the queue was so large that it killed the backup too. Because the queues were filled, the entries closest to the front were actually the oldest, so they were working with data old enough to be useless, and thought that everything was all right. Amazing how when enough little things pile up, all hell can break loose, isn't it?
From the information wants to be front, it's been announced that the source code to Windows NT v4.0 and 2000 has been stolen from Microsoft's codebase servers and is being freely circulated on the Net. Microsoft is afraid that knowledgable crackers will get hold of it and analyse it to find heretofore unknown security vulnerabilities that can be freely exploited for months, if not years. Microsoft discovered the theft last Thursday. Whether or not this is an actual threat is a different matter, however: If they're older copies of the codebase there's an excellent chance that some of the vulnerabilities that could be found have already been patched or are no longer relevant due to fixes elsewhere in the codebase (code gets tangled pretty badly as programmes evolve, and sometimes a fix in one place can fix bugs in other places; the reverse is, of course, also true). The thing is, this isn't the first time this has happened. Back in 2000, an early version of the source code to project Whistler, which I think was the code name for Windows XP, got loose on the Net as well.
There's a new variant of the Welchi worm going around that hits systems infected with MyDoom.A/Novarg.A and tries to install patches on them from the Microsoft website. It also attempts to delete the worm if it finds a running copy. This isn't new - in the mid 90's a virus called Chinese Fish which attempted to kill the Stoned virus, and a [cr,h]acker named Max Vision did the same thing back in 1998 when he released a worm into several military networks that patched a serious vulnerability in BIND, which is one of the most prevelent DNS server systems on the Net. Vision was thrown in jail for that stunt, even though he meant well by trying to minimise a serious problem that was resulting in the compromise of hundreds of unpatched systems.
If it's one thing that I love about Comcast digital cable (besides Cartoon Network and Sci-Fi), it's On Demand TV. I love the idea of being able to catch some of ADV's newer stuff as part of basic cable. One word: Chobits. They're showing it on their Anime Network feed right now; so far it's only the first two episodes. It's not half bad, I have to admit; the first time I tried watching it I really couldn't get into it. I'm waiting for Bubblegum Crisis 2040 to wrap around to the beginning so I can see if the rest of it's like the first few episodes (which, I'm sorry to say, didn't impress me much).
This morning I was talking to Dataline on the bus about wanting to spend time with her on her birthday before I hit the highway to drive down to DC. She said without realising it, "We're both big girls; we can take of ouselves."
I'm so proud of her. She's finally starting to understand.
While a lot of people find Marcel Gagne annoying in the Linux world, mostly due to his writing articles with a French accent, he writes some excellent articles. They're not too technical for folks who are just starting out, but they're not too simplistic for people who have some Linux experience under their belts. He's got an article in the March 2004 edition of Linux Journal about trying out multiple desktop environments easily, and some of them at the same time, in fact, that's worth reading once or twice. I have to admit, once I started running Enlightenment way back when (1997? 1998?), which dates me, I've barely looked back. On my lighter weight systems, like Kabuki I run a window manager that requires much less in the way of system resources (Blackbox). Anyway, what I was trying to say was that once you find something that works for you, you tend to not change from it because then you have to spend a lot of time getting used to everything, moving things around.. trying to get comfortable again. It'd be nice if you could experiment without having to lose all your settings; you can. Marcel talks about running multiple X servers on the same machine, dividing them beween virtual consoles. He also goes into how to start various window managers and assign them to different X servers at runtime, which is handy to knowhow to do. He also discusses the Xnest X server, which lets you start other X servers inside windows belonging to an already existing login session.. I've wondered about how to use it for a while now, and now that he's mentioned it, I think I'm going to play around with it a little tonight.. I highly suggest checking out the window manager page at plig.org in case you've never seen what a Linux desktop could look like.
In one of the most plausible theories I've heard so far, the Doomjuice worm going around (which plants copies of the source code for W32.MyDoom.A on the hard drives of infected systems) may be doing so to provide an alibi for the real creator. Doomjuice crawls around infecting computers that have already been hit by W32.MyDoom.[AB] (a.k.a., W32.Novarg.[AB]) by sneaking in through the backdoor software its predecessors left behind. While many might find and remove the worm, they might not find the backdoor it also installs. If the creator gets caught it would then be possible to file a plea of "not guilty because the source code was planted by another worm - look at all those other people who have it, also." Given the fact that software companies are starting to place bounties on the figurative heads of virus writers, this actually makes sense - $250kus is a lot of money for one coder, after all. This might be due to the fact that the author of Novarg.A and .B may have signed his code with the name "Andy", and a message reading "Sorry, I'm just doing my job", in which case it would be time for some serious CYA. Or maybe a nice, long vacation someplace where you can't get DSL.
My head hurts.
I realised late last night that I'd forgotten to do something rather important after I got home: Hang up the telephone reciever after checking my messages. Oops.
Today's been more or less like that from the get-go. In hindsight, I wish that I'd not gotten off the bus when I got to town and just rode around all day, it would be better for the world as a whole if I'd done so. But, it's too late to fix things, so I may as well just keep my head down and my mouth shut, lest I dig the hole that much deeper. At least the test run this morning didn't blow up in our faces; thank the gods for small favours. On the whole, however, I think that I'd like to not get out of bed for the next few days.
The review of Windows XP SP2 is out, and so far this looks like one of the most stable yet. The security updates in SP2 are the most important yet, and amazingly enough don't break too much. The firewalling functionality of Windows XP will be turned on by default and the configuration utility will be prominently displayed. Also, the packet filtering functionality will be active while the system is booting, which closes the window of opportunity for infection or compromise. Packets both entering and leaving can be filtered with this version of the firewalling system. At long last, after almost ten years, popup blocking has been included in Internet Explorer. It's about time, guys. As if that weren't enough, the folks in Redmond tightened the security of IE itself, thus making it more difficult to install unwanted extensions (read: spyware). This might break some existing, nonmalicious plugins but because it's IE, there will be updates to them released soon enough. E-mail attachment protection is said to have gotten much more strict, protecting more systems from malicious code (like the exploit-of-the-week worms). We'll see how well this works in the long run; I remain hopeful. Windows Update has changed slightly, so that the most important updates will be installed en masse automatically, leaving the rest of the patches to be downloaded when the user has a chance. The memory manager's been reworked to make it more difficult to overflow applications' buffers in a tip of the pin to nonexecutable stack protection systems. Way to go, folks.
Marq over at SecurityforumX posted a massive rant about how much the US CERT is acting like the original insofar as getting information out in a timely manner. This is something that a lot of us were afraid of seeing happen - the organisation either not acting fast enough to do something about a rapidly evolving situation (which is a polite euphamism for "Holy <invective>, that <obscene gerund> is spreading faster than we thought it would!"), or giving paying customers first crack (and hence, first chance to install patches) and leaving everyone else vulnerable for a measurable period of time. The other problem lies in writing advisories that are woefully incomplete (for example, the latest vulnerabilities in Windows that are so catastrophic IT ninja the world over are leaving dustclouds behind them as they run from server to server didn't mention exactly which versions/strains of Windows were vulnerable). What does get my goat is that MS knew about the vulnerability 200 days ago, and it's taken them this long to fix it. That could mean that either they didn't believe the report ("Making the theoretical practical," as the L0pht (RIP) wrote), or it's taken this long for someone to get around to it, or (more likely), it's taken this long for them to figure out how to fix them without breaking the entire system.
At least it's fixed now.. you've got to give them credit for that.
Speaking of that vulnerability, it's in the ASN.1 libraries, which are so close to the core of the operating system, theoretically anything that touches them can be exploited, allowing an attacker to run with administrative privileges ("system god"). For example, if Solitaire was linked against the ASN.1 libraries, it could be used to crack a system. However, I think that a lot of people are panicking a little too much over this. Yes, it's bad. Yes, no one's known about this bug for over 200 days. But this is no different from a flaw found in some other core system library, and it's actually quite easy to patch - install one patch, patch the entire system. Bugs deep, deep down in the OS are bad, but when you fix them, the fixes are sweeping due to how deep inside of everything they are. I really don't think that this is any worse than any other Windows remote exploit (of which there are so many, I stopped counting a long time ago). Maybe I'm just getting jaded, but I'm really tired of jumping like a frog on a hotplate every time a security notice comes out. Unless an affected system is one of my firewalls, I'm really not all that concerned, because the affected boxes aren't directly reachable from the Net. Does that mean that I'm not installing the relevant patches? Hell, no. That means that I've got some time to read the report and do it right. If one acts in haste without at least an idea of what to do, it's easy to screw things up.
<gets his CAT-5 of nine tails...>
I was taken aback this morning by something that hasn't happen since I started working at the county - someone called me by my real name, and not what they usually call me. I was practically floored when that happened.
There's a new worm crawling around the Net, surprise surprise. Even less shocking, the AV companies still haven't agreed on what to call it yet, though what I've found so far is called Mydoom.C. Other reported names are Vesser and DeadHat. It's not a mass-mailer nasty like the first two strains were and it doesn't encipher the telltale text strings inside of it, instead constructing them one letter at a time so it's harder to find. It spreads by using the back door software left behind by Mydoom.A and Mydoom.B, but because a lot of the boxes out there that are infected with it are behind firewalls there's little chance that it'll actually spread (it can't reach them). Strangely enough, this strain carries a compressed copy of the source code of Mydoom.A inside it, which it leaves behind on each system it hits. The going theory is that this is so many more people will get hold of it and write their own variants. Lovely. This one still attacks the Microsoft website, and it has no expiration date, so it'll propagate indefinitely. Lovely.
Like any living environment, life will appear somehow. I wonder if viruses aren't the native life forms of the Net. That's a thought that I'll develop and write more about later.
'Life', as most people define it, is something that distinguishes things that eat, excrete, move, reproduce, and accomplish tasks from inanimate matter. A more colloquial definition would include everything that the thing in question has accomplished as long as it's been able to carry out the defining tasks of running around, eating stuff.. it's a slippery thing. I strongly suggest that you sit down with a couple of dictionaries or lexica from different disciplines and read a few different definitions; it's an exercise to make you think.
However, at this time I'm splitting hairs. Suffice it to say that there's enough discussion of exactly what life is and as many definitions as there are waves on the shores (because there ar so many people with differing opinions) that the jury's still out, and probably will be for the forseeable future. Life is a slippery concept to consider. Again, however, I'm just splitting hairs. I hadn't intended to discuss what life is, I only wanted to provide some background from which to think in text.
The jury's still out on whether or not organic viruses are alive, too, but the consensus appears to be that they aren't, though they sure act like it sometimes (and readily lend themselves to anthropomorphisation).
The first generations of computer viruses don't act as if they're alive, but they do act like organic viruses: They depend on the actions of others to move from place to place and must have a host of some kind to reside within. In the older days of personal computers, those hosts were executable files inside infected computers. Viruses would alter the instruction faces of programmes to execute them first and the rest of the programme second. They were almost always limited to acting only when the users would do things, such as running other executables or formatting disks. Nowadays, with the wide spread of multitasking operating systems those restrictions are pretty well gone. Viruses can run as separate, discrete processes and carry out their designated tasks (like reading address books, corrupting documents, and enumerating network shares to copy themselves into) pretty much without intervention of the user. All they need is to get into the machine to set to work.
In this respect, they're really not acting like viruses anymore; they're acting like bacteria. They wait for an opportunity to get inside (like someone clicking on an attachment of an e-mail or finding a network fileshare that they have write access to) and sit there until something happens. That something might be a user executing that file unknowingly, or it might be the original copy of the file reaching over to the newly infected system and exploiting a vulnerability of some kind (like a buffer overflow) to execute the new copy. Either way, the new copy runs off and does whatever it was designed to do. The cycle continues.
It's been shown that once a virus gets out, there's really no way of eradicating every last copy Out There. There's always one person who still doesn't believe that they've ever recieved an infected e-mail; there's always one box in the NOC that doesn't get patched. There's always one application on the LAN that uses the vulnerable files and can't be easily patched (I found that one out the hard way with Slammer). Short of wiping every last disk on the face of the planet, you can't kill every last virus. Indeed, there are still caches of floppy disks out there from the days of DOS, Windows v3.11, and Desqview/X that have infected executables on them, and if you hunt hard enough you can find web and FTP sites that store virus code, executable and not. As anyone who's ever read a webserver log knows, there are still IIS boxes out there infected with Code Red, and are still trying to propagate. Not many, anymore, but a few.
Worms act in much the same manner. They move from system to system on their own, acting as autonomous processes. They don't require the actions of users, save perhaps using easy to crack passwords or installing patches. Once the first copy is activated and set loose, they spread as far as they can, and you can't get every last copy. They're a part of the background noise of the Net, if you will, just like bacteria Outside are all over the place but don't really hurt people. Human bodies have grown immune to those bacteria through the centuries; computers are immune to those worms and viruses because their OSes are incompatible with the worms' functionality, or they've been patched, or because they can't be reached for one reason or another (in the case of Code Red, for example, machines not running IIS). One could draw parallels between Darwinian evolution of species, the self-modification of the immune systems of organic life, the various software lifecyle models of software engineering, and the periodic upgrading of the hardware and software of computers, if one chose. Those worms and viruses are out there, but they can't hurt anything (much) anymore because things have changed.
Bacteria convert simple sugars into proteins and energy. Computer viruses convert processor time and memory into the activities of hiding themselves, replicating, and spreading. Bacteria are motile; so are computer viruses and worms. Bacteria go dormant; so do viruses and worms. Bacteria and viruses subvert the internal mechanisms of their hosts to replicate; we all know what electronic viruses and worms do. The parallels are quite strong.
"As above, so below. As within, so without." That maxim could easily be extended to "As organic, so digital."
I guess it's because I'm up to my neck at work right now. We've got a big project coming due in a day or so and I'm running around trying to plan for it. If there are snags to hit, I want to know about them before I run into them in a crunch. It'd be nice if there wasn't a matter of time to deal with, but as with everything around here, time is of the necessessity. There's no "hurry up and wait for me" going on (something I despise), it's just "hurry up". While it's nice to actually be accomplishing things, life moves much faster than I'm used to it doing so. I never understood that - why live at breakneck speed when you can plan ahead, accomplish what to you have to accomplish, and then simply switch it in when everyone else expects it the least. Short, sweet, to the point, and no running around in a panic trying to get things together.
Oh, well. I never said that I knew anything about management or planning techniques.
An excellent article on the not-cyberwar has been put up on Computercops that everyone with a political mindset should give a
onceover. The 'electronic Pearl Harbor' everyone was talking about never
materialised, thankfully. A few websites were hit by sympathizers on both sides
of the line, so to speak, but no major information sources were lost under the
attacks - there are always more web boards and reservation sites. The article
mentions a group in Malaysia threatening "suicide cyberattacks" against the
United States. What does that mean? They're going to stick their tongues in
light sockets to try to blow some circuit breakers someplace? It also talks
about the paranoia that's been carefully seeded around the country. The public
is being told to watch out for suspicious looking people (if you're looking for
suspicious people all the time you're going to look pretty suspicious yourself,
they forget to mention, which only heightens the paranoia), which naturally
feeds off of xenophobia. Now everyone with dark skin and a turban is a suspect,
regardless of how long they've been in the country and what they've done while
living here (there's an excellent letter near the back of this quarter's issue
of 2600 Magazine that discusses just this
issue). The article finishes by saying that common sense is important when
dealing with matters like this. It's not paranoia that's going to protect the
administrator's games of Solitaire informational infrastructure
of the country, it's putting the right access restrictions in the right places
and requiring the right degree of authorisation in those places to keep security
Another fun-filled week at work begins. Snort is being a bastard right off the bad, choking randomly on a rules update though not saying exactly where. That's the problem when configuration files can include other configuration files - a bug in a config file causes a fatal error, though which included config file isn't made clear. I'm going to have to start working on a fix for that particular pain in the ass and send it in to the project. If I had more time and less on my plate I could comment out each include directive in the config file and then slowly re-enable them to see which file went bad, but that's a lot of include files for us.
Maybe if I get some free time today.
I discovered something this weekend: To grow what most people consider beard stubble (defined as facial hair that's long enough to be easily seen and felt) it takes me almost a solid week. It's very soft and almost black (something that I am told my body inherited from its father) and grows.. very.. slowly.. It's also rather untidy looking, solidly in the category of 'scruffy' and definitely describable as 'unkempt'. Analysis: Stick with the four-day limit, though stay clean shaven as much as possible. Yay, curiosity.
For a change of pace today (and mostly because I really don't have the time to do so), I'm going to pass on the news analysis. I don't feel up to writing much about what's going on. Maybe I'm just tired of doing so, maybe there's just nothing worth writing about today. The SCO lawsuits aren't holding my attention for very long; they're so full of the waste product of your choice that I'm sick of reading about it. They're not going to produce any of the millions of lines of evidence (no, I'm not exaggerating) anytime before end of the fourth world. The presidential election makes me want to vomit pea soup. As for Michael Jackson, child abuse/molestation charges are levelled against him less than a month after he announces that he's working on a new album; this pattern has repeated itself time and again in the past decade, and the fact that seemingly no one has spotted this pattern makes me want to knock a few more holes in the wall with the front of my current skull. I couldn't care less about the Grammy Awards; unless it's Coast to Coast AM, I don't listen to the radio.
If you were a computer user back in the day (defined as the early 1990's, here) you probably remember the Commodore Amiga, which blew away everything that Commodore had manufactured to date. It ran a Motorola 68k series CPU, could handle megabytes of RAM (at the time, this was unthinkable for anything but the very largest servers and the highest of the high end workstations), had a few expansion slots (if memory serves, they were called Zorro slots), and multimedia the likes of which the PC wouldn't see for a while yet. Sadly, Commodore's marketing department was a bunch of idiots and it never really took off, save in Europe, where people still hack on them out of love. One of the interesting things about them was that they could be outfitted with video editing software, the most famous of which was Video Toaster by NewTek. Fans of such television shows as Babylon-5 and Robocop (for a while there was a live-action television show, often shown late at night) will probably remember that the Video Toaster was used for much of the special effects. At the time, VT cost several thousand dollars. Not too long ago NewTek saw no harm in releasing it to the Amiga community. It's not as if they don't have enough on their colletive plate at the moment...
Manuel Miranda, the man who was behind the information store compromise of the US Senate some weeks ago (in which documents private to the Democratic National Party were illicitly accessed by members of the Republican Party) has resigned under pressure from senator Orrin Hatch, chairman of the Judiciary Committee. As it turns out, Miranda was behind teh filibusters of the past few months, which stonewalled members of the US Senate from voting on several important bills. Miranda still has some supporters who say that he didn't do anything wrong (such as senator Trent Lott of Mississippi).
I got back from the NHPD meeting not too long ago.. I was supposed to be heading up a roundtable discussion of Discordianism.
It didn't go well. It didn't go well at all.
I hadn't had time to put together a presentation these past few days, or even do some rereading to make sure that I had everything straight in my head. In short, completely unprepared. The roundtable broke up multiple times, and in truth I'm glad that it did. It was put out of its misery early.
Maybe that was very close to the spirit of things, in that it was completely unorganised and everyone kept running off in their own directions, only to meet back up a few minutes later (rinse, repeat). While that may be so, it still grates on me. I blew it, pure and simple.
In truth, I'm not comfortable speaking in public and I would much rather have not done it at all, because I knew in the back of my mind that I wouldn't have the time to prepare for it to begin with. One of these days I'm going to learn to stop piling stuff on top of stuff just because it's there. That's a bad habit.
Today's one of those days that just didn't go anywhere.
I slept a good eleven hours since last night, and woke up with an oddly clear head. I was up until late hacking on Lain and trying to get DNS resolution working for some of the domains hosted on the Network. I honestly have no idea why they're not resolving. I've literally gone by the book and still can't get the damned thing working. After almost six months of hacking, I give up. I have no idea what I've done wrong, and I'm tired of patching holes in the walls of the Lab made by my forehead.
Lately, I've been feeling like I'm steadily, quietly burning out. My geek mojo works fine at work, but when I get home the only thing I want to do anymore is curl up with a book and a cup of coffee and rest my brain. I've been doing a lot of reading lately, more in the past eight months than I really had since I started college way back in 1996, and I haven't been missing time on the Net since then. Maybe I just need a break because I had to practically live In Here for so long just to get through school (and working on top of that), and I need a change of pace. Maybe I'm just burned out and I should start looking for something else to do. Maybe I just miss the feel of paper in my hands that isn't a textbook that I've got to memorise (my CISSP certification notwithstanding).
I can get stuff done at home if I really work hard on it, and put energy into what I'm trying to accomplish, but it's hard just to get the werewithal to do so. I'm tired. There's so much more that I could be doing, like drawing, or painting, or sculpting... hell, or brewing the perfect cup of coffee.
I don't know anymore.
I probably could have gone to B'witche's Tavern last night for fetish night, but I didn't even feel up to that. I stayed home and hacked, and didn't make much headway. I did, however, watch a lot of cartoons (okay, so it's a guilty pleasure of mine) and finish a few more books. I also spent a lot of time talking to Lyssa and some of the folks out of state, and thinking about what's been going on.
I just realised that the flow of event of last night is messed up. They were interspersed fairly densely, so you can consider them a single event if you like.
Could I have gone? Probably. Should I have gone? Maybe. Did I feel like doing one more bloody thing that involved driving? Hell, no.
That's one of the problems with having so many interests: There isn't enough time to indulge in all of them at once. I'm used to flipping from task to task in order, getting things done all over the place, but there are some things that multitasking just doesn't work for, like drawing or reading, due to the state of mind necessary.
I just don't know.
I cleaned the kitchen today. I got sick and tired of looking at it and took cleaning supplies to every surface that I could reach. It looks a hell of a lot better, if I do say so myself. The floor's not dingy anymore, the sink's not coffee coloured anymore (it's not abuse to dump out six hour old coffee, that's how long it takes to spoil), and the cabinets and stove don't look like the floor of a taxicab. Yes, things get nasty around the Lab before I get around to cleaning them. Once I'd gotten everything picked up and put away, I set to work making a half-batch of cookies to take down to Lyssa for Valentine's Day. That works out to be about six dozen cookies, give or take a few tastes of dough and a few sampled by the family.. my recipe technically makes a gross of cookies, so that's really not much when you think about it. Anyway, they're done and ready to pack up.
I've decided on the costumes I'll be wearing at Tekkoshocon. At Dataline's suggestion, I'm breaking out the Nagisa Kaoru costume, which I haven't worn in two years (it's her favourite) for Friday. On Saturday I'll be dressed as one of the gargoyles/MiBs from Serial Experiments Lain. On Sunday, if I cosplay at all, I'll either be dressed as Sumeragi Subaru from X/1999, or I'll be going as a male persacom from Chobits. I don't have the patience or the time right now for overly complex costumes, though I do admire them very much. Besides, if I do have to move fast, they won't be restrictive in a crunch.
How earth-shattering in importance. <wry look>
I do what I can.
Greetings, readers from Yahoo's corporate network!
Today was another of those "let's run around all day taking care of business" days for all intents and purposes. I got up early today to get my head cleared and then hit the highway. There was a Tekkoshocon staff meeting today, and it was important to be there. I'm on staff this year, working security for the convention, in case I haven't written about it yet. While not a hardcore convention goer (and even if I could afford it, I wouldn't be going to many anyway), I have seen how things can go when there aren't enough people to take care of things, and I'd like to help out if I can. So I volunteered.
Anyway, today was the walking tour of the hotel. We got to wander around the site for a while and see where everything was, and more importantly what each room looked like and what would be going on in each. This room's for video games, that room's for gamers, there's artist's alley.. that sort of thing. Tekkoshocon's got the entire ground floor of the hotel, and the number of pre-registered convention goers is up in the hundreds, from what I've heard. Swift Fox is also on staff, as is Anomie. John and Lara are helping to organise the entire shindig. Aaron's the brains behind the operation (one of the folks I trucked up to Ann Arbor with late last summer). I even ran into Kate from the IUP anime club, which I was a member of years ago (and vice-president of the semester I left IUP). She's chair of cosplay (costume play) and one of the Secret Masters(tm) of Tekkoshocon. I'd heard that she was in Pittsburgh, but hadn't seen her since my departure.
She's a geek now. I'm so proud of her!
I'm watching Teen Titans on Cartoon Network right now. We finally get to see what Raven looks like under her hood. Neat. All the classic horror movie references are secondary.
I'm half-tempted to crossplay as her at the next Pittsburgh Comicon.
For admins who always forget how to make an ethernet crossover cable (and who really should get out to see their families more), someone's come up with the perfect way to memorise the wire layout.
Yes, it's funny. It's probably even work-safe.
Lately I've been reading the comic Transmetropolitan, which, if you've never heard of it before, is set in some random future they call the City (at least, as far as I've made it in the stories that's all it's referred to as). It's pretty obvious that the protagonist/antihero Spider Jerusalem is based at least in part upon one Hunter S. Thompson, the first of the gonzo journalists. He's rude, crude, sarcastic, foul-tempered, self-destructive, and at times sadistic, but what surprises me is how the character has a human streak beneath all of that. Jerusalem is compassionate (sometimes in his own way, sometimes as we normally reckon it) and shows a definite sense of duty toward the people of the City, in that he looks at the world around them and tries to make it plain how bad things have gotten. Flying cars and big buildings do not a futuristic paradise make.
When Lyssa first turned me on to Transmetropolitan, what she'd read to me made me think only one thing: "This is screwed up. It's completely around the bend. I love stuff like this; I think I'm going to start picking up the trade paperbacks." The first volume, Back on the Street didn't disappoint me at all in this respect. Then I started reading the second (Lust For Life), and the stories started off more of the same insane rambling and disregard for the extras in the story.. and began to evolve. Things to think about, actual crunchy subjects that don't really have a right or wrong answer, like whether or not someone has the right to die as they choose (which was tightly tied into a storyline about transhumanism and trying to come to grips with someone's decision - any story that talks about Hans Moravec is good in my book) or the possible perils of cryonic suspension (someone dies and has either their entire body or just their head frozen, in the hope that some future society will find their remains, thaw them out, cure them, and revive them). It might not be a bright, pretty future that they (might) wake up to. It might resemble one of the outer rings of Dante's Inferno. Or it might be so damnably weird that nothing makes sense, no matter how hard you try to figure it out (or that someone tries to explain it to you). That's something that the usual transhumanist literature doesn't talk about, nor does the literature from the cryonics companies.
I was flattened by that one.
This morning, I chanced to see the logo in the top left corner of the cover, where it blends in too well with the background - Vertigo. I shouldn't still be surprised, but I am for some reason. I think it's because I'm amazed that it had so much to think about. It just goes to show.. you can't assume anything.
On the topic of assuming things, here's an article from Reuters that'll make you wonder if it's possible to take that a little too far. 72 yer old Herbert Silver lived with his dead brother for over one and one-half years and didn't realise that he was dead. When he finally figured it out and called the police, the coroner's team showed up to collect the dessicated body of his late brother, George. Herbert stated that he found it strange that his brother spent all of his time in his room without coming out, but claimed that he just liked to keep to himself. Ye flipping gods..
This is the sort of thing that really honks me off.. Microsoft has patented XML (a sort of meta-markup language, rather like HTML, that can be used for nearly anything that needs to be defined in a formal manner) and is defending its patent in court. They say that they are only trying to protect their intellectual property (anyone else getting as sick and tired of that phrase as I am?) and that it is giving all of its hard work away for nothing. Um, guys? You didn't invent XML; the XML Working Group of the World Wide Web Consortium did. You didn't create the language, you just wrote parsers for it and integrated those parsers into your applications. They actually invented the language, worked out the semantics and the structure, and broke their backs making it as widely spread as it is now.
If you purchased a computer instead of building your own from stock components, chances are you've had to take your box back once or twice to get something fixed. Taking advantage of this, the FBI has asked computer repair shops to keep an eye on what their techs find on the systems brought in, and to notify them of anything shady they find. While I have to admit that this is warranted in some cases (like finding child pornography on someone's hard drive; from what people have told me most any hired tech will tell their superiors, who then call the police if they find stuff like this) a lot of people, myself included, are wary of techs going through everything just on general principles and either copying off sensitive information (say, some contracts you were working on, or perhaps some spreadsheets) or just going through files you'd wish they weren't). At any rate, the ACLU's afraid that this can be taken too far. This is the sort of tactic that's referred to as a 'fishing expedition' in legal circles; that's when someone executes a search just to see if they can find anything. They don't necessarily know what they'll find, or if they'll find anything, but they do it because they can get away with it. Reports (both official and not) disagree with one another as to how often and when this happens. This comes very close to violating one's right to privacy, and I think that the jury's going to be out for a while on this matter, so to speak.
As always, encrypt that which you can't securely erase in time.
One of the basic premises of street tech, the domain of hardware hackers, people dedicated to getting the absolute most out of their equipment, and people who do things because they can (which, when you get right down to it, tends to be the purest - hacking for the sake of hackign) is that once you've got your hands on the hardware, it's open season. Physical seals and warnings mean nothing once you've got a screwdriver in your hand and you're busily voiding the warranty on your little black box. Cable Modems, such as the Motorola Surfboard are no different. A utility called Sigma can be used to upload modified firmware to these cable modems, altering their functionality in several ways, among them removing the bandwidth limit programmed into the unit by the ISP. A group called TCNiSO developed and released Sigma for the purpose of uncapping cable modems easily. TCNiSO discovered the headers of a serial port in this particular model of DOCSIS (data over cable service interface specification - the protocols used for cable modems) that, when you patch a computer into, can be used to reprogram the unit. The process is given in more detail in the article but in a nutshell instead of pulling its config data from the ISP's FTP server it pulls its config data from an FTP server that you specify, with your custom configuration stored onit. Interestingly enough, the Surfboard cable modems are full-scale embedded computers in their own right, running a multiple purpose OS called VxWorks with an interactive shell, so you can hack around with it just as you could any other computer with a user interface.
A word of warning - this violates your terms of service contact, which will probably get you kicked off and banned for life, even if you don't uncap your maximum speed. Unless you buy your own unit, the cable modem's not yours. I frankly don't know where you'd legally stand if you went to Best Buy or Circuit City and bought your own for the service you're buying (yes, you can do this, but they tend to be expensive). Also, because cable modem access is shared among all the subscribers in a given segment, if someone starts hogging all of it, everyone else is going to suffer. The Sigma hack can be abused in other ways, as well - theoretically, someone could kick their cable modem into promiscuous mode, and sniff all the traffic on their segment, which is known to be illegal. As with any neat technology, the line between use and abuse can be very, very thin.
At long last, service packs for Windows Server 2003 and XP are on the horizon, scheduled for release in the second half of 2004. Among the new features expected are additional functionality for blocking access to systems whose security measures are not up to standard (exactly what this means and how they mean to go about it short of a full penetration test is not known), a new application to monitor known vulnerabilities (and hopefully patch them automagically), and at long last, better attachment blocking for Outlook and the MSN IM application. It's about time, guys. Also mentioned are changes to the OS' memory management system that will hopefully make it harder to exploit buffer and heap overflow vulnerabilities. Maybe they've taken some tips from Solar Designer...
Speaking of Microsoft, they're at it again. Their "Get the Facts" ad campaign is still slagging open source in general and Linux in particular by claiming that Microsoft is superior to IBM and Linux when it comes to interoperability. Interoperability is easy when you write the file formats and force everyone else to reverse engineer your software just to figure out how to open the bloody things.. their studies also conveniently neglect to mention their 'embrace and extend strategy', where Microsoft gets hold of open standards (for example the Kerberos authentication system), implements them in bloody near everything they make, and then change it ever so slightly so that the true open versions don't work anymore. When they can't do that, they patent the standards, effectively removing them from the public domain, and even from the hands of the creators. XML (extensible markup language) comes immediately to mind. The total cost of ownership tactic didn't work, and their tactic of slamming the GPL failed miserably, so they're trying to hit closer to home with the end users.
SCO's running afraid.. so afraid that they clusterbombed Congress with letters claiming that Linux contains stolen SCO source code. They've also claimed that open source code is a clear and present danger to the US' information technology industry (as if the increasing rate of outsourcing to India and Asia isn't...) A grassroots campaign is beginning in which people are being asked to send letters and faxes to Congress to tell them that SCO's still trying dirty tricks to make themselves look good in court (because they can't seem to look good in court on their own). At the bottom of the article is a link to the OSAIA website, where you can find the names and addresses of your Congressfolks. It's time to show them that we're not going to take this lying down.
Sometimes I guess it does pay to sit and read the comments posted under articles at Slashdot. Since Sunday, Darl McBride of SCO has been inundated with telephone calls since someone got hold of his home telephone number and posted it to the article discussion boards at the well-known techie news site. Apparently, many people are making threatening or obscene calls to his house because he's gone entirely over to cellular communication to get anything done.
Guys, while I have to admit that it's funny, it's not giving us any more credibility than we had before. This stunt is making the open source community look like a bunch of hooligans and morons, and not like a bunch of mature programmers. You're hurting it for all of us, and in fact you're just giving SCO ammunition to use in court when push comes to shove. Even CNN is starting to wonder about us. There seems to be only a small group of people who are actually clueful and mature enough to speak intelligently, with another, larger group of people who are only interested in getting things done. Everyone else just sort of stirs the pot needlessly. What struck me was the fallout from the DoS attacks on the SCO network a while ago. SCO was accused of making the whole thing up, regular readers will recall, so they got one of the departments at the University of San Diego to verify their report - and they too were taken out by a DoS attack. Ye gods, people - I can't think of a better way to kill our credibility!
Kibo on a fucking pogo stick.. is this an office or Blazing Saddles?! Who did I piss off to deserve this?!
Today was something of an experiment in tolerance. Normally, when something is broken, I can't stand to have it stay broken for long. I have this need, this urge to fix things whenever I can. One might carefully call it a compulsion to keep things working and in neat order. Last night the Debian mirrors finally freed up enough to install a series of security patches in the Perl installation on Leandra and Lucien, which I did with much relish. Unfortunately, the changes to the libraries broke qmail-scanner on Lucien, which scans all incoming e-mail for viruses and other sundry forms of malware. I don't know where a lot of e-mail went, I only know that it's a good thing that most every SMTP server out there will try for up to 72 hours to deliver any given message. The messages that bounced or vanished into the aether will probably be retransmitted and stored normally by sunrise tomorrow.
Anyway, what I would up doing was rebuilding qmail-scanner from the get-go, which linked it against the new Perl libraries, and now everything seems to be working. But that's not the direction I was hoping to go in with this.
This is a minor victory of self-control. It took a lot of effort to leave the Lab this morning without fixing the problems with Lucien before work, and possibly skipping work to take care of it. I left and did what I had to do today, and only after I got home, had dinner, and looked at the mail did I start working on Lucien. Perhaps that's very unlike me, perhaps that's very irresponsible of me as a sysadmin (by trade). However, the fact that I wasn't obsessing about it all day is a major breakthrough. My self-control has been slipping in recent weeks, and I'm trying to get back on track.
What a lovely coating of ice on the ground this morning. I haven't been ice skating in years.
I finished the Gehenna sourcebook last night. The final scenario could be fun if played properly, but it was too everything-and-the-kitchen-sink for my tastes. The opening premise is interesting but about halfway through it started to turn into V:tM meets Mad Max with a healthy dose of Focult's Pendulum thrown in. I think it'd work best as a source of inspiration for one's own chronicles and storylines but as it stands I can't really recommend it (unless your players have been using the same characters for literally years and are strong enough to have a snowball's chance in a blast furnace of making it all the way to the end). The commentary and flavor chapter following the fourth scenario, on the other hand, is very worth reading and rereading a day later to get a feel for what's going on, the scope of Gehenna, and how the ripple effect would work. While it doesn't sit you down and tell you what's supposed to happen, it does give you a sense of the impact of what is happening on a very personal level. How the little things change. How structures of things change. Emotional impact (if you're good at writing it). It's not just a storyline, it's a design document for a story, very much like the ones used for designing movie sets and the audio tracks. On the whole, I'd give the White Wolf Gehenna sourcebook 8/10 with a pack of hilighters on the side. Pick it up before the second print run's completely gone.
Hmm.. maybe I should turn that into a formal book review. It'd be a good writing exercise.
There's an article on ZDnet about W32.Novarg/W32.Mydoom that might be of interest. In particular, it says that the initial spread of the trojan horse was missed by antivirus software, which is only logical. If the antivirus companies don't have copies of the malicious agent to analyse, they can't write a signature for it, so they can't get it out to you. The article goes on to quote Shlomo Touboul, CEO of the Finjan Software, as saying that another layer of software is necessary for protection during the time between outbreak and immunisation. With worms and trojan horses like Novarg, that's the firewalls protecting your LAN. Under almost every circumstance, someone's workstation has no business trying to send something via SMTP (simple mail transport protocol, which drives e-mail transmission), that's the local mailserver's job. Same with accepting HTTP (hypertext transport protocol - the protocol behind the World Wide Web) traffic for most any reason (a notable exception are web developers' workstations, which often run small webservers for the purpose of testing). It would be easy for home users to configure their systems to be more secure, starting with personal firewalling software, but so few people actually do so, it's almost scary. Is there any way to really fix this? Most experts don't think so, and I'm inclined to agree with them. Most people use computers to get their work done and don't give a thought to protecting themselves or trying to be good net.citizens. When you think about it, it's a little more hassle with no real visible benefit.
I sometimes wonder what it would take to make everyone become more security conscious. Even the threat of identity theft hasn't made much of a dent.
On the twin subjects of cluefulness and security, Microsoft has at long last released a security patch for three serious vulnerabilities in Internet Explorer, among them one which makes it all too easy for people to follow spoofed URLs and not even realise it. The patch is considered high priority, and to be installed immediately. The other two bugs that this hotfix repairs are one in which a malicious website could cause software to be executed on the vulnerable system with the user's access privileges, the other allows arbitrary data to be hidden on the affected computer (good for setting someone up). As for how many people will actually get around to installing it, only time will tell.
I have to hand it to Microsoft, one thing they did right was Windows Update. Now they just have to start deciding to patch holes as they come...
18 year old Joseph McElroy of Great Britain was sentenced to 200 hours of community service for cracking systems at Fermilab, a United States government high-energy physics and nuclear chemistry lab. McElroy cracked a number of servers there so that he could use the facility's considerable bandwidth to trade MP3's and pirated movies. He plead guilty to one count of unauthorised modification of the contents of a computer (which means that either he edited system logs to hide himself, set up a rootkit to hide himself, or more likely filled up a few RAID arrays with WMV or AVI files - it's hard to tell without the forensic reports). Because he didn't access anything classified (and I deeply hope that the US government is bright enough to not put anything more secret than 'sensitive but unclassified' on systems connected to the Net at large) they couldn't throw the book at him. Because he was determined to be financially judgement proof (i.e., unable to pay anything) they didn't bother fining him.
Redhat users with an urge to run the latest and greatest, take note: The first version of Redhat based upon a v2.6 series kernel will be delayed until they can fix some problems on their end. Bill Nottingham, Redhat AS developer, was quoted as saying that "it's not working quite well enough to push out yet." More than likely, Redhat's run into some problems hacking the kernel source (if you've never run Redhat Linux before, Redhat is famous for patching the living hell out of the kernel source code, adding non-mainstream device drivers and functionality the likes of which most people only dream of so the end users and admins don't have to go to the trouble of hunting down the right versions of the patch files) and it'll take them some time to get everything worked out.
Today started off with a laugh but finished with a sigh. I can't ask for much more than that. I'd been having trouble logging into some systems at work, and I'd been pulling my hair out trying to figure out what was going on. Pings and traceroutes made it only so far, then died. The cables were all in place. All the blinkylights that were supposed to be lit were lit. Finally, I asked Chris for help. As it turns out, my workstation's DHCP lease had expired, and it had been given a new IP address. Problem solved.
The last thing I should have checked.. <sigh>. Oh, well. Some days you're the bug, and some days you're the windshield.
In what could be a landmark case, the Massachusetts high court ruled today that, in order to be Constitutional, the right to marry must include same-sex couples. This is going to stir up one hell of a hornet's nest, but I have to be honest, it's about bloody time. Following a court case in 2001 in which seven homosexual couples sued for the right to marry legally, it was ruled that the legislature had six months to make it legal.. they did. Sort of. In 2002 the Suffolk superior court threw the ruling out, stating that no constitutionally adequate reasons had been given to give gay and lesbian couples the right to marry. Being citizens of the United States of America and taxpayers isn't enough for them, I suppose. On 11 February 2004 is the next Constitutional Convention, and this issue will hopefully be brought up for discussion. Only time will tell.. and I hope that it gives the go-ahead to marry.
Another lovely day - rain turned into cold rain, which has since then turned into freezing rain, which was on its way to becoming snow by the time I'd gotten to the office. Hey, Pace - what's the cost of living like down there? I might be looking into moving shortly.... <sheesh>
Still reading the Gehenna sourcebook. I think the first scenario is probably my favourite thus far. It's very abstract and biblical in nature (which is the sort of thing I love) and because it's abstract it gives me a lot of ideas. A thing can be a symbol, and that symbol need not be straightforward, no, not by a long shot... or, just for fun, the thing might pop up out of the ground and come after you. The second scenario (Lilith's return) really didn't do much for me. It was too cat-and-mouse for my tastes, and took the existing mythos and rewrote a lot of it just because it could. While I accept that most campaigns tend to write their own background for a lot of stuff, aesthetically this paticular one gets on my nerves. Scratch that one. The third scenario (the title of which escapes me at the moment, which is sad because I'm still reading it right now) has a lot of potential.. I could have a lot of fun fleshing it out and twisting it ever-so-slightly.. I'm being deliberately vague, by the bye, because I don't want to spoil it for anyone who hasn't gotten a copy of the sourcebook yet. It's actually quite fun to sit down and read even if you don't intend on running a game using any of the ideas in it.
Of course, I wouldn't run it right out of the book. That's not terribly creative, and if you don't flesh it out it's hollow to begin with. White Wolf's storylines tend to be good frameworks for your own stories. Personally, I'd rather rework even the frame they publish to give it a different feel. They're ideas for your own stories, and not really stories in and of themselves.
Well, some of them are, anyway. But not many.
I hadn't intended to go off on gaming today. There are other things to write about, but this is as good a way as any to get the brain going. Kind of like free writing to warm up for an essay.
The stuff I've run in the past has either been off the cuff (which, in retrosopect, didn't work well at all, especially for the first time out) or planned ahead of time for the next session (that was my short-lived Lain BESM campaign of a year or two ago). I write up the basic ideas that I'd like to cover, and use them as an outline for a story. As long as this, this, and that happen, the story pretty much writes itself. Constructing NPCs takes a lot of practise because it's easy to either make them too weak (which means the PCs will stomp them) or too strong accidentally (which is really easy to do in BESM). The trick is to make them a match for the players' characters; challenging, perhaps even hard, but not insurmountable. I also like to plan at least four contingencies for each phase of the story. Depending on what the players do, the story isn't derailed, because the story was written to go in multiple possible directions. Someone dies, the story goes off in an entirely different direction. A PC happens to befriend an NPC, there are hooks already written to take that possibility into account, too. It's the story that I care about and not making the players fit into my plan. Players can surprise you, so write lots of flexibility into the storyline. The old Choose Your Own Adventure books of the 1980's are wonderful for learning to think and write in just this way.
if you're not familiar with them, they were books with sort of simple stories (mostly because they were geared for younger kids, around the age of ten or so, but also because they're easier to write and keep organised if the storylines aren't too involved) that weren't linear in structure, the reader was presented with multiple options and depending on which choice you made the story could go in many different directions. They were kind of neat - I still have a few laying around, and I read them sometimes. Anyway, that's the sort of mindset that writing campaign stories requires, being able to recognise possible turns in the storyline and writing just enough to let you play them through, but not so tightly that you can't adapt.
I wonder if Micro Adventures books can still be found someplace..
Jerome Heckenkamp, who was accused of cracking such high profile sites as eBay and Qualcomm plead guilty last week, bringing to an end almost two years of fighting and shenanagins. If the name doesn't ring a bell, this was the same guy who claimed that he didn't have to obey a court summons because his name was written on the document in all capital letters, and he used proper capitalisation... Heckenkamp also admitted to cracking the networks of Juniper Networks, Cygnus Solutions, Lycos, and Exodus communications. The deal he cut included such provisions as the prosecution not recommending more than two years in prison and no restriction on his use of computers at work during the time following his release (which only makes sense in this day and age - you can't work anywhere without having some interaction with a computer), plus time served (the eight months he was in custody because he was declared a flight risk). His sentencing is scheduled for 10 May 2004.
It looks like the W32.Novarg.B/W32.Mydoom.B trojan did its dirty work - SCO wound up buying another domain in a hurry and copying its website over to it yesterday. Analysts have said that over one million hosts on the Net were infected and merrily hammering away on their wbservers yesterday. Spokesfolks from the firm mi2g have wondered on the record how easy it would be for someone to hold our heavily computerised society hostage with a threat of this magnetude (though some folks wonder about these guys - this might not be accessible from work). It is said that whomever was behind Novarg.A/Mydoom.A was a skilled programmer as well as an excellent strategist (which I have to concede - sometimes the oldest tricks are the best ones). The .B variant hasn't spread as far as the .A strain, so it's not expected to have nearly as much of an effect on the Microsoft webservers. Now we just have the backdoor Novarg drops to contend with..
..and now quarter-sized snowflakes are falling.
The US-CERT has released a W32.Mydoom.B/W32.Novarg.B advisory, their first yet. Like its predecessor it's technically a trojan horse, because it has to trick the user into executing it before it can do anything. They think that it'll kill itself off by 1 March 2004 (why?). There are many more subject lines and possible messages (including random garbage, which some spamkillers might pick off) that it can be transmitted under, so it'll be even harder to write signatures looking for these messages. Oh, yes, it will also transmit itself via the Kazaa file sharing network if it gets a chance, and to boot it'll try to keep your system from being able to contact nay antivirus sites (I think I wrote about that a few days ago..)
Happy Groundhog Day, everyone.
Much of yesterday was spent running around cleaning the house, primarily the main bathroom on the top floor. What a fun pastime... I think it's time for a trip to Sam's club to restock the cleaning supplies. It's amazing how an environment can change when someone gets sick...
But I digress. Suffice it to say that everything looks one hundred percent better as a result. After that, much of the afternoon was spent taking care of random tasks, straightening stuff up inside and outside because I couldn't take the look of it anymore. The bags of stuff piled in the Lab aside, things look a lot better around the house. Pleasantly so. Now I just have to get the microwave fixed and the kitchen floor mopped and it'll be liveable.
After all was said and done I trucked over to the House Pendragon for a non-Superbowl party. Not many of us can really stomach sports, and TNT was showing a Charmed marathon, so that's basically what went on last night. Everyone brought food of all kinds (from pizza rolls to Fern's chicken, from stuffed jalapeño peppers to black-and-white M&Ms) and we sprawled out in the living room munching and watching television (and occasionally clicking over to the Superbowl game to see what the score was). Many folks came, some folks came and went, everyone came empty and left full and happy (aarg.. bad.. weekend..) I have to be honest, I'm not a fan of Charmed, and I'm less of a fan of Aaron Spelling's shows. I'm not a fan of television in general, to be honest. Charmed is cute.. they have some people on the scriptwriting staff doing some research and doing it fictitiously, but by and large it drives me up a wall. It's not my thing; it takes something that I have a lot of respect for (and a practise that I hold dear to my hearts) and uses it in a way that bothers me deeply.
On the up side, I passed the time mentally translating the characters into Mage: The Ascension stats and calculating how much paradox the characters racked up in the course of each episode. The average was 9.5 points of paradox due to vulgar magic with witnesses.
I also spent a lot of time talking to everyone while I was there, something that I haven't had the chance to do in a long while (this includes everyone that I missed at B'witche's the night before). It's good to catch up with everyone.
You know, this is the sort of thing I hate reading on a Monday morning.
I had quite a few strange dreams last night.. I was going to a part of some kind (probably a recent memory of the not-Superbowl party at the House Pendragon) and for some reason my front teeth were loose. Very loose. I wasn't able to hold them in place though I was able to adjust the rightmost one with a screwdriver to line it up with the rest of my upper teeth (a clear sign that this was a dream, the rest of my teeth were straight) to at least make it a lesser target of breaking accidentally. This only served to loosen it more and worry me more. At this point I began considering the biochemistry behind the spontaneous loosening of live teeth and what I might be able to do to fix this condition (yes, I geek out in my dreams). It was shortly after considering calcium supplements that the dream ended (I think).
It's a shame, really... a few years ago the Sardonix project was founded to audit open source code for security vulnerabilities, much in the same manner that OpenBSD checks its code for flaws (no jokes, please). Two years later the project was declared a failure and DARPA (the Defense Advanced Research Projects Agency, sort of a think tank for the US government) has pulled the plug. No one audited any code, no one contributed anything to the project, no one cared, really. It was hope that people would start looking at code to find holes to gain some notoriety for having done so (much like the way that karma works on Slashdot for people who post). Crispin Cowan, a computer security researcher based out of Oregon, thinks that this is due to the community that's grown up around computer security - no one wants to writem ore secure software but everyone wants props for finding bugs.
John Ashcroft's at it again - he's asking that the USA PATRIOT Act not be weakened for any reason. There's a bill in the Senate right now called the Security and Freedom Ensured Act that is supposed to limit some of the powers of the PATRIOT Act, among them those related to the execution of search warrants and clandestine surveillance. The bill would change things so that warrants for electronic surveillance would require either the name of the party being monitored or their specific location, and not the "someone around such-and-such location" requirements of the PATRIOT Act, which is extremely vague. The bill is coming under heavy fire right now, much more so than it really would need to be debated. John Ashcroft has stated that no terrorist plots have been stopped by the PATRIOT Act, and that the changes the new Act would make would do little to impede ongoing activities. Time to keep an eye on this one, I think...
If you're in the market for a new PDA sometime in the near future, there's a good review of the Zaurus SL-5600 on Linux Journal right now. Just bear in mind that when it compares the 5600 to the older 5500 model, it's assuming that you're using the default ROM image (which, as I've complained about time and again, leaves a lot to be desired). The bug mentioned have been fixed in a later revision of the ROM for the 5500. Anyway, the screen is colourful and bright, and easy to read. An improvement over the SL-5500 is that the backlight can be turned off by holding down one of the buttons on the front of the unit, instead of having to install a third-party application to do it for you (like you have to do with the SL-5500, even with a later-revision ROM). The thumb board is comfortable and easy to use, as are the on-screen keyboards. Quite a few compact flash WaveLAN card will Just Work(tm) right out of the box (which I can attest to). IR communication wtih cellphones, PDA peripherals, and other model PDAs (like the Palm Pilot and PocketPC) is built in, so you don't have to worry about hunting down translation software. The power cell that comes standard with the SL-5600 lasts almost twice as long as the 5500's, which is definitely a good reason to get the later model if you've got your heart set on a Zaurus.
Now, here's where that grain of salt would go well with this review. A lot of the problems with the 5500 (like the document manager being almost worthless) have been solved in the v3.1x ROMs. My guess would be that they backported the document manager from the SL-5600 ROM, which was an excellent move on their part. You can change the appearance of the user interface much more readily than before (i.e., you don't have to install a third-party utility to do this), you can edit the tabs and the individual menus if you like, and some of the included software is much more recent (like embedded Opera v6.0). Total power failure doesn't wipe all of your data out of the SL-5600; it doesn't do that on the SL-5500, either (unless you wait longer than 24 hours after failure, which is how long the supercap inside can hold out). There still isn't any desktop synchronisation software for Linux, unfortunately, and there probably won't be any anytime soon (which a lot of people, curiously, don't mind too much). Give it a read and make up your own mind. My wrists hurt.
I think SCO is going to beat the Sirius Cybernetics Corporation to the dubious honour of being the first against the wall - check out this article at Groklaw about their allegations. It's not too technical, though it is rather long. While I highly suggest that you sit down and read through it at least once if you pay any attention at all to what's going on, I'll try to clear some stuff up in here. Okay. SCO says that some of their work was illegally added to the Linux kernel. Some of their work has to do with multiprocessor system support, some of their work has to do with ABI (application binary interface) support. ABI support is basically taking system libraries from a different system (like SCO UnixWare), dropping them into a special directory on a Linux box, installing a kernel module or two, and being able to run software written for UnixWare on a Linux system. Short, sweet, and to the point. The reason this is possible is because SCO's UnixWare system libraries adhere to a set of standards, like what functions (the iBCS-2 spec they stick to has 1,170 separate functions described in it) are named, what arguments they take, what they do, and what they return. That way, if you want to make a compatible set of libraries, all you have to do is download a copy of the spec and start writing your own libraries, using the standard as a guide. It doesn't matter much how the internals work as long as they take the same values, do the same thing, and return the same values. This makes porting (modifying code to run on a different platform or operating system) and writing translators that much easier.
But there's a catch: While libraries may be standardised, file formats don't necessarily work the same way. A file format describes how the data inside a file is laid out, what the subsections mean, how they're read.. fiddly stuff, for lack of a better term. It's a pain in the butt to work with them. However, if they're documented someplace, you can write a utility which will let executables from one OS (like UnixWare) run on another (like Linux). That way, you can have a Linux box someplace and buy software written for UnixWare, and run your software that way. A software engineer who worked for SCO named Christoph Hellwig wrote just such a module for the Linux kernel, and donated it with the blessings of his superiors at SCO to the kernel project. There's just one catch, though - to use SCO UnixWare support on a Linux machine you have to have copies of the SCO UnixWare system libraries somewhere on the box (why I'm not quite sure; my first guess would be all the neat functions that everyone adds to their system libraries that aren't part of the spec, though they're technically allowed to be there). SCO, at some point, made these libraries available to whomever needed to use them in the form of Redhat (Linux) packages:
(links are to source code packages of those libraries)
If you need it, download them, install them, and off you go. Thanks, SCO. Right?
That's not what they're saying, though.
The first thing SCO said was that because those ABIs had been replicated in Linux, their intellectual property had been stolen. Specifically, the interfaces (the published parts) of those libraries.. which they wrote in accord with the iBCS-2 specification, which is an open standard. Anyone who followed the spec document has interfaces that look like SCO's, so how could that data be stolen? A lot of the stuff isn't even theirs to begin with, it belongs to the 88OPEN Consortium, Limited, which maintains the iBCS-2 spec.
This brings us right along to the header files that SCO claims are stolen from them. When you're writing software using libraries like these, most of the time you get a bunch of binaries that your development kit interacts with. These aren't too helpful, because they don't read anything like English (they're compiled code, which is why they're called binaries). For a programmer to be able to do anything with them, information about the necessary functions (remember the spec document?) has to be provided to the programmer to make use of them and to the development environment so the code can be compiled (which is something that I don't intend to go into here because not only is it not part of the topic at hand, it's really, really, really complex; just call it magick for now). This information is included in header files, which read almost like English, and formalise the information from the standards specification. SCO says that some headers that are a part of Linux were stolen from them because they match the ones that SCO includes in UnixWare. They aren't stolen; they were written using the iBCS-2 spec as a guide. SCO UnixWare's headers were written using the iBCS-2 spec as a guide. They do the same thing because they came from a common source - the spec document. It's not stolen if a third party tells the first and second parties how to do exactly the same thing in exactly the same way.
Revisionist history, anyone? Get yourself a cup of coffee and read that Groklaw article.
The MATRIX (Multi-State Anti-Terrorism Information Exchange) programme is slowly beginning to make its way across the United States of America, this time to the state of Utah. Not the (increasingly poor) movies but a massive database holding information on every man, woman, and child in a given state. Multiple installations of MATRIX will be networked, allowing for out of state searches, correlation, and data mining of the dossiers of millions of US citizens. Michael Leaveitt, former governor of Utah, signed a bill that would allow this system to be brought online without telling any of his constituents. Even the Utah state government didn't know that he'd done this. At this time the Utah state government is panicking because the former governor had snuck this past them, and they want to know why they weren't told and what impact this system will have on the civil liberties of the citizenry. Verdi White II, who was appointed Utah's homeland security specialist, stated that this was information that law enforcement already had access to - that's debatable. Not only will information about civilians be made available, but information collected and maintained by private companies will be mixed in, such as the records kept by credit agencies (and we've all heard horror stories about how inaccurate those records can be). Imagine a police officer using faulty information to place someone under arrest because they 'fit the profile of a terrorist'... They're going to give it a try and if it proves itself to be of use to law enforcement they'll keep it around.
The MATRIX system has been popping up around the county over the past year or so - regular readers of my memory logs have no doubt heard me talking about it. If you haven't, either go through the archives (I'll get that search engine up and running some day..) or hit Google and search the news morgues on the Net for other articles. This project has a lot of people, and not just the lunatic fringe, worried about the future.
It looks like I did a hell of a lot of writing today, more than usual. I'm sorry to have bombarded everyone with thoughts, polished and not.
I gave Fern her Book of Shadows at the not-Superbowl party last night. She loves it.. I wrapped it up nicely for her in metallic paper and presented it soon after she arrived. I think she's going to get a lot of good use out of it, if I know her... I'm really proud of myself, and how well it turned out.
I've been in a mood to write lately. News commentary's one thing, and to be sure I like it, if only so that I keep the lines of communication open to the outside world, but I need to write about more unique stuff. I have this urge to stand in the middle of the mall and observe people. Or hire a taxi to drive me around the city aimlessly for a few hours. Or just stand on a street corner and stare at people to see if I can figure out what might be going on.
Like today, for that matter. Rush hour traffic downtown was completely messed up. At least two ambulances went tearing through traffic down the wrong side of the street, followed by a paddywagon (a police prisoner transport panel truck) and a few police cars. Traffic was completely snarled, so they didn't make very good time. I never found out what they were in en route to - all I know is that the occasional paramedic or cop in a bulletproof vest was running around on the sidewalk. I was, to be honest, in a hurry to get to my bus so I didn't stick around too long to see what was up. Also, rubbernecking Pittsburgh cops tends to be a bad idea, especially if you're slightly odd looking, and that's not something I felt like handling at the time.
I finally got the latest version of Spamassassin set up on Lucien. The latest revision features Bayesian filtering, which is statistical analysis of spam to see exactly what makes it spam. Given that knowledge, it is then able to examine all incoming messages in the same way and decide whether or not they're spam also (to within a certain degree of error). It can also be taught which messages have been misclassified and take that into account in the future. Why am I talking about this? Because it's saving me a hell of a lot of time, deleting spam left and right. It's pretty neat; give it a look if your e-mail addresses are flooded with junk.
Well, it really did happen.. Novarg.A is hammering the SCO website, just as the AV companies said it would. By midnight last night the webserver was being flooded with requests from all over the Net, bringing the SCO DMZ network to its knees (or, more likely, that of the company hosting its website). Jeff Carlon, director of Information Technology Infrastructure of SCO, was quoted as saying that they have contingency plans in place that they plan on enacting on Monday morning. Unfortunately, the opensource community is really looking bad as a result of this, because the legal battles between SCO and companies that are using Linux heavily are now well known. The Novarg.B trojan hasn't made it nearly as far as the .A strain, but it's still going to do some damage when it starts going off somewhen around Tuesday of this week (taking into account computers with mis-set clocks).
Last night at B'Witche's was a blast through and through. Last night was the Imbolc celebration, and the house was packed, the first time I've ever seen it that way. Alexius picked me up at the Lab last evening, and we retired to the House Pendragon to wait for everyone to show up and relax a bit. Much of the evening was spent watching VH1 and reading Transmetropolitan (and drinking the odd rum and coke). When people started arriving we packed up and hit the road. I wish I'd had more time to get ready for the night - there was a drum circle to celebrate and I was hoping to get painted up for the evening to celebrate, but it wasn't to be. Oh, well. I scared fewer people that way.
Lupa was vending last night and Anomie had set up her massage gear. The bar was packed, as were the tables along the edges of the room. A faux-bonfire had been set up in the middle with one of those large faux-fires that seem to be popping up all over the place. I circulated around the Tavern, saying hello to everyone I knew there (which, in hindsight, turned out to be a lot more people than I thought). There were quite a few drums set up around the area, drums of all sizes and shapes and a varity of sounds. I don't know exactly when the circle started, I'd had my two drinks for the night and was enjoying the night, but it was hard to not join in the (faux) firedance. Lupa was wearing her wolf garb last night, the rest of us were more mundanely dressed (sort of) but still couldn't resist joining in now and then.
Drumming and wandering around drinking and socialising seemed to happen in cycles last night. A lot of people who'd never drummed before (myself included) had the chance to give it a try last night. I think I'm better with wind instruments or a pair of turntables, personally, though I think I did a decent job of keeping up. Something that no one had expected was that the DJ started up a few songs while we were drumming, and the combination worked extremely well. I even got up to dance a few songs during that time.. at the end of the night, it was declared that every pagan night at the Tavern would have a drum circle, a decree that was met with much cheering. I won a $5us prize at the doorprize raffle last night, which basically paid my cover last night.
After the place was cleared out by 0230 EST (per Pennsylvania blue laws) we retired to a nearby Eat and Park for coffee and rest before the drive home. I think I got back around 0430 EST and crashed for a couple of hours, which explains why my writing's so disjointed right now. I should probably curl up for a nap soon.
Huh. I was born on lupercalia this time.
I've been running around all day today, or nearly so. I got up early to get my brain up to speed and then set out to get everything done. The shopping list didn't take very long at all; the work of twenty minutes at most. Food shopping took a little under two hours, because I had to go to two separate stores to find everything for the week to come, including ice for the driveway and sidewalk. It's going faster than they can get it in stock, and it was a stroke of sheer luck that I found a 40 pound container this afternoon. Per usual, lugging everything into the house and putting it away was a solo job; however, I don't want to spend time complaining about that right now. Suffice it to say that I hit the road once more and picked up gifts for Dataline's upcoming birthday as well as for Lyssa for Valentine's Day. I picked up a box of valentine cards that I think everyone is going to like, too..
Gifts are gotten and put away. Dinner's over. I'm hanging out right now letting my food digest and watching the final episodes of Fist of the North Star, which are just horrible. Hilariously horrible. Rent them from the $0.99us rack of your local anime outlet and set aside some time to watch something that's laughably bad.
In all probability I'm going to be at B'Witche's Tavern tonight for the Imbolc celebration. I wonder how the hardware's going to like the drum circle...
Okay. Enough about snow. Suffice it to say that it's been snowing the way I remember winters of my youth, which is a pleasant memory, to be sure, and reassuring that I'm able to remember it. But enough talking about it.
I think I'm going to LARP tonight. I need to blow off a little steam. It's cold outside but thankfully we play indoors with the radiators going, so it's only the actual walking to and from the car that's bad. I've got some CDs to make it go faster (I cashed in my Sam Goody giftcard a few weeks ago and bought the first volume of the soundtrack to the X OAV. I'm amazed at how long the tracks really are, you only hear bits and pieces of them during the course of the series. I was very surprised to find that eX Dream (the opening theme) was over five minutes in length. I've also been listening to some bands linked off of 8-Bit Peoples lately, so I might burn some CDs of the stuff I've downloaded from there. I'll probably do a review sometime this weekend, maybe Sunday.
Microsoft's worried about Novarg.B.. worried enough that they've offered a $250kus bounty on the head of its developer. Anyone who helps authorities apprehend and prosecute the trojan horse's designer can call in the reward. This is the third bounty they've put out on someone out of their $5mus fund assembled in November of 2003. This almost strikes me as funny if it wasn't for the fact that it's scary to see a DDoS attack in action. This sounds like something taken from Cyberpunk 2020 or something, putting bounties on the heads of notorious NPCs. The comparison still doesn't sit well with me.
Ha ha ha..
For some reason, parodies of the Internet Explorer default 404 page tickle my fancy (which is, thankfully, still legal to do in public). This is one of the more entertaining ones I've seen in a while.
It's official now - DHS' net.security department (the US-CERT (United States Computer Emergency Response Team)) is up and running. Their stated objectives are to aggregate the available computer security information out there and to provide it to individuals and organisations in a timely and understandable manner. I sincerely hope they will not be using the usual CERT advisories, because they tend to be neither timely nor really useful. I still say, stick with what Securityfocus has to offer in the way of mailing lists and document archives (SANS also has an excellent library). To be fair, though, I haven't seen anything they've released yet, I have only what's come before to judge by. I guess what I'm saying is that I'm not very hopeful about this effort, but I'm willing to give it a try. They have two alerts available from their front page now (MyDoom.B and a warning about MyDoom.[A-Z]), and the usual advice about them (run an antiviral package, don't run unknown software, use personal firewalling software). I hope that in the future they put some useful information up as well, such as how to remove such electronic nasties, IDS rules to detect their activity, and perhaps copies of removal utilities, at the very least in the 'technical language' advisories, though removal instructions would be nice to see in the 'non-technical, common language, overall concepts' advisories for Joe and Jane Average.
More pleasant news for you regarding W32.Novarg.B/W32.MyDoom.B - this strain tries to stop infected systems from being able to access antivirus websites to download removal tools or virus scanner updates. It does this by adding lots of entries in the %system%\drivers\etc\hosts, c:\winnt\system32\hosts, or c:\windows\system file (depending on what version of Windows you're running), which effectively supercedes DNS resolution of some connected systems. What does this mean? When you try to go to one of the antivirus sites it lists, instead of asking your local DNS server (run by your ISP, most likely) what address to connect to, it tries going to the IP address 0.0.0.0, which technically doesn't exist... which means that your updates aren't forthcoming, and it'll be harder to disinfect your box. The fix is easy - find the file and delete it, and everything should go back to normal. Please look at the advisory on your favourite antivirus site for more information.
Got home fine last night. The roads were okay and the ride smooth. It might be that the last of the snow and ice has come and gone.. at least for a while, anyway. However, it's supposed to be bloody cold this weekend, if the forecasts are correct. I'm not looking forward to this at all. My hands actually aren't hurting right now. I think it's the fact that I've been wearing my parka and keeping much warmer than I was before, which means that the blood flow to my hands isn't being restricted.
Notice: Gamer gabble ahead. Feel free to hit the <page down> key.
A few days ago I ordered a couple of books from White Wolf, in particular their Ghenna sourcebook for Vampire and two novels, the Vampire and Mage end times novels. The WoD is on its way down, and I'm curious to see what their take on things is. From waht I've read of the Vampire sourcebook they've had this in the works for a long time, and if played properly would be a lot of fun. It's definitely one of those scenarios that, if someone was writing everything down during the course of a campaign, would probably make a good novel or two if written properly. I'm only partway through the sourcebook (haven't started the novel yet, and the Mage end-times novel isn't out yet), I'm only up to chapter three right now, but I like how it handles things. I wish I had a game going, I'd love to put this one together. The book itself is a hardback and the binding seems extremely well put together, so they spent a lot of time not only making it look good but making sure that it'll stay together for a good, long while. Some of the artwork inside I'm not too crazy about, but then again that can be said of pretty much any book.
Wardriving, warwalking, now warspying or warviewing. As if there weren't enough ways to get cybs out of their labs and onto the streets to get a breath of fresh air. <grin> If you spend any time browsing the Web at all, you've no doubt come across ads for X10 cameras, miniature video cameras that broadcast radio signals of what they see. Porn sites love them for their 'hidden cam' feeds; so do stores looking to set up cheap video surveillance. The thing is, they broadcast on a known set of frequencies without any encryption, so if you assemble the right antenna, RF reciever, and video unit, you can basically roam around and monitor the same signals as the cameras' owners. Check out the article, it's pretty neat. It makes me wish I had the disposable money to do stuff like this...
From the sublime to the ridiculous: viruses and crackers are making Windows more secure?! Umm.. Bill? A track record of security vulnerabilities that could fill an encyclopedia does not mean that your software's getting more secure, it means that you've got serious problems in your design and code review processes. Hell, the list of unpatched IE vulnerabilities (page last updated on 20040127) is long and getting longer; some of these are the bugs that Microsoft has refused to patch, even! Windows being slammed by a virus-of-the-week, and requiring hundreds of man-hours of work to fix and patch is not a sign of security or of maturity. It's a sign of a sitting duck.
Now, there are some folks out there who will immediately disagree with my statements; you know who you are, and you have your reasons. I'd like to qualify things, if I may. Any OS can be made more secure if a competent admin locks it down. Windows, Unix, Linux.. the whole nine yards. I've seen it done. If you know what you're doing and you put effort into it, any of them can be made almost inpregnable. However, these are often lone servers sitting out on the Net running next to nothing; they've been constructed and optimised for a specific task and a specific set of applications. This is not only for security, it's good deployment strategy: Every last compute cycle should be going to that one application and nothing else. Yes, some of these boxes will fall. The problem with Windows is that the vast majority of the installs out there that get cracked are workstations running everything and the kitchen sink even after they've been patched and locked down. Access controls and patches don't mean much if you don't pull out the stuff you don't need which might not be affected by them (you can set ACLs on IIS, to be sure, but not through the usual "change file pemissions and delete some stuff", you have to use a special utility (like IIS lockdown, which a lot of people who aren't full-time professional admins don't know about). Joe Average who builds a box needs something to assist in basic system security; Dade Admin could use one to speed up setting system security (this I can tell you from experience). My particular beef with Windows is that it's using much the same architecture that Windows for Workgroups v3.11 was using, way back when. When other OSes encounter vulnerabilities, they're patched, yes. Later, many of them are also fundamentally reworked to keep that particular kind of bug from cropping up again (take, for example, nonexecutable user stacks making it much more difficult to exploit buffer overflows). Windows is in dire need of re-engineering from the ground up to make it more secure, and not just a new user interface and a more convoluted API every time around. Rip out the junk and replace it. We do it; we have to do it. You need to do it.
David Bradley, the man at IBM who first came up with the infamous key combination control-alternate-delete is retiring at the age of 55. After his retirement he will continue to teach at North Carolina State University.
I've fallen in love with Perl all over again. Oh, Perl, how could I ever forsake you for shell scripting? The only easier way I've found for editing files on the fly is with a text editor.
It's official - the movie adaptation of The Hitch-Hiker's Guide to the Galaxy is a go. Whee! Casting is complete, the adaptation is polished and ready to go (how accurate an adaptation it is remains to be seen, as with all of such conversions), and filming begins in April 2004 in London. I can't wait to see how this turns out.
To everyone who's been fighting with the Snort signature that Symantec posted to their website yesterday to
detect the DoS attack against the SCO website, someone on the snort-sigs
mailing list figured out how to fix it. The correct syntax for this rule (which
works under v2.1.0 of Snort as well as Symantec ManHunt) should be this:
alert tcp any any -> any 80 (msg:"W32_Novarg_SCO_DOS"; content:"GET / HTTP/1.1|0d0a|Host:|3A|www.sco.com|0d0a0d0a|"; offset:0; dsize:37;)
Many thanks to Vjay Larosa of EMC!
The Department of Homeland Security will begin offering e-mail alerts and advice through a mailing list today. The only thing I have to say about it is that it'll be slightly more timely than CERT advisories yet not quite as helpful as what you'd read at Packetstorm, or on any consumer-oriented computer news site.
Sorry to sound so cynical about this, but I just can't shake the feeling that this mailing list is going to be more of the same stuff that you get out of computer magazines and the biggest sites that talk about consumer computers first but security and integrity third or fourth. You know the kind I'm talking about. It looks good, and the text has buzzwords in it, but when you get right down to it it's nothing that you can't get from those very same magazines and news sites. I'm going to subscribe to it to see what it's like but I'm not holding out a lot of hope here.
I may have been slightly wrong in my initial assertion: CERT will be involved. They may have accuracy and fairness on their side, but not expediency.
SCO's definitely feeling like someone's out to get them now.. they've offered a $250kus bounty for whomever designed the W32.Novarg.A trojan horse. I wish them luck, though I don't think it'll really make a difference. Have Microsoft's offered bounties helped any? Not that I know of. When something like this goes around, the best thing you can do is duck and cover. If you change the IP addresses of your servers, you still have to update your DNS records if you want anyone to be able to find you, and Novarg.A looks up hostnames. For the sake of the Net as a whole and the open source community, I really hope this isn't as bad as it could be. Anyway, you can read SCO's press release here.
After burning for four years in the crucible of criminal court, Jon Johansen was acquitted twice. Johansen coded DeCSS, which decrypts the contents of DVDs and allows them to be played back on open source operating systems. He was charged by the MPAA (Motion Picture Association of America) under the DMCA (Digital Millennium Copyright Act) for this act, stating that DeCSS was designed for DVD piracy (when, in fact, you don't have to decrypt DVDs to pirate them, just make binary dumps of their contents). Now he's 20 years old and not a happy camper. He is suing the Norwegian economic crime police force for $21.8kus for the hell they've put him through twice now. He's asking for compensation for economic loss during the past four years as well as court costs. Go for it, Jon.. you've earned it. It's taken them four years to figure out that all some of us want to do is watch our movies in peace.
Remember when there was a movement to have 'Jedi' considered a true religion? If you don't, hit up Slashdot for the history behind it.. anyway, not only did they get away with it in the UK, but in Brighton (near London-sur-Mer) has been identified as Troj/Stawin-A, which for certain is picked up by Sophos Antivirus, and hopefully by the others soon. It's been appearing in what could be a variant of Novarg (Novarg.B?) in e-mails that have the subject line "I still love you <random characters here>", and a message body of "Error 551: We are sorry your UTF-8 encoding is not supported by the server, so the text was automatically zipped and attached to this message." This particular keylogged was designed to capture logins to online banks and other financial institutions - can we say 'bad mojo', cats and kitties?
Be careful out there, everyone.
It's been confirmed - there's a W32.Mydoom.B / W32.Novarg.B strain now. This variant targets Microsoft instead of SCO on 1 February 2004.
Why am I so worried about this? Because it's easy to make a mistake. You've made them; I've certainly made them. Being hit by an e-mail worm is one thing, because you can mitigate that by making sure that your deck's patched, but trojan horses have always made me leery because you can trigger them accidentally. Accidentally clicking on 'open' out of habit instead of 'delete' and things like that. Sometimes you're just not thinking, sometimes it really is an accident (like dropping something on your mouse). Either way, maybe I've just got soft spots in my hearts for stuff like this.
We made it in all right this morning. The snow cut off some time last night, I don't know when, though most everything is still covered with snow (and a thin glaze of ice). It looks like smooth sailing today, at least theoretically. The weather reports are predicting light rain for most of the morning (did I mention that it's below the freezing point of water right now?) and finally turning into snow late this afternono. Getting home is going to be interesting, I have a feeling. We'll see what happens.
Mental note: Set aside a weekend in retreat to hack around with Apache and a few PHP based applications. I'm no expert, but I think I need to get better.
Mental note: Stress reduction. Stress reduction. Stress reduction.
Mental note: Have my head examined. I think I've overdue for an MRI.
Mental note: Write a few more rants. The ones I've posted so far have been remarkably well receieved (and highly theraputic).
Mental note: See if it's possible to work with Spider Jeruselem as a godform. Start reading Margot Adler.
Naah. That's going too far, even for me. Next thing you know, I'll be installing PalmOS on my headware.
Spider's got his filthy assistants; the BOFHs of the world desperately need their PFYs right about now. There's a new worm crawling around the Net making life hell for sysadmins the world over called MyDoom or Novarg, which is discussed as an error message from an e-mail server - the message it's supposed to be is Unicode-encoded, and as such is included in an attachment and must be opened manually. There's a file attachment that transmits 100 copies of itself to e-mail addresses culled from the workstation's address book and available documents inside of a half-minute. if you click on this attachment, it'll open a copy of Windows Notepad showing garbage, presumably your intended message that has been corrupted in transit. It will also attempt to propagate itself via the Kazaa peer-to-peer file sharing network. Oh, and did I mention that it opens a back door so the system can be accessed remotely by a cracker as well as drops a keylogger that records all keyboard activity (like usernames, passwords, account numbers...) As if that isn't enough to ruin your day, it also attacks the SCO website, which further makes the Linux community look bad. Oddly enough, this worm doesn't exploit any bugs save those in the user, it's a pure trojan horse. How old school. Symantec has a partial analysis of the Novarg.A worm on line right now, as well as an IDS signature for the DoS attack it will launche on 1 February 2004. It's supposed to stop spreading on 12 February 2004.
For those of you running Snort, if you take the rule in this post to the snort-users mailing list and change the "msg:" directive to something more accurate, it'll detect W32.Novarg.A/W32.Mydoom.
There's a brand new identity theft scam going around that accuses people of violating the USA PATRIOT Act. The scam poses as a message from the FDIC (Federal Deposit Insurance Corporation, which insures banks in the United States) and states taht the reader's accounts have been frozen. Until you release identifying information, it says you can't get to your funds. Needless to say, the US Government is coming down on this one like a hammer.. for once I really don't mind. This has the potential to not only scare the wits out of a lot of harmless people but bilk them for all they're worth.
Oh, boy, is SCO reaching.. in hopes that their lawsuits against companies and certain individuals using Linux will be successful, they are anticipating a huge jump in the number of licenses they sell and they're asking their resellers to get ready. They're really expecting companies to jump ship with their flimsy accusations.. and they're asking the top 20% of their resellers to forego royalties to make it happen. Peter Dawes-Huish of LinuxIT was quoted as saying that this is just another gambit to make SCO an attractive target for a buyout by a sugar daddy (or someone looking for a tax writeoff).
The day passed in a relatively uneventful manner, of this I have no complaint. It wasn't until I left that I realised that it'd been half raining/ half snowing all day: Big quarter-sized flakes of wet, sticky snow that made the already poor roads in Pittsburgh treacherous to even walk upon. I think I slid three times on my way to bus. I found out later that the corporation that Dataline works for had closed the office early, because they're expect the ice storm predicted to be a bad one, and they wanted to give everyone a fair chance to get home in one piece. Whether or not it'll actually hit I don't know, but I do know that the snow blanketed my neighborhood all day today, and they didn't bother to plow the roads. Any of them. From the main road running the length of the housing plan to the side roads to the road that the Lab is located on, none of them were cleared of snow, and still aren't. I thought it was taking a long time to get back.. it's because the bus was going about ten miles per hour to keep from going out of control going downhill. I eventually made it home to chili on the stove, but only after a hike up a snow-covered hill.
|The haxor handle of Bryce Lynch is "Dark T0xin".|
Hee hee hee.. I wonder what my handle will return. Let's find out.
|The haxor handle of The Doctor is "S3r1al Ang3l".|
"Serial Port Angel", perhaps?
Snowbound bloggers of the world, unite.
It'd been snowing pretty steadily all evening yesterday, and well into the night. Still is, if I look out the window (my body's at the kitchen table jacked into Kabuki as I write this). It's 0743 EST and we're snowed in.
I think I'm going to take some pictures to put up.
Dataline and I knew this morning that we probably weren't going to be able to make it in to work but we had to try anyway, to say that we tried. The first thing we noticed was that the school closings were being announced at a faster and faster rate at 0615 EST. As I write this there are 412 schools in my area closed, the state offices are either closed or on a two hour delay (I'm not sure which), the main roadways are completely choked off, it's about 19 degrees Farenheit outside (without the wind chill factor), and we're frozen. We stood outside and waited for the bus to come.
No dice. No bus, either. We headed back to the Lab and called off of work. The guy I spoke to at the County helpdesk said that it took him over an hour to make it in to work, and he lives about as far south from the Pittsburgh core as I do to the north. I wonder if my boss is going to make it in...
And the ice storm hasn't even gotten here yet. This is just the snow storm they predicted on Friday and Saturday.
The school district I live in cancelled school today around 0600 EST. In all the years I went to that district, I could count on the fingers of both hands the number of times they've cancelled class (not because the weather is particularly nice most of the time, because I can remember riding to school on buses that couldn't make it up hills and occasionally slid back down the hills backwards, but because they're bloody-minded that way; their unofficial motto is "We don't cancel school, dammit.") That's a telling sign in and of itself.
But I digress.
I've put up pictures of today in case anyone would like to see what we've got O/outside right now.
Oh, ye gods! Stephen Hawking playing Dance Dance Revolution!
Well, I've been lounging around in my mousie slippers and Summercon 2001 t-shirt (and other articles of clothing..) reading, listening to SLAY Radio, reading, and generally relaxing. There's nothing else to do, mind you... I'm hoping to work on a few things this afternoon (like my hair extensions and a tie-tack or two) and generally de-stress. I'm hoping to get some more research done today as well. I'm collecting notes for an article and I'm trying to get my ducks in a row to do that.
If you regularly have fast food as part of your day to day diet, you might want to read this article in the New York Post. Almost one year ago, film producer Morgon Spurlock decided to try an experiment, which consisted of eating at McDonald's three times per day for one month to see what happened to his health; he was examined regularly by a gastroenterologist to gather scientific data for his research. Within one month he'd put on about 25 pounds of body weight and became extremely ill, even vomiting several times. His liver began to strain under the pressure of filtering out and metabolising various pollutants that were coursing through his systems, his blood cholesterol climbed rapidly, and depression and headaches began to plague him. Spurlock filmed a documentary around this experiment called Super Size Me after the fact, in which he interviewed doctors and cardiologists. He wasn't able to get anyone from McDonald's to appear on camera. He's been trying to get Super Size Me entered in the Sundance Film Festival. No word on whether or not it's been accepted, though.
Surprise, surprise - a federal judge has rules part of the USA PATRIOT Act unconstitutional. Specifically, people giving advice to other people or groups that the US government considers terroristic in nature can be thrown in prison; because this clause of the Act is worded in a vague manner, it allows the PATRIOT Act to be abused, which is the origin of this ruling. One piece at a time...
In other news, Michael Rowe has settled with Microsoft over ownership of his domain name (mikerowesoft.com). The 17 year old high school student has agreed to choose another domain name for his website - Microsoft has agreed to cover the costs incurred. They're also giving him an Xbox, covering the costs for whatever certifications he wants to get, and he's been invited to a 'technology festival' in March of 2004 at corporate HQ. Does anyone else feel like they made him an offer he couldn't refuse?
Rowe was unavailable for comment due to finals.
Well, you could call today a clusterfuck.. Got up, did my thing, went downstairs after breakfast to study a little.. went out a little to get out and clear my head and see what was going on in the big wide world. I picked up part of Lyssa's Valentine's Day gift and then off to Michael's to hunt down something relatively hard to find: Tie-tack pins. I've got a load of Sculpey left over and I got it in my head to make some tie-tacks or pins out of it that carry sigils of one kind or another. I've also still got a lot of acrylic paint and transparent varnish left over from making Pegritz's Deep One statuette so I plan on putting those to use on them as well. The first thing I had to find were the pin backings.. I eventually found them way in the back on the clearance racks. They had packs of 20 pin backings for $1us each on clearance, so I grabbed a few packs along with two packs of button covers (on clearance for $0.50us for a package of 10) and a precision tube of acrylic glue special for making jewelry (much cheaper than you might think). I'm hoping to start making them tomorrow night or thereabouts. I also hope to get some more work in on my hair extensions for Pagan Night at B'witches Tavern at the end of this month. They're having a drum circle this month with room for dancing.. and I wonder how my modifications would react...
Anyway, I got home with the intention of sitting down and doing some studying for my CISSP exam.. and got hijacked into taking the Christmas decorations down single handedly.
Needless to say, I wasn't a happy camper for the next three hours.
They're all down and packed away, and I'm still rather pissed about that. Three hours gone that I was going to use to study and hunt for a job. I didn't accomplish nearly as much as I'd hoped today. I got a chapter read and reviewed instead of the three I had planned, though I did send off a good half dozen job applications. I also got some exercise in tonight, which I'm rather happy about. But I am pissed off that I've got to do everything for them, but if I asked for help for myself I wouldn't get any. Why should I have to do everything when they just sit there watching James Bond movies and eating? Kibo on a motherloving crutch, if I pulled that kind of dreck I'd get my block knocked off.
I've made my decision. By the end of March, I'm pulling up the Lab and moving. I can't take this anymore.
I sent Lyssa a hurried message this afternoon, letting her know what's going on. She called me after dinner this evening to tell me what she got me for my birthday.. passes to a William Gibson book signing in Virginia.
For a full quarter hour, I lost the capability of speech.
If you'd told me that I could go Home just by asking, I would have turned you down flat because I'd have to miss this book signing.
Needless to say, I'm going to be out of town for a few days... I plan on tastefully representing and bringing my pride and joy with me, my fifteen year old copy of Neuromancer (second copy, actually - the first disintegrated some unknown number of years ago) that's been to the ends of the Earth with me to be autographed. And yes, I'll be wearing my leather jacket and mirrorshades.
Suddenly, life's bearable.
You know, I don't think that I've been excited in a long, long time. I'm excited. Very excited. Excited deep into my bones.
Why is it that every time I try to sit down and do something, either the phone rings or someone comes along and hijacks my day? This is really starting to piss me off.
If you've ever seen the movie Jay and Silent Bob Strike Back, you no doubt know what they did at the very end of the movie, just before the credits. If you haven't, go rent that movie and watch it right now. I'll wait - I'm not going anywhere. Anyway, if you know what I'm talking about you know what I want to do to some spammers right now.
|My life has been rated:|
|See what your rating is!|
It's all about the pings.. earlier today NASA recieved 73 megabits of data from the Spirit rover. They weren't able to power it down though they did recieved a load of diagnostic information from the rover, including power supply status and a bunch of frames of filler to test the link. Pings, basically. It's a start.
Well, it's been a long day.
Grocery shopping in teams because the house is about out of supplies and there's another snowstorm coming this weekend. That was the easy part. I had a load of stuff to take care of today which I'd just begun when I got home... and got hijacked by the other folks bearing groceries. Seeing as how this was stuff that had to get done (like paying bills and balancing the checkbook) I was fairly angry.. I like to think justifiably so. Bills are bad enough, late bills are even worse. The end and beginning of each year are always bad, financially speaking. Anyway, at the end of it all I actually got everything done: Balanced my chequebook, paid my bills, organised almost a thousand sheets of hardcopy into documentation, finances, receipts, notes, other stuff (yes, I still use hardcopy - you can't take a hilighter to text files, nor can you make margin notes as they come to you), finish two books, make some notes... it's my finances that I was most worried about. now that I know where everything is, I can relax and plan.
The curse of consciousness.
Dinner tonight was a stir fry that I put together out of frozen chicken from the depths of the Lab's storage freezer, some vegetables that I'd picked up today, and a package of ramen noodles (a big package, not just a scavenged ramen pack) from the store. It turned out surprisingly good - I'm going to need to work on my sauce but the vegetables and chicken turned out pretty good. Maybe a variant of the sauce that goes with General T'sao's Chicken will work..
To mix things up a little bit last night I drove out to John and Lara's to pick up an Asian pear and a book that they'd brought back from DC for me. While we were out we stopped off at the GLCC in Squill to see Lara and pick something up, and then skipped a block over to the supermarket to pick up a few things (two folks with one car and dissimiliar schedules insofar as the evening). It was good to get out a little last night, even though it was damnably cold, even in the car with the heater running full blast. January and February are always the roughest months up here when it comes to temperature. I think I got home last night shortly before 2100 EST and sat down to catch up on everything.
I don't know what's going on, but it feels like time's slipping away from me. There's no time to read or study in the evenings, no time to exercise, no time to even sit and enjoy a cup of coffee. I truly don't know where it's going or why. I don't think that I'm just wasting time because I'm not seeing any signs of progress even in the usual time wasting activities. In truth, I'd like nothing more than to just sit and read a magazine or the paper tonight. I don't think that's going to happen, even though I hope. I'd just like some time to myself.
Dan Dumitru Ciobano, age 25, of Romania has been indicted for developing and releasing a variant of the Blaster worm. His particular spin on that particular pain-in-the-six crippled only 27 computers at a college in northeastern Romania, which I suspect might have been the school that he attended. His trial is scheduled to begin on 27 January 2004; if convicted he could be facing up to 15 years in prison. This case will be one of Romania's first ever attempts at prosecuting an electronic crime (I still can't say the word 'cybercrime' without feeling dirty). In fact, they just passed legislation against it last year. We'll see where this goes.
At long last, I've got a desk chair that I can adjust the height of. Now I don't have to type with my hands at a 40 degree angle!
Forgive me if I'm overly cynical about this article in the Dallas News about Linux bringing jobs to people. If it did, it would be a hell of a lot easier to find employment of any kind, let alone working with Linux in some capacity. The article talks about more job openings for people with advanced Linux skills. Where are these jobs, and how long do I have to apply for them? So many of us are hunting for work right now it's disheartening; personally, I've been considering changing my career just because I can't find a job of any sort as an admin, or even a developer (which I don't relish as a position but I'll do it if I must). Is this article only regional, or does it claim to speak for the entire country? I strongly suspect the latter.
In one of the weirder stories to come out of my area, Donald Winniewicz of Washington County is in jail right now for having assembled an audio tape of subliminal messages to try to reprogram his ten year old stepson to smother his four year old brother. Winniewicz's wife stumbled across the audiotape in a filing cabinet, played it back, and panicked when she heard her husband's voice talking to their older son, instructing him to strangle and then smother their younger son. The psychiatrist assigned to the case doubts that this cassette tape would actually have reprogrammed anyone while asleep (from having experimented with dreamtime subliminal tapes in the past, I'm inclined to agree; at most you'll get odd dreams from listening to them) but it shows clear criminal intent. Winniewicz is currently jailed on charges of corruption of a minor, child endangerment, and criminal solicitation and is awaiting payment of a bond of $50kus.
As the Baron Harkonnen said, "In all things, your hands must remain clean." Technically.
Mood swings today. Bad ones. Not good.
Speaking of swings, remember that article about that US Senate mail server being monitored from the inside? As it turns out, it probably wasn't shady at all, just a screwup on the part of a newly hired technician. A mistake was made where password authentication wasn't enabled on the server. To be sure, someone did take advantage of this loophole in the security schema but this wasn't a black-bag job, this was a matter of someone coincidentally finding the flaw and taking advantage of it. Brian Lane's comment at the end of the message I've just linked to says it all, however..
If such a thing can be said, I just saw the cutest advertisement - it's a Flash ad for McAfee Spamkiller, and is a minigame where you snip flying envelopes. It's an ad, to be sure, but I've never seen anything like that before.
Last night I spent some time messing around inside Lucien in my never-ending quest to perfect my Spamassassin configuration. Anything to save some time and disk space taken up by the vermin of the Net we call spammers. In looking around I stumbled again across the virus scanner's logfile - 120 megabytes of silently caught and quarantined virusesThat's transparency: You don't even know it's there when it's doing its job properly. In further analysing the file I didn't see a single sign of a false alarm. It looks like I got the virus scanner's configs tweaked pretty well. Spamassassin tends to only pick up the grossest of spams, however, and while it marks and silently files them the rest it seems to ignore. That's what annoys me - missed obvious spam. I've been reading the docs lately to see if I can fix that annoyance. I have to have missed something. Oh, well - the beat goes on.
I mentioned this a while ago - an Ohio woman who was phishing for credit card info and accidentally spammed an FBI agent, which lead to her downfall. On Tuesday, 20 January 2004 she was sentenced to 46 months in prison after pleading guilty. Her request for a reduced sentence was rejected by a federal judge. This appears to be the first successful prosecution and convictino of such a scam, and will hopefully set a precedent. Carr is curently free on bail, and is scheduled to surrender to the Federal Bureau of Prisons some time in the future.
In other news, amidst the controvery over sickeningly-easy-to-tamper-with electronic voting being steadily deployed all over the country, the SERVE system, developed so that US citizens overseas can vote in elections back home has been called so vulnerable to tampering that it should be scrapped by computer security experts recently. The Pentagon, which commissioned the construction of the system, intends to ignore their warnings and use the system in the November election. Of the ten researchers asked to analyse the SERVE system, the remaining six refused to even write a report on what they found. Hmm.. I wonder why.
It makes me genuinely curious why the powers that be are asking security professionals to examine their electronic voting systems anymore. The reports coming back are shocking.. and yet they're pushing them forward without even trying to fix the problems found. It's pretty obvious that security and fairness aren't high on their lists of priorities given their actions.
This afternoon definitely kept me happily busy at work. Between hacking on Redhat Advanced Server (in particular, refining my disaster recovery technique) and rethinking everything (in short, I scrapped the old config I was using and started from scratch, and I'm very pleased with how things turned out) and spending time up to my elbows (literally) in servers to perform memory upgrades I have to say that today was very productive. Things are starting to clear up inside - I'm not sure if it's the St. John's wart supplements or just getting a good night's sleep last night, but either way I'm not arguing.
There's another BOFH in the office. Life is good.
Uh-oh.. the Mars rover Spirit is in trouble. Yesterday NASA ground control was able to send a command signal to Spirit, but only recieved an acknowledgement, not the data transmission requested. I can't say that I'm terribly surprised by this. So many Mars probes have either gone missing, malfunctioned, or failed before leaving Earth that it's not even funny.
With a tip of the pin to Watergate, evidence has surfaced that staff members of the US Senate Judiciary Committee who are card-carrying members of the Republican party have been spying on the Democrats in office for over a year now. Apparently someone found a vulnerability in the mail server which lets people log in without having to supply user credentials and they've been monitoring communications, including inter-office memos and transmissions with serious strategic importance. Occasionally, these messages were copied and passed on to the US news media as well. Nobody was the wiser until fifteen sensitive memos were published far and wide. General Dynamics, the computer forensics company, and the US Secret Service went hunting for the culprits. So far over 120 people have been questioned and six computers were seized for analysis. This is getting messy.. makes me glad I'm not in politics.