Yesterday was pretty much a rest-and-recuperate day, not so much from the weekend as from life in general. I spent much of the day sitting and reading the stuff that's been piling up, finishing a leather kittyband (which didn't turn out quite the way I thought it would) and starting to work on another fur one, driving around to get some Halloween decorations for the family, and reading some more. I spent a lot of the day jacked out, which I find I enjoy quite a bit anymore. Now that it isn't a requirement that I stay plugged in I find that I've got a good deal less stress to handle. I also picked up a few things for the Witches' Ball this weekend, namely some stuff to put together my costume (Paul Muad'dib; unfortunately I have neither the money nor the time (as I only decided yesterday that I'd be going) to get a pair of blue prosthetic contact lenses). I've got just about everything else I need to put it together, so I should be able to assemble it in about three hours, if I work on it tomorrow night.
Tonight I plan on storming the local mall to pick up a copy of The Matrix Reloaded (come on, you knew that was coming) and possibly X: Seven. That'll take enough time that I won't be able to work on it then. Amazingly, I'm caught up on a lot of reading; between the whitepapers for work and the printouts, messages, and text files that keep trickling into my inbox in a steady stream, I've made decent progress. The text files are going into the web-enabled version of the archive once I get around to actually writing the HTML files.
A couple of months ago some guys at MIT proposed a reaction to the now-defunct T[otal/errorist] Information Awareness programme enacted by the US Government called Government Information Awareness, in which the citizens of the US could pretty much do the exact same thing (keep an eye on their elected leaders, report on what they're doing, use database techniques to examine patterns in behaviour, et multiple cetera) only on government employees and leaders. This project came under some heat due to the number of people who Slashdotted the system, to say nothing of the legal implications of this. They may have found a way to dodge the legal bullet by applying some techniques used by peer-to-peer filesharing networks. They plan on distributing the database across many dozens, if not hundreds of systems all across the Net, using a single application or website to access and correlate them (this is a bad idea because there is a single point of failure in the accessibility scheme; I suggest a tactic similiar to that used by the GNUtella network, which is fully decentralised access by broadcasting and caching sharing network edge locations). By applying a few mathematical transformations they could further obfuscate who has what by breaking down any one entry in this distributed data base such that if a particular datum is broken into n fragments, any n - 3 (for the sake of argument) fragments may be reassembled into the original entry. I wish I could remember the technical name of this technique..
Anyway, it's something I'm suggesting to them.
The only thing that pisses me off more than people who don't read the documentation is people who don't even read the bloody error message. They just see "ERROR" or "WARNING" and call for assistance without even reading what the error in question is (for example, 'ERROR: User "snort" unknown'). Anyone with half a brain in their head would actually parse the words, realise that an account named 'snort' does not exist on their box, and create it. It's not hard. It doesn't take long. Whatever happened to actually reading, let alone reading comprehension??
One of these days I'm going to have to polish my boots - they're looking kind of shabby right now.
Local outfit Vigilant Minds has confirmed that the MS-RPC vulnerabilities do indeed still exist in fully patched installations of Windows XP Pro, XP Home, and 2k workstation. Nothing MS has released thus far has fixed these very serious holes. They suspect that other versions of Windows are just as vulnerable but they havn't found any proof yet. The best thing you can to do protect yourself is set up your firewall to block any and all activity on ports 135, 139, 445, and 595 for TCP and 135, 137, 138, and 445 for UDP. They have also released a Snort signature to detect this attack. Good luck, everyone.
I just discovered that the sweater I'm wearing today has more than a torn seam at the shoulder (hidden by a vest at present), the right elbow's shredded as well. How did that happen? And how did I not notice it?
Something most unusual appeared on Groklaw.net last Friday regarding SCO's threatening to sue Linux users and vendors. In June of 2003 a group of protestors gathered outside of SCO HQ and managed to talk to Darl McBride, Chief Executive Officer of SCO. Someone managed to record the conversation, record it into Ogg Vorbis files, and upload that to the Net. A transcript of that conversation makes up the lion's share of the article. McBride was quoted as saying that SCO has no plans to sue users, really, his anger is directed at the community of UNIX developers because they are donating code to Linux in general and not paying royalties to SCO as a result. The interview is quite interesting, take a few minutse to read it all the way through. Makes you wonder, sometimes... most interesting of all is McBride stating that Linux is infringing on quite a few contracts with other companies and not necessarily with SCO itself. The amount of doubletalk that McBride uses is also kind of scary. On one hand, he accuses Linux developers of releasing copyrighted code; on the other, he says that by saying exactly what pieces of code are infringing on their copyrights, he would be releasing the code. Assuming that there is a problem, without knowing where it is how can it be fixed?
Also, given a few pointed questions from protestors who were working on specialised applications of the Linux kernel, McBride refused to state what would or would not be considered copyright infringement. It seems to me like these tactics are meant to freeze all development out of fear that it would step on a copyright that happens to be kept secret by NDA. SCO's demanding much but not justifying its demands. It's hard to take their claims seriously without proof.
Well, I've been enjoying my day off so far. I got to sleep in, eat a leisurely breakfast, and sit down to read for a couple of hours. I don't ask very much out of life, but I do try my hardest to enjoy times like that. They make life worth living. Right now I'm catching up on the news and my e-mail, and I plan on going out a bit this afternoon to window shop. It's a nice day today and I'd like to spend it driving around listening to music, singing at the tops of my lungs, and seeing what's going on Outside.
The Samba project should be proud: Samba v3.0 was benchmarked as being two and one-half times as fast as Windows 2003 Server. Samba scales much better than Windows does natively, IT Week Magazine says, in terms of data throughput (which tends to be a function of the number of systems on a network segment, I've noticed, due to all the broadcast traffic). Very cool.
Let's see... what's happened so far this weekend?
I spent most of yesterday getting ready for the Fall 2003 Furbecue. I made one of my favourite potluck dishes for everyone, a ham, cheese, and green bean casserole that people seem to go nuts over (once you can convince them that there aren't any peppers in it, anyway...) It doesn't take long to put together, the hard part's finding the cubed ham to put in the filling. I could tell that something was going to be amiss yesterday because I'd been on mood swings since I'd gotten up that morning. Not pleasant. Once I'd taken the casserole out of the oven and put a few things together I thought I was home free. I will only say that I really don't appreciate extra stops being added to my plans. It's hard enough to rouse the energy to want to go anywhere anymore, let alone to get away from everyone.
I'm still surprised that I found the park the furbecue was held at; it isn't far from Swift and Sil's house, in fact it's just one street down. By the time I arrived the party was in full swing, with folks playing horseshoes, sitting around talking, playing on the playground equipment, and catching up on old times. I ran into An old aquaintence of mine from my BBS days there and spent some time ogling his latest electronics project - a BASIC stamp microcontroller (a single-chip fully programmable computer ideal for embedding in small devices) that he was using to control the facial expressions on the headpiece of his fursuit. The attention to detal and time he's putting into it I find amazing, even though I'm not a 'suiter myself. I also ran into another IT geek, whom I spent a considerable amount of time talking to. Sometimes it's nice just to have someone to talk to and rant about this and that.. Gabran brought one of his more unusual toys with him from Pennsic, a small crossbow that can shoot miniature marshmallows (!) the breadth of a picnic pavillion. We spent some time hanging out as well, catching up on times. Regrettably, his mate is still down south and wasn't able to attend.
Swift Fox was the designated grillmeister for the day and did a yeoman's job of turning out hamburgers from the grill. The picnic spread was such that there was something for everyone and no one left empty-handed or hungry. The box of halloween candy was most welcome by everyone, and a good sugar buzz at the end of the afternoon was a welcome mood-booster. Silaria made a double-batch of taco schmutz, that special chip-dip that never seems to last, and was astonished to see it devoured before sunset. The stuff's addictive, there's no other way to explain it. Azanti's adjusting well and preparing to reappear as a daywalker on Samhain, an event that we're all waiting for.
I had to leave early last night because I was attendig the Bipitt meeting last night. I've missed three of them, mostly due to being too tired to want to go anywhere on the weekends and I decided early last week that I was going to make the effort to join everyone. Four of us met in the coffee shop near the Pittsburgh GLCC to figure out what, exactly, to do. Lara and Lupa were already there, and a newcomer, Heron, joined us shortly after. Coffee was nice but most everyone hadn't eaten yet so we retired to a local diner to talk and eat. I'd eaten a good bit at the furbecue so I opted for dessert, figuring that some chocolate would help get me through the low point of my cycle. I honestly wasn't keeping track of how long we were there because I was having too good a time getting to know Heron and catching up with Lupa. We eventually decided to go people watching for a while and then go club hopping to see what was going on. After a quick stop back at my car to pick up my jacket and a pair of earplugs we piled into Lara's car to drive down to the South Side to see what we could see. The people wandering around were mostly the beutiful people going to bars, drinking, and doing what it is there is to do in Pittsburgh if you're fine with a couple of beers and top-40 music.
On a lark we decided to stop in to Slacker, a local counterculture store that keeps late hours. Lupa picked up a new outfit to wear around Saturday night while I bought another mesh-with-dark-bits shirt. I've got this odd addiction to them anymore.... Slacker's collection of toys isn't the greatest in the world (I'd much rather go to Don's) but their selection of clothing is quite good. We wound up wearing our new purchases out of the store last night. Our next stop was back at Lara's car for the trip to the Strip District.
During dessert we'd decided to visit Club Chemistry to see what was going on. I've been there in the past and found it a quite likeable, as well as queer-tolerant if not -friendly place, so after some driving around to get past the closed parts of the road in the Strip (when did that happen??) we found parking and then hiked back to the club. In the past two months they'd started having a cover charge to get in - $5us at the door. I hadn't expected this, nor had I heard anything about it, so I did a good bit of apologising to everyone. The dancefloor was already standing room only when we arrived, though we were able to stake out a corner of the platform below the DJ booth and defend our turf all night. It felt nice to be able to dance again. Chemistry's rapidly becoming a favourite haunt, and we've been talking about making it the local bi hangout, seeing as how there aren't any such places in Pittsburgh right now. Shortly after midnight we decided to see what else was out there, and after a brisk walk back to the car drove to a local gay lounge (the Liberty Tavern) to unwind and talk some more. In leafing through the local periodicals we found that Don's been advertising the ER Room quite a bit locally, which I hope will be good for business. We left when they politely asked us to leave at closing time and headed back to Squill to get our cars and go home for the night. I hope we'll be able to organise something soon for everyone.
This is just plain weird - someone translated Sir Mix-a-lot's "Baby Got Back" into Latin.
Ironic, for a burnout like me.
Greetings to readers from the US Navy!
Happy Coming Out Day, everyone.
19 year old Van Dinh of Pennsylvania has been charged with cracking and securities fraud. His age aside, this case is interesting for a reason that I'll get to shortly. He somehow owned roughly $90kus of Cisco stock options that he was looking to get rid of before they expired, and so put together a nifty little scheme to get hold of the login credentials of someone who uses online trading services. He trolled a few stock trading forums to find a few targets, then spammed them with a phony offer to beta-test a stock trend charting application which contained a keylogger trojan called 'Beast' (what would Satsuki think?). The keylogger recorded someone's login name and password, and then Dinh put the stock options up for sale at a price greater than they were worth.. and then used the funds in his victim's trading account to 'buy' them from himself, which left Dinh with the cash and the victim with nothing at all. What I find interesting about this is that the SEC's Enforcement Division claims that they were able to track Dinh through all of the cut-outs and anonymisers that he is supposed to have used to cover his tracks. My guess would be that Dinh bounced through a bunch of open proxy servers Out There, maybe cracked a box or two and set up his own, worked through webmail and possibly a few remailers... either Dinh did a poor job of hiding, or the SEC team's really, really good. This says something about exactly how anonymous we really are on the Net. I'm now very curious about how Dinh is supposed to have tried to conceal himself... if a suspected criminal was tracked through the Net, what about someone who's not up to anything shady and just wants to keep a low profile? Makes you wonder, it does.
The case against Aaron Caffrey deepens.. an expert witness claims that Caffrey's claims of being a patsy are jetwash. Neil Barrett, technical director at Information Risk Management, says that the IRC logs on Caffrey's deck weren't altered. He looked at either a bitwise image of the drive or the original drive (my guess is an image, which would preserve the integrity of the real drive) and says that he didn't see any signs of editing. When you edit a text file, a copy of the file is loaded into memory. When it's saved, however, the old version of the file is deleted from the file system and the new one is written to the disk. Sometimes the new version can overwrite the old version, sometimes it's written to an entirely different chain of disk blocks. If there's a big enough run of disk blocks on the drive they'll be written to in one swipe. To cut to the chase, by looking at the pattern of blocks in the file system, you can tell, sort of, what was going on. You really have to dig into the code to be sure of anything. I don't know the ins and outs of the XP file system so I can't say sor sure, but I will say that it's not looking good for Caffrey.
SunComm, creator of the copy protection software that the record label BGM is using on its new CDs is planning on suing grad student Alex Halderman for figuring out that the AUTORUN.INF file on a CD-ROM can be bypassed by holding the shift key down. Halderman's mistake may have been in stating in his whitepaper that his "discovery will compel the music industry to abandon their copy-resistant efforts." Oops - he put it in writing, which is what probably honked off SunComm, he called them on their forgetting soemthing so elementary. They're also crying foul because Halderman did it without having to consult their development documentation.
How much documentation does it take to put a text file into an ISO-9660 image??
SunComm is also saying that the DMCA was violated because Halderman violated an 'unpublished' EULA agreement hidden on the user's hard drive during the installation process. It's hidden - of course he violated it! He didn't know it was there! Anyone who turns off AUTORUN.INF support in Windows is violating it too! It didn't take long for the idiocy of this to spawn a few jokes.
One thing that does bother me about all of this is that some bigwigs in the music industry are talking about getting legislation passed to require net.users to have uniquely identifiable licenses to access the Net and to track them. The comparison was made to Verner Vinge's short story True Names. I think all of you know where I stand on this...
If they get that passed, how many Henry Armitages and Bart Simpsons do you think they'll have in their registries?
Let's nip their in the bud before it gets anywhere, shall we?
I hate to say it, but I think we're screwed now. A universal exploit for the RPC DCOM family of vulnerabilities in Microsoft Windows is making its rounds. Called "Pink Floyd", it's only a proof-of-concept utility right now (inducing a denial of service) but these vulnerabilities can also be used to execute code. It won't be long before a version of Pink Floyd appears that'll do just this. Moreover, even if you've got all the relevant fixes in, you're still vulnerable. You can read Microsoft's breakdown of this problem here. It's grim. Windows NT v4.0, 2000, XP, and Server 2003 are all vulnerable; Windows ME isn't.
It appears that trying to clear the inventory cheaply isn't always a good idea.. the US government has recently stopped its sale of surplus low-end lab kits, which include centrifuges, solution evaporators, sample incubators, and biohazard suits. Moreover, the disposal company wasn't checking the credentials of the people purchasing them - among the countries these purchasers were confirmed to be located in were the Philippines and Egypt, where a few known terrorist organisations are known to operate out of. The US General Accounting Office figured this out by setting up a dummy company and buying gear over the Net without trouble. Something like $46kus of lab equipment was purchased for a hair over $4kus - quite a steal.
Aaron Caffrey, accused of DDoSing the computer network running a sea port in Houston, TX is claiming that someone is setting him up by having cracked his deck and editing the system logs to incriminate him. He says that his system currently supports remote administration and at the time had not yet been able to apply the latest round of MS security patches. From this, he says, someone had been able to remotely access his system and set the deck up to make it look like he did it, presumably by altering system logs and planting the utility used to touch off the attack. Detective Constable Stunt (first name unknown) of the Computer Crime Squad says that remotely it is not possible for someone to have accessed the machine, planted the files, and altered the IRC logs, stating that "It is impossible, the technology does not exist."
I hate to break it to Detective Constable Stunt but it is indeed possible to do this to a Windows machine. If Caffrey's deck had RDP or VNC installed in an insecure manner (i.e., by default) then someone could easily have accessed his terminal remotely, opened a text editor, edited the text (if I recall correctly, IRC log files are plain ASCII on most, if not all Windows IRC clients), and then navigated to a website to download a few files to leave behind. It's trivial to do, I've done it myself doing tech support for another office. And gods only know what the latest generation of remote-control trojan horse programmes can do these days. That said, I'm inclined to give Caffrey the benefit of the doubt at this time. Something else I found interesting was that the attack in question took place in September of 2001, if Caffrey's machine was dissected by law enforcement authorities in January of 2002... bit of a time delay there.
Minor update: A list of 11,000 IP addresses of computers vulnerable to the IIS Unicode exploit was found on Caffrey's deck, which is probably what got the attention of authorities. The plot coagulates.
SANS has released the latest edition of its top 20 security vulnerabilities list, 10 for Windows and 10 for *nix. For the Win32 platform, the top three security vulnerabilities that admins have to worry about are IIS (Internet Information Services), MS SQL Server, and the Windows Authentication subsystem (which, unfortunately, you can't tear out of the system). On a side note, I still wonder exactly why MS thought it was a good idea to make the registry (the binary database which stores a lot of system configuration information) accessible across the network. I don't have my /etc directory open to everyone and their backup... to be fair, *nix has its own share of problems, though their severity tends to be less than the holes in Windows, mostly because everything isn't so tightly tied together. The top three security holes are BIND (the Berkeley Internet Name Domain system, which is what makes up DNS), RPC (remote procedure call) services (which allow a user on one system to pass some data to a process on another system, let it process, and then get a reply with the result), and the sundry vulnerabilities found in the Apache webserver and its associated modules. Sendmail, nightmare of sysadmins the world over, has mercifully fallen into sixth place. It just goes to show that when you get right down to it, nobody is safe.
You know... even though Postnuke is supposed to be the hottest web technology since NCSA Mosaic, its darth of documentation is enough to make you want to blow chunks into the guts of a running HP Netserver. I've been fighting with it for two days now, and while I can get it installed I'm still in the process of figuring out how to make it do what I need it to.
Oh, gods.. another bad day to play the Snort Drinking Game, I can see..
Dataline's had her first taste of mélange this morning. We'll see where this goes...
A news article at The New Scientist caught my attention this morning: Intel is working on a new CPU architecture called Vanderpool which would allow multiple operating systems to run simultaneously on the same system. The article makes overtures toward emulating multiple platforms at once - the example they give is running Windows XP and MacOS at the same time on the same deck. An interesting idea... my guess would be that they'd be leveraging their hyperthreading technology (where there are basically two CPUs on the same chip running at the same time; a few of the servers at work have hypertreaded Xeon cores in them and by running an SMP (symmetric multiprocessing; think multiple processor cores) kernel on them they register (and run) like dual-CPU boxes) to manage multiple emulations at the same time, perhaps with some form of the Transmeta technology to emulate the instruction sets at the hardware level. They also mention virtual machine software in the article (a virtual machine is a software application that emulates the hardware of some platform from the lowest levels on up to run a non-native OS and applications on an entirely different platform; emulator fans will no doubt be familiar with this technology), which I think they're going to try to push, at least in part, into hardware for the sake of performance (emulators tend to be a little on the slow side because of how much work they have to do). I think this is something to keep our eyes on for the near future (they're projecting five years' time, more or less).
Great Britain's cybercrime taskforce has begun to analyse the code to the most damaging net.worms released thus far to see if they are the work of organised crime or terrorist organisations. Their coders are trying to suss out details in the code that could be clues to the identities of the authors (assuming plurality for ease of writing this update), their motives, and possibly future targets. So far none have been determined to fit the criteria of organised crime or terrorism. Why is it that stuff like this always happens in other countries? Unless the US isn't talking about it, which wouldn't surprise me, to be fair.
Some more cheerful news for you.. Dr. Phillip Williams, directory of the Programme on Terrorism and Trans-National Crime at the University of Pittsburgh says that attacks on the global financial system should be expected in the future. A single attack in the right place at the right time could cripple the US economy (as if it's not on life support right now) and bring global commerce to a screeching halt. I found it rather amusing that he named the two networks that make up the backbone of the financial system of the US, Fedwire (used for inter-bank funds transfer) and Fednet (used for inter-bank transactions (there's a subtle difference there)) in the article; thanks for telling everyone the names of two good targets.. it's also amusing that of the delegates who attended the conference at the Centre For Conflict Studies, where Dr. Williams was the keynote speaker, several were listed on the rosters as "spies".
I feel the need to be critical of this now. It's to pat. I really don't think that Dr. Williams would have gone ahead and named two major targets, giving the idea to anyone with the time to hunt down some physical locations on Google and round up some hardware without the US government either pulling him off stage or walking out of there "unescorted". That smells like disinformation to me: Give everyone two things which sound important and look like targets, but are either nonexistent or decoys. The names don't sound right, either, given what I've heard of other government nets from whitepapers scattered around the US grids and at conventions (note to federal agents: If I could find the names in a magazine, on a website, or hear them at a con, you guys probably did too; don't disappear me for pubilcally available information). Fedwire and Fednet don't fit their naming scheme. As for people on the conference roster giving their profession as "spy", that has to be a joke, probably on the part of the Register staff. You don't even hear that in comic books.
The CD copy protection software included on the latest discs manufactured by record label BMG may be bypassed by holding down the shift key when the disc is inserted into a CD-ROM drive. The software is executed by the AUTORUN.INF file, which tells Windows to run a certain application whenever the disc is inserted into a computer. There is also a control panel setting and a registry key that may be changed to disable reading the file as well. Sorry, guys..
Holy shit - Schwarzenegger won. I'm already hearing rumours that people want another recall election in California. I guess Schwarzenegger getting elected messes up Somebody's plans..
Could there be a bastard-in-training at the DOJ?
Here's a lurid thought for you: We're not finding out everything we could be about what's happening in Iraq right now. There's an article in the United Press International right now about anomalous blood clots taking out US solidiers. Pulmonary embolism (a blood clot blocking a major blood vessel in the lungs) has killed two soldiers for certain, perhaps another eight (the military's not talking about those right now), and no one's sure how many others. Oddly enough, the same thing's happening to troops still in the US. The families of the dead soldiers and not a few civillian physicians are blaming the array of vaccinations soliders routinely recieve before shipping out. To add a bit more unusualness to the cake, a strain of pneumonia is also making its rounds in Iraq among US troops. Two are dead and another seventeen are on ventilators, and those are just the reports that have gotten out. The common thread here seems to be inoculations for anthrax and smallpox, at least from the data I've been able to find.
Something to think about.
Today was one of those days where you're not busy but by the time you get home you feel like the co-star of a pornographic movie featuring a succubus. For the second time today I thought I was going to miss my bus; yesterday I almost did, but today was a different matter. I was making my way down the street to the bus stop when I felt the familiar tingling at my waist of my cellphone's silent ringer. Dataline: "Hurry. The bus is running early today. We're almost at your stop."
Me: "Shit." *click* *cyb breaking a land speed record and cutting through traffic like a stuntman from the set of The Matrix*
I wound up jumping down two sets of steps outside of a building, each time almost doing a face-plant into the concrete sidewalk because my body was tilted a bit too far forward, partially due to my backpack and partially because I have not done such a thing in quite a while, perhaps years. Running in a pair of motorcycle boots is one thing, but long jumping down steps is quite another. It's not a good idea, take it from me. Somehow I made it down to the stop scant seconds after a bus very much like my usual bus pulled away. I kicked up my land speed another notch and just made it as it stopped for a red light. I stepped in and thanked the bus driver profusely.. and then realised that I didn't recognise anyone on the bus. As it turned out it wasn't the right bus but its ID number was one character off from the one I usually ride home. I hastily got off the bus and walked back to the bus stop. Fifteen minutes later my bus pulled up and I got on.
There's a world of difference between a bus running earlier than expected and a bus that was running early but is now stuck in traffic.
On the whole, however, I'm just happy to have made it.
This morning as I was getting dressed I happened to hear the morning show call in programme over the radio next door. The question was, "What is a phreaker?" Oddly enough, a definition of the word was one of the choices (though the word is actually 'phreak' (but I'm just being pedantic)). The guy got it on the second try. Maybe someone at the station's been reading a bit more than just the headlines at Google News...
This popped up in my morning news feed - John Kline of Corporate Technologies USA, Incorporated has put out an all-call for a cracker wargame The goal is to crack one of a number of Windows 2000 Server installs running IIS, Exchange, and MS SQLserver. Each box has three victory conditions that must be met to be considered successful. Each successful cracker gets $250us paid via US money order (sort of like a bearer's bond, only keyed to a specific name). They say they're not law enforcement; the company's listed on NASDAQ (go fig), and they're going out of their way to make this look legit. They're doing it as part of a research effort to see how crackers think, so they can advance the state of the art of IDS technology I'd guess. Knowing this.. how many crackers would willingly do such a thing if it'll make cracking systems harder in the future? I know that with each advance in technology, the technology to get around security is advanced as well, but still..
Hey, why not?
The trance music scene in Japan has suffered a major blow recently - audio technician Shiro Ono died recently of a heart attack (his age and the reason for the heart attack were not given). Ono was renowned for his mastery of accoustic environmental audio, in which the speakers are positioned and tuned to maximise the effects of music on people by taking into account architecture, resonance, interference patterns, reflection, and pin-point targeting.
It was only a matter of time before the effects of viruses and computer crime got bad enough to rival most movie plots.. every morning since the Welchia worm took out the state department I've been waiting to hear about Ellingson Oil being hit by something called DaVinci. All kidding aside, this article got me thinking along these lines. Aaron Caffrey of Great Britain, age 19, is accused of knocking out the computer systems controlling automated machinery at the naval port of Houston, TX. Reportedly, he was DDoSing a fellow IRC user in retaliation for some anti-American statements he'd made.. Caffrey is reportedly in love with a woman living in America right now, so if he really did it it was to defend her honour. Caffrey is accused of creating an attack utility called the "IIS Unicode Exploiter - Ping DDoS tool, coded by Aaron". Caffrey says that someone implanted a trojan horse/remote control utility on his deck and used it to initiate the attack that way. No injuries or lasting damage were reported. Exactly how DDoSing someone in South Africa could take out a network in Houston isn't addressed by the article. Either he got his target IP address wrong, or the network in Houston wasn't patched at all and they probably forgot to disable IIS on quite a few workstations. Either way, no one's talking.
If I was playing the Snort drinking game today, I'd be unconscious by now.
Well, they got the cold thing right... my current body's rigged for high temperature existence right now.
Dataline's not home from her road trip yet. I woke up this morning to a perfectly silent house... I loved it. Didn't have to worry about running around or trying to finish in a hurry before someone else needed something, I could take my time and enjoy it. Which I did. Got dressed, got everything packed, and even had a chance to sit and read a little before leaving the house for temperatures just a few degrees above freezing.
I just realised that I havn't had any caffeine since Saturday. No headaches since then, either. Whee. I think it's time to dry out again.
Let's see.. what else havn't I caught up on yet..? Yesterday, shortly before the closing harvest ritual at PPD a number of us were standing around talking and a newspaper photographer walked over. Of course, if she wants us "to look like we're discussing something" I'm going to drag out Kabuki and pose with everyone. I've gotten rather good at that since the last place I worked, what with all the Financial Times photographers that kept interviewing the CEO. But I digress... if that picture's going to be used, I'll scan it and throw it up; somehow I doubt that it'll be published, though. That might not be such a bad thing. I spent some time hanging out with Frater AChDAE, catching up on things and discussing some ideas I've had about biologically generated/orgone energies.
The harvest ritual, I'm afraid, left me somewhat disappointed. It didn't have the spark I usually associate with gatherings in the Pittsburgh area.. there wasn't enough behind it, that I'm certain of. Titania's dances were most impressive, I must admit, and the people drumming were quite good.. but it was still lacking. I didn't know that Alaric would be leading this year, a welcome surprise. After that came the raffle, and I'm still kicking myself for not having purchased a few raffle tickets for the heck of it. I managed to get Ruthie, who was working with Inner Vision yesterday, in touch with John (who's part of the staff of Tekkoshocon because she's looking to sell some of her art locally (and she's good, make no mistake about it). I helped move tables around and clean up the lodge after everyone else had left, which exhausted the last of my energy. By the time I'd left I was a few sweets (from what hadn't been sold at the bake sale) and three hogies (ditto) richer.. dinner without having to forage, yay. I drove Fern and the twins back to their apartment afterward and picked up the leather she wants me to use for her book of shadows.. she's going to be pleased, of that I'm certain...
I also had the chance to go hiking a little with Swift and Sil to kill time before the harvest ritual.. amazingly, we didn't get lost. The ground that far out is too swampy and there weren't any real trails in that part of the park so we weren't able to go very far. But it was still nice to get out for a change. I'm also amused that Swift's foxtail scared a little kid, even though it shouldn't have.
On Friday Cisco Systems, manufacturers of so much network infrastructure hardware that it isn't even funny announced a serious flaw in the system used to authenticate logins to the hardware itself. The LEAP system (Lightweight Extensible Authentication Protocol) is vulnerable to a dictionary attack, in which the encryption key used during the challenge-response process is simple to brute-force (a complexity of 255^2, or 65,025 possible keys), as stated by Evol on Bugtraq on 3 October 2003. There are actually a few ways to exploit this vulnerability, check out Evol's post for more information; he released a proof of concept exploit to prove his point.
Okay. I broke down during the morning IT meeting and got a cup of coffee. My brain's fully functional now. I guess it's a better idea to decrease the amount of coffee slowly...
I know that there wil be a lot of people out there shaking their heads at this article because "it's common sense" to them, but for many others it'll be either one of those headslapper moments or entirely novel, so I'll just get going.. wardialing is back and it's still useful. Wardialing is when you have your computer start dialing phone numbers one after the other from a list to see which ones are answered by modems or fax machines. Back in the day (before the Net became the juggernaut of today that we all know and love) there were utilities out there that would do this for you, like Toneloc and phmap. These days it's normal to find at least a few 'rogue' modems on a corporate network, sometimes used by people to access their workstations remotely, using PCAnywhere, for example, though a direct link into a router or file server can also be used for remote repairs or maintenance. It's easy for a cracker with a little time to kill and a dialup modem to find at least a few dialups these days.. and the only way to see if you have any rogue modems on your LAN is to wardial yourself, of course. Word to the wise: Check before you say you're not vulnerable. You never know.
Okay.. SCO's now officially on crack. Not too long ago they started leaning on Silicon Graphics because of their own version of Unix, called Irix. Irix has its own file system called XFS, which they open-sourced; XFS was subsequently picked up by the Linux kernel project and integrated into the codebase. SCO's going to revoke SGI's UNIX licensing agreement on 14 October 2003 because they claim that some of their "proprietary" code (which was released into the public domain before Caldera even bought SCO a few years ago) was open sourced as a result. SGI claims that they went through the XFS codebase and removed all of the potentially offending code, but that's not good enough for SCO.
Is it just me, or is SCO trying to claim proprietary copyright on source code that was open sourced several years before SCO purchased the copyrights to the System-V code?
As if there isn't enough to worry about right now, word's going around about a peer-to-peer filesharing application called Earthstation 5 that was deliberately designed to be insecure. It's said that it hasn't been out for longer than a year or so, maybe about six months. While ES5 is touted by its developers as the most secure and private file sharing application out there, there is malicious code inside the source tree. It's possible to remotely delete any file on a system running the ES5 client with a certain command, and it doesn't appear to be an accident. Moreover, the ES5 team is also said to be behind some DoS attacks on other file sharing and distribution services (like BitTorrent). There is a proof of concept exploit out there (referenced in the article above) and an FAQ. Trust no one...
Burn's messed up again - Qmail stopped recieving SMTP traffic. I tried to reboot her remotely and she's locked but good. Next stop: Computer show for a new mainboard. Maybe something in a dual-CPU configuration...
Science fiction fans take note - the Hitch-hiker's Guide to the Galaxy movie is a go!
Two of the pictures taken yesterday made it into the Pittsburgh Post-Gazette, but I'm not in any of them.. *whew* On the up-side, the article's pretty good. It's in the hardcopy version, too; either way, take a look at it.
Is this not nifty - Eddie Izzard will be playing my namesake! That's right, he'll be playing the Doctor when Doctor Who returns to BBC Television as a series in 2005, thus sayeth Tom Baker (who played the fourth Doctor). Thank the gods for BBC America...
Here's an interesting story - a French company has developed solar panels that generate twenty times more electrical power than existing solar panels. These new-generation solar panels use organic materials instead of doped silicon crystals (like the amorphous solar cells you can purchase in kits through Edmond Scientific?). Their game plan is to use less efficient materials but because those materials are cheaper the cells can be made much larger, and as such gather more power. They're shooting for 10% efficiency by 2004 in their production units. That seems a little counter-intuitive to me, but if they're trying to break into the consumer marketplace (good luck, guys... good luck) they're going to have to shoot for cheap and easy to use. Hardware hackers and power guerillas will probably snap them up first and turn alternative power generation into a fad, and then everyone else who's got disposable income and wants to jump on the bandwagon will do so ad turn it into a fad. That's how it's going to have to start if they want to make it big, at least in the US.
Greetings readers from Fermilab!
Not too long ago I got back from the local Pagan Pride Day celebration. It was a busy day, no lie.. I got up early this morning to have breakfast and get everything together before taking off. Dataline left early this morning so I made sure my grandfather was okay before taking off. First stop was to gas up the car to make sure that I could actually get there, and then I stopped to get cash for the vendors. The drive to North Park itself wasn't too bad, I made it in about a half hour's time by taking a shortcut up and around the back of the neighborhood to get to the highway. Once there, it was a straight shot out.
I ran into a great many people that I havn't seen in far too long. Frater AChDAE was there, as was Lissa Ernst, the Promise of Iris crew, Titania, Alaric and Scott... everyone I miss because I can't see them often anymore. I wound up only making it to two seminars the entire day, Ritual Body Art with Kali and Lucien, where I got the Kanji characters making up the word 'kabuki' on the inside of my arm in henna, and Frank DeAngelis' Psychometry Workshop. The rest of the time was spent wandering around talking to people, looking at everything on display, playing with the ferrets that were everywhere(!), and shopping. I wound up buying a Pagan Pride Day t-shirt from the POI team, along with some Samhain incense and charcoal to burn it with, a bumper sticker for Dataline ("I believe in angels"), a pin I've had my eye on for a while ("Doing my part to piss off the religious right"), and a small carved wood box to put my collection of rings into (and there are quite a few). Kali and Lucien did an excellent job with their presentation; I regret not having had the chance to pick up their handouts afterward. The henna pattern took less than two minutes to do in total - Kali's good with it. It'll last for a few days, so I'll see if I can take a few pictures of it.
I have to admit, there was a lot of incense in the air today. So much so that I had to go outside a few times because my eyes were getting irritated, which isn't good especially when you're wearing contacts. I'm really happy that Swift and Sil came out today. I introduced them to a good many of the people that I know.. I hope I was able to help make a few more connections somehow.
I have to admit, I'm surprised by the psychometry (object reading) seminar at the end of the afternoon. I've never put much stock in it but I try to keep an open mind... the theory that DeAngelis gave for the phenomenon I have to admit wasn't the strongest in the universe, and I was a little surprised at the lack of understanding of metaphor that people have these days, but when it got down to the nitty-gritty I'm surprised that I actually picked up a few solid impressions from the ring the woman next to me handed to me. I'm even more surprised that I was dead-on in four out of five impressions. In return I handed her my TARDIS key pendant.. and she related a few things that I've not told anyone. Wow. Okay.. so I'll put some credence in psychometry now.
Right now, I'm too tired to write much else. I'll write more tomorrow.
I wonder if my picture's going to be in the paper tomorrow....
Yesterday passed in a haze of doing stuff and taking care of things. I'd called off from work because there was too much that had to be taken care of around the house and decided to catch up on my rest at the same time.. the night before I'd jacked out at my usual time and simply neglected to set my alarm. Fern's pillow, unfortunately, didn't work as well as it did the night before, and I kept waking up every half hour or so. Eventually I dragged my usual pillows back into bed and slept until 0830 the next day... these days, sleeping until 0800 is sleeping in, but I digress.
Last night after everything was over with and done (including making chili for dinner.. it's all in the bay leaf) I changed my clothes and drove out to LARP to see what Lee had in mind...
Warning: Unabashed gamer's spew ahead. Feel free to hit the page down key a few times if it's not your cup of tea.
The Year of Fire is shaping up to be the de facto end of the Camarilla's universe... I don't know if they're going to finish the game globally or not but no matter how you cut it the rate of character attrition is going to be nasty. So far one character who'd gone off the deep end after having his mind messed with one too many times got another character arrested, and then captured. So last night was a run-and-gun plot with a lot of planning and a strong strategic component. I'm honestly a little confused about what actually went on last night: There were three strike teams operating simultaneously trying to intercept the truck transporting the detainee; two teams and a third running backup. The first truck was hit and what we thought was a successful capture turned out to be a decoy. No real surprise there. I don't know what happened to the decoy, I'd heard that it'd been transferred post haste to the bottom of a river just in case. The second actually had Mr. Watson in it and somehow (I never found out how) he'd been snatched back. At this point things got really confusing and trying to do things remotely got confusing. I know that there was a fire fight, a lot of teleportation, and the overwatch team (Operand and Dr. Ansin) almost went off the road at least once. The character rescued is all right and recovering as well as can be expected, which tied up that plotline neatly.
The rest of the night was Dr. Ansin's tribunal, which stemmed from his getting Mr. Watson arrested and subsequently captured. The evidence pointed overwhelmingly that Dr. Ansin did it, even though he'd had his mind altered at least twice that everyone was certain of. At the end of it the tribunal it was decided that he'd be imprisoned for a year and a day, pending finding someone or a group of someones to repair the damage done to his mind. I'm going to hit the national in-character mailing lists soon to see what I can put together. That's what they're for, right?
End of gamer spew. Party on.
I'm going to start cooking this afternoon to get ready for Pagan Pride Day tomorrow. I was asked to make something to donate to the bake sale so I spent some of yesterday going through my collection of recipe books to find something that's easy to make, doesn't require a special trip to get ingredients, and would be tasty. I've settled on making lemon bars, which I can put together in about an hour and I can divide into two batches. I have to go food shopping this afternoon, I can't do anything about that, so I'm going to pick up some Gladware to pack them in for tomorrow. I've decided that I'm going to go in full colours (or lack therof, as the case may be) to represent my particular slant on life. What the hell; I'm only young thirteen times. *grin*
Dataline just informed me that on 15 November 2003 there's going to be a mini-anime con at the local library; the theme they're running with is music. They're asking for anime and manga collectables to put on display and there's a call for cosplay...
The question is now.. which character?
Okay.. later today. The lemon bars are done and dusted with confectioner's sugar. I'm going to cut them apart and package them in two boxes for the bake sale tomorrow. I hope the go over well. While they were finishing up in the oven I got together with Dataline and put together a shopping list. I headed out to the store to restock for the week to come.. and came home with a splitting headache. It feels like there's a migrane on the horizon but I can't be sure - I havn't been under enough stress lately to cause a migrane, and as far as I can tell I havn't taken any aspertame lately (the fastest way to cause a migrane headache with my current body). It might be stress, it might be something else... I think it's caffeine. I've been drinking even less than normal lately - less than three cups of coffee in a day's time. There isn't a coffee pot at work so I'm limited to one in the morning, maybe two cups at night. I think my body's tolerance to caffeine has fallen so far that anything close to my old intake is disrupting its normal functioning. I can handle the discomfort with a little effort but I'm going to take this as a lesson and be careful in the future.
Here's a toy that I can see backfiring in horrible ways. A toy with a bore 8.5 inches in diameter. Someone Out There has constructed a mortar out of a piece of sewer pipe. The mortar cannon uses the coarsest grain of black powder to hurl 10 pound bowling balls a distance better than 600 yards. The recoil on this sucker is such that it digs out divots of earth an average of 7.5 inches deep each, even though the entire construct weighs about as much as I do (about 150 pounds). I know that there's something to be said for cleverness and doing things because you can, and I'd be lying if I didn't say that this is pretty cool, but it's also dangerous, and too easy to misuse (like taking out cars on the highway). After a few pyrotechnic misadventures in my younger years, I also have to worry about what could happen if it malfunctioned somehow.
Last night after I got off the phone with Lyssa I pretty much crashed out. All of my energy was gone and the only thing I wanted to do was curl up and go to sleep.. which I did, a bit earlier than normal (which seems to be getting to be a habit). After my shower I fell into bed and grabbed the dream pillow that Fern gave me months ago when I was having trouble falling asleep. I figured that it couldn't hurt to try it again (seeing as how I was having a great deal of trouble using it the last few times I'd tried it) and if it wasn't helping I could always push it off the side and grab the other two. I don't think it was five minutes later that I passed out and didn't wake up until I heard my alarm go off this morning. No dreams, I was out like the proverbial light.
Someone's pager at work has a custom signal - 'SOS' in morse code. I might be way off base, but that can't be a good sign...
This is one of the neatest hacks I've seen in a long time... someone's ported the C=64 emulator Frodo to the Nokia 3650 cellphone. Why? Because it can be done, does it need any other reason? Personally I think it's a great idea - I can't tell you how many times I've wished I could be playing Street Beat or Neuromancer on long trips to pass the time. From what the page says, it only accepts .t64 files (Commodore cassette tape images) for the software, which pretty much limits the software to 8KB or less (if memory serves), but it's a start. I give this one two thumbs up.
I think this says something about how highly people are valuing things instead of people or ideas - naming one's children after name brands. I think that says a lot about the value that people place on images and the sources therof, and not so much on individuality and self-determination. Then again, this also reminds me of an Arabic tradition of naming one's children after bad things that may befall them so that they won't happen (sort of a reverse whammy, as it was explained to me), so I guess I can't say too much about it in that light.
That doesn't mean that I can't find it troubling.
Fuck. Burn crashed again.. and guess where I'm at? At work. This really pisses me off... I can't bring her back online from here. I guess this is where a watchdog comes in handy.
Debian's got fixed OpenSSL packages in the apt repositories now - start updating. Updated .rpm files are now available through Redhat as well.
Some folks might have heard about this going around about two years ago.. apparantly the stories of a computer security testing firm cracking military nets so deeply that the admins didn't realise it were true. Brett O'Keefe, president of ForensicTec of San Diego, CA will be arraigned next Tuesday in federal court for compromising the security of NASA, the US Army, US Navy, Department of Energy, and the National Institutes of Health. The charges state that O'Keefe shared classified data with the news media to try to generate publicity for his company. As I was reading this story, a name jumped out at me: Fort Hood. The stores I'd heard going around were about a computer security company contracted to test the security of a few US military nets, of which Fort Hood's was one. The stories went on to talk about the tiger team cracking the perimeter security with little trouble and proceeding to compromise fully three quarters of the hosts on the base's network.. and then they found a gateway that they weren't told about. Because they were contracted to test the entire network they cracked the gateway as well, and thinking that it was another network proceeded to crack quite a few systems on the other side... which happened to be all over the sectors corresponding to various institutions in the US, though they didn't know it at the time.
I don't know how much of the stories I'd heard is true, but there's enough data in that news article to corroberate a few things. As J. Michael Strazynski once said, the truth is a three edged sword. What really happened is somewhere in the middle. Another article has it that O'Keefe was bragging about what happened to drum up business and denigrate the security of US government nets (perhaps rightly so), especially since they started trying to crack down after 9/11. If he was trying to embarass the government, then he did an excellent job of it.. he failed to keep in mind, however, that it's a bad idea to redden the jowls of people who are ready, willing, and able to lock you in a room and throw away the room to retaliate. And now I wonder what really happened...
Last night I spent a lot of time trying to figure out what's been going on inside. There's no logical reason that I can see for feeling depressed. As far as I know I don't suffer from seasonal affective disorder; if I did I'd be in this state year-round given how little I see sunlight, let alone the outside. Barring further evidence I will not discount the possibility, but I will put it to the side for later consideration. I don't suffer from clinical depression, havn't for over a decade as it's reckoned. Doesn't feel like a change in diet, though I am still trying to take off the weight from Forge's wedding; I'm willing to consider this possibility as well. It could be a lack of activity: I sit in a cube all day using a computer and barely ever get to see the outside. Physical exercise seems to ameliorate the problem, at least temporarily. I'm also willing to consider fatigue in that my circadian rhythms are innately geared to run in four-hour cycles (including sleep - two four-hour cycles) and I don't get that very often anymore. I'm lucky to get six hours, if that. I'm not getting any of the usual problems of extended sleep deprivation, like hallucinations or loss of motor coordination (as if I ever had that...) so I think that it's a (so far) minor perturbation in the natural pattern.
Not long after I got home I rebooted Burn. That itchy-burning-hollow feeling is gone now. Yay. I've changed her over to Binc IMAP, which seems to be much less of a hit on system resources than Courier IMAP is. Courier's a beast when it comes to memory footprint, which is why I think it kept hitting that memory paging subsystem bug in Burn's kernel. That I can really only fix by replacing her mainboard and compiling a new kernel for her, but I don't know when that'll be. I fix what I can and ride out the rest.. let's see how this new arrangement fares. I've already caught up on today's mail and Binc seems to be doing the trick so far.
It's another cold one today.. autumn's here if this isn't just the opening procession. Still freezing, still trying to warm up. This morning at the bus stop, there was an unexpected bit of surprise.. a small kitten had followed one of the middle school kids we share the corner with. This probably should not count as excitement or surprise, I suppose, but I need something to write about. The little guy was an orange tabby, probably not older than five months judging by his size. He honestly didn't want to leave anyone, probably due to the attention and the prospect of maybe getting something to eat out of them. No collar. Judging by how clean he was and how healthy he appeared he's probably a local cat, someone's kitten who got out either early this morning or some time last night. I wish I could have done something to help.. I hope he made it home. He wouldn't stay on the porch of a nearby house though he did run into someone's driveway so I think he's safe for now. Maybe he'll go home if he gets hungry enough today.
I've decided today that Microsoft Office XP is the worst piece of software that I've ever had the misfortune to come across, so much so that I am going to plunge my hands into a bucket of bleach when I get home tonight to rid myself of the icky feeling. Trying to keep a document properly formatted has been an exercise in futility today: Office XP does whatever the hell it chooses with section breaks, hyperlinks, bullet-point placement and colouration, and generation of indices and nothing that I know how to do will bring it to heel. I've wasted a good three hours fighting with one document today and I seriously doubt that I'll be making any progress anytime soon. If I thought the software would do it properly I'd export it as text or HTML, clean up the formatting, and then reload it to save it off. Sadly, I doubt that'll do any good at all given the functionality required (internal hyperlinks with indexing), and even if I did try to save the document as HTML I strongly doubt that it'd be readable by any software likely to exist anytime soon on this planet. If a three page text file can balloon to a half megabyte in size, what else is this monster capable of?
I signed on to do computer security, not wrangle shoggotha.
Speaking of computer security, everyone, Guardian Digital Security has released an advisory regarding vulnerabilities in OpenSSL. Not too long ago the NISCC of the United Kingdom (National Infrastructure Security Co-ordination Centre) created a set of malformed client certificates (sort of like public keys) to test how SSL-protected software reacted to adverse conditions. Dr. Stephen Henson, one of the core programmers of OpenSSL isolated and fixed a number of bugs in the OpenSSL libraries. There are certain ways to corrupt the encoding of a certificate that can cause OpenSSL to corrupt its stack, causing the programme to crash. Similiarly, strange ASN.1 tag values can cause the same denial of service, bad public key segments can scribble on the memory used by software if public key decoding errors are ignored (which doesn't happen often, it's a debugging feature), and client certificates passed down the link when they're not requested ("Oh, why thank you!") can force the first three bugs to be exploited. All versions of OpenSSL including v0.9.6j and 0.9.7b are vulnerable. Versions 0.9.6k and v0.9.7c are bugfixes that patch these vulnerabilities.
CERT, the Computer Emergency Response Team based out of Carnegie-Mellon University, bless its collective slow-as-molasses-in-January heart, has finally gotten around to releasing an advisory about the bugs in OpenSSH last week.
The FBI's at it again... they've been asking journalists to get ready to turn over all of their e-mails, notes, and contact information for their sources. Some of the reporters who have been covering the Adrian Lamo case have been contacted privately and told that everything they've got about the Lamo case can and will be subpoenaed, and they do mean everything.. even the apocryphal and personal theories. Why does this smell like what they put Mitnick through (hacking NORAD)? To make matters worse they're threatening jail time for said reporters if they don't cough up once the paperwork comes through. This seems to violate the first amendment insofar as restricting what reporters are allowed to talk about (an ongoing criminal case and the fact that they're being leaned on by the government - take a look at my copy of the Bill of Rights). The article goes on to say that this began to happen the day after Attorney General John Ashcroft ordered every US Attorney's Office to prosecute every criminal offense they see with the harshest possible penalties.
This is being done under the laws modified by the USA PATRIOT Act that require "ISPs and other providers of electronic communications services" to keep copies of every e-mail passing through their systems in case they are ever called under subpoena. An ISP's mail servers and a journalist's field notes and research are two different things. The reporters were told that if the wishes of the FBI are not followed for at least three months they will be prosecuted for contempt of court. The first recorded case was in May of 2002, msnbc.com reported Bob Sullivan. The article states in no uncertain terms that they're probably going to use the reporters to confirm Lamo's guilt (he was, after all, very open about what he was doing and was interviewed time and again, each time not denying that he compromised netowrks), which they'll probably use to bury him. Nevermind the fact that he probably saved quite a few companies several million dollars each by pointing out holes that John Q. Scriptkid would have abused.
As if that's not enough to make you feel queasy on a Monday morning, check this out: lifeandliberty.gov, which is a website that's supposed to tell everyone how the USA PATRIOT Act is preserving our quality of life (have they actually seen the unemployment rate lately?) and liberty (by destroying the Bill of Rights one amendment at a time). Sorry.. I'm not buying it.
Former GeCAD programmers of GeCAD Reliable Antivirus for Linux have shifted to Kaspersky Labs after GeCAD's buyout by software giant Microsoft. Microsoft had announced that RAV for Linux and Novell Netware would no longer be produced or maintained, which screws two major environments out of a fairly decent antivirus system. Kaspersky has announced in return a transition plan from RAV to Kaspersky Antivirus.
Slackware Linux v9.1 was released not too long ago. This version of Slackware was compiled completely using v3.2.3 of GCC, which is a considerable step up from the earlier releases.. v2.4.0 of the Gnome Desktop Environment is included as well as v.3.1.4 of KDE (the Pi release?), v2.4.22 of the Linux kernel, journalling filesystem installation support galore, GlibC v2.3.2, XFree86 v4.3.0 (which is a highly stable release, as I can attest to), Mozilla v1.4 (yay not having to download and compile it by hand!), and everything else we've come to know and love about Slack. Start planning your Friday night now.
Before I left yesterday Lyssa gave me a few things to hold onto while she's down in Maryland, among them a stack of back issues of Dragon Magazine, which is a print magazine for FRPG afficionados. Among the usual letters to the editor, product announcements and reviews, and articles I found in the advertisements a full-page ad from Palladium Games from 1989 which talked about a Robotech RPG.. and which also had listed copies of the first two or three episodes of Sentinels, the sequel to the Robotech series which never went anywhere in VHS format for $24.95... so that's how all those copies started making their rounds. For a long time I've wondered how recordings of those lost episodes were getting around the collector's circuit; I guess they're copies of those first-gen tapes. Mystery solved.
Okay. Something's wrong.
The temperature's been falling more and more in the past couple of days as September slowly fades into October and autumn follows on its heels.. this morning I started losing feeling in my hands while I was standing outside waiting for the bus. This is not an uncommon occurrance due to RST (repeditive stress trauma, which amounts to the early stages of carpal tunnel syndrome) reducing the circulation to my body's hands. However, given a warmer environment and lack of exercise they tend to warm up and the feeling comes back on its own. Today it hasn't. I don't think it's due to the nerves being pinched off by anything because I can't do the stove burner trick (you don't want to know) - I can still feel temperature if it's sufficiently high or low, but otherwise mobility and sensation are impaired. This suggests poor blood flow. At any rate, it sucks. I've been having a hard time typing all day today, which is further difficult because I've been writing documentation at work.
Quick sidebar - the vote on George Bush's bill to eliminate overtime pay for Americans is either tomorrow or Wednesday this week - call your representative and tell them to vote this down!
But as I was saying... I don't understand why it is that every night when I come home from work I'm demolished. I've little energy by the time I get back to the Lab, the only thing I want to do is curl up with a book and maybe fall asleep, nevermind wanting to do any reading. Even riding the bus home I feel like I'm wandering around the house after a particularly bad nightmare - not really tired but dazed and disconnected, and feeling adrift. I havn't been doing anything major at work, no crises have been breaking out, not even a staff meeting. I'm just doing stuff, and getting taken down by it. Why? It doesn't make any sense.. people shouldn't get tired if they don't expend a lot of energy.
I'm back at the Lab after driving Lyssa home at the hotel. It's been a long weekend, and oddly enough my body's not sending me those "I'm fried" signals.. which means that I managed to recoup some energy, though I don't want to push things right now.
Saturday morning I got up around 1000 EDT, did basic maintenance, and then took off shortly after noon local time to pick her up.. not far from the Fort Pitt Tunnels (does everyone I know Outside live on the other side of the mountain??) I got a call from John and Lara offering to act as co-pilots on my trip because Lyssa's folks live pretty far out there.. for some reason, I know not why yet, I accepted and turned around to head back and pick them up. Roughly forty-five minutes later we were back on the highway headed for what very well might have been the inspiration for some of H.P.Lovecraft's short stories.. her folks live that far out there. We picked her up around 1430 EDT (that seems to have been a popular time this weekend) and drove to Uniontown to meet her friends from the homefront; and what a fun crew they are. We stood around shortly after arriving for another birthday celebration (forgive me, everyone, as I'm very poor with names; I'll remember their names with prompting to make sure that I don't get them wrong and likely remember them permanantly after I meet them a few more times). We hung out talking about the good old times, swapping stories (they rather liked story about the stripper) and generally getting to know one another. Unfortunately, Time being what it is, we had to leave all too early to return to Pittsburgh.
Lyssa had gotten a hotel room in Pittsburgh and we had to get her checked in before the room was repurposed (well, it may not have been, necessarily, because as long as they have a room open they'll give it to a reservation, it just might take longer, a hassle we didn't feel like going through) so we stopped in and dropped off our bags, and then headed out to the friges of Pittsburgh, near my usual stomping grounds to visit a good friend of mine, Don, who runs The ER Room, which is one of my favourite stores. Don's a great guy; if you go expect to get into a conversation lasting at least a couple of hours. His prices are quite reasonable as well. I really feel for him, as he was in an automobile wreck not too long ago and he's still feeling the effects of it. The airbag caught him in the shoulder in the impact and he injured his neck, back, and shoulder even more. I wish there was something that I could do for him. We looked around the newly rearranged store to see what there was to see.. and oh, were there things to see!
I wish I could afford more of his clothing. He's got some amazing pieces that I'd love to try on, given more time and definitely purchase given more money. Alas, I've little disposable income at present. Anyway, I was shopping for the rest of Lyssa's birthday gifts (I'd already gotten her books on speed reading and memory techniqes, which she's going to need while getting her masters' degree, and a copy of Disconnect by Iris). Unfortunately, they didn't have exactly what I was looking for but Lyssa knew exactly what I was looking for as I browsed the shelves and asked Don nicely if he had any in stock. Unfortunately he didn't at the time but he took her measurements and offered to make them on commission for her. I'm going to pick them up for her late next week. So all was good.
After saying goodbye to Don we headed back to my car to drop off John and Lara and then swung out to get dinner. I took Lyssa to get dinner at the Sesame Inn Restaurant and Lounge, northwest of the Lab. The Sesame Inn is one of those restaurants that looks too posh to be affordable (even though two can stuff themselves for $30us), too far away to be worth the drive (just try it), and too nice to show up in street clothes (feel free to, everyone else does). The staff is incredibly helpful and accomodating, too: Lyssa asked for Ginger Shrimp and recieved it without a complaint. As for myself, I had my favourite, General T'sao's Chicken, which somehow manages to be not only filling but to have what amounts to a candy coating on each piece. The service was rather slow Saturday night, though, due to the number of people having dinner before going out to do whatever and the length of the drive from John and Lara's chewed up quite a bit of time. By the time we got back to the hotel it was past 2230 EDT and we were already late.. we called John and Lara to see if they were still up for going to Club Chemistry but, alas, they weren't feeling well and decided to pass. Swift Fox and Silaria had already declined though we did call them next, and accepted an invitation to join them for a while.
We hung out for a while and made plans to go out for breakfast this morning and then retired back to the hotel for the night.
This morning we were awakened by our 0930 EDT wakeup call to shower, pack, and generally get oriented for the rest of the day. We were going to meet Swift, Silaria, John, and Lara for breakfast downtown. Unfortunately, due to having to square away a few things at the front desk we were running late.. the maniacal driver on the highway who nearly sideswiped us as we were changing lanes (I was moving left one lane; he was weaving madly through traffic (should have seen trouble coming to begin with..) doing far better than our 65 mph and in the process of changing from the lane to our right to the lane on our left) not only nearly caused a three-car pileup but scared the living hell out of us, nearly took some of the paint off my car, and made me miss my exit. We wound up taking the long way around the Heinz Stadium (a sports structure which most Pittsburghers can't afford to attend and single-handedly fucked the city's budget for the next eight years, at least), getting stuck in more traffic, and showing up a half-hour late.
Everyone finally met up at Station Square and we elected to go into the Strip District to get breakfast. I honestly don't remember the name of the place that we decided on, I want to say that it was DiLuca's, but it was larger inside than it appeared on the outside, packed with a cross section of Pittsburgh, and had excellent food on large places. Their food is reasonably cheap (no breakfasts over $9us that I can reacall), the portions are large, and it's tasty to boot. It's a good place to close out the weekend, I have to say.. we wound up sitting at the counter eating, talking, drinking far too much coffee (the waiter left a pair of full carafes, which had to be refilled several times) and generally having a good time. We got to watch a team of short-order cooks plying their trade up close and personal, and marvelling at the speed with which they prepared bacon, eggs, sausage, acres of home fries, and everything else under the sun. It was also over all too soon, as I had to get Lyssa back to her Pennsylvania home so her brother could drive her back to Maryland.
The trip back went fairly rapidly; now that I've been out there a few times I'm getting pretty good at finding my way around. I helped Lyssa pack some things that she needs down in Maryland and get them moved out to her brother's car. Once that was done we said our goodbyes (which seem to be getting longer and longer) and parted ways. I've been home for a couple of hours now and I'm sitting back resting, catching up on my e-mail and writing updates. To everyone who's waiting to hear back from me, please be patient.
I find the rape reference slightly offensive and stereotypical of anime, but other than that it's not far off the mark from how I really did look back in high school..
At least I'm not a redshirt.
I'm going to be taking off to pick up Lyssa shortly. I'll be out of touch for about twenty-four hours or so, everyone. If you need to get hold of me send me an e-mail; if it's an emergency call my cell phone.
More and more services are being made available on the Net today, often in the form of a Web application of some sort, running on a server somewhere Out There. The process of submitting a credit application to a car dealership is one of these; formerly a royal pain in the six now there is a service called Dealerskins, which performs this service for car dealerships to further defray costs and speed the process.. there's just one catch, however: They left the credit information keyed in by prospective customers available to whomever happened across it. Yep, all those names, addresses, phone numbers, and Social Security Numbers were just laying around on a web page that anyone could access if they knew where to find it. To find it all one had to do is examine the HTML source code for the web form (a trivial task, supported by all web browsers). Dealerskins was contacted on Tuesday and alerted to this mistake, whereupon they promptly took the page offline but they refused to check to see if the page was actually publically accessible for themselves, and furthermore didn't check to see who else had looked at the page. This is negligance of the grossest sort. That customer information is their life's blood, and the wrong people accessing it could compromise the financial histories of hundreds of people, potentially screwing them over for years. I can think of another way that people could have found the page without going to the service page, too - Google. Way back when it was a popular pastime to plug search terms like 'passwd' and 'htaccess' into Google to see what would come back; often you'd find the password file to a private website or two. Nowadays you can prevent those files from being indexed by configuring your web server properly but there are still people who don't do this. If someone stumbled across it during one of these searches, those people are just as screwed, and Dealerskins is just as incompetant.
Dealerskins was quoted as saying that it wasn't their fault if someone was able to look at the HTML code to one of their web pages. I somehow doubt that they're going to be helpful in the investigation.. call it a hunch, but they screwed up royally and their reaction looks to me like they're going to try to discreetly wipe the egg from their faces and cover it up.
Anyone who's been watching the net.news lately has no doubt read the stories that Microsoft's products' lack of security are being discussed as a serious threat to the informational infrastructure of the United States of America (the State Department being forced offline by the worm Welchia is a small sample of this). The security firm @Stake (formerly L0pht Heavy Industries, if anyone remembers the L0pht crew) has stated its opinions.. and lost its CTO as a result. David A. Geer, Jr. lost his job at @Stake yesterday. No one knows if it was a resignation, a force resignation, termination, or what have you, and no one's talking. This came only one day after Geer and six others published a report that stated that the US government was relying too heavily upon insecure software, exposing it to a clear and present threat to operations.
In case you're interested in reading the paper you can download the .pdf file from here or from my mirror here.
Yesterday and today have been fairly quiet but busy days. I've been writing lots of documentation at work and tracking down tidbits of information to make sure what I'm writing is accurate. It's not terribly hard work, just time consuming; once I start working on it I tend to get lost in the work. Last night was the first relaxing night I've had in a long time. I managed to clear out half my backlog of recipes that I've been meaning to write down (I collect recipes; they tend to pile up faster than I can write them into my cookbook) in the past two nights and I put in the last batch of paper for Fern's book of shadows last night. If all goes well I should be able to press the entire mass starting next week and then start the binding process. I'd better start designing the binding and cover, come to think of it... Lyssa's finished her arrangements for coming into Pittsburgh for her birthday, so that's one less thing to take care of. I plan on cleaning my room tonight just because I'm tired of looking at clothes piled up everywhere; that shouldn't take too long. After that all I really feel like doing tonight is sitting around the house. It's been a long week and I'd like to recover at least a little bit of my strength before I have to drive out and get her.
I'm thinking about curling up with a good book, a glass of wine, and some clove incense tonight. Just because. Maybe I'll finish my kittyband tonight; I've got the design down, I just have to attach the ears, the work of a half hour at most. I also need to figure out what to make for the Pagan Pride Day bake sale, too. That shouldn't be too hard, I just have to sit down and do it.
|The Ultimate LiveJournal Obsession Test|
|Category||Your Score||Average LJer|
You have one or two loyal pals on LJ... But you probably have better things to do with your time.
An expert on multiple-choice questions, an whiz at the cut-and-paste
Some stories must be told - and you're the one to tell them
Had a comment taken out of context once or twice
Slothfully Seeking Susan
It's been confirmed that the Welchia worm hit the State Department's network on Tuesday. Ouch. That sucker gets around.
Samba v3.0 has been released! Samba, if you're not familiar with it, is an application that lets non-Windows machines communicate with Windows domains and shared networks transparently, for things like remote printer access, file shares, and other neat stuff that Windows takes for granted (when it's not being patched nine ways from Sunday). Among the list of nifty new features in Samba is the ability to join a Microsoft Active Directory system and not just a domain. Full support for Microsoft's implementations of Kerberos and LDAP is engendered by this new functionality. The user credentials authentication subsystem has been completely rewritten. The 'net' command has been cloned, making cross-platform users more comfortable ('s about time..). Trust relationships can now be built with windows NT4 domains (strangely enough, trust relationships with 2000 domains could be done before, something I discovered entirely by accident). Of course, the docs have been updated to match the new functionality, and the ACL (Access Control List; security permissions, basically) code's been improved. Time to start playing with this to see how well it works at the Lab.
A couple of months ago stories word got out that Diebold's electronic voting systems were insecure and that some researchers had figured out how to crack the system; the reasoning behind this is that if researchers could compromise the system so thouroughly using sample data sets, so could malevolent attackers out to tamper with an actual election. A security-in-electronic-voting advocacy website, called Blackbox Voting was set up to bring situations like this to greater visibiilty.. not too long ago Diebold Election Systems had blackboxvoting.org shut down for copyright infringement. Copyright infringement involving linking to other websites.. does anyone else think Diebold is more interested in getting critics out of the way than they are in fixing their voting systems? Something's not right here.. appellate courts ruled what Blackbox Voing was doing was perfectly legal (anyone can throw up a hyperlink to a publically accessible resource on anyone else's website, after all). Oddly enough, blackboxvoting.com is still up and around and still making its point. Check these guys out and fast before Diebold gets it in their collective heads to shut down this domain as well. Voting is one of the strongest ways in the United States to make your voice heard by those in power. A voting system that can be manipulated easily effectively steals the words from your mouth, making your own opinions null and void. If you wish to keep the ability to make your presence felt in the government, read up on these matters and support the people who are trying to keep things fair for everyone.
It's been an adventures week on the bus so far.. yesterday the bus driver was in enough of a hurry that he not only sideswiped the guardrail on a tight bend but didn't ask if anyone who'd been thrown around in the back was all right (there were a few close calls back in sardine land). This morning downtown on my walk to the office traffic was snarled for a good ten minutes as another bus, a tractor trailor, and a few cars the drivers of which didn't realise it was a good idea to turn from the inside lane of a widely-swinging truck fought for dominance of an intersection. The tractor trailor was in the second lane from the kerb and trying to make a right, which means a wide swing to build a large enough turning radius. This put it in the path of the bus. The cars zooming down the narrow channel formed by the right-hand side of the trailor and the kerb kept said trailor from completing its turn. Eventually a few cars were stuck in the channel, traffic was backing up in three directions, and the drivers got irate.
Nothing bad happened of it, it's just that the utter lack of common sense and procedure struck me as interesting. I might not have much common sense either but even I know better than to pull a stunt like that. Sheesh.
I feel very secure right about now... yesterday the US State Department's CLASS (Consular Lookout And Support System), which runs background checks on visa applicants to see if they've got criminal histories or ties to known terrorist organisations was taken out by a virus, rendering it inoperable. There is no backup system in place and officials can't say how long CLASS is going to be offline. There is some evidence that the W32.Welchia worm might be the reason. I think all of you know what comment I've got lined up next, so I think I'll forego making it and move on.
I know this has been around for a while, I just havn't had time to talk about it: JetBlue Airways gave identifying information of more than one million of its customers to Torch Concepts, a military contractor, last year as seed information for a data mining project to determine which, if any of its customers were possibly terrorists. The Acxiom Company (which I mentioned Solar Designer found and squashed a few buffer allocation errors.
The first casualty of friendly fire in the RIAA's war against peer-to-peer file traders: Sarah Ward, a 66-year old sculptor accused of using Kazaa to trade gangsta rap. No children live with her, no P2P file trading software, and no Windows box to run Kazaa on (Kazaa only runs on Win32; Ward has a Macintosh).
Sun Microsystems has a new desktop environment called the Sun Java Desktop.. okay... even though it's Gnome that's been rebranded because the JVM (Java Virtual Machine) has been bundled with it. How does that make it a Java-based desktop?
At last! The manga Tokyo Babylon has been licensed by TokyoPop and will be published in English!
Anyone who's been following the stunt that Verisign pulled a few weeks ago (redirecting all traffic to typo'ed domains to their own website) has probably run into their Sitefinder website. Well, that website leaks information typed into the webforms to a marketing data analysis company called Omniture. The data is passed inside a URL which links a web bug (a one pixel by one pixel graphics file from another web server for just this purpose). You just can't trust anyone these days...
Holy drek.. lots going on, not much time to breathe.
First was a meeting this morning to figure out what to do. We've decided to shuffle around our hardware functionality a bit, which basically means rebuilding two systems from scratch. Ouch. All that work and stored, data, gone. I managed to back up my IDS configs insofar as the changes from baseline but that's about it. I'm glad that I automated the installs with Redhat because once I touch off an installation it runs until it's done. Unfortunately, there's a lot of stuff that I still have to do by hand due to the limitations of Kickstart. Once I get a machine up and running I can work on it from my cubicle, which saves my back having to stand at a decidedly un-ergonomic rack for four hours.
The odd false alarm is always good for fucking up your day, too. That threw me off my stride, and between that and the meeting I had to catch up on my due dilligence stuff. On the whole it's only changing the order of things but for some reason (I think it's general crankiness) it's really messing with my head. I've finally gotten into a pattern that works for me and having to change it I find very disturbing.
Readers looking for a replacement for Microsoft's ubiquitous (and expensive) Office suite might want to take a look at StarOffice by Sun Microsystems. I've been using it for a few years now (since v5.2, lately v6.0) and it's a rock. The layout is very similiar to Office and the keystrokes are almost identical, though there are a few differences in the drop-down menus, from what I can tell. But this entry is actually to point you to a review of v7.0 done by The Jem Report not too long ago. They picked it apart module by module and reviewed each, and they gave it a glowing review: An average of 9/10 in three categories (user experience, value, and features). They also list some of the newer features, such as flawlessly exporting documents into PDF files, damaged document recovery capabilities, a much more friendly user interface, open file standards (Zlib compressed XML, as opposed to other file formats that probably had to be reverse engineered), and solid stability. It retails for $79.99us, though I'm pretty sure that you can download it from Sun's website as well for free. Try it and see how well you like it; if it becomes a complete replacement for Microsoft Office (as it did for me years ago) consider buying a copy to show Sun the proper respect.
Hello. Free Software Heretic, at your service. If it's commercial software and it rocks the docs, I buy it.
Adrian Lamo is in remarkably good spirits right now as he awaits trial for breaking into the computer network of the New York Times. The twenty-two year old was quoted as saying that "It will turn out to be worthwhile in its own way, and it will turn out to be a learning experience." Lamo is technically not under house arrest but he cannot be away from his parents' house for longer than twenty-four hours, and he cannot leave the area, either. The way things stand now he faces up to 15 years in prison and a fine of $500kus. It figures: Someone who tells the owners of the network he cracked what was wrong and how to fix it is probably going to get a harsher sentence than someone who would have raped and pillaged the very same network until detected and then disappeared entirely, never to be found. I wonder if it isn't the collective ego of the New York Times that Lamo hurt... as much as I hate to say it, I think the hardcore systems crackers have it right here. This particular good deed could send someone who was just trying to be helpful up the river for a long time. If he'd kept quiet about it he might not have wound up in this situation.
On a brighter note, Darci Wood of Las Vegas, NV is quoted in the article.. and referred to as Kevin Mitnick's girlfriend. Way to go, Kevin.
Oh, for gods' sake... another vulnerability in OpenSSH?! This just came down the wire on the Bugtraq mailing list: There are multiple vulnerabilities in the PAM authentication subsystem of OpenSSH. Anyone running PAM (pluggable authentication modules - a system that lets you add different capabilities to the login management system by writing modules of code) to handle authentication is going to have to upgrade. Oh, and at least one of them is exploitable - fun fun fun! Also, your systems now need Zlib >= v1.1.4 to build properly, though if I recall correctly you can disable data compression at build-time. I've got the source code mirrored already: (note: link deleted. Just get it from OpenSSH.org.) The fix hasn't been added to the Debian project's apt repository yet (I just checked - 1415EDT, 2003/09/23), and I doubt that Redhat's got it in. Everyone else, you know what to do.
Fuck it. I'm going VPN.
Wait a minute.. no, I'm not. I give up.
At least there's a bright side to this pain-in-the-ass: Unless your systems require PAM support to be turned on (in /path/to/sshd_config, option "UsePam yes") you probably aren't vulnerable. The advisory states that if you edit your sshd_config file and flip "UsePam" to "off" you're fine. Anyone feel like taking a chance on that?
I don't, either.
I havn't even been in the office for a half-hour yet and I've just deleted twenty-four instances of the Gibe.F worm were waiting for me in my inbox at work. Once again, they'd all been rendered neutralised but it's the principle of the thing. Someone's infected around here, but who?
This is rich.. someone fishing for credit card info on America On-Line accidentally tried to scam an FBI agent. Agent Joseph Yuhasz of the FBI received the spam back in February of 2001 and forwarded it to what they used to call the Special Technologies and Applications Unit, whereupon they tracked down the suspect, raided a few of her associated (who narked on her) and then took her into custody. Helen Carr, indicted suspect, goes on trial in November. Gotta love probability.
Ye flipping gods, it's been a long one. I just got out of a planning meeting about a half-hour ago and I can feel the insulation in my skull finally cooling down. I forgot how rough those were. So much information, so much to do, and so much that gets laid on the table and worked over. They're murder. And the aftermath isn't much better, let me tell you. There are lots of ruffled feathers and grumbling, and not a few complaints, which I suppose is part for the course given what happened last weekend.
Tonight's been a reasonably productive night, I must say. I filled out three job applications, checked them, and got them ready to drop in the post tomorrow morning as well as paid my bills (including my student loans, which technically come due in November but since I've got cash flow at present.. what the hell), and filled out the survey that Pitt sent me about my experience there. I've also written down a couple of recipes in my notebook and cleaned out some of the mail that'd been piling up on top of the china cabinet (where I keep the stuff I have to pay attention to). I'm coming up with stuff to donate to the bake sale on Pagan Pride Day (5 October 2003, North Park Lodge, North Park, western Pennsylvania). If all goes well I'll be able to prepare everything the day before seeing as how it's on a Sunday.
Lately I've been ripping parts of my CD collection into .mp3 files to make backups of them, in particular the harder-to-find stuff (like Cyberpunk Fiction, a parody of the Pulp Fiction soundtrack done by industrial bands and my latest find, Disconnect by Iris (it finally came in!)). I'm working at a clip of one disc every night, using cdparanoia to rip them into .wav files and LAME to encode them with as high a bitrate as I can manage. I'm hoping to get a new CD writer soon (probably an ATAPI one) so I can get back to backing them up. I seriously doubt that I'll be finding another SCSI writer anytime soon so I'll probably remove the dead one in Leandra, percolate the SCSI CD-ROM drives upward, remove the tape drive that I never use, switch the CD-ROM for the DVD-ROM, and install the CD-RW drive in its place. I may as well remove the 29160 card as well because it won't be needed for throughput anymore and replace it with the 2960 that's been sitting in storage for a while. If I ever get a chance to build a replacement for Crash I'll use the 29160 card for a drive array. But again, that's probably more information than you really needed.
This is kind of a neat hack: Intel's come up with a few designs for miniature keypads for handheld devices. Instead of tapping a key multiple times to cycle through characters until you get the one you want (for example: 2-A-B-C-a-b-c-2-...) the letter keys are placed in the gaps between the number keys. The schemes were developed by David Levy, former ergonomics engineer for Apple. Cool stuff.
Not too long ago John Schwarz, chief operating officer of Symantec, was quoted in an article at Wired as saying that it should be illegal to make information on security vulnerabilities and viruses in general available because they make it easier for people to write new exploits and viruses. I thought this had already been done... and it doesn't seem to have worked. The irony of Symantec owning Securityfocus, which hosts many mailing lists that discuss just this has not escaped the computer security and systems cracker communities. You can't make security better without knowing how to break it. John Zdziarski wrote a scathing rebuttal to Scharz's statement, in which he states in no uncertain terms that 'censorship legislation' has effectively hamstrung computer security on the part of the private sector and done nothing positive toward lessening the impact of computer crime. In his article he states several excellent reasons why this is a bad idea well enough that I don't see a need to reiterate them here. Suffice it to say that he doesn't trust Scharz's reasons for his statements any farther than he can throw a Buick.
This is weird.. I'm having trouble getting my mind set up for real writing, i.e., journalistic-style in these logs. Maybe it's the lack of time to do it properly (I've had to crank up my reading speed by a factor of two just to get through the bare minimum anymore), maybe it's being tired or preoccupied with other stuff. I don't know. I'm a little worried that the quality of what I write is going to start going downhill if I'm not careful, which means that the information content is going to go downhill as well. That's not good. I don't want that to happen.
Okay. Deep breath. Calm down.
After I got home from Swift Fox and Silaria's last night from game night I found out from my folks (who'd come back from a wedding late yesterday afternoon) that the reception was today and I was expected to go to it. I'm not happy about this; it completely screws my plans for today. I'm not even interested in going, and in fact I was quite relieved that I didn't have to attend that wedding yesterday. So now I'm sitting here playing the "hurry up and wait for me game", because they don't know how to get to the site of the reception and they're waiting a call from the people they're going to meet someplace and follow in. Which means that not only am I stuck with this but I'm wasting time.
Needless to say, I'm pissed.
Last night after I got home I spent some time talking with Lyssa, because I havn't had much of a chance to lately, and nosing around on the Net for information on working with Sculpey, which if you've never heard of it is one of the more popular forms of polymer clay. Instead of clay, which is basically tiny particles of silica suspended in water, which has the nasty habit of drying out and becoming unworkable if you're not careful it's tiny particles of PVC (polyvinyl chloride) suspended in a matrix of a polymer gel. It doesn't dry out, it doesn't become unworkable accidentally unless you heat it too far for too long or expose it to UV radiation for too long, and firing it means putting it in the oven in your kitchen for a few minutes. Once it's fired it's a solid block of plastic, which can then be carved, drilled, painted, sanded... cool stuff. I've been searching for something to play around with for a long time, particularly for making jewelry (because I don't have the money for metal casting materials or gemstones, nor access to centripetal casting equipment like I did back in high school). What's even more interesting is the metallic Sculpey, which if you work it properly can't be told from real metal save in mass (it feels much lighter than, say, silver). At long last, I can start making the jewelry I've always wanted...
Oh, and you can also use Sculpey to make casting molds of stuff. Even better.
Damn. That phone call finally came for Dataline. The sooner we go to that reception, the sooner I can get home and try to salvage some of the stuff I have to get done.
I'm home from the reception picnic. And I'm still pissed.
First of all, I'm not "that computer guy". I'm much more than a computer geek and I resent being called "guy". Those of you who know me know why this is so, so I don't have to revisit that little rant. Neither do I appreciate being expected or obligated to repair people's computers, especially when they are so bloody old that they should be dragged out to Defcon and executed on the shooting range. I'm also not crazy about having to store the fucking things in my basement.
Secondly, I said in no uncertain terms that I wasn't interested in going. I was serious about that. I'm angry about having to. When my family is not interested in something and turn down an offer I don't get them to go, I walk away and do my own thing. I expect the same courtesy in return.
And I hate being fawned over. Yes, I look good in a tuxedo. Please stop fucking reminding me of it!
I have to get out of here. I'm going to lose my mind.
As if last week wsn't bad enough, LSH (a GPL-licensed implementation of the SSH v2 protocol) is having its own problem with buffer overflows. It's possible to remotely overflow the heap of an instance of LSH. On Friday afternoon someone posted a working root exploit to the Bugtraq mailing list.
Oh, cool! Hunter S. Thompson is still around! I didn't know that!
Last night was a long one.. soon after I got home from work and the singular hell which broke loose yesterday afternoon (don't ask; even if I was allowed to talk about it I'm not sure that I want to) I had a quick dinner and then headed out to LARP to blow off steam from the week just past. Things are really heating up there - the Year of Fire is coming and I'm not sure how my characters are going to be able to handle it. My primary character is decently advanced, with somewhere around 150 XP of development, but my secondary isn't, having only about 15 XP in total that's been spent to develop him. That's a little worrisome. I'm also not used to that much activity in plot.
No one ever said the apocalypse would be easy. But you don't want to hear me prattle on about LARPing, I've a feeling.
Bryan and I went for a walk after game last night, getting to know one another. For some reason I have the easiest time making friends at LARPS: It doesn't much matter who you are as long as you're genuine about it. After seeing people play different characters for some period of time it's enough to remind you that the facade isn't what you should be paying attention to, it's the stuff inside that matters. At any rate, we're getting to know one another.
I didn't have much time to write yesterday because I was spent most of the day writing documentation (damned Office templates..) for the firewalls I've built and fleshing out the procedures I follow into bona fide processes that management loves so much. A necessary evil, I suppose. And then all hell broke loose... all I have to say is, IDSes and the natural pattern recognition wetware in my skull are a dynamite combination.
A while ago rumours about something called Project Bojinka began circulating in various circles. One curious individual at The Memory Hole sent a Freedom of Information request to the NSA (National Security Agency) to try to find out more... here's their response. Interesting reading, and even more interesting is what Project Bojinka is. You'll never believe me, so hit those links and read them for yourself.
For those of you awaiting responses to e-mails, please be patient. I'm kind of busy at the moment.
Went shopping today, and picked up Lyssa's birthday gifts. Have to run again!
Today's started off on an amusing note. No sooner had I walked into the office and sat down to check my e-mail than I found four separate messages from junk e-mail addresses (badly forged, obviously someone making up something that appears, at first glance, to be official) purported to be Microsoft Windows updates. One even had msdn.com as its false point of origin. Cute. Thankfully the scanners on the Exchange server disabled it; at least that's working. I guess this is that new worm that we're supposed to be afraid of.
Last night was unusually productive... I did a bit of lifestyle maintenance, cleaning up on the patio a bit, then put the jalapeno peppers in the fridge into the oven to dry out to preserve them. They're now pretty well dehydrated and blackened on the outside, and still potent. I've got a supply for the winter, now. I also started putting together a new kittyband last night. After a first attempt with a serious design flaw (too much material used) I re-used the materials from the first try and made a perfect set of ears. All I have to do is attach them to the band and they'll be good to go. Maybe I should sell them on eBay, there's definitely a market for them out there.
My heels are still rubbed raw from breaking in my wingtips earlier this week. Unfortunately I'm out of band-aids so walk to the office this morning (wearing boots, even) was painful. Bad idea.
Lyssa's with the Virginia contingent right now riding out the storms. DC, from what I've heard, is pretty well shut down, as is the University of Maryland. Everyone's okay.
jeffrey Parson, age 18 and reputed creator of the Win32 worm called Blaster.B goes on trial on 17 November 2003 in Washington state, even though his place of residence is listed as Minnesota. It is said that this is because Microsoft is the principal victim of the worm... as someone who ran around like a goldfish in a blender two days after that little bastard was released into the Net disinfecting workstations at work I protest. Microsoft sure as the day is long wasn't the primary victim of Blaster.B, all of us who do IT work were. Everyone who uses a Windows workstation who lost time to it that could have been spent doing real work were. Everyone who was stuck on-site all night trying to contain infections and make sure virus scanners were working were. Get to the back of the line, Bill; we admins want first crack at him.
And here's a story about the latest pain in the ass running around the Net. It's looking like it's called Gibe.F, and tries to exploit a positively ancient vulnerability in IE (dating back to 3/2001). Not only does it try to e-mail itself around but it also tries to spread via IRC (Internet Relay Chat) and file-sharing networks. Antivirus companies like Symantec and McAfee have given Gibe.F a threat rating of 'low'.
So much to write about, so little time. I'll try to wade through it all tomorrow.
I've fallen in love with Snort, an open source intrusion detection system. It's incredibly powerful, from the speed with which it analyses traffic to the language used to create rules (directives that define what kinds of traffic to watch out for and what to do with it). On the down side, getting it up and running requires a lot of fine-tuning of the rulesets that you can download from the website to start out with. If you don't you could spend literally days writing rules to cover baseline traffic, which is basically reinventing the wheel. On the down side, adjusting the ruleset means watching lots and lots of network traffic, sometimes gigabytes of it an hour if you've got big data transmissions going on, figuring out what's normal activity and what isn't (infinitely easier if you built the network, because then you know what to expect; I didn't so I don't and have to go through my supervisor), and then determining what rule(s) triggered the alert so you can either comment it out entirely, adjust it, or tweak the relevant engine's sensitivity. On the up-side, once you have one Snort sensor built you can then copy the configs over to the others, which cuts the fine-tuning time immensely.
Today's been an odd kind of day.. I don't have much to write about at the moment. I've been hacking around with Snort all day, learning how to digest logs and setting up ACID (Analysis Console for Intrusion Databases). Basically, your IDS stores its data in a relational database (like MySQL); a webserver is set up to interface with the database engine, presenting a front-end to the database (the Snort logs) which is easy to use and does a lot of the work of digesting the data into a coherent picture of what's going on. If it takes you, for the sake of an example, an hour to reconstruct some traffic in your head by referring to the captured data and figuring out the meaning of each packet, ACID can do it for you in a matter of seconds. It's all in how you present the data to the mind doing the thinking; that's the key. I've also found that IDSes are good for network debugging; stuff like hunting down a failing NIC or a misconfigured router leaves tracks a mile wide through the records of an IDS. Once you figure out what the signs mean it's a simple matter to track down the problem and fix it.
Maybe I'm just entirely too happy about learning something new; maybe I'm still capable of finding joy in learning. Either way, it's a good day.
And there have been no crises! How much can you ask for?
|The Potion Maker|
|mystergium is a cloudy, lumpy amber solid leeched from the blood of a Jabberwocky.|
|The Doctorium is an opaque, effervescent opalescent liquid created from the flower of the eternity tree.|
|Mixing mystergium with The Doctorium causes a violent chemical reaction, producing a cloudy brown potion which gives the user the power of spitting acid.|
|Yet another fun meme brought to you by rfreebern|
Today's going to be a rough one in the NOC I think. In my morning news crawl I found this article at Securityfocus about another Windows vulnerability, similiar to the one that Blaster was exploiting.. only there's a penetration exploit for it making its rounds. This hole's being actively exploited and keyloggers are being found on systems compromised in this way. Great. As if that wasn't enough to make it worth getting out of bed, Ken Dunham, senior analyist for iDefense was quoted as saying "Certainly we'll see new variants in the next few hours or days" (emphasis mine).
Wonderful. I know that exploits tend to come out faster than the patches do, that's a fact of life, but hours?? That's a bit much, even for the half-life of 0-day exploits... I need a cup of coffee and my wrist braces.
Kibo on a mother-loving pogo stick... Theo, I'm starting to lose my confidence in your skills. OpenSSH v3.7.1 was released probably late last night because the buffer management bug found yesterday wasn't fixed in the v3.7 release. Fire up the software management wetware of your choice, boys and girls, and get the fix in... in response to someone (probably one of several thousand people) e-mailing Theo de Raadt (head of the OpenBSD and OpenSSH projects) yesterday he had this rant to get off his chest. Theo, thank you for telling us that you're trying to get a new relese of OpenBSD out the door. But you know what? The number of people using OpenSSH is greater than the number of people using OpenBSD because it's been ported to so many other operating systems, to say nothing of the fact that it's been embedded in so much network hardware. WORK ON OPENSSH FIRST! THEN WORRY ABOUT THE UPCOMING OPENBSD RELEASE! Word's gotten around on the full-disclosure mailing list that the bug might not be exploitable but that's been said in the past - better safe than sorry and all that.
(note: Link to OpenSSH v3.7.1 deleted. Just go download it from New York Times lambasted the US government for throwing so much money into catching him that could have been better spent elsewhere. They put a great deal of manpower and money into finding and charging Lamo when he acted in good faith and warned the Times of the holes in their network security. If Lamo could find those holes and not abuse them, how many others, do you think, also found them and are abusing them? People of a similiar stripe tend to think in parallel lines, though not all for the same reason... And he's got a point. Script kiddies that deface websites and DoS attack networks, from what I've seen, aren't caught as often and tend to get lighter sentences than folks like Adrian. Please note: I'm not a legal eagle, so take that statement with a considerable grain of salt; anyone who's up on legal precedents and trial logs please e-mail me privately, I'd love to do a serious analysis of this. I'm only speaking from my own perceptions.
Martin Schulze posted to the Debian developer's mailing list a few days ago: Preparations for the release of Debian GNU/Linux v3.0r2 are underway. The last call for bugfix packages has gone out, though no release date has been announced as yet. The list of packages that will be accepted into this release is attached to that particular post and is considerable in size.. they're gearing up for a major release, all right. When Debian 3.0r2 is released you'll definitely find out, hopefully after all the mirror sites have synched up with the main distribution FTP server.
I finally beat Final Fantasy Origins: Final Fantasy I tonight. Thirty-two hours, five minutes, no deaths. I think I'm learning that thing called strategy.
You know.. I'm not going to say a word. I've forgotten some important things in the past, too.
Huh.. I used to spin as 'DJ Doctor Who'. Not terribly original but everyone knew me.
Oh, for pity's sake.. Sendmail v8.12.10 was released yesterday to fix a remotely exploitable buffer overflow in the address parser. There is also another overflow in the ruleset parser which is only exploitable if the system is running a non-stock set of mail handling rules. Then again, it's Sendmail... it doesn't have the greatest reputation on the Net. Anyone remember 'wizard'?
In a motion passed yesterday, Groom Lake, NV is still under top-secret classification, regardless of all the lawsuits regarding the exposure of personnel to hazardous materials surrounding the facility. For one year's time the area is exempt from state and federal hazardous waste laws.
Today's starting off slowly, something I mind not at all. I'm still doing traffic analysis, looking at TCP/IP packets all day and feeling my brain melt. A lot of the infrastructure around here is based upon gigabit ethernet - there's so much moving so fast it's like trying to drink from a firehose. Filters and grepping and selectively parsing logfiles only goes so far, there's still an amazing amount of stuff to take into account.
If I get one more spam for antispam software I'm going to scream.
While I'm waiting for my headware to cool down, I may as well write up Forge's wedding from a few weeks ago. After scrolling down to reread what I've written so far I should probably start the afternoon of the ceremony.
Around 1500 EDT we returned to the hotel for lunch and to change. Forge had ordered real Philadelphia cheesesteak hoagies for everyone in the wedding, from a place in downtown Philly (the only place to get them) that didn't mind delivering. Amazing; simply amazing. I've found a new favourite. Around this time it began to rain in torrents, and a gawky-looking figure wearing cat ears could be seen tearing across the hotel parking lot in the general direction of a car to frantically roll the windows up...
Yep. I did it again. Dammit.
Following the mad dash back into the hotel to finish lunch we split up to return to our rooms to finish getting ready. I spent some time talking with Forge's parents to catch up on old times (I havn't seen them since they moved away back in 1997 or 1998) and then headed back to take my third shower of the day. I took my time getting dressed, making sure that every last little thing was in place and clean. I love tuxedos, I really do. I love the process of getting dressed and grooming just so for a big event. Always have. We didn't have neckties or bow ties but collarless shirts (thank you, JMS!) and button covers: Silver caps with onyx backgrounds and a tiny gemstone in the centre. I have to admit, the button-studs that are supposed to be used on the shirts instead of the actual sewn-on buttons still throw me. You just don't see those very often. It was just as well, because the thread holding many of the buttons in place was frayed and coming loose. Thank you, Men's Warehouse.
Once everything was said and done I said goodbye to Lyssa and met up with the rest of the groom's party in the hallway. We piled into Bosco's van and drove out to the Lai Lai Garden to finish preparations for the ceremony. The room it was to be held in was partitioned off from the rest of the building and the chairs were already in place. The parents assembled the altar and made sure that the justice of the peace was present. At the same time the disc jockey was setting up in the big room, where the reception was being held. It was around this time that it was discovered that the entrance songs for the bride and groom, the first dance, and even the recording of the wedding march were missing. The CDs had been left someplace by the DJ and forgotten sometime earlier that day.
Two people were dispatched to try to get their hands on replacement discs; I'm told that they scoured the entire town looking for the proper soundtracks. They must have - it took two hours for them to return with the CDs. The DJ, at the same time, was calling everywhere he'd been that day, everyone he'd been with, and most of everyone else trying to figure out where they'd been left and to arrange transportation if possible. The groomsmen stuck with Forge to keep him calm (which turned out to be unnecessary - the man's got liquid helium running through his veins) and to press preparations on. A wedding can theoretically survive with no music but not without a groom and groomsmen. Then the report came in that at least two vehicles were MIA...
The route from the hotel to the Lai Lai Garden involves passing through an intersection comperable in confusability to some of the ones on Pittsburgh. A few of us were wondering if they'd somehow gotten hold of a part of the Pittsburgh roadway system and transplanted it specifically for the wedding just to make Forge feel at home... I know for certain that one car wound up back on the highway and couldn't turn around until they reached the first toll plaza down, which is something like a sixty mile trip. Ouch. I don't know where the other car wound up, I only know that they arrived twenty minutes before the ceremony was to start. By this time the contingent already in place was working dilligently with the staff of the Lai Lai Garden to get ready. The corsages and roses were taken from the freezer at the back of the restaurant and distributed (yep, they were kept in cryosuspension.. fans of Aliens should feel free to make any jokes they deep appropriate here; believe me, we did at the time), the crash (paper walkway leading from the door to the altar) was unrolled and taped down, the bar was checked by all concerned to make sure that they had enough for everyone (this was a valid concern given the number of people who'd accepted the invitation; I'm guessing that there was in the neighborhood of 200 guests present), and the sound system was checked out.
The photographer arrived and began posing everyone in the party for pictures not long after that. This took the better part of two hours, and whomever was not being photographed was running around trying to keep busy, make conversation with the other guests who'd arrived, and generally kill time while avoiding any more crises. There was one thing that I'd heard about while circulating, something about a fight or an argument of some kind, but I don't have any details about that so there isn't anything that I can talk about on that point. I do know that eventually the music for the ceremony was located (though I never found out if the CDs had been located or replaced). Seeing as how we were the best connected wedding party in the world (as Jill had dubbed us; the pictures will explain more once I get them online) we should have kept .mp3 copies of everything handy just in case. Not a bad idea.. save that I'd made the decision to unplug for the ceremony earlier that week to spend more active time with Forge and everyone else and not with my head in the Net.
Mental note: Next time bring Kabuki. And a PCMCIA modem. And a cable for my cellphone (if I can ever find one).
Once the photographer was done we were pretty much at loose ends until the rest of the guests arrived and the ceremony began, so we amused ourselves by staging our own photoshoot. I'll put those online with the rest of them, never fear. The final carloads of attendees of the wedding finally pulled in shortly before 1800 EDT (if my memory logs are correct), much to everyone's relief. At this time the groomsmen gathered and we began to seat everyone. Jill passed out wedding announcements as each of us walked past, guest in tow. Once we'd gotten everyone seated we took our places around the altar and awaited the arrival of the bride and groom...
Greetings, readers from the United States Navy!
Trouble, cats and kitties: A new vulnerability's been discovered in OpenSSH v3.7 and earlier in just the past couple of hours. It was posted to the mailing list full-disclosure on 15 September 2003 and there are already functioning exploits in the wild. You can read more information here but in a nutshell there's a bug in the code that manages how large a certain buffer is; if the buffer's too small it's resized, even if it can't be resized the next time it's accessed as if it had been. Bingo: Overflow. There are also concerns that there are no buffer size checks made before calling the module in question (buffer.c) and calls to an error handler/cleanup method caller called fatal() which leave an instance of OpenSSH in an inconsistent state. Not good. Debian Linux already has the fix in - admins should already be running 'apt-get update && apt-get upgrade && /etc/init.d/ssh restart'; Redhat admins should be running up2date or hitting the Redhat FTP site to get the updates - grab the .rpm files with timestamps of 16 September 2003. Slackware afficionados, openssh.org's FTP archive is getting slammed, but keep trying. You'll get through. As for everybody else... you know what to do.
(note: link deleted. Just get the latest version from OpenSSH.org.)
After trying to get the patches installed on all the systems that need them at work, I've come to the conclusion that I really hate floppy disks. Hate them. I wish I had a USB pendrive so I wouldn't have to fuck around with all the nonfunctional 3.5" drives in the NOC. *screams in frustration*
It pisses me off almost as much as people who eject floppies from Unix systems without unmounting them first.
On a lighter note, there's a new feature in Fyodor's Nmap that'll draw the attention of my more computer-security minded readers: Service version scanning. If you've never used it before, Nmap is a utility called a portscanner, which means that it interrogates a system you aim it at to see what services it has running on the network. Because the most commonly used services run on standardised ports (SMTP (Simple Mail Transfer Protocol), used for e-mail, sits on port 25/TCP; HTTP (Hypertext Transfer Protcol) runs on port 80/TCP), if you connect to that port you're almost always sure of what you're reaching. It's possible to tell a network service to listen on a different port, however (an example of this is configuring your webserver to sit on port 8080 to get around the access restrictions your ISP has placed on your link). Now Nmap can do more than detect that there's some random service running on port 8080, it's able to interrogate that port to find out what service it is, which particular implementation (for example, Redhat, TUX, Boa, etc.), what revision, and sometimes what extensions have been loaded in. For auditing your network to see what you've got running at any given time, this'll make the job a hell of a lot easier, take it from me. Check out the paper: It's a little long but not very technical and it goes fast.
By the bye.. just check out that link for the writeup of scanning www.microsoft.com with the new features. You can expect my Debian-stable packages on the FTP site soon.
Something Awful did its takes on Apple's new iPod ad campaign. There are a few good ones in here.
Unfortunately What's On Your Mind and Pump Up The Volume aren't in the list. Oh, well.
Dataline is taking my grandfather to the doctor for a checkup today so she didn't ride in to town with me this morning. It felt a little odd, having travelled with her so many mornings but oddly relaxing as well. I was able to sit and listen to my CD player (the Trax .mp3 player is still working quite well - nothing like a little Rob Hubbard to wake you up) and try to do some reading on the way in, but the seat I grabbed was too small to hold my backpack, myself, and the three-inch binder o' documentation that I'm trying to absorb. Mental note: Next time take a seat with more room if I'm going to study.
My body's frozen around 155 pounds in weight, and has been since the wedding. I think it's finally gotten angry at me and said "You've held me at too low a weight for your energy needs for four years; now it's time to get you healthy." I don't think I can do anything about that save extreme measures that are not only a dumb idea but pure vanity. I give.
Here's a gizmo that should make you sit up and take notice: The ActivMedia PatrolBot, which is an autonomous security robot running embedded Linux. It's based around a single board computer (everything on-chip) manufactured by Versalogic, and costs just a hair shy of $30kus. On board is a laser rangefinder, sonar sensors, encoded driveshafts for keeping track of distances travelled on a per-drivewheel basis, gyroscopic navigation and correction, and the ever-useful collision detection sensors. The PatrolBot was designed to augment the static security nets installed in buildings these days, and is capable of carrying types of sensors that are too expensive to put all over the place (I'm guessing stuff like IR or UV). They can be programmed with maps of the building of installation and are capable of navigating around obstacles that arbitrarily appear. In a nutshell, the ARCS subsystem (read the article) learns the layout of the facility and builds an internal map; from there the security admin assigns it a routine to follow (like a human guard walking his or her beat) and off it goes.
It wouldn't surprise me if, buried in the source code, was the name 'Elvin Atombender'. *chuckle*
Guess what I forgot to do last night - roll up the windows of my car. As I was walking the few blocks into work it was trying to rain outside... now it's supposed to be raining pretty hard as I write this. I'm not near a window so I don't know for sure. I hope Dataline rolls them up for me as she leaves today (because she has to move my car to pull hers out of the garage). *sigh*
Another update from Jens Shoenfeld on the CommodoreOne mailing list: The reworked C=1 mainboards shipped today. The erase-and-reflash function of one of the chips (he didn't say which, I'm guessing one of the flashROM chips) works and the developmer's boards will ship tomorrow.
Recently John Poindexter resigned from DARPA; a copy of his letter can be downloaded from here.
My order from A Different Drum shipped today. Now I'm excited.
My grandfather's okay - his blood tests were all in the green, and the medication he's on is showing no signs of damaging his liver. To keep his prostate gland from swelling, however (and I realise that this is probably more information than you wanted) he's been prescribed a third medication. He's up to three a day now. It's taken him 85 years to need even one a day; that's a hell of a run, I say.
One of these days I'm going to remember to look and see exactly what it is that he's taking, though.. my short-term memory feels like swiss cheese.
Today a surprise came in the mail: Dataline bought me a pair of wingtips. Yep, old-school black leather wingtip shoes with white tops. I love 'em. I'm going to wear them to work tomorrow. They're sharp, let me tell you. I think I'll get a few pictures tomorrow night if all goes well (and I get new power cells for the camera).
That reminds me - I still need to do that writeup of Forge's wedding! I keep forgetting. My memory's so screwed up lately it's not even funny. Between what happened last Friday night (Morpheus preserve me), sleep deprivation, and general weariness I'm lucky I can remember my passwords in the morning, let alone First Rite and to get the yogurt out of the fridge to pack for lunch. I'm starting to worry about this. I've gone from quoting chapter and verse of pretty much everything I've read up until my sophmore year of college to this?
Have you ever gotten the feeling that the entire world's against you? It very well might be (note: not a work-safe link). Talk about your once-in-a-lifetime pictures..
You know, I think I'm just going to firewall off the entirity of the Roadrunner cable modem network (rr.com). I get so much spam from there it isn't even funny, but when I try to report it (abuse at rr dot com) my mail bounces, citing that it came from a residential IP block and won't be accepted. Talk about the pot calling the kettle black...
Yay! My VCR works again!
It started acting a little better last night - I could actually see a little bit of video image though the tracking was messed up and the audio was fuzzy. Today I dug out a bottle of isapropyl alcohol and one of my cleaning tapes and gave it a once over. I just tried it a few minutes ago and it seems to be working once again.
Today I seemed to be in fast-forward, and for the lives of me I don't know why. Dataline was complaining at breakfast this morning that I was talking a mile a minute, something that I'd noticed as well but am at a loss to explain. I practically tore out the door to finish the food shopping this afternoon (and wanting to get to the store before it was shopped-out doesn't explain it). I still wonder how I managed to cover the entire store in less than an hour and not take anyone out in the process... what's going on?
Dinner tonight was potato pancakes; Dataline found a recipe for vegetable pancakes and she decided to put the electric griddle to use. I'd had my heart set on polishing off the Chinese leftovers in the fridge from last night but I have to admit they were pretty tasty. I don't think there are any left in the kitchen.
My paycheques are being direct-deposited now. I checked my transaction history this afternoon and the last one went through. This is neat.
I'm still moving a mile a minute. I've written the last couple of entries in less than two minutes' time. And I'm doing two loads of laundry at once to boot.
And that wraps it up for my weekend. More to come tomorrow when I can hopefully think of a decent tagline.
Mediterranean food is not enough for a lightweight who plans to drink.
That said, last night was slow, quiet, and early. After unpacking Dataline's new toy (a Roomba (robotic floor vacuum)) and reading the fine manual, I've come to the conclusion that it's a pretty neat gadget. I like to think that I'm rubbing off on her... anyway, it runs just as I thought such a device would, using a logarithmic spiral (or something very close to one, given a few kinks in its runtime) to navigate the room. There is also a small tight-beam IR transmitter included, called a virtual wall to keep it from running out of the zone it's supposed to be running in. It's neat enough that I can see why so many people love Lego Mindstorms. Maybe I will give Chris that call, after all...
If John C. Lilly had designed a cellphone it might look something like this. Researchers at the Media Lab Europe have designed a cellphone which consists of a helmet attached to a trio of floats which completely encloses the head - you wear it while floating in a swimming pool. Kinda neat, that. The pictures in the article remind me a lot of the opening sequence of the movie Altered States. All humour and references to sensory deprivation tanks aside, however, the idea behind it is to let the user concentrate on the conversation they're having and the person on the other end of the link and not their surroundings. Conventional cellphones, they say, force the user to split their attention between their environment and the call and this weakens the experience. It's a neat idea, but it's also a bit impractical (as the final paragraphs of the article state).
Greetings to the Defense Research Establishment of Ottawa, Canada! Also, a big hello to The United States Air Force.
Burn's still not fixed - she kernel panicked again. Damn. I think I'm going to see if that spare P-III box I've got in my lab is workable, and if so I'll start constructing Burn's replacement tonight. I can migrate the current incarnation of Burn's configs over a little at a time. Maybe I'll build another Debian box instead of Slackware just for maintanability's sake. What the hell.
Sheesh.. does whitehouse.gov let any search engines index anything?? Thanks to Gwenix for that one.
This afternoon I did some experimenting with Dataline's robot vacuum. It seems to do a good job, albeit not as thorough as a person, but that's only to be expected. I put it through its paces, hovering in the wings like a parent watching a little one in a china shop. I picked up everything on the floor (which is quite a lot of stuff), moved the dining room chairs into the kitchen, and blocked off the hallway with the virtual wall. The Roomba started off by running a pretty basic search spiral until it hit the wall and then turned to its right and started following the perimeter of the room, even going under the desk, around the stereo, and behind my grandfather's chair a few times, though for some reason it didn't get too close to the base of the couch. It then started working its way through the dining room, running around the legs of the table (I thought that a nice touch) and along the top of the stairs leading down to my lab. I was sure that the dropoff detector wasn't going to work but it did its job admirably. For some odd reason it was reluctant to run around the middle of the living room and dining room floors, which needed the most work but once it actually did so it picked up all of the cat hair that had collected in the course of a week (if Ziggy would let us groom her this wouldn't be a problem, and I think she'd have a more pleasant disposition because the mats in her fur wouldn't pain her). All told, it took about an hour to do its job, and I must confess it's worth every penny. If you've got some expendable cash and a need for something to do the floors for you, get one. You won't be sorry. Dataline bought it at Kaufmans online for $199.99us.
Today feels different from the other days. Calmer. Quieter. Slower, in a lot of ways. Not that I'm arguing, not by a long shot. I just havn't had a day like this in a while. I hope it keeps up.
While riding in to work on the bus this morning I found myself staring out the windows at the world sliding by as we cruised down the hidden roadways of Pittsburgh (the PAT Busway - public transportation and emergency vehicles only; gods help you if you stumble into that system by mistake). It was the first I've just looked out at it in a long, long while. The graffiti's still there, and it's changed subtly, as clandestine redecoration is bound to do. It grows like lichen covering the concrete and brickwork, like some mad force of nature is slowly reclaiming the land lost to industry, big business, and shipping. A few new names are there, some older stuff's been painted over. I couldn't help but look at all the buildings beyond the train tracks that run parallel to the busway; big warehouses and what used to be office buildings that have been diced up into apartments, most of which are still empty. There are rental signs stuck up all over the place. I can't help but be reminded of Gibson's Count Zero, the way he described Bobby's home (such as it was) in the projects, all concrete plates and stained brickwork and lots of people studiously avoiding each other. I wouldn't mind owning one of those buildings. They're reasonably far away from habitation, they havn't been condemned (as far as I know; a building inspector might say otherwise), and they're big. They definitely have enough room for me to live. I tend to sprawl out wherever I happen to be, and there is definitely enough room for all my gear and myself in one of those buildings. I'd leave the bottom two floors or so (when you've got six to eight floors in a building to work with you could do that), mostly for the look of having all that open, unused space. I've always fancied those big concrete pillars dotting a huge space for some reason. They give it a sense of scope, of space. They give the mind an idea of how much room there is by acting as points of reference, like the dots on a Go board.
Those two floors would be ideal for security, too. Like a firebreak in a forest they'd contain any potential problems, hopefully long enough for them to be taken care of. You could put a pretty tight security net in there if you had enough money for all the equipment. Figure another floor for storage, another for the hardware and the server room (like I'm not going to have a workshop and a few systems running all the time), another for living space, like the living room, kitchen, library, stuff like that, and another for living quarters. For a change I'd actually have a big enough bedroom. I'd hate to see how much a single apartment in those buildings is, though, let alone buying an entire structure flat out and rebuilding it. Maybe if I hit the Powerball lottery at some point in the distant future and decided to go all the way and become a recluse I'd do that.
Keeping it clean would be a trick, too. That's a lot of space to sweep, dust, mop, what have you, and I'm not the best housekeeper to begin with. That is what automation is for, though.. why work harder when you can work smarter? I've always had a thing for robotics, and I was pretty good at it when I was a kid and had time to hack on stuff for days at a stretch (oh, those halcyon days when my body didn't need at least seven hours of sleep each night; Morpheus keeps me busy on the castle grounds). It wouldn't be too difficult to design something around RC cars (I recall a huge how-to article in Omni Magazine back in 1986 or 1987 for converting a certain RC car from Radio Shack ("You've got questions, we've got blank stares.") into an autonomous robot with a neural net simulating those of phototropic insects. It would be possible to rig it up to have a small vacuum and train the net to run a logarithmic search pattern (in the wide-open spaces) and fix a vacuum to it to at least keep the floors tidy. As for the more habitated areas of the building, I might have to do that myself once in a while, though I wouldn't mind a bit of robotic assistance. Ever since I was a munchkin I've had a thing for the Heathkit Hero-1 and Hero-2000 hobby robots (remember Hero-1 from Mr. Wizard's World?), and they were programmable in 6502 (if memory serves) machine language. That could be fun. I might have to prowl around the hobby sites and eBay a little to see what's what.
Aah... the dreams. As if they'll come true.
Here's a bit of irony for you: Remember that blown Redhat upgrade yesterday at work? I'm going through my e-mail and I just found this transmission from the linux_security mailing list entitled The Wrong Way to Upgrade Your RPMs. *sigh*
Granted, it's not about messing up an upgrade but about installing software when you should really be upgrading it, so it's just the title I'm talking about, but still...
An article about the loss of academic freedoms in the post 9-11 western world was posted to Securityfocus earlier today, slightly odd in that it's a computer security news portal but it's still pretty interesting. Academics all over the country are censoring themselves, both in what they'll publish and what they'll even work on to avoid administrative hassles due to stricter laws. Everyone's afraid that what they're working on will be considered a threat to national security. Also, there are fewer foreign students entering the United States, partially due to problems getting a visa to enter the country. Physics and biology programmes are being hit the hardest right now, and I've heard rumours that the CS, CE, and EE programmes are losing students for the same reasons. The biggest problem is that federal law is classifying more and more research topics as potential threats and not pure scientific inquiry. All I have to say on this matter is that microbiological research covers the synthesis of new vaccines. I don't like the idea that a vaccine might not be created because the US government thinks the research is dangerous to national security, life, and limb.
A news article at the BBC contains this quote: "Every single person in the UK should be compelled to have their DNA on the national database in an effort to prevent crime, a senior police officer has argued." How? Do they have some sort of device that can monitor people through their DNA to see what they're up to? This never made any sense to me.
Today's been a long one. I've built a few more servers today (including a brand spanking new Windows 2000 Server system; we're waiting for it to awaken and begin devouring the rest of the boxes on the LAN) and writing documentation. Much of today's been spent trying to get these new systems connected properly to the network so that they can be updated and patched, as all good servers should be (you did patch your deck, right??), but the weird proxy servers they've got on the networks around here make it all but impossible to pull it off. I'm all for network security, don't get me wrong, but a network security policy shouldn't make it difficult to keep the individual systems up to date and secured. But that's just my opinion.
I'd forgotten what it was like, downloading updates by hand. Havn't had to do that in too long.
More to come, probably later. I've spent most of my time in the NOC so I have no idea what's going on Outside right now. Nothing catastrophic I gather, judging by no one panicking or making frantic phone calls, and no clustering around cubes to listen to the news, thank the gods.
Let's see... what has happened today? I learned something about Redhat Linux - if you can get away with it, let up2date do the work for you. I built a pair of Redhat v9.0 systems at work to act as sensors for the upcoming security effort, and like any admin worth his salt I started updating it by going through the errata pages for Redhat 9, looking up the packages relevant to each and testing them against the list of .rpms installed, and downloading the ones that matched. Everything went swimmingly until I got to the updates to GlibC, the core system libraries. I ran the upgrade and everything under the sun started segfaulting. Even the rpm utility, so I couldn't back the changes out. One system, completely hosed. "In nomine patris, et felis, et spiritu sancti. Amen."
I ran back to get the RH9 CDs from Chris v2.0 and performed the world's fastest manual installation of Redhat Linux: 43 minutes from boot to fully functional. We're supposed to start installing the goodies on those boxes tomorrow and I can't waste any time rebuilding one, so I'm going to ask Chris what he does to update Redhat. I'm not too experienced with it, so I think I did something dumb (like try to install a binary optimised for i386 when every other package on the system is optimised for i686); I'm going to try it again tomorrow to see what happens. There's a first time for everything.
As far as I know, nothing bad happened today. No bombings, no assassination attempts, nothing to rival 11 September 2003. Good.
This evening was a great deal more laid back than the other ones this week have been. I've started aging more paper for Fern's book of shadows, and I think I'm making a decent amount of headway. Baking the aged sheets of paper at 250 degrees Farenheit doesn't seem to foul the process up any and speeds things along a great deal; so does making one huge batch of tea in a stewpot at a time to soak the paper in. I've been mucking around with my VCR lately, trying to get it to play back again. You can hear sound from the tape that's playing but no video. I have no idea what's wrong with it, and the user manual only suggests that it's an incorrect connection at fault. That's all well and good save that it was working perfectly last Sunday. I was watching episodes of Babylon-5 on it. I'm trying the unplug-it-and-let-the-firmware-reboot solution right now and I've pulled and re-done the cables just in case something weird happened that isn't visible due to their location (in the back of the VCR inside the cubby in the home entertainment centre). I've also set up ClamAV on Burn to check for updates to the virus signature database every two hours, so that's one less thing I have to worry about.
There are new Lain dolls available at Rightstuf! They've got Lain with a guitar and Lain in a hoodie lined up for release on 30 October 2003. Get your pre-orders in.... each is limited to 3000 production pieces.
Hmmm.. that didn't work, either. VCR's still messed up. Maybe I should clean the tape heads tomorrow night.
Greetings readers from house.gov! I hope you liked my writeup about the Ecstasy Awareness Act of a few months ago.
More on Adrian Lamo turning himself in: He really did it. Yesterday afternoon he gave himself up in Sacramento. Gregory Hollos, federal magistrate ordered Lamo released on a bond of $250kus, part of which is his parents' house. He is currently confined to northeastern California and cannot travel unless the court gives its go-ahead. The US government is flying him to New York City, NY so he can surrender to agents of the FBI on Thursday, 11 September 2003. He's been ordered to find full-time employment (good luck, Adrian..) or to enroll in college in the time leading up to his trial. With this hanging over his head, I really don't think anyplace he's qualified to work or any college will touch him. They ask about stuff like this on applications, and it's a big part of being turned down. Of course, he's not allowed to use any computers, which limits his options severely. Adrian's omnipresent backpack, which usually held his deck and a few personal effects "fell off a bridge" as he put it. Heh.
We're all pulling for you Adrian.
What is this, the day for fscked up spam? In going through one of my e-mail accounts I came across two copies of this little gem:
Date: Tue, 09 Sep 2003 21:10:14 -0500 From: essie
To: firstname.lastname@example.org austins the name spammins mAh game you mess wit da 47 man, pshh you aint g0t n0 plan step t0 mah elite mailin skillz, joo best head to da hillzzzzz when 47 gets j00 ya best call up yah crew, or imma come rat -ta -tat tat 0n y0 punk azzz with MAH GAT!
Two copies from different IP addresses, both dealt with. I wonder what outfit I pissed off... and then a few minutes later I recieved one from a domain called darkprofits.com, advertising illicit drugs, military-grade weapons, and other lovely toys for a night out on the town. On a lark I did a whois check on it and found out that it's registered through Tucows out of Thailand. What is this - call out the kooks day on the Net?
*sigh* That was a waste of ten minutes, easily. It's up there with the fire evacuation immediately after I send complaints to the ISPs in question. This is the second one in a row... at least it's an excuse to rest my wrists for a bit.
Back in 1993 the United States Air Force put together a study of the air campaign employed by US forces back in the Gulf War and published it publically, going so far as to sell dead tree editions through the Government Printing Office for anyone to purchase if they so chose. Pretty mundane stuff, right? Not too long ago they pulled the freely accessible documents from the US Air Force website, the national archives, and a few other places. This has been happening more and more lately, the loss of unclassified, public domain information of all sorts in the name of 'national security'; some pretty inane stuff's been taken down as a result. You can still find copies of these documents at http://www.fas.org/sgp/library/index.html#gwaps, though.
Wow. On the bus this morning I finally finished reading everything that I wanted to, which was a lot of documentation on stuff like GRsecurity ACLs and IProute2 (good luck finding the homepage for that). I feel like I've accomplisehd something, no matter how small.
Google News has stopped indexing the popular news site Indymedia: San Francisco over the controversy over Israel and Palestine. The Google staff claims that this is due to racial slurs, though if you go through some of the other sites that they index for their headlines page you can find other epithets.. something isn't making sense here. The team at Indymedia isn't taking this well.
One firewall constructed so far today, and a second on the way. I'm sick of the file errors that Wordpad (included with Windows 2000 and XP) causes; the spurious ^M characters are driving me nuts, and are probably causing a lot of the problems I'm having with Kickstart. I've just installed VIM for Win32 and I'm reformatting the file. We'll see what happens.
Apparantly a deal of some sort's been worked out, or at least it appears that way. Adrian Lamo has agreed to surrender sometime today at a federal courthouse in Sacramenta, CA. In exchange for his surrender the US government's agreed to release him on bail, after making sure that the house his family has put up as collateral will cover his bail bond. As it turns out it really is the New York Times that's pressing charges against Lamo. Lamo is supposed to get to New York City to face charges. Mary French, deputy federal public defender says that he's facing charges of illegally accessing the internal network of the New York Times (how many other people are doing exactly the same thing as I write this entry is a different question entirely) and of illegally possessing access credentials for the LexisNexis database. Whether or not the US government intends to hold up its end of the bargain is a different story, seeing as how cracking computers are considered a terrorist activity under the USA PATRIOT Act; they could easily throw the book at him. Also, I don't think that representatives of any of the companies he's helped in the past are going to turn out to back him at his trial.
This is rich... about four months ago a major security hole in IE was found, specifically in the object typing subsystem. On 20 August a patch was released which didn't work; it was pulled and rereleased on 28 August. Now it turns out that the patch doesn't work and will have to be redone again. Microsoft says that they are now taking security seriously... how seriously?
Speaking of seriously, I just heard on the Politech mailing list that Adrian Lamo really is going to turn himself in at 0900 PST on the steps of the Scramento courthouse. TechTV is sending a crew to cover it. Set your PVRs, ladies and gentlemen.
Okay, I think I've got Burn running again. I upgraded her to Amavis v0.3.12 and I'm using ClamAV as the scanning engine. I've run freshclam to update the virus database and altered Qmail to use the new installation (it's ever-so-slightly different from Amavis v0.2.1, I had to back out a few changes) but I've been testing it and it seems to be running. I'm going to set up freshclamd (the daemon which automatically updates the virus signatures) tomorrow night, and that should be that. She's running right as rain at present.
Today's started off with a bang, that's for sure. Riding the bus in to work early this morning, the passengers of the bus and I were treated to a rare sight: A car accident. A car heading northward on Washington Boulevard crossed the center line, nailed a truck head-on, and finished by doing a 360 in the southbound traffic. The truck ran off the road and struck a lamppost. The left side of the car was pretty much hash when we drove by; the driver kicked out the right-hand door and climbed out. As far as I could tell both drivers were up and around, though not necessarily 'fine' as we usually think of it. I wonder if it'll make the news tonight. Of course, scant seconds later the cellphones came out and 911 was called. I remember seeing a few rescue vehicles heading in the direction of the crash a few minutes later.
Another update from Jens Schoenfeld regarding the new-revision CommodoreOne mainboards: The first 50 will be shipped to developers on 16 September 2003. The flashROM tests as writable now, and the hardware may as well be frozen at this point in time. Rejoice. Getting any development work done, however, will require a serial connection, caveat coder.
I just got finished with installing the new firewall a few blocks away. Pete and I hiked down there along with one of the guys from the contracted security company with the rackmount server in tow and got it installed. Mounting the rails and guiding the unit into place was the easy part. Cables were already run (though not labelled...) and plugged in. After a few minor modifications to the network configs we had the system on the network and started debugging, which is always the worst part. One of the network links came right up and began routing traffic, the other wouldn't. We fought with it for two hours, going so far as to even switch out the cables used for the links and plugging a test unit in to make sure the hardware was functional. In the end someone in the other NOC did something that brought the interface online. I still don't know what he did, probably removed a filter of some sort on his end to let traffic pass through. Now comes the always amusing part: Documentation.
You know times are rough when newspapers outside of the country report more about what's going on in your homeland than the local papers do. In this article in the UK Observer, Paul Harris speaks out on the loss of our civil rights in the United States of America. He starts off with the FBI being allowed to keep track of what books you take out and purchase and moves smoothly on into the redefinition of protestation as terrorist activities (which is really something to worry about). People are being held without bail, trial, or even communication with a lawyer, and gods help you if you're a foreign national. He also mentions that college campus police officers have been recruited to keep watch over students and academics, which is news to me; I've no evidence of this and not heard any reliable evidence of this though I'd say it's not outside the realm of reason. Thankfully the number of people fighting to have these laws repealed is growing by the day, and they're not stopping. More than 150 cities in the United States (Pittsburgh, PA is, predictably enough, sitting on the fence about this) have passed laws declaring that the USA PATRIOT Act is a violation of people's civil rights and their refusal to cooperate.
The last thing I expected was to actually go with the Search Party today. The scavenger hunt was held as planned, and Alexius called as I was eating breakfast this morning, after sleeping soundly all night for a change. About halfway through my cereal and bacon he said, "Are you sure? You're going to miss out on a good time. We're going in costume."
Okay. That got my attention. The Golden Apple Corps was going fully dressed in Bastardware and they'd even made magnetic Sacred Chao symbols to mark the vehicles. "What the hell?" I thought. "I'm just going to sit around the house and maybe go to the store to have something to do, anyway." So I finished breakfast, got dressed, and drove out to Frick Park to meet everyone. After some initial running around trying to figure out what to do and where to park I jumped into the car with Fern and Katie and we headed back to my place to see what I had laying around that was on the list.
That turned out to be half the list, down to the jewelry box with the rotating ballerina. Once we'd cleaned out the Lab we headed back to Frick Park to drop everything off and then meet up with the other folks at Fern's place to take some pictures (everyone piled in the bathtub, a few watches showing 4:44), figure out where to go next (Giant Eagle!), and then head back one more for judging. The guys behind the counter at the hot foods counter were very helpful and tolerant of us, even going so far as to pose with us for a few more pictures and tell us where we might be able to find frilly toothpics (toothpics with decorative frills of coloured cellophane), which they wound up not having in stock.
By 1730 we were back in Frick Park and offloading the last of the stuff for judging. There were five teams involved, it turned out, and the Golden Apple Corps came in fourth when everything was said and done, with roughly 74,000 points under its belt (beaten soundly by 150,000+ points by House Gryffindor). Oh, well. We suck.
Judging took long enough that everyone began wandering around restlessly, mostly out of peckishness. I walked up the hill to get my car and parked much closer to the gazebo, whereupon we started loading stuff into the car and picking at the many containers of hot wings and tiramisu laying around (which were on the list, incidentally). Tiramisu is great stuff but can't compare to real, solid food. The North Park Lounge was our next destination, where we reconvened to eat dinner.
Taja, I'm really, really, really, REALLy sorry about your car.. I didn't mean it. Honest.
And that brings us up to the present time. I'm going to jack out in a few minutes to take a shower and then hit the sack for work tomorrow.
I'm only slightly disappointed that I wasn't Buckaroo Banzai, but my fashion sense differs from his in a few essential ways. Oh, well. I like They Live, too>
You know, something keeps running through my head: "If all your life consists of is working and then recouping enough energy to go to work the next day and so it all over again, then you're not living."
I'm a little afraid.
I feel like someone's been kicking me upside the head repeatedly. I've been running on an energy deficit since I got back into Pittsburgh and it's finally taken me out. The drives to and from Philadelphia, plus little sleep to speak of hit me the hardest I think. My body's finally shaken that cold; I think the need to be on top of my game this week (so to speak) overclocked its immune system, but that carries an additional energy drain. Not sleeping well during the week has meant that I havn't gotten enough rest to function, and I've been declining steadily as the week's worn on. LARP seemed to have been the final straw last night. I thought that if I went to blow off some steam I'd feel better. Unfortunately, that didn't happen. Something major happened which tied up all the storytellers and stuck myself and six others in downtime for some period of time, I wasn't paying attention to how long so I can't say. Then I had to drive a few folks home afterward; it's not something that I have a problem with, don't get me wrong. Fighting to stay awake just sapped the rest of my reserves.
On top of that, I'm supposed to go on the POI scavenger hunt this weekend. Knowing that I had to get up early I resolutely set my alarm for 0830 to give myself enough time to wake up, get ready, and get out the door. I'll cut to the chase and say that the phone call to 'lex revealed that it's tomorrow. On top of that, Dataline drove my grandfather to the hospital today for a checkup and blood tests, something that caught me off my guard entirely. Oh, and did I mention cleaning the living room and my bedroom on top of that? And going food shopping?
I don't think I'm going to Swift Fox's tonight; I can't guarantee that I'll stay awake behind the wheel of the car. Sorry, guys, but I'm staying home tonight, and probably tomorrow as well.
This week's been a draining one, to be sure. I finally got Kickstart ironed out at work and tested it by constructing the first of no one knows how many firewalls they'll be deploying around the network. The biggest problem I've had is the inability to update any of the packages from the Redhat Network because so many of those machines don't have access to the Net at all, let alone the next subnet over for some unknown reason. Also, because those machines can't source out anyplace, I also can't SSH into them from my workstation, where the physical environment is more hospitable to my exterior (standing for eight hours a day and typing for much of it isn't good for back or wrists, both of which are starting to complain). I'm going to dig my braces out some time before Monday but they're only a temporary measure. I don't think that I have to state that I don't like the idea of putting a box into production without updating the systemware to the latest respective revisions for obvious reasons. They want to put the prototype workstation that I'd been working on, the only system I'd really put my name on right now, into production on Monday. At least it'll free up an IP address.
Jens Schoenfeld posted an update to the CommodoreOne Yahoogroup today - the alterations to the C=1 mainboard are finished and fully tested. Jens says that the new revision of the board is "rock-solid, no glitches, even when a cellphone is near" (a reference to the problems that GSM cellphones can cause in unshielded digital circuitry). The flashROM on the board is now 512KB in size and will allow the user to store one core and several sets of system ROMs, bootable instantly. The flashROM may also be accessed from the CPU controlling the drives, the processor core, or any CPU that the user jacks into the CPU expansion slot. Access to the flashROM has also been optimised heavily, Jens says. On average, 115 microseconds are needed to access an arbitrarily selected byte within ROMspace. These alterations mean that the price must now be increased to $269euro (one C=1 mainboard with CPU, no RAM). It's a bit more to pay, but you're buying a more flexible system that doesn't require a CompactFlash card or hard drive anymore.
How did I manage this???
Now that I actually have a little time on my hands I should probably write some more about Forge's wedding but I'm afraid of garbling the memories too badly.
The second edition Tradition Book: Sons of Ether by White Wolf Games has been released.
Oh, for pity's sake.. SCO's at it again. This time, they're talking about suing Silicon Graphics, manufacturer of IRIX, for writing a new filesystem (XFS) and open-sourcing it. Now they're really grasping at straws.
You know, I've always suspected that the shade of Howard Phillips Lovecraft had some sort of reaction to the impact his mythos had on society...
Earlier today I finally got around to framing my autographed copy of The Conscience of a Hacker by the Mentor. It's safe now. I've got it sitting in a place of honour on top of my home entertainment center, next to my original Transformers cels.
Adrian Lamo, the famous homeless systems cracker is currently wanted by the FBI. An active warrant is out for his arrest, and they're not being subtle about it. The FBI's currently monitoring his parents actively, and reportedly Lamo is negotiating his surrender with the Federal Public Defender's office of Sacramento, CA. The going theory is that this is due to his massive compromise of the New York Times computer network in early 2002. Lamo is known for compromising computer networks all over the United States by exploiting misconfigured proxy servers to ride into the trusted portions of the network structures, as well as helping the companies he's compromised tighten their security measures gratis. No good deed goes unpunished, I suppose.
It's going to be a rough one today. IP routing was never one of my strong points, but I'm picking it up as fast as I can to get the job done. More later.
The second edition of Tradition Book: Virtual Adepts is supposed to be released in December of 2003.
Today's been sort of a long day. I've been messing around with Redhat's kickstart system, which lets you copy the configuration of a system and duplicate it onto as many clones of the system as you like so you don't have to go through the same procedure over and over again. The only problem is that it's poorly documented; much of yesterday was spent searching for documentation and accounts of people's experiences with Kickstart. I put my notes into the random knowledge file just in case - it's simple to perform a Kickstart installation but not intuitively obvious. The key is to tell Anaconda (the Redhat installation software) where ks.cfg is located. Assuming that you've got the ks.cfg file (your Kickstart template) on a floppy disk, when you boot your installation media you give it this command line:
..and Kickstart will read the file and follow its instructions. I'm running the first successful Kickstart install on another machine as I type this (after three hours of fighting with it and searching Google) and it's pretty slick. It cut the amount of time the installation process requires to fully one tenth of a manual install.
And it's just a few minutes past noon...
Last night was dedicated to a little 'me' time. I spent the evening editing pictures from Forge's bachelor's party (the archive will be put online once I figure out everyone's names) and trying to fix Burn. I don't think her hardware will last much longer. Something in the virus scanner is tickling a kernel bug and I've tried compiling new kernels for her from later codebases - they flat out refuse to boot. I vaguely recall something about the Cyrix 6x86 CPUs not being supported in the Linux kernel anymore but can't, for the lives of me, remember where I'd heard that. I'm thinking about installing a true-blue Pentium CPU and mainboard in her and maybe upgrading her to 128MB of RAM (if I can do so) and getting rid of the old one. Maybe I'll hang it on my wall in my bedroom along with the other dead hardware, maybe not. I'd like to install ClamAV but I'd need to upgrade AMAViS as well, and that means fighting with Perl for a while. I know enough Perl right now to be dangerous, truth be told; I got some CPAN modules installed that should help but right now I don't have the time to worry full-time about it. The next thing I do plan on making the time to set up is a good spam filter to cut down the filtering time.
I unsubscribed from a bunch of mailing lists last night to free up time. I can't really say that I'll miss them, they were a lot of only occasionally interesting forums, not really worth the time or disk space.
That's a new one.
Not much has happened thus far today. I've been working on that prototype system, preparing it for duplication. I shook the bugs out of up2date, the update utility for the Redhat Network. I had to replace the SSL certificate, which expired a couple of days ago, and then figure out how to get it to communicate with their update servers. As it turns out the system clock on the system was off by several weeks, so once I corrected that problem it worked perfectly. It's actually not too bad once you get to know it. I'm looking at setting up apt4rpm, which is a port of Debian's apt utility suite to RPM-based Linux distros. Unfortunately, it appears to require the construction of a special repository of .rpm files, which means more maintainability overhead, which we can't really spare right now...
Okay, I'm getting pretty annoyed by this. I've been recieving twenty or thirty identical pieces of spam from the faked e-mail address email@example.com (Gregory Gao) for OEM-priced software, like Windows XP and Norton Antivirus. I'm not going to spamblock this address because I really don't care; the spambots cruising the web will no doubt pick up this address and add it to their databases. Let the spammers spam each other, see how they like it. Anyway, I've recieved messages to just about every permutation of my e-mail address, as well as many which are staff-related, even if they don't exist, probably in the hope that at least one will get through. If anyone out there'd like to block this forged address of origin, feel free to do so. You could also block the IP address that this junk is coming from: 220.127.116.11. I'm probably going to drop it into Lain's firewalling rules when I get home (under the "drop these morons" table), and this is also a perfect excuse to set up spam filtering on Burn, just for the hell of it.
Spammers like this make me wish it were legal to pull the Cyberpunk 2020-style "behavourial adjustment with extreme prejudice" tactics.
Just to make things a bit more interesting, here's the e-mail address that you're supposed to reply to in case you're interested: Gaoleionline@sjtu.edu.cn Have at ye, spambots!
Let me see... I was going to start writing stuff up about the wedding last weekend.... I dragged my body out of bed around 0630 Friday morning (wow - I got to sleep in a whole half-hour!), did basic maintenance, and then finished packing all the little stuff that I hadn't the night before, like toiletries. I checked my e-mail one last time to delete the spam (the only time I'd done so all weekend, as evidenced by the veritable flood I finished plowing through only last night), and then got on the road. My first stop was the gas station at the bottom of the hill to tank up and run my car through the automated car wash to wash the cruft off to reduce drag. At that time I decided to check my voice mail, only to hear Forge's voice asking me to bring a bathing suit because the hotel had a swimming pool.
I doubled back to stop off at the Lab to pick mine up, and then set out for real.
The highway was wide, free, and clear at 0830 EDT. Once I passed the toll booth that marked the entrance of the turnpike I pretty much pointed my car in the direction of the slowly-rising sun and put the hammer down. Some travelling music makes the trip go much faster, I've found - the Children of Dune soundtrack opened the journey. The music's great for driving, it speaks of open roads and flat land with nothing to bar your path. It was just me and the asphalt for a few hours. I stopped at Midway, the maintenance plaza halfway across the state to rest (because I'd been sitting too long and my legs and back were cramping up) and refuel. While I was killing time I picked up a few bottles of water and a carrying case for my PDA, which fits perfectly onto my belt. After topping off the tank (better safe than sorry) I picked up the trip again, not stopping until the plaza about forty miles outside of Philadelphia to stretch my legs again.
For some reason I had to refill the gas tank three times on the way back. It could have been the inclement weather, my being sick and a bit more careful than usual, averaging a higher speed on the return trip, or something else. But that's neither here nor there.
Cruise control is a wonderful thing. Learn how to use it, and use it when it's most advantageous. Take it from me.
I finally got to Blue Bell around 1500 EDT, give or take a bit. The directions I was working from were less than clear on how to get to the hotel; I wound up driving all the way through the town to the other side before stopping to ask directions. As it turns out, the hotel was up on a hill on the right hand side (from where I'd been coming from) of the highway, so I had to retrace my steps all the way back to the highway, turn around, and then cut through an office plaza to find the hotel (the only entrance, as it turned out; highly nonintuitive, but easy to defend). I checked in, got a pair of keycards, and hauled my gear up to the fifth floor for safekeeping. My cellphone rang not long after I'd arrived - it was John and Forge, and they had Lyssa in tow (having gone to get her from the Philly bus station). We met up briefly as we were running late one and all (the rehearsal started at 1600 EDT) and jumped into Bosco's minivan to pick up our tuxedos. As it turns out, Men's Warehouse wasn't the best choice for renting a tux. Forge's tuxedo shirt was too small; the sleeves reached his elbows at best the first time (Forge isn't a small gentleman) and had to be sent back. Three times. The last shirt they'd given him had sleeves that ended scant inches above his wrists. They'd also insisted on keeping my tux for further alterations, stating that the pantlegs were too short.
They reached the tops of my shoes, as they should have, for the record. But I relented to allow them to further alter them. John's coat was too small for him as well. He wasn't able to button it all the way. The staff refused to alter his jacket, stating that it was beyond their charter (huh?!), and also refused to give him another coat because it would not hang properly, they stated.
I think we let them go just to shut them up, because we were already late for rehearsal.
Rehearsal at the Lai Lai Garden went swimmingly - we ran through the ceremony a few times, making sure that we knew where we were to stand, who we would be walking with, and most importantly what not to do. This took a couple of hours, and aside from a little screwing around and coughmunication to break the tension everyone came through it no worse for wear. The rest of the wedding party met up with us at John Harvard's Brewhouse, a restaurant-cum-microbrewery which played host to the rehearsal dinner. It was there that those of us who hadn't eaten since 0700 that morning tore into the appetizers and later the rest of the food. The appetizers were scant, which doesn't come as much of a surprise (they're appetizers, after all) but the food is incredible. I had the Brewburger with fries - grilled to perfection - I strongly recommend it. The desserts there are similiarly fine, especially the cheesecake and the fresh apple crisp ala mode'. It was shortly before dessert that the parents of Forge and Nicole roasted them with a multimedia presentation; Forge's father hooked up a laptop to a projector and showed us the required baby pictures and embarassing moments to better aquaint us with the groom (and give Nicole one last chance to back out if she didn't like what she saw *chuckle*). Halfway through the presentation turned into photographs of Nicole growing up. I didn't see her expression so I don't know how she took it; from the sound of her voice she was a good sport about it.
After the show was over the bridal party and groomsmen were given their gifts of thanks. For the lives of me I don't recall what the bridesmaids were given - it's on the tip of my tongue, so to speak. The groomsmen were given engraved pocket watches with our names on the lid and "Rob and Nicole - August 30, 2003" on the back. Each is a wonderfully complex timepiece, keeping track of the day, date, and military time in addition to the usual 12 hour count. Complex enough that we spent a total of several hours messing around with them just to get them set. I have yet to set the date on mine, incidentally.
After it was all said and done we returned to the hotel to await the inevitable.. Forge's wedding.
Somewhen Saturday morning Lyssa and I woke up and booted our brains back up, I would guess around 1100 EDT. Curious to see who else would be there we decided to wander around a bit to see who was around. Across the hallway were John, Jill, and Carla with some other folks (whose names I regrettably forget; I'm terrible with names) getting ready for various appointments and timekilling. Carla, as we discovered, is a lot of fun. Lyssa and I wound up spending a good deal of the day hanging out with her. She is an accomplished artist, specialising in the anime style, so the three of us had much to talk about.. for the hell of it I went back to our room to grab my kittyband and Lyssa's collar, and spent the afternoon roaming around the mall with her making people stare and window shopping.
Ears and tail really do make the man - it's true.
We wandered around for a while to see what we could see. I picked up a portable CD player which can read CD-ROMs of .mp3 files, an excellent buy from Sam Goody for $45us on clearance. I listened to it most of the way home, and it worked perfectly, so if you're on the hunt for a relatively inexpensive one that'd be the place to start. I also picked up a copy of the Serial Experiments Lain sountrack, which surprised me when I saw it. The lyrics are still in Japanese, the opening theme is missing, but the track titles have been translated (or helpfully renamed, I don't know for certain which though I suspect the former). I feel kind of guilty, not having bought it as an imported disc but it's still worth listening to.
At Spencer's we found a rather unusual toy, an air gun. It's basically a big vaguely bell-shaped plastic chamber with a rubber membrane on the big end and a handle. You pull the handle back, which stretches the membrane, and when you let it go it shoots a puff of air out the other side. You can snipe something about fifteen feet away with it, and it'll knock a hat or a pair of glasses off easily. I almost bought one, but decided eagainst it because I'd only get in trouble with it. I'd like to put some essential oil inside the bell and shoot scented air at people, though... sounds like it could be an amusing prank.
You're surprised? *grin*
Yet another fun-filled day in the NOC has begun. I crashed early last night, forgoing e-mail and Evening Rite for a shower, dinner, and some much needed sleep. It seemed like the best idea.
I think I'm sick. It might not just be breathing cinnamon smoke for six hours (more to come on that), I woke up with the familiar "Hey, who stuffed a test-tube brush up my nose?" feeling that means I've probably caught a cold. Ick. Lyssa said that there was at least one person at the wedding who wasn't feeling well, so it's probably a cold taking advantage of the elevated levels of stress hormones that come from driving for six hours or so.
On the way to Philly on Friday Paul called me as I pulled into the maintenance center on the highway. As it turns out, it wasn't a massive infection we were dealing with, it was the antiviral software on each system reporting in to the manufacturer tos ee if there were any updates. All that panic for nothing. I feel stupid. The machine I was building to use as the master for cloning had to be erased and repurposed to fill in for another machine that died, so all that work was lost, too.
Some days it just doesn't pay to get out of bed. *sigh*
In the voluminous repository of software packages that the GNU Project has assembled over the years there are three separate database file libraries, the Berkeley Database toolkit by Sleepcat Software: db1, db2, and db3. Redhat includes all three of these versions of the Berkeley Database toolkit, each of which is required by a different subsystem. db1 is required by the Python programming lanauge and the core libraries of the GNOME Desktop. db2 is required by a single module of Perl. db3 is required by more critical elements of Redhat Linux, including Sendmail (may it burn in hell) and the PAM suite, which is used to handle user logins (among other functions, some too arcane to get into here).
Why does each subsystem require a different version of Berkeley DB? Beats me. I certainly wouldn't have done it that way. Can I fix it? No, not without rebuilding the entire system and then repackaging it, a tremendous task, and even probably not then./p>
Sometimes I wonder about computers...
Pittsburgh ISP Stargate: Requisat in pace.
SCO has begun to make noises that it's going to start suing individual users of the Linux operating system (like myself) for $700us per system for 'licensing fees'. They've yet to prove that there's any stolen SCO code in the Linux kernel, and they're not willing to let anyone in on their little secret without an NDA that prohibits the examiner of the evidence from saying anything at all. The Electronic Frontier Foundation is calling for people to contact your senators and representatives to tell them that this is basically extortion. The page I've just linked will allow you to do just that. I strongly suggest that you click on the "Send a fax" button on the bottom of the page because sending e-mail to them does little or no good at all, but they can't ignore a mountain of fax paper in the coffee room that's still growing. I've already done so, and I strongly urge you to do so as well if you value your hard-earned money and freedom to choose what OS you run on your systems.
I'm back in Pittsburgh, just got in about an hour ago. So much has happened this weekend I don't have time to write about all of it. I'll probably do that off and on all week, depending on how much time I've got on my hands. Right now I'm sick, either due to catching someone's cold, the stress of all the travelling, sleep deprivation, or too much spice, probably all three. If anyone saw a car filled with what looked like orange smoke cruising down the highway on Sunday that was probably me.
All kidding aside, I'm wasted. I have to be up at 0600 tomorrow morning, too, so that marks the end of this entry, paltry as it may be. Wish me luck.
I got to Philadelphia okay, the rehearsal and dinner were last night, I'm writing my speech for the reception, and I don't have net.access in the hotel. No time to write more, the wedding starts in two hours and I've got to start getting ready in a half hour. I'll probably write about the entire thing in bits and pieces next week.
Yessiree, the fun never ends...
I was moved into a cubicle today and transferred from the rest of the team to work in the NOC. I started off the day pretty simply, finishing the construction of a server that'll eventually be used to produce disk images for mass production, which in an environment like this saves an incredible amount of time because you can put a compressed raw disk image on a server someplace, boot the clones from a CD-ROM or (more often) a floppy disk, and then burn the image byte by byte onto the server's hard drives. This is one of the most useful technologies to appear in recent years.
Oddly enough, it took two tries to complete. It was a Redhat Linux system that I was building, and the first two times the graphical installation suite crashed and burned just before it actually began to install packages. The screen listing unmet package dependencies (what software package depends on what other software packages; those that aren't met mean the first won't work) came up, I stepped backward a screen to delete a package (though it could be installed later), stepped forward to see what had changed and probably had to be fixed), rinse, repeat. Do this about six times in a row and the installer would die. I don't think I've ever run into this problem before. Paul says it's usually due to a bad disk (I was installing from a backup of the originals). By the third try, however, I decided to bite the bullet and install without too much tweaking, because I can always go back and fix things later.
Lo and behold, it worked.
I started nosing around inside the system, making a list of everything I was going to uninstall and generally getting reaquainted with Redhat, seeing as how I havn't used it since v6.2 back at Moai. It's gotten a lot more BSD-like in its directory structure, I've noticed, and from what I've picked up through osmosis talking to other people RPM's actually not that difficult to use once you realise that you can stack multiple .rpm files and packages on the same command line. I've just about got it read to go, the only thing remaining to do is get it a static IP address so I can SSH into it from my cube and work from there. Things are hectic today so I havn't been able to do that yet, and randomly picking an IP address is never a good idea in an environment as large as this.
I've been home from work for a few hours now, and I feel like someone's been beating me about the head and shoulders with a lead pipe. Today was the first real day of work I've had as an IT thing for a long while.
Have you ever watched a situation unfold from ground zero?
Have you ever watched a problem grow and grow, like kudzu overtaking a field? And been powerless to do anything about it? That's what today was like for me. I couldn't do a damned thing to stop it, save sit there monitoring it and send out updates as soon as I'd located a trouble-spot. Find one, another one pops up. Then another one. And another one. Eventually it's a flood of malevolent network traffic, stoppable only by someone located the CAT-5 cable connecting the box to the network and physically disconnecting it. It's even worse if it's happening in an office twenty miles away and you can't get there to help first-hand. Not having access to the DHCP server that doles out the IP addresses in those subnets, I can't tell the guys on the other end of the wire what hostnames to hunt down because I can't look them up. One of my pet peeves is when DHCP-controlled IP addresses don't have reverse records in the DNS, so doing a 'host foo.bar.baz.com' returns an error message and not something informative.
Before leaving today, I made sure to introduce Don to The Bastard to put things in perspective. I think I've made another convert - he recorded search criteria for "The Bastard Operator From Hell" in his pocket voice-memo unit. Hee hee hee....
Huh.. and to think I always fancied Colin Baker...
It's been another long one... go figure. Most of the morning was spent in the conference room cum staging area waiting for an assignment.. the team that has been in the field for the past few days was picked up and shipped out yet again, which left six of us sitting around. Then two more guys were chosen to head down to the fourth floor.. to start collecting more data, surprise surprise. That left four of us to sit and talk about what we'd been doing all week and the non sequiturs we'd heard while traipsing around the building. Given the areas we were in yesterday I have to wonder once more about the human race.. but that's neither here nor there. They sent me back down to the first floor to HR to double-check the data collected on Monday. Oh, did I mention that they want to flash the BIOS chips of each workstation during the workday to the latest revision from the manufacturer just to be safe?
Not a good idea during the workday, let me tell you, but I don't have much say in the matter. Cross your fingers.
Mostly I wound up double-checking the data Jim and I collected on Monday, directory locations of installed software and documents and in the process inventorying the machines we weren't able to get to. It took the two of us about two hours in total to get everything mapped out. After a hastily eaten lunch Paul came in and showed me the server room at the back of the sixth floor. It's easily half of the entire floor judging by its dimensions, and packed floor to ceiling with servers in racks. There are walkways only about a rack and a half wide running through the maze that is the server room... one wall is a single air conditioning unit, to mitigate the enormous amount of heat generated by so many computers running all at once.
It gives me the shivers just thinking about it. It feels like Home.
It seems almost a counterpoint to early this morning - around 0614 EDT we lost power in the Lab as one of the nastiest thunderstorms of the summer hit the area. Thankfully power was restored a few minutes later but it could have been much worse. I don't like the idea of leaving my grandfather in a house without power for any length of time. Things have been pretty stable around here since then.
Tonight Dataline took me to pick up my car from the garage. They changed the oil ad the filters, worked on the transmission a little, rotated the tires, adjusted the brakes.. all told $220us worth of parts and work. My wheels're ready to go to Philly in a little under two days' time.
I picked up the widescree edition of The Two Towers while I was shaking down my car this evening. I love surround sound. I'm going to leave the disc upstairs for Dataline to watch this weekend.
The Camarilla is moving to the v6.0 rules starting in September. This shouldn't be too much of a shakeup, I've read the rules over and they havn't changed too much in such a way that characters will have to be rewritten, or at least from what I've seen of mine. I'm going to ask a few folks to find out if they had to make any changes. Maybe I just play mine in such a way that they're evenly balanced; I don't know. LARPs aren't something I'm terribly worried about at the moment.
Let's see... I'm not going to be aging any more batches of paper until I get back from Forge's wedding, so that frees up some time in the evenings. I've worked out directions to and from, so that's another task taken care of. My car's been worked on, ditto. I have to pack tomorrow night, but that's not a big problem. I'm as ready as I'll ever be for work, so that's done, too. I'm unsubscribing from some mailing lists, so that's freeing up time, too. I think things will finally stabilise around here.
Greetings, readers from the United States Department of Justice!
Hail and well-met to readers from the National Computer Security Center as well! Did you enjoy Summercon 2003?
Today's been a bang-up day, no lie. From the get-go this morning they had me running around with a team collecting information for the upgrades to come in a few weeks' time. An Excel template was put together, floppy disks were passed out to save the information onto, and we were set loose in a floor of the building to copy down information like hostname, logins of each workstation's common users (and there were a few who had many - one had over thirty active users in a common area, odd even for Windows), names of directories that the users save their data into, and the names of the mapped drive shares.. can we say 'Active Directory', boys and girls? We were playing it by the book, recon first, then planning the migration. This took the better part of the day, examining almost 150 machines on the floor, even for ten of us. I had to break around 1120 EDT for lunch because my body's blood sugar had bottomed out and I was getting light-headed. The last thing they need out there is my biomechanical butt collapsing on them.
Somewhen after the tenth or eleventh system, just when it occurred to me that we should have a place to back all the documents up to, disaster struck: Disk unreadable. Windows XP cheerfully ignored the second FAT table on the disk and asked me if I wanted it to reformat the diskette. Needless to say, I declined, cursing the entire time. Five hours of work, lost.... I grabbed my supervisor and told him about plan 'B', which was retracing my steps with the entire team, each of us taking one or two systems and re-noting them. Then another disk failed. And another. And another. By this time someone had commandeered a few megs of disk space on a workstation and was copying off the documents as people walked by, but there was still a large quantity of data MIA. After a quick consultation I headed up to the NOC on the sixth floor to grab a Linux box so I could try to rip a filesystem image from my disk in the hope that I could recover some of the data. The one machine that I had easy access to I couldn't get to because the root password had been lost. The other was perfectly usable but without the root password I couldn't log in until the admin got back from lunch, which he did about ten minutes after I got there.
Paul and I hacked side by side, he on his current project, me on trying to get a disk image from the dead floppy. We talked shop while we worked, and I discovered that I knew Paul already.. from DefCon 9... funny, that. It's a small world.
I wasn't able to recover the data from the disk because it was too far gone for even /bin/dd to touch, so I headed back to the group to figure out what to do next. Jim knew that scandisk in Windows 98 would try to reconstruct just about any diskette you threw at it, a feature sadly lost in Windows 2000 and XP, so we went in search of a 98 machine with Don... and found one, in all places, in the City Coroner's office down in the basement. We sat in a room stuffed full of old books, forensic instruments, and cast off computer equipment hunched over a Windows 98 machine with a copy of Norton Disk Doctor and scandisk 98 praying that we could recover some of the data. All told, two out of four disks could be recovered, which was still some fifty files. It took a considerable amount of time, which we spent talking old-school hardware with the guy who led us into the storage room, who happened to be a Commodore-64 hacker in his younger years.
Sometimes disk repair's like pizza. Even when it's bad, it's still kind of good.
The remainder of the afternoon was spent putting my original plan 'B' into action, backtracking the systems whose notes were unrecoverable, splitting them up, and re-doing them by hand. With ten of us, it took a little under two hours to hit fifty systems. By the end of the day, when we'd regrouped at the conference room and given Don our disks so he could copy the data en masse into a network-accessible file share, we were tired and waiting for the good word. Paul popped in and called me outside for a bit.. I'll cut to the chase and say that he asked me to work on a few projects in the NOC with him. He spoke to my supervisor earlier that day and got the go-ahead to pull me from the AD rollout team to work with him.
This could be the brass ring. The project he outlined to me is what I love doing, deep in my hearts. I havn't worked professionally in this capacity in years, and I've been dying to get back into the game. I accepted then and there.
As for how this'll play out... I don't know. I don't want to jinx it, nor do I want to risk violating my NDA. I don't know what I'm allowed to talk about and what I'm not, so I'm trying to be as nonspecific as possible while still getting across what I'm doing. And this new project.. I so don't want to screw this up, so much so that my hearts ache.
Things are getting more and more hectic, so much so that I don't have as much time as I'd like to copy memories into this file. I get home, change, eat dinner, switch out one set of pages for Fern's journal for another, bake the other set, exercise, delete spam and read e-mail from three different accounts, read the news.... there's so much to do I can barely get it done by midnight, which is the latest I can take my body offline just so I can get up the next day. I'm trying to keep my wits about me and take my time, but it's not easy. I'm going to have to drop something soon just to not burn too much energy that could be better put to constructive use.
To everyone who sent me e-mail, I'll get to it... I don't know when, but I will.
Maybe I should download it to Kabuki and answer it on the bus going to and from work...
Oh, no. I have to write a wedding toast for Forge's wedding this weekend! And figure out how to get there.... I dropped my car off at the garage tonight for its 41,000 mile checkout before the road trip on Friday.
My first day as a hired gun was amusing, to say the least. I dragged my body out of bed at 0600 this morning for the first time in gods know how long, did Morning Rite to shake the cobwebs out, and then got dressed in nice clothes, slacks, white button-down shirt, necktie, and suitcoat. For the first time in a long while I geared up and did the Techie Macarena: PDA, cellphone, wallet, multitool, pen/stylus/laser pointer, business cards, bus pass, mirrorshades... if you picture checking each pocket in turn from the bottom up it makes more sense. Trust me.
I started reading the first book in the Dark Tower series by Stephen King, The Gunslinger on the bus this morning. Wow. Colour me hooked.
I got to what I thought was the right building shortly before 0800 EDT, went through security (which consisted of going through a metal detector and having my backpack x-rayed), and sat down to wait in the lobby, as instructed. And wait. And wait. 0830 crept closer... I read some more.. closer.. eventually I asked someone if I had the right address. As it turns out, I didn't, the building I was assigned to was one block east of where I was. I took off at a dead run and made it just in time, only to be told by my contact that what I had just done (been off by a single block) was the most common mistake that new temps make there; in fact she's done it herself quite a few times. After hearing that I didn't feel so dumb. I made it to the meeting just in time to fill out another metric buttload of paperwork.
Once I'd signed away another of my upcoming incarnations we (meaning the team of IT hired guns) met our contacts at the City of Pittsburgh and introduced ourselves one by one. They wanted to know what kind of experience we had, what we were familiar with, stuff to help them determine what to assign us to, in other words. I'm one of a team of about ten people who know three things about bloody everything, so that went pretty fast. Once that was done they gave us the rundown of why we were there. I'm not allowed to talk about exactly what's going on, all I can say is that I'm doing a software rollout across a large swath of the county. There are between 40 and 50 office buildings involved in this (I can't say for sure because I really don't know for sure, and they didn't know either) and they've got a schedule that has to be kept. Okay. Not a problem. I can do that, it's practically my stock in trade.
After the briefing they left us to sit around the conference room to wait until they hammered out enough of a plan to put us to work. That took about three hours. Jim (another jack of all trades and neat guy) and I were set to work inventorying the machines on the first floor of the building in preparation for the software rollout to come. Twice. They came up with a few more things that we had to write down but didn't think to, so we had to go through the same machines a second time and update our notes, which pissed off a lot of people. I had to play my 'get out of jail card' given to me by my contact at the office to placate (barely) the lady I'd angered because I just wanted to take a few notes... for Kibo's sake, I know her data is important, but if I can't gather data on her hardware I can't promise that her data will stay safe during the upgrade! Sheesh...
Between the first and second trips through I found the time to eat lunch and relax a bit.. my blood sugar crashed around 1300 EDT and things started slowing down from there. I really don't know where the rest of the team went. I know a few of them were still in the building, and there was talk about sending us to whatever buildings in the county that needed us, which was all of them. I don't know what I'll be doing tomorrow; I guess I'll go wherever they send me. I found out the terms of my employment, too: No personal calls, no personal e-mail, whatever I see on the job I didn't see, no installing unauthorised software.. not as if I've actually got time to jack in and check my e-mail, I havn't seen an open jack or a wireless access point anywhere in the building. Oh, well. Physical security, no time, stuff like that. I'll live. I'm everywhere, after all....
I get the feeling that I'll be busy enough in the next few months that I won't have much of a chance to do any blogging-type stuff in here for a while, just so you know.
The supreme court of California ruled today that the DeCSS code isn't protected by freedom of speech laws, which means that it can't be posted freely. Property rights, the judges said, are more important than free speech because the specifics of CSS (the Content Scrambling System, which is the method by which DVDs' contents are encrypted)) were never meant to be made public.
I have to admit, I never expected to get yelled at for dressing up too far for a job. I decided to take the advice of the employee handbook and dress a little too professionally the first day: Suit and tie. My contact at the site took me aside and asked me rather nicely to not do it again. Shirt's fine, the tie's too much. I defended the suitcoat, citing the need for extra pockets to carry my stuff. We compromised. My contact reminds me a lot of Jay from Eldervision, mostly due to his mannerisms. The man's hardcore IT, no lie, and he's got the battle scars to prove it. I think we'll get along just fine.
I noticed something today on the bus ride in to work: The graffiti. The bus I ride travels along the busway in Pittsburgh, which is sort of like a private road system that only public transportation and police are allowed to drive on, bypassing the most congested roadways in the city. A few things jumped out at me as the bus took its shortcuts, like the fact that the plants and vines had almost completely devoured the heavy-gauge metal fences that keep the hillside in place (after being blasted away to create the road in the first place), occasionally obscuring the earth entirely in places. Someone had marked the supports in binary, counting from 0000 up to 1111 (decimal 0 to decimal 15) over and over again. The paint was smeared in that special way that screams "tagged by a computer geek", which I found heartwarming. All over the place you can see various implementations of the 'nym 'NSF'. I've no idea what it means or who did it; it just struck me as interesting that it's so widely spread, and that there are so many variations on the theme. There's one stretch of wall, down by the railroad tracks, that is a veritable gallery for graffiti. Mixed in with all the greets and territory marking and threats to rivals are the smaller pieces, personal sigils declaring that someone once passed through. Sometimes it feels as if that one part of the busway is a guest book for people who have been on the road for gods know how long and left their mark, however briefly, in the Steel City. It's odd, how there's no fight for space on the wall - no one seems to paint over someone else's work, at least as far as I can tell. Sometimes I wonder if I can ever get in touch with some of the people who left their sigils behind... who are they? What are they? Had we met in the past and lost touch, like so many 'travel buddies' and temporary friends that we make during rest stops or while waiting for the next bus? I don't know.
No, I havn't gotten a rattlesnake in my mailbox. I was out and about all day yesterday. Alexius and Taja had been talking about putting together a witchy store crawl for a while and it had finally come together yesterday afternoon. I havn't been active long enough today so I don't have a whole lot to write about at present, and I've got a pretty full afternoon lined up of stuff I've got to get done before I start work tomorrow. More later.
I just got home from the supermarket about a half-hour ago and it feels like it was a madhouse, even though the store wasn't all that crowded. I think I'm still tired from this weekend, even though I didn't do any of the usual self destructive things that I partake of occasionally, I've just been running around a lot lately. The shopping expedition yesterday covered a fair chunk of the county, from Ross all the way down to South Side and back again. Oddly enough I didn't buy much of anything the entire day, only a bar of cinnamon soap, a bag of lavendar cookies for Dataline, and a copy of Uplink from the bookstore (which caused me to shout rather too loudly in victory). The edition I've got has the final paragraph of The Conscience of a Hacker by The Mentor on the back, if that dates it any.. how cool is that?
Remember some of the code that SCO said was stolen by Linux kernel developers? Dennis Ritchie, original author of the code has gone on the record as saying that he wrote it originally back in the 1970's, where it was subsequently released by AT&T.
Someone keep an eye on Herb Strenz of the Des Moines Register to see if he disappears anytime soon for writing this little ditty about John Ashcroft and his policies.
The folks over at the GAIM project have responded to Microsoft requiring software upgrades (to v5.0) to continue to access the MSN IM network. v8 of the protocol over SSL will be required to log into the IM network; the GAIM project will support MSN v8 and v9 protocols so this does not appear to be a problem. However, Microsoft will start requiring the developers of third party IM clients to be licensed, and therein lies a major problem.. they could easily decide to deny the GAIM team a development license, with the threat of a DMCA lawsuit hanging over their heads. More and more, I wish I had the bandwidth to set up a Jabber server...
Anybody got a 100baseT switch (10 or more ports in size) for sale cheap?
Didn't I see this on this week's episode of Queer Eye for the Straight Guy?
If anyone's familiar with the Java Anonymous Proxy system, which allowed users all across the Net to browse the web without leaving any tracks back to their country, ISP, or IP address of origin was compromised due to a court order. There is a certain web site Out There, no one seems to know which one, that has attracted the attention of the German police. All IP addresses of people accessing that particular website through the JAP website are being logged and reported to the German police. After the system was offline for a few days, ostensibly due to a hardware failure, it came back on line and users were forced to upgrade to the latest revision of the client software, which someone swiftly tore apart and found something uncool. He posted his findings to the Usenet newsgroup alt.2600 (the thread in question may be read through Google Newgroups through this link - read the thread, there's some screamingly funny stuff mixed in with everything else). This shows one of the biggest advantages of open source software: You can sit down and read the source code to see if it has been compromised somehow; this is a perfect example of that.
Word's gotten out, there's no doubt about it. The Bugtraq mailing list recieved word early yesterday morning. You can read the English version of the official press release here. At this point I'm wondering exactly whose web site they want to monitor access to. Given that it's Germany, it could easily be a Neo-Nazi website (because the expression of Nazism in all its forms, harmless or not) is illegal in the country. It might also be a website having to do with the Church of Scientology, due to the lawsuits, fights, and general lack of love between the two organisations in Germany in the mid- to late 1990's. Beyond that, I don't have any theories to put forth. I would suggest, however, not using the JAP anonymiser anymore - if it can be compromised once it can be compromised any number of other ways in the future, if it isn't now, and as such cannot be trusted any longer.
There's another bill trying to slip through the US Congress, HR 2962, called the Ecstasy Awareness Act of 2003 (go to thomas.loc.gov and search for 'HR 2962'). The bill has within it an amendment to section 416 of the Controlled Substances Act which states this:
The jist of it is this: If you're throwing an event and someone gets busted for drugs there, you can be held liable. If you own a nightclub of any sort and someone gets busted for drugs, you can be held liable. If you make any kind of money from being associated with an event (such as acting as a vendor, printing flyers or t-shirts, or if you're spinning there as a DJ) you can be held liable, fined up to one-half million US dollars, and be thrown in federal prison for up to 20 years of your life if you're found guilty. You'd be hard pressed to go anywhere today and not run into someone who hasn't smoked up before going out for the night... even a wedding reception might qualify for this. I urge you to write to your representatives and make your voice heard. Let's not let this take effect, it puts all of us at risk for wanting to dance and have a good time on the weekends.
I guess I spoke too soon about not getting any more warning messages from Burn. *sigh*
Last night a friend of Dataline's gave me the phone number of a local temp agency that specialises in techies. On a lark this afternoon, between pulling the banana bread out of the oven and replacing it with a batch of artificially aged sketchbook pages I called the place up and dropped J-'s name. The guy on the other end seemed to perk up immediately and asked me, "How soon can you get here?"
"Define 'soon'," I asked.
"This afternoon," came the response.
If you've ever seen the old Warner Brothers cartoons where Wile E. Coyote takes off so fast that he leaves behind a dustcloud silhouette in his place, you've got a pretty good idea of what I did as soon as I hung up the phone. I hurridly changed clothes, put in my contact lenses, packed up my PDA and a copy of my resume, and took off across the city to the agency's office on the South Side. Little did I realise that the University of Pittsburgh was allowing the freshmen to move in a week early, so Oakland was completely snarled with SUVs and freshmen trying to find their way around. On the way over I pulled it all together and marched into that building like I owned the place... you've got to walk it the way you talk it if you're going to get anywhere. During the initial exchange I began to get a good feeling about the entire situation, which was capped by being presented with the papers to sign on. I signed up on the spot.
My first assignment starts on Monday at the Allegheny County Municipal Building. I'm doing hired gun IT work for Pittsburgh.
I made sure to tell them that I had to go out of town next Friday for Forge's wedding, they signed off on that, so that seems like it's been taken care of as well. I'll be riding in with Dataline for the next couple of months.
Damn, I'm good.
For pity's sake.. W32/Sobig.f is hammering Burn again. She's completely ignoring it, like any good Linux box would, but I really hate having to untangle the warning messages from the rest of my e-mail.
Mirror this before a lawsuit gets it!
A good way to dry the pages out, I've found, is to leave them in the oven for about two or three hours, and then pull out any dried sheets on the top and bottom (don't forget to check the bottom of the stack as well, due to the heat propagating upward from the sheet through the paper towels to the bottom half of the stack). If you don't have the oven up too high it'll be safe to do so.
Bruce Perens has ripped into SCO's allegations - the slides (mentioned a few days ago) showing allegedly copied code show code released under the BSD licence, which means that SCO doesn't even own it, let alone have the right to accuse people of having illegally stolen it. Slides 10 through 14 of their Powerpoint presentation show C code that was released by AT&T under the BSD license long before Caldera even renamed itself SCO after the buyout. Again, there's no copyright violation.
There's a certain word to describe SCO's allegations, I'll see if you can guess what it is.
Word's getting around that unless you're running the latest version of Windows along with the latest version of Windows Instant Messenger you'll be locked out of their IM network. I guess that leaves GAIM out in the cold... no great loss for me, I only had to use it for work.
Those of you interested in civil liberties in the United States of America will find this interesting, no doubt. Remember the computerised face recognition system they were experimenting with in Tampa, FL that went so spectacularly wrong on the cover of Time magazine? They're pulling the plug on it. After two years it's done nothing constructive and is only a cash sink. Darlene Williams, representative of the Tampa chapter of the ACLU was quoted as saying that "People have the right to be anonymous, and not to be put in a police lineup for committing the offense of walking down a public street."
I finished the phone interview about a half-hour ago. I think it went rather well - the woman on the other end has a clue about technology, so I was able to communicate with her without any trouble. She's an open source advocate as well, which really took me by surprise. So much that that I had a difficult time keeping myself talking along those lines. You don't find many people like that around Pittsburgh, just about every job you look at requires Windows knowledge of some form or another. For that reason I'm worried that I mad a poor first impression on her. She's interviewing three other people this week, then the technical manager of the company will figure out who to interview out of us and who to ignore.... I'm scared. I hope I get this job.
I really, really hope I get a call back that says that they're interested in me. They need someone who knows a little about a lot of things - that's me. I just hope the lot of things I know are what they're interested in.
The spread of W32/Sobig.f seems to be slowing - from the last time I checked my e-mail to delete the warning messages from Burn only seven have appeared in my mailbox. That's down a lot from 110-130 every eight hours. Kudos to all of you who've finally installed the hotfix from Microsoft.
My friend, you know who you are... FIX THAT BUG!!
I'm baking the second batch of pages and soaking the third as I write this. I forgot to mention that I put a few drops of dishwashing detergent in the tea bath between pots of tea (it takes two to fill the pan deeply enough to be useful). Don't put too much (more than a capful in) otherwise the pages will take on a mottled, blotchy appearance, as if there are rust holes in the paper. I've got the oven set at 220 degrees Farenheit, and I've checking the paper every half hour to forty-five minutes or so to remove the dried pages. As it turns out you can reuse the paper towels as long as they're not too darkly stained by the tea drippings. When about half the pages in a batch have dried and been removed, flip the stack over to give the bottom half a chance. Each batch takes between three and four hours to dry fully in the oven, whether or not the oven door is open to let the water vapour escape. I was able to let this batch go for about two hours while I went grocery shopping, though I would not recommend doing this if there isn't anyone in the house who knows what you are doing. I havn't been keeping track of how many pages I'm aging at a time, I would guess between fifteen and twenty per batch. Even at this clip, it's going to take a while before it's done. I'm planning on losing about ten percent of the sheets of paper to irreperable rips (though little ones are okay) and turning too dark to be useful for writing.
Why am I writing this up? Because people who make props for LARPs will probably find this interesting, as will other crafty folks like myself who want to add a touch of class to their work. When I'm done I plan on writing this up completely and sending it to the folks over at Propping Up The Mythos to add to their page of accounts of people making stuff.
This last batch of pages took about four hours to dry, in toto.
Ye flipping gods, will this never end?! 278 messages in my account on the Network this morning, and 200 of them were infected. I didn't know that many people had me in their address books (for that's how W32/Sobig.f spreads). When you factor in all the warning messages that Burn's virus scanner tries to send to the infected owner, and sundry bad e-mail addresses that bounce to me (and those failed bounces to the sender coming to me) it's a real mess.
Alan Cox, Linux kernel hacker extrodinaire, is taking a year off to work on his MBA. Maintaining the v2.2 series kernel is starting to wear on him due to its obsolescence and he's looking for something else to do, and I can't say that I blame him. Everyone needs a break now and then. Good luck, Mr. Cox. The Cyrix sound drivers will miss you.
SCO's still at it - now they're building lists of Linux users to go after in their lawsuits. Does this remind anyone else of the Church of Scientology declaring open season on someone and suing them into the ground? The vast majority of people are waiting for SCO to provide absolute proof of their claims before they'll even consider forking over the $700us per CPU. Not many people are buying their stories of stolen code, though, as this Slashdot article shows. Someone managed to snap pictures of the supposedly stolen kernel code (images mirrored here and here) and the code (from arch/ia64/sn/io/ate_utils.c in the v2.4 kernel series) is pretty generic... generic enough that anyone on the face of the Net could have written it. I don't see any comments in there that say "Property of SCO" or anything like that. After plowing through the comments in the Slashdot article someone says that the part of the code written in the Symbol font says this:
As part of the kernel evolution toward modular naming, the functions malloc, and mfree are being renamed to rmalloc and rmfree. Compatibility will be maintained by the following assembly code: (also see mfree/rmfree below)
It might be jetwash, it might not be. If anyone can tell me for sure, please let me know so I can post it here.
A counterworm, antagonistic to the Blaster worm hitting Windows machines this week has been relased, but it's backfiring badly. In theory, the counter worm's supposed to hunt down systems infected with the Blaster worm, disinfect them, automatically download the patch and install it, and trigger a reboot to take care of the problem, but it's also wreaking havoc inside the Air Canada network and elsewhere because it's using up a lot of bandwidth to download the patch, the reboots are messing with everyone trying to get actual work done, and there's always the possibility of something plain old going wrong and corrupting data. It just goes to show that you can't always send a worm to catch a worm, because worms by definition are parasitic of network bandwidth and computer resources.. there's always something that's got to suffer, even if it's a beneficial effect. This isn't the first time this has happened, either - the Cheese worm did the same thing back in 2001.
Sometimes life presents something that warms even the coldest hearts. Sometimes it's as simple as a tree.
Nothing happening today. Not much to write about. Nothing to rant about. Not going to bore you with speculation right now.
Burn's been getting hammered by virus-infected e-mails all day today - samples of the W32/Sobig worm are trying to get into the Network almost constantly (which is why the bandwidth of the link from my Lab is so poor right now) but they're being stopped dead by Burn. Dear readers, if you're running some version of Microsoft Windows on your machines, for the love of Kibo please run a good antivirus package and use Windows Update to install the latest patches. Be good netizens and help stomp this worm out.
I started working on Fern's book of shadows tonight. In case I havn't mentioned it, I'm making her a book of shadows from scratch, binding the pages myself and even making a cover with a clasp to keep it closed. As a surprise (well, it probably isn't a surprise anymore - Fern, stop reading this!) I'm antiquing the paper as well. I'm brewing up batches of strong, cheap-ass tea from Giant Eagle to soak the paper in overnight. When the first batch is done tomorrow night I'll dry it in the oven and complete the process. I figure it'll take me about a week to do the entire book (all 500 pages). I'm using big foil pans, like the ones caterers use to heat water to keep food hot. They're cheap as all get out, about $1us each at pretty much any discount department or grocery store, and tea I bought in bulk at Giant Eagle ($5us for 400 teabags) to provide the tannic acid. It'll take two or three batches of tea to fill the pan halfway, at which time I'll be able to fit about 45 or 50 pages in there at once to soak. I'm going to use wire racks for baking to keep the pages submerged overnight, and I've got a space set aside on the back porch to set the pan out to sit for a while. I'll probably start the drying procedure tomorrow evening. I'm going to keep a running diary of this project in here in case anyone else is interested in trying this technique.
Extra-special thanks to the folks over at Propping Up The Mythos for running an excellent site for aspiring prop-makers, including a description of this procedure. Anything new I find out will go in here as well. Who says that propmaking can't be put to other uses?
The first batch of pages is soaking right now. We'll see how they turned out tomorrow.
I'm still trying to make sense of the UN Building bombing in Iraq this afternoon. They showed the recording of it as it happened on the evening news, and it was like someone kicked me in the head when the truck detonated. I really don't know what I think about the entire thing. The other bombing in Palestine on top of that has me reeling. It's bad enough that it was a truck bomb, but packing the damned thing with ball bearings for shrapnel... that's uncalled for. That's just fucking nasty. The bombing in Iraq is yet more evidence that they're still pissed that US forces bombed the hell out of them and that they want US troops out of there in the worst way. There's a resistance movement, for Kibo's sake; they're doing everything they possibly can to make life hell for troops.
The only thing I'll say on that is that if the people of a country are going to go to all the trouble to not only set up a resistance movement but start with the guerrilla tactics, then the people they're fighting that way really aren't welcome. It's a losing battle.
I just recieved a bounce message from someone's mail server, rejecting Burn's automatic warning that they sent an infected message. The automatic response contains the following:
This message has been rejected because it has a potentially executable attachment "document_all.pif" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it.
I'm assuming that if someone were to package a virus or a trojan horse inside a .zip archive and send it, the user would only have to uncompress and execute it to infect the system. I know too many end-users who would do just that without thinking. In which case, what's the point of even having a virus scanner? If it doesn't check inside transmitted archives it's not doing its job because it isn't checking everything that passes through it..
One of my guilty pleasures is the Weekly World News - whenever I need a good laugh or inspiration for a game, that's the first place I head. If you've been following it for a while you're no doubt familiar (at least in passing) with their de facto mascot, Batboy. The Pittsburgh Musical Theatre has a production of Batboy: The Musical slated for February 10-29 2004. As soon as tickets go on sale, I'm getting my hands on a few. This is going to be a scream, I have a feeling.
I havn't been active for very long today but it's already been a good one. After this weekend I decided to sleep in last night and catch up on my rest. For the first time in a few days I woke up this morning feeling relaxed and refreshed, ready to face the world and whatever it may bring. As normal for life, Dataline called shortly after I finished breakfast to ask if I'd called AAA to get my car towed, to which I answered that I had not, having only been awake for less than an hour. She means well, she really does... but her timing is often off just enough to make misunderstandings that much more common. At any rate, I called the dealership to tell them to be on the lookout for my car being towed into the lot, then called AAA and arranged for a tow truck. About an hour later the truck pulled up and the first thing the guy had me do was open the hood so he could hook up a portable recharger. It took a few tries and a little wiggling of one of the terminals but the jump-start worked and my car started. He advised me to still take my car down to the dealer this afternoon, after driving around for a while to bring the charge in the battery up to something close to normal.
I did this and dropped off my wheels about a half hour ago, then hitched a ride with the shuttle back to the Lab. I don't know when they'll get around to looking at my car, and now I'm not so sure that I know what's wrong with it, but at least it's in the hands of people who do have a clue. We'll see what happens.
It's true that nothing lasts forever... you can't escape the death and dissolution of all things in the universe, even the death of the universe as a whole. Astronomers have recently made an observation that should give anyone pause: There just aren't many new stars born in the universe anymore. Speculation on their part has it that by the time Sol finally becomes a red giant and begins to flicker out, the light in the universe as a whole will be only half of what it is now. They don't see much of a chance of a resurgance in the future, because the raw stuff of stars, hydrogen, is mostly tied up in complex molecules and the stars existing right now. When stars die they can collapse into superdense bodies, go nova and blow up a few times, puffing off rings of heavier elements as they do so, or go supernova and explode entirely, also scattering heavier elements throughout the universe... but that's not raw hydrogen being loosed. Hence, fewer and fewer new stars.
Something to think about.
I just heard back from the garage - my car's battery was leaking around the positive terminal. That's probably why it wasn't holding a charge, there was less and less acid in the cells to keep the reaction going. They're going to clean up the battery box and replace the battery. Their quoted price is around $125us - not bad at all for a new battery and cleanup.
Even better - $112us. I got an eighth of a tank of gas out of the deal ($1.63us / gallon?!).
Circle I Limbo
Circle II Whirling in a Dark & Stormy Wind
Circle III Mud, Rain, Cold, Hail & Snow
Circle IV Rolling Weights
Circle V Stuck in Mud, Mangled
Circle VI Buried for Eternity
Bill Gates, Scientologists
Circle VII Burning Sands
Osama bin Laden, Saddam Hussein
Circle IIX Immersed in Excrement
Circle IX Frozen in Ice
It's hard to be a god.
It looks like variants of the Nigerian Cash Transfer Scam have become the de rigeur form of net.humour these days. Here's one pertaining to the SCO Linux lawsuits.
I've got an interview! A company I've been talking to wants to conduct an interview some time this week. I'm in the process of setting it up right now.. I just hope that I can make it not conflict with having my car fixed.
Alexius, Dataline, my grandfather, and I have determined that I probably blew out the alternator on my car. I'm going to have AAA tow it down to the garage to be worked on.. this is going to be a swift kick in the pocket book..
I really don't have much to write about right now. I really don't care to read the news right now; I'm still tired from last night and the night before; I just want to sit around the house and read for a while. Sorry, folks.
Today's been a day mostly spent running in neutral, something my car isn't. Wry humour aside, I'm pretty proud to say that I've done not a bloody thing all day today, which I think I needed after a long week. Nothing bad happened, and I can't ask anything more than that right now. I just finished a workout and broke a sweat, which really feels good right now after all the abuse my body's been taking lately (something I still regret in some ways). Earlier today I was playing Final Fantasy Origins and beat Tiamat in one try - I even learned something about strategy in the attempt. I might learn this thing called 'planning' yet... I've also balanced my chequebook and added another handful of business cards to my PDA, which frees up a lot of desk space in my lab, to say nothing of the tables upstairs. I also finished reading the novelisation of Terminator 3. If the movie's anything like the book, I think I'll wait until the DVD available for five day rental at Giant Eagle (assuming that it's even still in theatres anyplace). Tomorrow I'm going to get my car towed to the garage to be worked on.. we'll see how that goes.
Samba v3.0, the open source system which permits communication and interaction with Microsoft networks is nearing full release. Among the new features are full support for the Active Directory (LDAP with Kerberos+undocumented bit authentication), a rewritter authentication system (finally!), and better Windows 2000/XP/2003 printing support (ditto!) This is a project to keep your eyes on.
How Would YOU Take Over the World?
In which the Time Lord gets his groove on.
Last night after dinner I got together with Alexius and the Keep crew for a night on the town. We'd decided to invade Club Chemistry in the Strip District. Club Chemistry, as far as I can tell, is all 80's all the time - a club for folks about my age (between 21 and 30, though there was a smattering of older folks present), with no cover charge and a surprisingly good DJ in residence. However, drinks there are very expensive ($5us for a beer, $4.50us for a shot) so that appears to be how they stay in the black. I'd recommend going sober and staying that way if that's your thing; drink at home with friends, when you don't have to shout to make yourself heard.
That aside, we had a blast there. The DJ covered pretty much the entire era, from the late 1970's all the way up to 1992 or so, judging by some of the tracks played. He's got good taste in music and had a wide enough variety to cover every possible preference of the time: New wave to synthpop to hair metal to disco. Whee. We finally got on the road around 2130 last night, arriving in the Strip District around 2200 EDT, and the rest of the contingent rolled in by 2230 EDT. I was a bit surprised to find that there really was no cover charge. I'm glad I remembered my earplugs, the equaliser was set to accentuate the higher frequencies (12KHz and 16KHz) with a bit more bass response, judging by the way the wall fixtures were vibrating (about 170 Hz). Perfect for dancing. Once Fern and Becky got me out there I stayed on the dance floor pretty much all night; surprisingly I'm not tired or sore, though I was sweating badly enough that I had to wring out my hair once or twice. Well-needed exercise. I'm actually feeling pretty good right now.
Just what I needed.
One thing that got on my nerves was finding something to drink that didn't have alcohol in it. I practically had to beg to get water down there, and there was no soda to speak of. Once I got through to them I pounded enough water to stay standing, which was around 0130 EDT this morning. Lilith wasn't in such good shape last night afterward, so Alexius and I opted to pass on going to Eat and Park (a local chain of restaurants in Pennsylvania) in favour of going to bed and getting rest. I dropped them off at the flat and then headed home to get some much needed sleep.
Right now I'm partaking in a Saturday ritual that I've come to treasure in the past few weeks, which is sitting around watching The Food Network with Dataline and drooling over all of the recipes (as well as wondering out loud how in the hell they can make such rich recipes yet stay so bloody skinny.. it isn't natural, I tell you!)
Well fuck me and marry me young. I tried starting my car and something under the hood made a nasty "FZZT!" sound as the starter tried to turn over. Dataline and I have been standing outside for a good hour or so trying to coax my vehicle back to life, but aside from the headlights and dome light coming on my car refuses to start. We popped the hood and checked the fluids; everything looks copacetic on that side of things, so I definitely wasn't riding around on no coolant again or low oil. I've got a quarter-tank of gas in there, too, so it isn't that. It's not the battery because the lights come on. I pulled the fuses to check them, they're okay as well. Trying to start the engine results in the starter motor making a sick tick-tick-tick sound; that's my guess as to the problem at hand.
Dataline and my grandfather left for the doctor's office not too long ago. Cross your fingers.
I heard on the news this morning over breakfast that the power's still out in much of New York and parts of Ohio. Ouch. Power companies are steadily restoring power to the downed grids but it's slow work. My guess would be that they're testing each set of links in the power grid and making sure that no surges do more damage to the already strained links.
They're back. It's acid reflux. Xantac's been prescribed to keep it in check.
I noticed something today: My grandfather's been given literally distribution cases of samples of his medication (the unit of each case has something like six doses of each drug times a dozen units) by the doctors to start off with in addition to prescriptions that have to be filled when the sample cases are used up. I wonder if this is a common occurrance these days - as far as I know they were free, though the prescriptions probably won't be. Just because I wrote this they'll stop for one reason or another, just you watch. Can't have people saving money even though they're sick, can we?
Not that it isn't nice of them, mind you. It's helped financially and it's a good way to see what one's body can and cannot tolerate before spending the big bucks on medication. I've taken an index card holder and set it upstairs to put the bubble-cards of capsules in so they'll be easier to find and handle for him. You've got to love those festive pink and black gelatin captules that are Xantac... so amazingly bright and cheerful for a condition that is such a pain in the ass.
Hee hee hee..
A news report concerning the creation of human/rabbit chimerae in mainland China has hit the newswires. Over one hundred hybrid embryos, created from the fusion of human cells with New Zealand rabbit cells were created in a laboratory in China and allowed to develop for several days before being destroyed to see if stem cells (which are generic cells that can develop into pretty much any other type of cell given the proper circumstances, including nerve tissue) could be harvested from them. This is the first known success of the chimaera technique - attempts in Massachusetts some time ago at hybridising human and cow cells were unsuccessful. Whether or not these embryos could eventually develop into a viable lifeform is unknown, mostly because no one's willing to be the first to let them come to term, given the ethical and religious controversies surrounding the topics of cloning and gengineering.
This afternoon's been a rollercoaster. I spent the afternoon going through my queue of jobs that I've applied for and hunting down people to talk to about the jobs in question. It shows that you're really interested in the position if you follow up a few days to a few weeks later (I prefer a few weeks to not be too big a pain to the folks in the HR departments, I know how hard they work) so I was pulling wires and dropping names. On the down side, I've now got a half-folder full of rejection letters. On the other hand, I've sent out another batch of applications, gotten a few phone calls back from people, and found that I was still in the running for a couple of jobs. Yay.
While I was copying the last of the batch of recipes into my cookbook (including the tortellini salad recipe that Dataline hacked together last night) Lyssa called. We sat and talked for a good hour or so. It's good to hear her voice again.. I miss her. I miss talking to her about everything and anything these days. We laughed and talked and suggested books to each other to read. Good times.
Good times flattened when I went to check on my grandfather. I'd been in the Lab for most of the afternoon and wanted to make sure everything was all right before I started exercising. I found him laying on his bed staring at the clock at bedside in a great deal of pain. His stomach, he said. After talking with him for a bit I called Dataline and told her what was going on. She was understandably upset, as was I at the time. I relayed questions and answers as best I could. It was decided that there wasn't a reason to call 911, because the symptoms didn't fit those of a heart attack (pain in the arms and neck, shortness of breath). As it turns out, he's experiencing just about every side effect of his antibiotics that you can imagine: Weakness, stomach pain, depression, loss of appetite, elevated temperature, shortness of breath.
What wonderful side effects for a beneficial medication, no?
He's got a doctor's appointment tomorrow for a checkup just in case. I was going to drive him but Dataline pre-empted me, stating that it's been five years since he'd been to that doctor and there would be a metric buttload of paperwork to fill out, which I probably cannot answer without time and research.. which I wouldn't be in a position to do because I'd be in a doctor's office and not at home.
So I guess that's a crisis that was averted. Nothing like worrying that your grandfather is having a heart attack to give you a few more grey hairs.
I've got another list of stuff I should start looking up and making notes on forming in my head. I should also pick up my Perl book again.
..and then, no sooner had I gotten back upstairs then I'd heard the television on and live coverage of the massive blackout in the northeast this afternoon. I've never seen so many people piled up in the streets, it was like New Year's Eve in NYC during the day. I'm honestly surprised that the people didn't panic; cooler heads prevailed. Everyone, as far as I know, is out of the subways and safe, I don't know about the folks trapped in elevators around New York, though. Power's slowly coming back on in Ohio and the fringes of New York. I don't know about Erie and Toronto. Around 1930 we got sick and tired of watching it and changed the channel. As much as I like knowing what's going on in the world Outside, my tolerance is about shot. I can only take so much before I get sick of it.
How'd I manage that?
Ouch. Massive power surge just hit the Lab. The Children are not happy.
Double-ouch. Devo sells out by reworking the song Whip It for a Swiffer commercial.
Well, I discovered a few surprises when I got back to the Lab last night. First, Lyssa sent me a letter to let me know that everything is all right down in Maryland and she's settling in nicely.. I havn't recieved a real, live(?) letter in I don't know how long. There's something about the feel of paper stationary, the smell of ink, and the idiosyncracies of a particular person's handwriting to forge a connection between people. Someone really sat down to write that letter, to think about the words because it was written in ink and you only get one real try at writing it, otherwise a page would have to be scrapped and started from scratch. As she said, letter writing is almost a lost art and she's doing her part to keep it alive.
Ziggy's happy to see me, though she's laying low right now. She was all over me last night and more than happy to get her usual midnight snack.
I'm sitting here watching the noon news, and they just ran a little clip of a white supremacist talking about the Colby Bryant (no idea of the spelling, this is the first I've heard of him). Ordinarily I wouldn't write about this but I noticed something: The voice speaking wasn't synched to the lips of the guy on the screen. Not by a long shot, we're talking Troma dubbing foreign movies here.
The particular surprise I had in mind when I started writing this update was news about my grandfather.
Please note, I'm not angry with Dataline at all. If our positions were reversed, I wouldn't have sent her an e-mail last weekend while she was out of town for a wedding-type function.
Dataline rushed my grandfather to the hospital a few nights ago.
There's no delicate way of of putting this, so I'm going to say that he'd been having trouble with elimination, related to inflammation of the prostate gland. They admitted him from the ER after a wait of an hour or two, ran a cursory exam (I'm told - exactly how 'cursory' this exam was, I don't rightly know), catheterised him (ow ow ow ow), and sent him home. He's got an appointment with a urologist this afternoon, Dataline's going to take him to the office for it in about an hour. However, late Sunday night my grandfather began experiencing problems that I don't want to write here because thinking about them still gives me the shakes, and most of you are probably at work. Suffice it to say that she rushed him back to the ER for another two hour wait (how busy can an ER be at 0245 EDT? there were people who had been waiting there for two hours or more that night.), an emergency check-over by the urologist on duty that night, and a replacement catheter.
And now he's having trouble with his stomach; lack of appetite, discomfort, queasiness... we're worried.
I'm hoping that it's just acid reflux, or cramping due to the catheter, or something like that.
Now playing: Big In Japan - Alphaville
As you're no doubt aware, information regarding security measures taken at airports and the general status of the US Transportation Security Agency has been reaching the news media pretty regularly since this whole mess started. The high-ups are getting tired of all this information working its way loose, it appears. They've begun an internal hunt for information leaks and the folks involved, from the bosses to the drones are starting to sweat. Those who have spoken to the news media, including a few air marshalls are being threatened with prosecution under the USA PATRIOT Act, which they technically can't do but it serves as an excellent deterrant for everyone else. When asked, the Department of Homeland Security has denied that any such internal operation is taking place; a leak in the DHS has confirmed that the molehunt is indeed running at full tilt at this time.
The cause of the molehunt was a report reaching the news which stated that the number of air marshalls assigned to certain 'high risk flights' would be reduced due to lack of funding. The DHS also wants to know who decided that those marshalls would be pulled and why, and I can't say I blame them for that. Decisions like that tend to go over the heads of some fairly important people. No formal probe is underway at this time, sources state.
Dataline and my Grandfather left about twenty minutes ago.
A very late entry.. Grandfather's okay. The catheter's out and they've got him on something called 'Flownase' for his condition. Seeing as how the problem cleared up about five days after they put him on antibiotics the physician thinks that it was a bladder infection. There's no way of telling now that he's been on antibiotics for so long... so all appears to be well.
Leaving for the bus station in about an hour. Will write more if I'm conscious by the time I return to the Lab. Everything's packed, everyone in the apartment's awake.
Back in Pittsburgh.
Not up to writing much right now. Tired from the trip, worried about my grandfather.
And I've never even seen this movie before.