2003/12/02

Last night was rather productive, I'm happy to say. To make some extra money over the holidays I'm doing a bit of home office consulting for some colleagues of Dataline's this week. I'm not going to pass up the chance to make some extra gift money... I've never heard of Dell giving people such a hard time, though. Oh, well. I didn't buy it, I just have to put it together. Alexius came over last night to help me clean up around the Lab, in particular behind the bar. I discovered where all of my satchels and backpacks have been running off to, apparently to breed. I should put a few of them up for auction to free up some more space. Maybe I'll modify them somehow to jazz them up some. We managed to sort out the snakes' nest behind the bar that is composed of the power and audio cables of my sound system. As I probably mentioned before, I'm spinning at the Promise of Iris Solstice Social ball this Saturday - stop by the Friend's Meeting House with a masque and get your groove on. *plug* *plug*

Hey, if I don't help get the word out, who will?

My sound system, insofar as the CD players and turntables is fine. I didn't try out the tape deck; then again I don't plan on bringing it with me because trying to cue up tapes is hard, even more so when you've got less than five minutes to do so. They're just not worth the hassle. The mixer should hold out nicely. It doesn't break down often, and when it does a quick trip to Radio Shack for parts gets the job done. The amplifier, such as it is, isn't the best anymore, and I don't think it'll do the job. That's why PoI got hold of a PA system for me to use on Saturday. Hear me not complain because I don't have to haul an amp and speakers around with me for a change. Also, my speakers are just about shot. Of the original six, only three are still working and I doubt that I can repair the other three, seeing as how they're older than my body is. If I ever get a chance I'll probably replace them with a handful of small high yield speakers for in-Lab use only and forget the PA. I don't spin much anymore anyway, so it's no skin off my nose. The odd thing is, by the end of it all the Lab actually looks much better.

'lex and I also sat down to try to figure out why the PoI domain doesn't resolve properly. The DNS configs look good to me - they're actually not too different from the Network's zone records. We messed around on the registrar's control site to figure out what's giong wrong but neither of us saw anything wrong. Leandra seems to think that it's a matter of the DNS caches around the Net expiring their records eventually. At least their website is accessible somehow. I'll have time to figure it out on Sunday, I hope.

Once we'd finished up I spent the evening catching up on the day's news, as sparse as it was, and checking on a few other project's I've got going. I'm hoping that my eBay auctions will start getting some hits soon. I glued and pressed the cardboard to make the cover boards of Fern's Book of Shadows Sunday night. When I checked last night the glue had set and the boards were holding up. I'll probably make the time to measure and cut them tonight in preparation for drilling the pages on Thursday or Sunday, if my plans hold up. I spent more of last night working on a gift for Pegritz for Yule. Given what he teaches and is a scholar of, I think he'll get a kick out of it.. this is the first time I've ever worked with Sculpey, so this is as much a learning experience as it is a mission. It's amazingly easy to work with; I'm still surprised that I can do anything at all with it. I remain hopeful.

I stil have to make my masque for the Solstice Social. I'm considering a black and silver motif (for a technomancer? whodathunk it...?) with some faux gemstones. And my red contact lenses.

Just when you thought it was safe to register a vanity domain... the website of Global Name Registry, designated top-level registrar for the .name TLD was cracked last weekend through the use of an exploit in the Apache webserver. Specifically, the front page of the website was altered. No other changes were found in their systems. They say that they've tightened their security and everything is right with the world once more.

Congratulations to Robyn of PoI! She gave birth yesterday afternoon to James Joseph at 1437 EST. Little James weighed 6 lbs. 9 oz.

Here's a neat hack for you: Paul V wrote an article on distcc, a distributed C compiler for OSnews. Sometimes compiling large code trees can take a long time on a single system, even a fast one. Good examples of this are compiling the the Linux kernel or Mozilla. To speed things up you can install a faster CPU and more RAM, add more CPUs to the system, or you can have a bunch of computers compiling different parts of the code tree at the same time and assembling the separate modules at the end, which is what distcc does. The article really doesn't have much to it, it's just about the fact that Paul got it working and compiled the Linux kernel and WINE with it. You can check out the project's homepage at http://distcc.samba.org/.

A serious vulnerability has been found in the Linux kernel, and has been implicated in the compromise of some of the Debian project's computers several days ago. The vulnerability is an integer value overflow in the brk(2) system call, which changes the size of a programme's data segment. The call as implemented does not check for bad values, allowing a user to gain root access. An exploit is in the wild at this time: An encrypted exploit was discovered on one of the Debian project's machines currently undergoing analysis and decrypted. All Linux kernels earlier than v2.4.23 are vulnerable; pre-release kernels later than v2.6.0-test6 and kernel v2.4.23 are not vulnerable. Download the updates from your distribution of choice's mirror sites and install them.

Following its purchase of Ximian in August of 2003, Novell, Incorporated is hiring coders in India to work on Ximian. How about hiring some of the coders in the United States who've been searching for jobs for almost two years now, guys?

If you've been keeping up with the Diebold electronic voting machine fiasco over the past two months or so you've no doubt heard that they've been suing people for putting up copies of the documents that leaked out, criticising their methods, and going through the copies of the code that have been making their rounds. Needless to say, this hasn't made them very popular, and it's damaged their credibility a lot. Recently they agreed to stop suing. Several dozen computer science researchers and students have been told that they will not be sued, which is causing quite a few people to breathe sighs of relief. Understandably, the EFF is all over this, as well they should be. (NOTE: I've been asked by an IP lawer to replace that 404'd link with one that works because the EFF page was lost some time ago.) Voting is a right in the United States, and accountability of those votes is important. If you cast a vote for Greg Dean and it gets counted toward someone else, not only is that basically stripping you of your right to vote (because whoever was behind that decided that your vote should go to someone else instead) but it is dishonest. I think that the fact that these holes are being made known far and wide is keeping the voting system honest.. the proof's out there for anyone who looks for it. Now Diebold has to fix the problems that have been made known; keeping them secret will only hurt everyone in the long run (the political system, the people whose votes theoretically decide what's going to happen, the politicians, the cororations...) Now they have to answer for what's going on.

Paul Starzetz has posted a formal writeup of the Linux kernel vulnerability I've been talking about.

Hot chick in tight leather.  Seriously.
You are: CATWOMAN!

Which Batman Villain Are You?
brought to you by Quizilla

Greetings fellow Frank Herbert fans from army.mil!

2003/12/01

It looks like the home stretch - Yule's coming up and the usual rush is starting to build. During my shopping expedition yesterday I picked up the last of the art supplies I'll need to make gifts for a few people, now I just need the time to get to work. I've got the cover boards for Fern's Book of Shadows glued and pressing right now. Dataline found some wallpaper glue around the house that I'm trying out.. I'm gluing two thicknesses of cardboard together to make the cover boards because I can't find the high-density cardboard usually used for bookmaking anywhere. I hope that works. I also need to make a masque for the PoI Solstice Social this weekend, and Alexius is coming over tonight to help me test my sound system and get it unplugged from behind the bar so it can be moved on Saturday. Dataline wants me to help her pack some stuff up tonight as well; I hope it doesn't take too long, this is the only chance I'll have to get everything tested and disconnected this week. I picked up the stuff to make a gift for an old friend yesterday, as well... I think he'll be pleased with it.

I also found a Chinese cookbook for $5us at Michael's yesterday. Needless to say, it's now sitting on my bookshelf.

Jerald Sheets wrote an excellent article on rolling out Linux on a large scale. In it, he talks about moving the desktop systems in the hospital he works at over to Linux en masse by using the Kickstart system. If you've never messed around with it (and most home users don't just becuse there isn't much need to clone a single installation, at least not very often), Kickstart is an installation method where you boot from a floppy disk that has a configuration file in which every detail of the installation process is outlined from start to finish, all you have to do is switch CD-ROMs now and then (or not ever, if you do a network installation from a local server, as Jerald did). He put the contents of the Redhat CDs up on a local webserver, made a bunch of boot disks, and had them pull their packages across the network. He also talks about setting up archives of security updates and new application RPM files for the systems on his network. One thing I wish he'd done was use Kickstart to actually make the systems for him; he doesn't talk about making and debugging a Kickstart configuration file (which is a bit of a black art). He says that he's working on that right now. I hope he writes an article on that, I know that there is a considerable need for a good tutorial right now...

An interesting tidbit about Jon Johansen cracking Apple's iTunes: He released the code to do so only days before he's scheduled to be formally acquitted for writing DeCSS. Jon.. don't you think that's pushing your luck a little?

The Chinese government has released net.dissident Liu Di, age 23, along with Wu Yiran (age 34) and Li Yibin (age 29) the Qincheng prison for political detainees outside of Beijing last Friday on bail. The three were incarcerated for publishing articles critical of the Chinese Communist Party. This event is highly unusual in that political prisoners in China are rarely, if ever freed for any reason. They were never formally charged with anything. Prosecutors have decided to reject recommendations on the part of the Chinese net.police to indict her for subversion, stating that there is a lack of evidence against her.

The Commodore-64 emulator Frodo has been ported to the Palm Pilot. I've always been more of a fan of VICE, but this is still pretty cool. Frodo for the Palm requires PalmOS v5.0 or higher.

While we're on the subject of emulating Commodores, the CBM4Linux project has released v0.3.2. The latest revision is up to date with the latest kernel revision (v2.4.23), fixed for use with the GCC v3.3 compiler, and ready to rock with the v2.6 kernel series when it comes out. There are also Debian packages that might or might not work - I've added the APT lines to Leandra's configuration, I'll see how they work out tomorrow. Rock on.

2003/11/30

Last night turned out to be more fun than I'd expected.. we'd gone to B'witche's Tavern in North Versailles. It's a little hard to find because the building's kind of plain but once you find it you'll never forget it. I'd expected to be bored out of my mind - I do not like bars; never have. This place is set up like a mediaeval tavern (under ordinary circumstances, another theme I'm not a fan of). The help's in garb and very friendly, and never too busy to hang out and talk with folks for a while. A group of us went to the place last night and wound up staying almost until last call. First of all... they've got mead. Lots of mead. So much that the eight of us killed somewhere around six bottles by ourselves (one bottle of Chaucer's is enough to fill three average-sized wineglasses, so it wasn't as much as you might think). They've got Goldschlager.... I don't think that I need to say anything more on that subject. Their chili was served in a bread bowl, which I dearly love, but they need to learn to make chili, I think.

I can fix that.

The atmosphere is very friendly and the place is well-lit. If this place isn't pagan friendly, I'm Kevin Mitnick. It's also extremely comfortable for family... B'Witch's also has specialty nights, which I think everyone should keep in mind: Every Sunday evening starting at 1830 EST is Auction Night, where merchandise (unspecified on the schedule) will be on sale for the holiday season. The first Saturday of every month is Fetish Night (meet and greet, no hardcore, no sex acts, body parts must be covered). It's a good sign when you see a St. Andrew's Cross when you walk in, though... As it turns out, Caroline (the proprietrix of B'Witches's) and Don at The ER Room are good friends... I think I'll be showing up there more often. The second Saturday of every night is Ren Garb night, where Renaissance and re-enactment folks are more than welcome to show up full dressed.. think I'll pass on that. The fourth Saturday of every month is Pagan night, with music, Tarot readings, et certa... sounds like fun (we were at that last night, incidentally). The cover's $5us.

On the other hand.. I completely forgot about the Bisexual Pittsburgh meeting at the GLCC yesterday. I got a voice mail from John sometime yesterday afternoon that I didn't pick up until I was on the road that they were looking for me..

Dammit.

I hate it when I do that.

I think Dataline will be happy... I'm tired of her crabbing at me that I'm getting too skinny and looking anorexic. I decided to put on about fifteen pounds of body weight to fill out my exterior. She's stopped bitching, which is a plus, but now a lot of my clothing is very uncomfortable, to say nothing of the fact that I can feel things moving that really should be. It's very disconcerting, and I see it as a major step backward, but at least she's no longer climbing all over my back about looking sickly. The less yelling that goes on, the more I can actually get done.

I need to get the hell out of here. This charade is really starting to piss me off.

I've just put some stuff up on eBay for sale. Right now I've got a couple of hard drives up for auction, and more stuff will appear soon. Check them out.

22 back issues of Odyssey Magazine (a children's astronomy magazine) are now up for auction on eBay.

2003/11/29

Today hit the ground running, unfortunately, though I managed to get things slowed down eventually. I was hoping for a restful, relaxing weekend and it might turn out that way eventually. At least, I hope so.

I had planned on a leisurely day of wandering around the area hitting all of the hobby stores to find stuff for the diorama Dataline does every Yule with the tree platform and a few trains. One of the most difficult things to find anymore is green textured paper to cover the platform, which approximates a grassy landscape. Try finding it these days. I got lucky and found it at a hobby shop that specialises in HO-scale model trains and picked up a few hundred square feet of it for her. However, she also asked me to do food shopping for her, which meant that I had a time constraint: Get to the store before it's shopped out. Thankfully we really didn't need all that much so ten minutes later I had that taken care of.

I havn't had a chance to consider what I'm going to get everyone for Yule this year. I think I'm going to wind up going with gift certificates and home made sweets for everyone because I just don't have the money right now. I hope to have some time tomorrow afternoon to think about things.

Right now I'm getting a pile of stuff together to put up on eBay to free up some space in the Lab. I realised something last night: I'm DJing the Promise of Iris Solstice Social Ball this year, and I can't even get behind the rack to disconnect my gear to move it, let alone stand and practise with it due to all the stuff that's piled up in the space. Lowmagnet picked up the server I'd been hosting for him last night, which opens up a lot of room but there's still a lot of stuff that needs to be taken care of. I'm going to be putting up some SCSI hard drives, magazines, some pewter models, some modems from the old dialup pool, and whatever else I can find to free up room and raise some cash. I'll post the links when that's done.

I was hoping to spend some time close to home tonight; Fern mentioned wanting to have a movie night, which I was really looking forward to, but Alexius is calling folks together to go to a new bar with a mediaeval theme.

I'm not a fan of mediaeval, or of the Renaissance... I also don't like to go to bars. I promised everyone that I'd hang out with them tonight, but on the whole I'd much rather not go. I was hoping to spend one night close to home for once. I'm really tired of traipsing all over Creation.

Really tired.

2003/11/28

The man who stole that laptop computer from the Wells Fargo Bank was arrested after the FBI traced him logging into his America On-Line account from one of the stolen laptops. Edward Krastof of Concord, CA confessed to stealing the computer after he was raided; during the raid authorities also found a considerable amount of equipment that could be used for scanning ID cards (not easy these days given the white-light holograms embedded in the plastic, among other measures) and bank cheques.

Today's going slow but steady. The office is on a skeleton crew today; everyone else took today off to do whatever it is that people do over the Thanksgiving holiday.

It's weird: It's been so long since I've actually had a vacation day after Thanksgiving, I have no idea what it is that people do. I'm used to having to hack all day on a project or write a paper. That's what I did for almost eight years. Today I'm in the office making sure everything's running properly and waiting for all hell to break loose.

Analysis of the break-ins at debian.org continues. James Troup posted to the Debian Developers' mailing list earlier today to post what he's found so far.. The compromise was discovered when a kernel module installed from the suckit rootkit caused the affected systems to report "oops" errors (basically, the Linux kernel says "Uh-oh, something's not right inside me - think the T-1000 in T2 when he gets hit with that grenade) all over the place. Because all of the affected machines were throwing the same error in the same place, eyebrows were raised and the investigation began. An unknown intruder used someone's password (probably collected from another compromised machine where someone was reusing that password.. very, very bad idea) to log into the server "master" and broke root somehow (I'd guess with the GNU Screen vulnerability that's been going around because the usual maintainers aren't responding) and installed the rootkit in question. Then, the intruder began reaching out to other Debian Project servers and compromising them.

When the break-in was discovered the systems were shut down and their hard drives were imaged (perfect binary copies were made for later analysis). Three of the machines were torched and rebuilt from pristine media and patched. It's taking a long time to verify the Debian archives from its mirrors around the world - there's a lot of files to go through. No one's sure how many of the developers' other accounts are compromised - the suckit rootkit has an ethernet sniffer included as part of its toolset, so any number of login IDs and passwords could have been captured if people were sourcing out from those machines. All of the Debian developers' account are locked out right now, so work's slowed to a crawl. I'll post more as I find out what's going on.

Someone's posted SCO's start-paying-us-for-Linux letter to Groklaw. There's a lot of misinformation in here, so much so that anyone who's even partially familiar with Linux as a phenomenon will wonder exactly what SCO is trying to pull. Commercial software tends to vary a lot in security these days; sometimes trying to convince a vendor of the existence of a security hole in their software is impossible until after the exploits start flying. I have to wonder how many of us who code on Linux machines really did have access to AT&T's original source code for System-V... a lot of the folks I know must have good plastic surgeons.

Something I've wondered for a long time is the age spread of Linux developers, to be honest... what is the age range like, anyway?

Okay, that's not one of my better posts. I was hoping to make it a bit more coherent but I'm multitasking again.

Cosmicity's facewell album, Escape Pod for Two has been officially released. Check out the television commercial for it.

This evening after work I was the only one on the bus headed home; everyone else was off today, I suppose. In the office I was one of four people who came in, which I found rather unusual - I'm not used to that. I'm used to wherever I'm working being full of people and noisy and not having a sub-skeleton staff around. I guess that goes to show how long I've been out of the IT game; ordinarily I'd jump at the chance to get maintenance done and over with for the Thanksgiving break. But that's neither here nor there.

By the time I got home the bus driver had decided to drop me off in front of the building; because there was no one else on the bus she skipped the rest of her route out my way and called it a nice. I don't mind not having to walk up the hill in the snow... oh, did I mention that it's been snowing all afternoon? It's still coming down outside, though not very hard.

Lowmagnet and I went out for dinner this evening. He's in town for a couple of days and we spent time together, catching up and generally having a good time. In accord with what seems to be tradition for us, we went out for Mediterranean for dinner and then wandered around a bit, only to discover that most of the nearby stores were closed for the night. Failing that, we headed back to the Lab and watched movies - the DVD of The Breakfast Club that I'd picked up a few weeks ago. If you're a fan of the Brat Pack, grab it - they remastered the soundtrack, and it sounds quite good on a surround sound system.

It's definitely one of the defining movies of my life, up there with Pump Up the Volume, Wargames, and The Adventures of Buckaroo Banzai (you're surprised?). To this day I still have to think back to what I can recall of high school, and what a hell it was. But that's in the past, dead and buried. E nomine patris, et feli, et spiritu sancti...

2003/11/27

Happy Thanksgiving, everyone.

Today's been a slow one.. I got up somewhen around 0900 EST, did basic maintenance, and then headed outside for breakfast. Thanksgiving is one of my favourite holidays simply because most of the day is spent sitting around relaxing. Even cooking is mostly waiting for the food to finish on the stove or in the oven. Last night I made a batch of lemon bars for my grandfather, caught up on my e-mail, and got my webcam working. Lyssa's at her brother's for Thanksgiving today, she was en route most of last night. I also had a chance to watch the X-Men 2 DVD - excellent image quality, sounds great on a surround sound system, but a little over halfway through the sound desynchs due to my DVD player choking on the odd frame. It's a little anoying, reading lips when the sound's out of kilter. The bonus DVD keeps crashing the DVD player, however, so watching the deleted scenes and flipping through the image gallery got on my nerves in fairly short order. Still, it's worth the $15.00us.

This morning I rolled up my sleeves after breakfast and started to work on the pumpkin tortes we're going to have for dessert. I think the graham cracker crusts turned out rather well, if I do say so myself.. we accidentally bought twice as much pumpkin as we needed (the recipe calls for 15 oz.) so we wound up doubling everything else and making two, one in the springform pan and a second in a pie tin. We still have pumpkin custard left over; it's in the freezer cooling as I write this to make.. well, custard. Waste not, want not. The turkey's in the oven and the stuffing's made. The rest can wait a few hours.

Lately, I've been thinking about moving my site over to a content management or portal system, like PostNuke or PHPnuke. I've worked with PostNuke at work and I really like how well it works; granted, it too me about three weeks of hacking around with it before I figured out how to do anything, but I'd like to give it a try. One of the biggest misgivings I've got about setting it up is that my site's indexed by search engines six ways from Sunday and a lot of people go through my memory logs to look stuff up. I don't want to hose all of those search engine hits just because I feel like shuffling stuff around. I might be able to get around that with a rule that'll re-write requests for .html files into requests for .php files, though. The other thing is that I won't be able to easily update it remotely (i.e., from work) and I don't know if I'll be able to use a text mode browser (like Elinks) to update the entries as I usually do. Also, the news article format that portal sites use seems a bit.. unsuited, I suppose, to the style of entries I make (a stream-of-consciousness narrative). I haven't decided yet. On the up side, it'll have a search engine built-in, which I could add right now but don't have the time to, and because it's built entirely out of PHP code it's easy to write extensions that pull data from a database. Also, more and more I like the idea of people being able to comment upon and discuss the stuff I write about in here (especially the privacy, civil rights, and technical information). Information wants to be free and all that.

It'll also make permalinks a bit more finely grained, so you don't have to read through a single day's entries to find what you want. As if that weren't enough the stuff I do write could be syndicated with an RSS feed (basically a news ticker). Also, I can set it up to automatically make certain words hyperlinks so I can save myself a lot of typing (for example, making the words Jinx Hackware a link to the site the first time I type it so I don't have to remember to do so all the time).

Anyway, I leave it up to you, my readers. Up at the very top of this page (and at the top of my front page) there's an e-mail link to let me know what you think about that. Un-spamblock the address as usual and tell me. I'll make the final decision over the Yule holiday.

A major security compromise has been found in the GNU Privacy Guard, an open-source cryptography utility. A particular kind of key, called an ElGamal signing key, is vulnerable to an attack which can reveal your private key. If your private key is revealed, everything you've ever encrypted with your public key can be decrypted and read by anyone who feels like it... and from what Werner Koch and Phong Nguyen (of the GnuPG project) say, figuring out the private key takes just a few seconds. Don't consider this a theoretical attack. This attack affects keys used to both sign and encrypt; most ElGamal keys are only used to encrypt. You can find a patch for this vulnerability that will remove ElGamal signing keys here. The patch is against v1.2.3 of GnuPG. This patch will be incorporated into the next revision of GnuPG.

Koch says to consider any keypairs made with GnuPG v1.0.2 or later to be vulnerable. To see if your key is one of them, issue the command gpg --list-key "<your name here>" and look for the size of the key in bits, followed by a letter and then a slash:

pub 2048G/xxxxxxxx 2001-xx-xx Mallory <mallory at example.net>

(I've taken this directly from the post to the GnuPG mailing list; sorry, Werner)

If you see a capital letter 'G' after the size of one of your keys, you should consider it compromised and revoke it as soon as possible. To generate a revocation certificate if you havn't done so already (which is actually good policy but nobody's perfect), use the following command: gpg --gen-revoke your_keyid > foo.rev. If your key does not have that capital 'G' after its bitsize, do not worry.

The import the revocation certificate into your keyring to mark your key as persona non grata: gpg --import < foo.rev

Now get your revoked key out there so that everyone else who has your public key can revoke it on their keyrings: gpg --keyserver some.pgp.key.server --send-keys your_keyid. You can also export your now-revoked key (gpg --export -a your_keyid > mykey.asc) to send to people and put on any websites your key's posted on to expedite the process.

Once again, if your key is not an ElGamal sign+encrypt key as described above do not do this. You don't have to. I would, however, recommend running the command gpg --refresh-keys once a day for the next week or so to catch any revocations from folks on your keyring, though.

This is just cool.

Rogue Quiz Result
You're the mysterious gothy, Rogue. You're a loner
and rather sarcastic, but deep down you have a
heart of gold. You don't connect easily with
people, in fear that you'll hurt them. But deep
down you wish you could be close to somebody.
You're one tough cookie, and you'd like to keep
it that way.

Which X-Men Evolution Girl Are You??
brought to you by Quizilla

2003/11/26

Last night turned out to be a lot more hectic than I thought it would be. Yesterday morning we finally got tired of the coffee maker leaking all over the countertop while it was making programming fluid, and while this isn't ordinarily an emergency as most people reckon it (nor Dataline or myself) it does constitute an electrical shock hazard.. and my grandfather can neither see nor hear particularly well. While we could mitigate the risk of being lit up like a bank of LEDs reasonably well he could not, and so we decided to scrap the current one and get a replacement. For the halibut I hit the highway and started northward to a strip mall that's all but died since Wal-Mart moved in and started eating everyone's lunch, figuratively speaking. Anyway, they had a good deal on a coffee maker that's got a white housing (so it's easy to see) and is simple to use (a single on/off switch), both criteria for my grandfather's impaired senses. While I was out there I went hunting for corrugated paper with a brick pattern printed on it (for the Yule tree platform) and green grass-like paper for the railroad display. Wal-Mart carries neither. I went to a few craft stores last weekend to see if they had anything fitting those descriptions but came up null there as well. I might have to prowl around the hobby shoppes this weekend; a few near me carry model railroad supplies, which is basically what I'm looking for. I also picked up the two-disc set of X-Men 2 yesterday.

To its credit, Wal-Mart also has the season one boxed set of Forever Knight, which I've been slavering over since I heard it'd been released. For a good price, too.

After that I started picking up around the house, doing general cleaning to get ready for Thanksgiving (and because I'm generally sick of looking at the clutter and exercised to blow off some accumulated steam from this week, as well as stretching the muscles that have been cramping up lately. I think it's the cold and trying to write documentation at work (parallel revisions - ugh). And then I made the mistake of working on Lucien...

I patched Qmail on Lucien with the QMAILQUEUE patch, which basically lets you specify what programme you want to run to drop incoming mail into a holding queue. Ordinarily, one of Qmail's modules (called qmail-queue) does this: It takes an incoming message from the smtp daemon (which sits on a network interface and handles mesages from the network) and puts it into a directory to sit, where another module then walks through the queue in the order the messages were recieved in and delivers them to the right mailboxes. Something that spammers have been doing was sending mail to nonexistent users on Lucien using bizarre usernames (like <> and <<>>) from nonexistent points of origin. Qmail ordinarily accepts mail and tries to deliver it for some period of time; if it can't it sends a bounce message to the sender (which, in this case, doesn't exist). The only problem is that these messages sit in the queue for a week or so wasting disk space, memory, and CPU time (when Qmail attempts to deliver them but can't). The QMAILQUEUE patch lets you put another utility between qmail-smtpd and qmail-queue, which for the Network happens to be Qmail-scanner (an interface for a virus scanning system and anti-spam system; it's actually pretty slick).

So now, the way things work incoming mail hits qmail-smtpd and gets handed off to qmail-scanner, which checks to see if the destination address exists on Lucien (if not, it drops it on the floor due to the amount of sheer crap that comes in every day), scans the mail for viruses if it does, and then passes it off to qmail-queue to go into the queue delivery. Trying to set all of this up in a hurry, however, left me making mistakes left and right, and also nearly losing a configuration file for TCPserver (which I think is the neatest thing since sliced bread), and whcih took me a few hours of hand-hacking to get right a while ago... and this morning when I logged in to check my mail I found over three thousand messages waiting in my inbox, all of which are "My bounce message bounced" warnings from Qmail. I just deleted those en masse because Qmail scanner will handle that from now on.

Sheesh.

Jon Johansen of the Masters of Reverse Engineering, famous for DeCSS has done it again: This time he's figured out how to crack the digital rights management system of Apple's iTunes service. The utility is called QTFairUse. The utility dodges the subsystem which forces you to pay $0.99us per downloadeed song. Expect the fur to fly for this one, folks..

There's an excellent article on computer viruses over at CNet that I recommend to everyone. It starts off with Fred Cohen and his 1984 research paper that was rebuffed by the National Science Foundation. I guess they're still kicking themselves over that because he described the threat that viruses can pose to computers and networks.. the article goes on to relate some of the history of self-replicating programmes and how they started out not as malicious code but as classic "neat hacks" and research experiments. In the early 1980's no one thought that this had ever been done before (it had, incidentally, at Bell Labs in the early 1960's) and resurfaced as part of a game in the mid 1970's. Also mentioned is Core Wars, in which programmers write viruses that run in a virtual machine and battle for compute cycles and space in a simulated memory field. Something else mentioned is the first Apple II virus, called a cloner by its creator (Rich Skrenta of Pittsburgh, PA) and how he used it to play jokes on his schoolmates by having it copy itself onto their data and game disks. The article finishes, predictably, with viruses becoming more and more malevolent toward the end of the 1980's and on into today. There are lots of other articles linked off of this one, sit down and give them a read.

1026 EST: Number of messages in Lucien's remote queue: 87. Number at this time yesterday: 3,122. Success.

This happened about as rapidly as I'd expected: Three US Senators introduced a bill on Tuesday that defines marriage as between a man and a woman only, which would nullify the Massachusetts court decision. Senators Wayne Allard, Sam Brownback, and Jeff Sessions are behind what is referred to as the Federal Marriage Amendment. Yes, 'amendment' - this bill, if passed, would modify the Constitution. This bill was actually introduced to the House of Representatives on 21 May 2003 by Marilyn Musgrave so it's actually notall that new, but it's picking up supporters rapidly, now having over 100 people backing it.

You know, this reminds me of a joke someone told me once: A gay man and a straight man are sitting in a bar sharing a friendly beer and catching up on old times. The straight man's lamenting his third divorce in five years, the gay man, when asked how his life's going, remarks that it couldn't be better because he and his partner had been together for almost fifteen years, never fight, and generally are loving life. The only problem is that they can't be legally married. The straight man frowns and says "That's sick."

Well, I thought it was funny. The whole pot-and-kettle thing.

Linus has spoken - the v2.6 kernel is due to be released in late December. This is going to be the biggest release in a long time (since v2.4, in fact), featuring loads of new features and fixups. The final beta release hit mirror sites a few days ago, and bleeding edge crew is pounding on it night and day. Enterprise distributions of Linux are not expected to make the switch until later in 2004, when all the kinks are worked out. Among the improvements are much faster performance, better USB and Firewire support, and increased scalability (up to 64 CPUs per system and full support for 64-bit processor cores). Time to start scrounging around for a test box...

Tales about Indian fakirs who do seemingly impossible things have been going around for literally decades, if not more than a century. Rarely have they been scientifically studied, however.. until this gentleman, at least as far as I know. He claims that he's not eaten nor drunk water for several decades now. Prahlad Jani has been under constant observation for ten days now in a hospital in India, and true to his word he's neither eaten nor drunk anything. He does, however, have a hole in his palate (the roof of his mouth) through which he says that droplets of water filter into his body. I really don't think that mere drops of water are enough to sustain a human body, seeing as how humans succumb to dehydration after slightly less than a week or so without any liquid water (the article to the contrary). I don't have a scientific explanation for this. This is one of those things that makes you scratch your head and say "Wow." If anything else comes up about Fakir Jani I'll post it here.

Kuro5hin has picked up the story about iTunes being cracked as well.

Always treat someone right on home soil. They're nice enough to let you in. If they didn't let you in, watch your six, because they're under no obligation to give quarter nor take quarter. Two teens in Poole, Scotland broke into the home of an 80 year old woman, who wrestled with one and went after the other with a ceremonial sword that once belonged to her husband. Mrs. Jean Freke was only slightly banged up in the scuffle, walking away with only a few bruises but the burglars ran off into the night after meeting up with more resistance than they'd expected to encounter that evening.

I like Mrs. Frake.. she reminds me of my grandmother, down to taking no shit from anyone and having no qualms against rolling her sleeves up to tumble with someone who gives her trouble.

I miss you, Gramma.

Congress is giving the FBI even more power to act by increasing the reach of the USA PATRIOT Act and cutting the amount of overhead that the FBI has in terms of hoops they have to jump through in terms of getting their hands on transaction related documents, everything from business deals to what you mail-order without having to get a warrant. Lovely. I wonder how they're going to handle all the traffic from the holiday season?

2003/11/25

I just discovered something truly broken about IE6. They've changed things around at work so that no other web browsers can be used; because we go through a proxy server, I think the proxy server examines the User-Agent line sent with each request by the browser and stops anything but IE6 dead in its tracks, which incidentally breaks a couple of web applications.. not because the apps don't work with IE, but because they don't work through the proxy server for reasons of authentication. They've overridden the directive which tells IE "Go through the proxy server for all but these (internal) sites" with "Go through the proxy server or go frag yourself." But that's just my complaining because I can't do my job.. what I discovered was that this is considered valid HTML code by IE6:

<a href="http://www.securityfocus.com/"</a>Securityfocus</a>

Is treated like this:

<a href="http://www.securityfocus.com/">Securityfocus</a>

The former was a mistake on my part, a typo in my personal startup page. That should return an error, and actually is by any other browser out there but IE6. Whose bright idea was that? And they say Unix gives you more than enough of a chance to shoot yourself in the foot...

Diebold's coming under some more heat.. first the fisco with their voting computers, and now word's gotten out that many of the ATMs they manufacture were infected with Nachi during the outbreak. The advanced models they make run Windows XP Embedded Edition but were never patched for the RPC DCOM vulnerability. All it took was a few ATMs to fall prey to Nachi or Blaster and they began scanning for other vulnerable systems, which set off IDSes all over the place. To their credit, most of the machines were disinfected later that day, but that says a lot for planning on everyone's part (always plan for having to install patches in the future, no matter what you're running) and how tightly interconnected things are getting these days. I don't think anyone even suspected that a work could make its way into a theoretically isolated computer network like an automated teller system. It also says a great deal about the dangers of rogue network connections: An isolated network isn't if someone installs a modem and a PPP server on their workstation, or if a DSL line installed in an emergency network outage is never disconnected. As the connections multiply, so do the dangers inheent in them.

In a similiar vein, the Department of Homeland Security ran a simulated terrorist attack on computerised services not too long ago to see hwo well their infrastructure would hold up. They found some gaps in their structure that I really hope they're working on, giving the result of the exercise a grade of B+ - not excellent but not poor, either. At a guess with no background data to draw from, I'd say they ranked around "good" on a relative scale of terms. Many of the organisations that took part in the simulation weren't even aware of it until after the fact, which adds verisimilitude to the exercise: Terrorists usually don't telegraph their runs, so neither should dry runs. One thing that bothers me is that the simulation probably used techniques and research that DHS knows about; if they know what these so-far-mythical cadres of net.terrorists have up their sleeves, they aren't talking (and understandably so - if someone knows what you've got up your sleeve, it's not as effective because they can plan for it; you lose the element of surprise). This article doesn't have enough information for me to make a judgement call one way or the other.. at least they're working on it.

Being mistaken for someone else is rarely a good thing, moreso now due to the anti-cracker laws Singapore has instituted. Never folks to do things partway, the government of Singapore has passed laws allowing for pre-emptive strikes against crackers. The article's pretty thin but it has all the buzzwords you've come to know and love in the past two years, like "cyberterrorism", "national security", and "essential public services" Agencies may now patrol the Net and take out people they think are going to commit acts of "mass disruption".

Something else to hate about Office XP: Say you've got four documents open at once. You close one of them: Alt+F; Close. It closes all of the documents you've got open. Whoever thought that 'close a document' and 'quit' were synonymous needs pimpslapped.

2003/11/24

The US Department of Energy was supposed to have released a preliminary report regarding the massive power failures on 14 August 2003 across the eastern seaboard, but this morning I tried to access it, and was thrown over to a 404 document: "The page you are lokoing for doesn't exist or might have been removed." How convenient. However, if you hit this posting on Bugtraq from a few days ago, you can read a few things that Geoff Shivley wrote about the document. I wonder if this was pulled in the same way that so many other freely accessible documents are these days "for reasons of national security."

PAT Transit has done it again.. in response to some of their drivers complaining about downtown (in particular the only straight road in the entire bloody city) they've changed a number of routes, including the buses I ride to and from work every day. My bus going in now swings around the block to drop me off another two blocks from work every morning, and I've got to retrace my steps back to that stop to get my bus every night. They hadn't even finalised it until last Friday (the day of Light-up Night in Pittsburgh, which is always a nightmare). Thanks a bunch, Port Authority. Spank you very much.

At Stanford University this past weekend computer security researchers gathered to discuss responsible disclosure: How and when to tell vendors that they'v found vulnerabilities in their software and when to tell the public about what they've found. Generally speaking, the accepted practise is that a researcher tells the company that they've found a bug, sometimes how they found it, the circumstances under which it can be exploited, and either a proof-of-concept exploit programme or the technique they used. If the company's on the ball they fix the bug, release a new version or a patch, and after some period of time the researcher tells everyone. The grey hats tend to tell everyone else first, and the company finds out later (or along with everyone else), so there's a scramble to isolate the vulnerability, patch it, and get the patch out there (that's been happening a lot to the OpenBSD project lately, mostly due to their claims of being 'secure by default', code audited, and other things that make you trust them; check out their website sometime). David Mitchell said at the conference that he's sworn off telling the public due to the impact of his last find: The Slammer worm.

Frankly, I think he's being hard on himself. It's not impossible to find a bug, write an exploit, and sit on it until someone else finds it just to mess with their heads. It's pretty improbable, but it still has a non-zero probability. Frankly, I'd rather have the exploits out there because then I can make sure that I'm covered, or that I've got to get my butt in gear, but that's just me. This could turn into another holy war, along the lines of vi-vs-emacs.

Snort v2.0.5 is out. Time to upgrade. Among the new features are thresholding for memcap rules and information leakage between concurrent packets. Not much has changed since v2.0.4, I can see.

Speaking of power grids and security, the US-Canada Power System Outage Task Force (sheesh.. sounds like something from a Cyberpunk 2020 supplement) has stated that crackers were not to blame for the power outages in August of 2003 but the power grid's controlling networks' reliance on the Net for connectivity does indeed make it vulnerable. There were a number of factors behind the outage, they say, among them computer failure, policy violations, poor maintenance on the part of FirstEnegy Corporation of Akron, OH, and plain old screwups. The article's pretty thin but if you're hoping to be reassured it's a good one.

Earlier this month an analyst working out of Concord, CA for the bank Wells, Fargo, and Company had a computer containing sensitive customer information stolen from his office. The bank is offering a $100kus reward for informationleading to the arrest and conviction of the thief. Names, addreses, and social security numbers are said to be part of the data that was stolen. The bank has admitted that there is no evidence that this data is being misused but due to California due diligance laws they're supposed to be notifying their customers. Anyone know for sure if they are?

Word's gotten out that the compromise of some of the Debian project's servers didn't include any of the source code. It didn't stop them from releasing Woody v3.0r2 last Friday.

Mother Nature threw us another curve ball in Pittsburgh today. When I got up this morning it was a pleasant, if slightly chilly 55 degrees Farenheit with a beautifully clear sky.. the kind of sky where the clouds are few and far between, at best accents carefully brushed onto an azure and cerulean canvas. Definitely one of my nicer sense-memories this year.. anyway, in the nine hours I was at work the temperature plummeted over twenty degrees Farenheit, it rained for a time, and it even snowed for some indeterminant period of time (which I realised walking to the bus stop this evening through a thin crust of snow atop the cracked concrete sidewalk next to cars leaving a disgustingly expensive outdoor parking lot covered with snow). Even through two shirts and a lined duster I still froze my six off waiting for the bus... I wasn't even sure it was the right stop to begin with (seeing as how my bus stop changed) but I'd guessed correctly and just a few minutes later I was happily reading on the bus back to the Lab. Mental note: Hoodie. Wear the hoodie tomorrow. That, or get around to making a cowl for my duster.

2003/11/23

entrancing
You have an entrancing kiss~ the kind that leaves
your partner bedazzled and maybe even feeling
he/she is dreaming. Quite effective; the kiss
that never lessens and always blows your
partner away like the first time.

What kind of kiss are you?
brought to you by Quizilla

Today was unusually short and to the point. I'm still tired from running around all day yesterday but someone had to go out and finish restocking for the week.. I picked up a couple of things at the supermarket and then drove out to the new Joanne's Fabrics to see what I could find. Dataline asked me to look for polyfil stuffing so she can fix the couch and stuff for the Christmas tree platform. I was only able to find the polyfil, they didn't have much in the way of holiday stuff that wasn't fabric. Failing there, I wandered down to the new Wal-Mart (those things are popping up like mushrooms after a rainstorm) to see what they had. Aside from a light-string tester and the special metal box edition of Terminator 2 (which is quite good; there are sixteen more minutes of footage, meaning a good eleven or twelve new scenes) I came up bust there as well. Maybe it'll start appearing the closer we get to Yule.

All told, I was out for about two hours today. Dataline remarked to me that she'd expected me to be out all afternoon. I just told her, "I do what I have to do."

As much as I'd love to be away from the house for a couple of days to relax, I don't think it'll happen. I don't want to air any dirty laundry in here (gods know, I do enough of that in a backhanded manner), all I'll say is that if I don't stay local, I don't want to see what things will be like when I get back.

Debian GNU/Linux v3.0r2 was released on 21 November 2003 (named 'Woody', after the Toy Story character). This technically isn't a new release but a sub-release which fixes some security vulnerabilities and some bugs in the system in general. The announcement has a large list of the updated packages and bugs repaired, as well as a list of packages that have been removed from the distribution for one reason or another (usual licensing conflicts). You won't find a new set of installation CD-ROMs or ISO-9660 images for it; you'll use the same installation discs, but after you install you can run a distribution upgrade with the APT utility and it'll bring your new system up to par.

The Pet Shop Boys have released a new single, called Miracles. There is a b-side on the same disk called We're the Pet Shop Boys, amusingly enough, which is an autobiographical piece. You can get it through the folks at A Different Drum. While we're on the subject of synthpop, Neuropa just finished recording a new album (titled Born). I don't know when it's going to be released but it's projected that it'll be near the beginning of 2004, depending on when the discs leave the factory.

Speaking of CDs, I got Roxio 6 working on Dataline's deck today. For the hell of it I fired up the Shockwave tutorial and walked through it, and at least the drag-and-burn applet works perfectly. I ran a quick backup of her documents and wrote them out to a regular CD-R disk without any trouble. I'd say she's good to go. The menu application doesn't work so well but I think activating each individual application should work. Failing that I've got a copy of Nero as well that we could try.

2003/11/21

Well, life's decided to start throwing curveballs lately. Lucien's remote mail queue is clogged with over 2200 bad e-mail messages from idiots who think that spamming to the addresses <>@every.domain.on.the.net and <<>>@every.domain.on.the.net will actually reach someone. I'm now looking into modifying Lucien to detect brain-dead attempts like this and toss them without even queueing them. Incoming e-mail is recorded, it will just take Lucien time to process the queue and find them.

If only there was a jury in the world who wouldn't convict me..

On top of that, Pittsburgh's Light-Up Night, when the light the big Yule tree is tonight. This means that festivities start at 1700 EST, when everyone's getting out of work. This also means that public transportation is going to be completely hosed. They've cancelled a few dozen bus routes for the next day or so (including all the ones that actually go to beyond the boundries of the city proper, like the one I ride home every night). Quite a few places are closing their offices at 1500 EST today so their staff can actually make it home before sunrise; Dataline's is one of them. My own, in all probability, is not but I'm trying to leave early today to get around the traffic jams in general and lack of a bus heading to my area in particular.

I saw a new street sign this morning: "Please don't gridlock."

a) When did 'gridlock' become a verb? b) You can't tell people to not cause something which evolves naturally.

The Council of Europe Cybercrime Treaty that the US is thinking of signing has quite a few provisions in it that do not bode well for US citizens. As the treaty is written right now, there isn't much which protects anyone's privacy. The treaty makes it possible for foreign governments to access the dossiers (an easier way of stating "your personal information") and communications records of whomever they like whenever they like for whatever reason. E-mail logs, phone records, and cellphone location data can all be examined by investigative organisations in every country that signs this treaty. Moreover, there really isn't much in the way of authentication (ensuring that the records are accurate and have not been altered) or a standard of investigation (justifying the reason for accessing the records). This one looks as if it might sneak by unless the word gets out. Hit Google and start the research, folks.. this one could hit kind of close to home.

The White House was evacuated yesterday? Since when?

Uh-oh.. some of the Debian Project's servers have been compromised. They've narrowed the intrusions down to their bug tracking system, their mailing list server, their web and CVS (concurrent versioning system) server, and the web search/web master/security update/non-us update archive. The boxes are offline and being scrutinsed at this time. The security archive is offline until they can either verify that nothing's been altered by comparing against known-good backups or they can reconstruct it from known good backups. The hell of it is that they were getting ready to announce the release of Debian v3.0r2, the next release.

Goood luck, guys.

In response to Darl McBride's missive at Linuxworld a few weeks ago, some of the open source folks at Growlaw wrote a rebuttal to McBride's remarks. In it, they state that the organisation of the open source community is wholly different from a corporation in that there is rarely, if ever, a controlling entity. The kernel project is a rare exception in that Linus Torvalds is chief developer and has final say-so over what does or does not make it into the kernel source tree. They go on to state that SCO is in violation of the GPL (GNU Public License) in that they continue to distribute the source code to the kernel even though it is accused of being in violation of intellectual property laws (sort of like having your cake and eating it, too), and because they are trying to force Linux users to purchase binary-only licenses to Linux software, which directly violates the GPL (GPL code may be redistributed in binary form (compiled executables) but the source code it was compiled from must be made available). Because they continue to distribute GPL'd Linux software (in this case, a distribution of Linux) but are at the same time not making the source code available, they are breaking the GPL. They also state that SCO is setting itself up for civil and possibly criminal prosecution by sending out these invoices. Moreover, if they recieve any invoices from SCO they're prepared to sue under Section 22-A of New York's Business Protection Law. They also take the obligatory shot at SCO by saying that without producing the source code which infringes upon their intellectual property (i.e., evidence) their claims are at best attempts at extortion. The letter is long and involved but easy to read. Check it out.

2003/11/20

After several weeks of daily study and quite a few hilighters I finally finished reading my MySQL book. It's taken me a little under a month (about twenty-nine days, actually) of reading it on the bus in the morning, at work to rest my wrists, and occasionally at breakfast but I've finally made it through. Now I can stop carrying that sucker around with me and leave it at work to use as a reference manual.I'm starting to wonder about the CD/DVD writing software that came with Dataline's burner. It's manufactured by Roxio, who also made her original CD writing software, so I was hoping that it was compatible because it detected the CD writing software and uninstalled it to perform an upgrade. Unfortunately, aside from popping up a pretty window whenever you try to actually access the application it just sits there and sucks up CPU cycles. Oh, and it also hangs the system whenever you try to shut it down, and it just crashes Win2k if you resort to the task manager to kill it. That's not good... I might not have time to look at it tonight but I plan on removing it entirely, using regclean to blow the cruft out of the registry hives, and then reinstalling the DVD writing software from scratch, without the presence of Roxio CD Creator 5 this time. I suspect a few .dll files and maybe a registry key or two weren't removed, and installing over parts of an old version is never a good idea. We'll see what happens..

Gadget fiends will find this interesting, though because of what made this possible and not the court ruling itself. A US appeals court has limited using automobile navigation systems for audio surveillance because doing so causes the functionality to no longer perform its required task (which is permitting a roadside assistance company to keep track of cars in trouble). The FBI has a technique which turns this device into an infinity bug, a radio microphone which records everything going on in the passenger cabin of a car. This was originally meant to communicate with the passengers and driver of a car in case the vehicle is in an accident, but by remotely activating the device it can be used to spy on the passengers by relaying the signals to a listening post and not a roadside assistance switchboard. The name of the car manufacturer wasn't put in the final ruling of the court case in question (which makes me wonder how many car companies have such devices installed by default) but OnStar (part of General Motors) says it wasn't them; analysing court records suggest that ATX Technologies of Texas, manufacturer of the Tele Aid system installed in Mercedes cars was involved in the situation at hand. Even the cars have ears these days..

It makes me wonder if my own car has such a telemetry device installed. Playing Knight Rider with the FBI sounds like a fun way to pass the time on long road trips. *grin*

Securityfocus has an excellent article by Sarah Granger for home users and home officers on why computer security is important at home. Among the reasons she gives are identity theft and hijacking of your computer for nefarious purposes (and sticking you with the blame for what goes on) and how you can protect yourself (patches, patches, personal firewall, encryption, and a few other things). It's a good article for everyone, sit down and give it a read.

Qualcomm, Incorporated is one of the largest manufacturers of cellular equipment in the world, and it has recently stated that current cellular communication technology using the CDMA (code division multiple access) method of transmission (instead of sending samples of sound from someone speaking, an encoded burst of data which is error resistent is sent; the encoding is not meant to protect the voice data but prevent corruption of the signal en route; hit Google for a better explanation) can indeed be monitored. One of the side effects of CDMA encoding is that you can't just use a scanner to listen in, you'd have to reconstruct the stream of data in realtime. I'd theorise that one would have to modify a cellphone to act as a passive tap, but not being a cell maven I really don't know.. anyway, Qualcomm has finished a security system that would make cellular conversations much more secure than even the US government requires for its hardware, though if you've got an extensive knowledge of cellular technology you could theoretically build a device that could pull it off. The article tends to waffle back and forth and can be confusing (then again, I'm trying to do three different things at once right now), you might want to read it through two times to make sure it's clear. In a nutshell, don't worry about your cellphone being monitored unless someone really knows what they're doing and really wants to listen in on you. Just know that it's possible.

Here's a lurid thought for you: The Korean National Police Agency has exposed what amounts to a vast conspiracy (4,400 members) of systems crackers called Wowhackers. The upper echelons of Wowhackers are described as professionals at their trade and have a reputation for being able to crack government systems and the computer networks of "professionals" (I'm guessing that means corporate nets). They did have a data haven of sorts but the group's organiser is suspected of having trashed the data stores when he found out that they were being investigated. The Wowhackers have been around since May of 2000, it is said, and used cracker wargames to find new recruits. There were two leaders, another seventeen 'top professional hackers', each of which controlled another cadre fo twenty crackers, who then acted as liasions to hundreds of comparatively unskilled crackers and apprentices. Sheesh.. somebody call R.A. Wilson. I remember hearing rumours about stuff like this a year or two ago but never really thought that it was possible to organise such a large group of crackers because of personality and territory conflicts, to say nothing of secrecy difficulties. I must say, I am very impressed by this. These folks were and (until the last arrest is made) are a force to be reckoned with. I wonder how much stuff they were responsible for In Here.

Redhat's discontinuation of Redhat v7.1 through v9 so that the company can concentrate on its enterprise distributions is starting to draw a lot of heat from users and fans alike. The Fedora project is being readied to take over for the Redhat Linux we all know and love by placing it in the hands of the users themselves with only some oversight on the part of Redhat itself. Frankly, I'm not sorry to see Redhat v7.x go because of how much of a pain it was. v8.0 was a little better. I rather like v9.0 due to its stability and general lack of hacks to make some packages fit in better. A lot of people will disagree with me; that's fine. We all have our opinions. Redhat's discontinuation of end-user Linux really doesn't bother me overmuch, because I've always gotten better support from the Linux community than from Redhat, and if the community will have to support Fedora, then where, exactly, is the difference?

I'm not the only one who didn't like the end-user support for Redhat Linux, admit it.

I think the community will do as fine a job of maintaining what comes after, if not a better job. Anyone who's a part of the Linux community in general and the Redhat user community in particular has either a certain love for the distro or a vested interest in keeping it going for some period of time (enlightened self-interest, if you will). Either of those motives are enough to make one take on the task of holding the distro together, making RPM packagss (net.gods only know, there are enough unofficial ones out there that there are ports of APT to manage all of them (I've just linked to my favourite, check out Freshmeat for more of them), and writing documentation and workaround text files for the distribution. I say, more power to them. Let's get hacking.

I know this is a few days late, but I've been busy.. the Massachusetts court struck down a ban on gay marriage. On Tuesday the highest court of Massachusetts voted four to three that the ban on gay marriage is unconstitutional and stated that lawmakers had 180 days to come up with a way to make it completely legal. The seven same-sex couples who originally filed the suit weren't granted marriage licenses by the court, however. If this makes it through before it can be struck down (and people are trying to do so at this very minute, you can rest assured of that) married same sex couples will have all of the legal rights and privileges that heterosexual couples do. Mitt Romney, governor of Massachusetts, was quoted as saying "Marriage is an institution between a man and a woman. I will support an amendment to the Massachusetts Constitution that makes that expressly clear." He went on to state, however, that he felt that basic civil rights and benefits should apply to 'nontraditional couples' as well, which basically means that he's not in favour of legalised homosexual marriage but he would extend the same rights to homosexual couples.

Sorry, Mitt, but I've got to disagree with you here. All or nothing. Either legalise marriage for gay and lesbian couples or don't, but don't try to force the creation of yet another social class by granting one but not the other. If you're married, you get the legal rights and privs as well or you don't get married. Enough of this half-measures dreck. The House of the United States, interestingly enough, has been contemplating a Gay365.com there's an article up that says that similiar laws in Arizona and New Jersey are being challenged right now as well (thanks, Meryl).

Something surreal happened to me a couple of hours ago: I started getting pain in my hands so I locked my workstation and walked around in the NOC for a while to rest them, and in the course of my wandering I happened to see a bright patch on the floor, looking very out of place in the context of the rest of the chamber. Curious, I messed around with it for a while, putting the toe of my boot into ti to see what would happen, looking up at the ceiling and at all the cabling to see where it could be coming from. Then I realised that it was the tiniest patch of sunlight sneaking in from someplace. At a guess I started looking at all of the walls around me and discovered that the panels were on hinges, and the walls were actually glorified, rigid window blinds blocking off big picture windows facing the outside. I nudged one of them back and caught a glimpse of the building across the street, the strange powdery coating on the outer sides of the panels, the message that someone had tried to write in said coating, and a beautiful ray of sunlight coming from on high.

I think that's the first sunlight I've seen at work since I started there.

Scroll all the way to the bottom of this article. Remember Jonathan Brandis, who played the designated computer geek on SeaQuest DSV all those years ago? They found him dead in his Los Angeles apartment on Wednesday of unknown causes. Damn shame.. I remember back when they were making him out to be the latest teenage star, his face on the cover of magazines and all that.

HASH(0x87e1648)
Your soul is bound to the Rose Petals: The
Wronged. "'ve come undone and all hopes of mending
me are gone because the pain took my soul.
Can't you see? The only one who can put me
back together again is me."
The Rose Petals are associated with sorrow,
reflection, and wisdom. They are governed by
the goddess Persephone and their sign is The
Teardrop, or Broken Love. As a Rose Petal, you are always self-reflective and
may be hard on yourself. You probably have
been hurt in the past by other people and can
sometimes distance yourself, as a result. You
don't usually let other get too close to you,
but you are very good at mending your spirits
back together by yourself.

What Rose Is Your Soul Bound To?
brought to you by Quizilla

2003/11/19

Today's shaping up to be a long one. We've got a deadline to meet and I have a mountain of documentation that has to be written before then, so I probably won't be writing much, nor will I be responding to e-mails in a timely manner, save after I get home in the evenings. Sorry, everyone.

Sometimes the truth leaks up unexpectedly (but then again, when doesn't it?) about many things, including the SCO-vs-Linux controversy. Yesterday SCO filed its worst-case-scenario documentation with the SEC in which it strongly suggested that revenues from IP licensing may be important to keeping the company afloat. In each of these filings there is a section which outlines the risks that a company is facing and what they play to do about them; in SCO's there is a telling paragraph in which they admit that the Linux community is in some ways enticing the market to purchase less software (presumably in favour of open source applications), which results in decreased revenues for SCO (because one of their major products is the operating system UnixWare, a closed-source commercial version of Unix). Linux is costing them a considerable amount of customer base and they're starting to feel it.

While walking through the halls looking for someone after lunch today, I happened to walk past the office of the highest in the food chain in the department, and heard an oddly familiar song.. I stopped to listen at the door to see if I could place the tune, and realised that it was Plainsong by The Cure. Unfortunately I couldn't tell if he was listening to a CD or .mp3 file, or if he was listening to the radio. Maybe he's a closet fan; you never know.

I didn't get torn up on the snort-sigs mailing list, I found out yesterday. Brian Caswell, who is the ruleset maintainer of the Snort project had some helpful comments and criticisms on the rule I'd written. I can see that I really need to sit down with the documentation more because the rule isn't very portable to other environments, which can make using other people's rules difficult. I wound up justifying the offset into each packet I used, though I don't think it matters much in the long run. I also decided to track by destination IP (to which the response I was scanning for is going to); it was suggested to me that I track by the source IP address of the requests, which still doesn't make any sense to me because the rule doesn't look for attempts from an attacker, it looks for responses to failed attempts headed back to the attacker. I'm going to have to work on it some more. Still, it's not a bad first attempt at writing Snort rules.



Which flock do you follow?
this quiz was made by alanna

2003/11/18

Last night I managed to get a little work done on Dataline's deck in between returning phone calls from Tartan and Lowmagnet. I installed the Firewire card in her machine with relatively little trouble (I say relatively because I had to un-bolt the slot bulkhead which had the serial ports protruding from it that really aren't used anyway; her computer's mainboard isn't ATX, so there are headers on the board for plugging wiring harnesses into). Once I powered her deck back up Windows 2k detected the IEEE 1394 interface and configured it right off the bat. Yay - something worked. This evening I'm going to install the DVD writer in her system (replacing both the IDE hot swap tray and the USB CD writer at the same time) and get the software installed. I think I'm going to move the CD writer over to Leandra, replacing the CD-ROM drive in all probablity if it's ATAPI, pulling the bad CD writer and replacing it if it's SCSI, going USB if absolutely necessary.

A few months ago a few colleges started to offer virus writing classes as part of their computer science curriculum. This is now really starting to draw some heat from law enforcement and folks in the industry with credibility in general. I must say that I disagree with Dr. Bontchev when he says that stopping virii is the job of law enforcement and not CS grads. Law enforcement can't even catch the designer of a computer virus or worm unless they do something incredibly stupid, like brag about their work openly or autograph the code with their real handle. Second, being able to hunt down a criminal does not mean that you're capable of stopping the spread of an infection across a network. Now, if someone in law enforcement is knowledgable of computers (say, a CS grad or postgrad) then yes, I'd say they know how computers work, are hopefully clueful about viruses, and know how to take care of business. Dr. Bontchev is cutting too broad a swath here (though the reporter might be misquoting him, to be fair). I also disagree with his standpoint that antivirus researchers don't need to know how virus designers operate. Knowing how virus designers work is critical because it gives you insight into why a virus spreads in the manner it does, likely methods of unleashing an infection (and hopefully stopping them, like good e-mail filters), and possibly conditions under which a virus or worm may be contained, so that those conditions may be fostered in network environments. I am inclined, however, to agree that "there is no such thing as a 'good' virus" because it's all too easy for a virus to get out of control. All it takes is a single bug for an activity restriction to not work and then all hell can break loose across the Net. It's cliche' these days, but RTM's worm back in 1988 is a classic example of this.

Computer manufacturer Gateway has announced that it will be selling and supporting SuSE's enterprise edition of Linux. Customers (who will probably be corporate) will get a one year maintenance contract on patches and driver updates. Neat.

Web technologies are still evolving, and making the Net more accessible to everyone. Two new web logging applications have been released, with a distinct aim toward corporate and organisational use. The first is called TeamPage v3.0 by Traction Software, and features a modular architecture that makes it possible to plug new features into the system, like new authentication methods and compatibility with in-house search engines. The other is Workspace v1.0 by Socialtext, and is designed to make web logs and wiki systems more suitable for corporate and organisational use (which is something that is important right now, speaking from experience). Workspace is designed to integrate e-mail, personalisation of web sites, and secure access into a single application, which the customer either pays Socialtext to host and manage for them, or as a dedicated appliance (which would be much easier to maintain, as well as set up (the learning curves for many portal and web logging systems are steep, and a lot of the time there is no or scant up to date documentation)). If making information available is your thing, give this article a read. It might give you some more options.

I spent the evening hacking hardware in the Lab. First things first, crack the chassis of Dataline's deck to install the DVD writer. I realised soemthing about it while I was removing the faceplate: While it may be one of the cute "I want to be an iMac when I grow up!" cases that were all the rage about three years ago, you can't remove the drives in the 5.25" bays without removing the faceplate. The faceplate is badly molded, and it rips the faceplates off of any and all of the devices in those bays when it goes. It destroyed the CD-ROM drive, in fact. The front of said CD-ROM drive is cracked and I'm pretty sure that the geartrain that opens and closes the tray is wrecked. I yanked it (ripping off the faceplate of the DVD writer as well, much to my dismay) and roundfiled it, then began to cannibalise Burn for a replacement. Ten minutes and one new CD-ROM drive later (and one rescued laptop hard drive with adaptor harness, lest I forget it was inside her) and I had it replaced and had everything put back together. Next was installing the software. Thankfully, Windows 2000 successfully detected the drive and I installed the Roxio software without any trouble. I still have to register it but I don't know Dataline's login credentials for the Roxio registration programme so that's going to have to wait. Once it's all set up, I plan on testing the unit.

Anybody have a spare IEEE 1394 cable I could borrow?

Once that was done, I disconnected the USB CD writer and jacked it into Leandra to see if I could get it to work. After running the command modprobe usb-storage to load up the drivers for the external writer, I ran the command cdrecord -scanbus to see if Leandra had detected the drive properly (the output from the kernel message buffer is one thing, but whether or not it'll work is something else entirely) and lo and behold, device 1,0,0, a Polaroid BurnMAX 40EX was detected and working. Just for kicks I created a quick ISO image of my backup directory and wrote it to a blank CD in the SCSI CD writer.. and it worked. For whatever reason, it wasn't working for all those months, and now it is. Not that I'm complaining, in fact I hope it keeps working for a while yet. Writing to the USB CD writer was also a success. I wonder if it's possible to shotgun burn cycles and back up twice as fast. I'll have to give it a try..

So tonight was a success insofar as hardware is concerned. Leandra's happy, Dataline's deck is happy, and I'm happy. I made the time to go through my usual exercise routine tonight, made some berry tea, and there's a new episode of Queer Eye for the Straight Guy tonight.

I still think if the Fab 5 showed up at my Lab, they'd turn around and leave, calling the day a write-off. Victorian/Cyberpunk with a side of Technomancer wouldn't be familiar ground for them, I don't think.

AMD announced not too long ago that they're going to stop manufacturing 32-bit processor cores by the end of 2005. As the price of the 64-bit cores falls as time passes, they say that consumers really won't have any reason to keep buying the at-the-time-dirt-cheap 32-bit CPUs, so the migration to a 64-bit CPU will be trivially cheap. AMD's 64-bit CPUs are designed to run 32-bit code just as well as the native 32-bit CPUs do now, so theoretically this shouldn't pose a problem at all. Frankly, I can't wait for the 64-bit Athlon CPUs to become more prevelent, so I can upgrade Leandra. Mind you, that's a long-distance goal, within three years or so. Only time will tell for sure for the public at large.

2003/11/17

For some reason it was unusually warm in my room last night; it was difficult sleeping, and I kept finding myself waking up every hour or so to toss and turn to let some of the heat out. I don't think it was a fever, but something else. Maybe the central heating in the house was turned up too high.. everything seemed to be fine in the morning, though. The weather's been a bit warmer than usual lately (though not by much), which I've been rather enjoying. It was actually comfortable this morning, and I didn't have to wear gloves to keep from losing the feeling in my hands so rapidly.

I forgot to turn in my hours for last week at work. Uh-oh. I think I can get them in by this evening if I hurry. Mental note: Put the assignment data into my PDA tonight so I don't forget again.

On the bus this morning I gave Dataline a copy of the latest issue of The Linux Journal to read when she has a chance. There are some articles on working with DVDs in it (appropos because we just bought that DVD writer), on playing DVDs under Linux (something that I have yet to try to really get working, even with XINe, and a fairly good selection of articles on other topics, some of them technical, some of them not. Maybe she'll be interested in trying Linux out as a desktop for a while. You never know.

Chris and I spent the morning ripping apart a rack-mounted KVM in the isolation chamber at work. Specifically, the new one that I'd put in which somehow wound up with a set of bent rails. I was, needless to say, unhappy that the only KVM module in the NOC that actually locks in position was messed up.. after taking the unit apart again (and crawling around beneath the raised floor in the dinosaur pen to retrieve a lost Torx bit) we managed to get the rails un-bent and reinstalled properly. When you're given a packet of screws to put something together, do yourself a favour and use all of them. You won't be sorry in the long run.

Is it just me, or does the fact that the e-mail abuse account at SWBell.net is pointed to an e-mail address at Prodigy strike anyone as strange?

The flood never ends.. spammers are now posting ads in the comment sections of weblogs and transmitting advertisements via SMS text messaging. I hate to break it to the news, but spam-over-IM isn't new. It's actually the reason that I stopped using ICQ back in 1998, but now I'm digressing.. posting comments in people's blogs is just going too far. It's actually pretty easy to get around, all you have to do is turn off anonymous posting and require everyone to set up an account, but that can also deter hit-and-run posters (like myself, admittedly) who might only have one thing to say ever. The big reason that people are so angry over SMS spam is that people with SMS-enabled cellphones have to pay on a per-message basis, sometimes on a per-byte basis. If your ID gets out there, you can count on your phone bill getting pretty high due to the spam. It just never seems to end.

It's amazing where old-school hardware pops up these days, like a bus terminal in Brisbane, Australia. One of the video display units in the terminal had to be rebooted for some reason (someone probably kicked the plug out) and when it came back on line, everyone saw the famous banner "COMMODORE 64 - 64K RAM SYSTEM - 30719 BASIC BYTES FREE". That really does my hearts good to see...

And more stuff on the Commodore front - C=64 case mods! Transparent resin cases for transplanted C=64 circuitry... is it not nifty? Edeikles either has a C=64 II (with a chassis very much like that of the C=128) or has transplanted his C=64 mainboard into a C=64 II chassis (probably one of the aftermarket ones they sold for a while) and then cast a replacement top half for it out of plastic resin. He's also tricked out the insides with super-bright LEDs to show off the insides. While this isn't a terribly practical modification (he mentioned on the Homestead mailing list (hit Google to find it, I'm too tired to recall the URL to the homepage out of my level 1 cache) that the plastic's very fragile). Check out some of the other hardware mods this guy's done - he does some excellent work. I'm impressed with it.

It makes me want to go spend some quality time with SAL...

2003/11/16

A little less than an hour ago I made it back to the Lab from roaming around the city for most of today. Today's Sunday, which means a resupply run at the local supermarket for the family. While having breakfast, Dataline came out of her room and brought the newspapers with her - she likes to read the paper while drinking her morning coffee, and on Sunday she leafs through the advertisements to see what's on sale this week. She happened to see at Best Buy a DVD writer on sale for an excellent price ($149.00us after applicable rebates), and because it's been one of her goals to be able to burn some of her home movies to DVD to preserve them, she started bouncing ideas off of me. I answered them as best I could and eventually we decided to go in half-and-half on the writer and whatever would be necessary to get it running. One the shopping list had been hammered out I pulled on my coat and hit the pavement, heading in the general direction of the supermarket.

I think I spent a grand total of two hours running around the supermarket getting stuff. The place was packed and maneuvering the shopping carts wasn't easy. There were lots of people running into each other and the aisles were clogged with carts and people reading their shopping lists or labels. It wasn't a terribly difficult thing to do, it was just time consuming. Also, unless you get to the store in time the place is going to be shopped out, i.e., everything essential is going to be sold out and the stock team generally doesn't refill the shelves until late in the evening (if not early Monday morning), so there's a bit of a time constraint at work there. By the time I made it out of the store it was around 1400 EST, and with Pennsylvania blue laws just about everything closes at 1700 EST so I had to work fast. My next stop was the mall to visit a jeweler about getting some wristwatches repaired. Dataline's got three or four watches that she can't wear because they're damaged, and much to my dismay I discovered this morning that my La Crosse wristwatch's power cell had gone dead some time last night (now I remember why I never wear watches on my left arm...), so I planned a quick trip to the jeweler to see what could be done. As it turns out, two of the watches were fixable: The power cells just needed replaced. Two of Dataline's could be repaired with some expense because they'd have to be sent out to a specialist. A third with a damaged bracelet couldn't be fixed, but I think that I can cast a new bracelet for it without much trouble. I left a fourth behind to be examined (which the guy wound up breaking by losing the watch stem; if he can't find it they'll repair the entire watch at their own expense). While the watches were being examined, I headed out to run another few errands, and spend more money.

Yep. I bought that DVD writer, along with a spindle of 25 blanks (which cost me a pretty penny) and a Firewire interface card for Dataline's deck. Total cost: Just shy of $300.00us, which I can just barely afford. Thankfully there are some rebates that I plan on taking advantage of, and we aggreed to go halfsies on it, so I should be able to pay my bills this week. It's an ATAPI drive, unfortunately, but neither of us are willing to argue right about now. Dataline can make the content, and Leandra will burn it. I'm setting up a private web-based interface for burning for Dataline as I write this, so she doesn't have to worry about having an account on Leandra, just the credentials to access the service. But that's neither here nor there (for certain)...

Dave and Mark made it, D20 screwed it up: Whoever thought that it would be a good idea to port BESM (Big Eyes, Small Mouth - the Anime RPG) to the D20 system needs their wetware reformatted. I was wandering around B. Dalton Bookseller's in the mall today and came across a copy, and felt ill as I picked it up. BESM has one of the simplest formal RPG systems out there, hands down. Why someone would turn it into a D&D-like RPG, complete with classes, is completely beyond me. I guess there are some people on this planet for whom simplicity and not having to open the book even once in a given session are anathema. That's fine. Just don't ruin it for the rest of us.

A few days ago I cooked up another batch of tea to wet down Fern's Book of Shadows and poured it into a spray bottle to finish the pages. I sprayed every couple of pages in the stack and pressed them under a couple of servers (yes, I'm serious) for a few days so that the fibres of the individual sheets would lay flat and organise themselves into a more or less neat matrix so that they'd bind properly. A 32 ounce spray bottle is only about a dollar American at a grocery store and I've got so much bad tea left over I don't know what to do with it all. I pressed the pages of the Book for a couple of days under what I estimate to be about fifty pounds of weight and removed the servers last Tuesday to give the pages a chance to air dry, which they've actually been doing ever since then. It did an excellent job, evening out the nap of the pages and I think evening the colouration out in a few places. I'm going to drill bindery holes in the packet of pages sometime this week and begin assembling them into signatures (bundles of fifteen or twenty sheets of paper) little by little this week. I think I've finally worked out a reasonable method of binding the pages by sewing the first signature to a piece of high density fibreboard (the back cover) and then using a Coptic bindery to attach the subsequent signatures to one another, finally ending with the front cover. Once that's done I'll glue in a length of leather or ribbon for a bookmark and then began cutting the leather for the book jacket. I've even got a few sheets included that will be glued to the insides of the covers to act as endpapers once it's all said and done.

I havn't decided if I'm going to rig up an assembly to hold it closed with a padlock yet. I'll decide that next weekend, once I finish binding the pages.

2003/11/15

Today was one of those days that stays in first gear, and mercifully stays there the entire time. I awoke this morning around 1030EST to the sound of the mailman outside delivering the day's bills... last week's paycheque has been spoken for in its entirity, unfortunately. We spent the morning talking about what's been going on, something that we havn't done in too long. We hardly talk anymore... more and more I keep thinking about somethig that Alexius told me once, and that was that his relationship to his family wouldn't be as good as it is if he hadn't moved out years ago.. People change as they grow older, and it's possible to change in ways that make it difficult to live together, even though you're from the same blodline. That's not a bad thig, that's just the way things turn out.. but that's not what I wanted to talk about.

We sat and watched the Food Network, our Saturday morning ritual, and made note of all the tasty Thanksgiving recipes, some of which we plan on trying out this year. Afterward I went out to Borders to price some study books for the CISSP certification. A few days ago I sat down with Chris at work and had a long talk about what it takes to get a job as a security professional, and not just as a ronin. He suggested getting the CISSP certification (which I'm actually still trying to learn the meaning of... some FAQ) if I'm going to break into the industry, and he's right. The code of ethics and body of knowledge that one must have to be worthy of the certification is considerable. I like to consider myself the sort that stays bought (once I've thrown my hat into your ring, it stays there), this just formalises the sentiment. So be it. Anyway, I found some good study books for the certification, but they're very expensive, starting at $60us and going upward from there. I copied the titles and authors' names into my PDA (who still needs a name, incidentally) so I can look for them on Amazon, hopefully for less (or used, for that matter). I hate being a cheapskate, but I'm not rich. I'm just a temp. I do what I can.

Anyway, once I finished that I picked up the latest issue of Ghost In the Shell 2: Man-Machine Interface, which is really starting to get good, but is confusing until you figure out what exactly you're seeing, and the novelisation of X-Men, which isn't drippingly fanboyish, like the novelisation of the second movie is, but once again I digress. I spent some time in the cafe' drinking coffee and reading GITS 2 and the D20 version of the Call of C'thul'hu RPG for no other reason than because I can. I don't have the opportunity very often to kick back and live in slow motion. Later in the afternoon I drove down to Goodwill to see what they had, and wound up finding a pair of posters for $2us each (The Matrix Reloaded) which you can find elsewhere for several times that price and, of all things, a long silver coat which I think Lyssa is going to find amusing. That stuff aside, they really didn't have much that struck me. I was half-nosing around looking for cosplay stuff but did't find anything that quite fit in with what I had in mind. I hadn't expected the mother of a couple of high school folks in the parkig lot to call my manner of dress 'cute' (black canvas baggies, a tight turtleneck, ankleboots, a leather motorcycle jacket, mirrorshades, and my hair down around my face - not quite Proteus but definitely blended enough to be comfortable) but.. so be it. She was taken with my contact lens (I was wearing my whiteout contact to get used to it for tonight, but I'll get to that).

After some wandering I headed back toward the Lab.. I played my grandfather's lottery numbers and then picked him up an Italian hoagie for dinner and got myself some Chinese takeout (which is giving me a headache all these hours later, oddly enough - are they using MSG now?). Dataline was going out for dinner thought, though she did sit with us while we ate and talked. We seem to be doing a lot of that lately.. she left to go to dinner and I changed to go to the library's anime mini-con that I wrote about weeks ago. I went as Sakurazuka Seishirou again... from the blind-eye contact lens to the baphomet pentacle ofuda. I hadn't expected so many people to recognise my character. One thing that I hadn't expected, however, was that I'd be the oldest person there. There comes a time in life, I discovered tonight, when seniors in high school are no longer comrades in arms. I've never felt like such an outsider anywhere before tonight. I think I'm fully twice the age of a lot of people who were there tonight.. but the ones I was talking to were very intelligent. Even though I was older, I felt connections to them.. the same interests, the same points of view, the same sense of "what am I doing in life?" And most of all, I saw hope there. I see a little of myself in them, and I hope that those same traits never gutter and die in them. There's hope for the world yet.

Hi, guys. You're probably going to read this if you click around my site for a while.

I spent a lot of time talking to folks, posing, dropping the names of series that some folks might like, and more importantly learning the titles of a few that I'd like to take a look at.. one of these days I'll get into Chobits... I also caught up on some of the stuff that's been happening in the area.

I feel old.

After sitting and talking with everyone for a while because the movie that was being shown didn't really interest me, I gathered up the stuff I'd brought to display (I'm really pleased that so many people loved my copy of Angel Cage) and headed back to the Lab. My original plans were to join Seele and Slowjo in the strip district, but after I got home and changed out of my suit and tie ad removed my contact lenses (eight hours is enough, even for neat prosthetic lenses) I checked my voice mail and found a message from Seele. She and Slojo weren't able to make it tonight, so I decided to call it an early night and curl with Kabuki in the Lab. I'm not terribly concerned with what I'm going to do tomorrow.

Geez.. this episode of Justice League has some hardcore H.P. Lovecraft references. I can't be certain, but Hawkgirl's verbally fencing with a manifestation of Azathoth, and Solomon Grundy was fighting a pack of Deep Ones unless I miss my guess.

Wow.. after all these years, there's now a Unicron toy. It's for Transformers Armada, but it's Unicron. Neat.

Now playing: Alphaville - Big In Japan (Culture Mix)

2003/11/14

Well, no one's flamed me yet on the snort-sigs mailing list... I tried my hand at writing a few rules to watch out for the SMTP AUTH bruteforce login attempts happening right now (scroll down a bit to find that particular writeup) and posted them to said mailing list for some C&C and hopefully a correction from someone more knowledgable than I in using the threshold functionality of Snort. Time will tell if I get to go home today with my eyebrows intact.

Given all the stuff that's happening with SCO in the Linux community right now, it's good to see that most everyone's sticking together. The Open Source Development Laboratory, which is the current employer of Linus Torvalds (the creator of the Linux kernel) and is funded by too many companies to mention with the feeling gone from my hands has stated that it's paying for any of its employees' legal bills incurred through SCO's actions. Yesterday, SCO announced that it would be filing subpoenas for Linus Torvalds and Richard M. Stallman (oh, boy, are they going to have a fight on their hands...) among other open source luminaries to get them on the stand in US court. The plot coagulates...

Concerns about electronic voting are starting to make themselves felt in more than just personal privacy and freedom circles.. the article starts off by talking about the fiasco down in Florida during the 2000 US Presidential Election and Congress enacting the Help America Vote Act of 2002, part of which made provision for helping the 50 states upgrade their voting equipment. Predictably, the US began moving over to computerised voting machinery. And then there's Diebold... out of 55k voting computers around the USA, there are 328 known loopholes in their security, 26 of those big enough (and unfixed, incidentally) to make you wonder if using these machines is really such a good idea. Not too long ago an election was held in Houston, TX using the Diebold machines. A dozen of them malfunctioned. Voters were given pieces of paper; many left without voting at all. In California, voting machines were used that weren't certified for use as legal, throwing the validity of the election into considerable doubt. It gets better, ladies and gentlemen: An election held in Fairfax County, Virginia was held with voting machines manufactured by Advanced Voting solutions of Texas; out of every one hundred votes for one candidate was actually subtracted from the votes counted for another, thus altering the tallies unfairly. In the 2002 elections in Georgia the Diebold machines were found to be registering votes for one candidate only, regardless of whom the voter actully picked! Later it was found that Diebold had flashed the firmware of the units without telling anyone, and when the election was over, they wiped the memory cards that held the votes, so now no one can tell what was really going on!!

Tell me.. is this legal? Is this democratic? Is this what we've come to expect from an election in the United States of America?

Check out the rest of this article, folks, and hit every link inside it. As citizens, you need to know what's going on. If you don't live in the US, you still need to know what's going on, because we're not going to hear about it on the news; someone has to know, and the more the better.

I just found out that Liz (of Zard Biomatrix and Liz) is pregnant. She's expecting somewhen around the end of May 2004. Congratulations!

I know what I'm watching when I get home tonight.. my namesake has a new adventure available from bbc.co.uk, done by Cosgrove Hall (the creators of Dangermouse) in Flash.

Blood isn't always thicker than water - sometimes it's miscible. A case of human chimaerism was reported on recently, and it's not only got doctors scratching their heads, but the family as well. A 52-year old woman (location unknown, presumed the UK due to the URL of the article) was knocked for a loop when genetic testing to determine if she was a compatible kidney donor revealed that two of her three sons aren't genetically related to her. After extensive research, testing, and saying "What the hell?!" doctors have concluded that she's a chimaera: A hybrid of the cells of at least two distinct individuals. As near as they can tell, at some point during the woman's embryonic development, she had a twin with her in the womb, and at some point they fused into a single distinct fetus, composed of a mixture of cells from both fetii, each with a unique DNA sequence. I would say that more than two is possible, though highly unlikely, but now I find myself straying from the topic. The DNA-carrying cells of the woman's blood are of a single genetic sequence, but the other tissues of her body are of two different sets of DNA entirely, coexisting peacefully. They say that one son came from an egg from the one genetic code, the other two sons came from cells from the other genetic sequence. This is an extremely rare phenomenon; only about thirty confirmed cases are known to have existed.

As if the article regarding electronic voting foul-ups wasn't bad enough, check out the current issue of RISKS. And pour yourself a stiff one, you'll need it.

Here's something that I have a feeling lots of people will find interesting: Scientists have created a biological virus from scratch in a little under two weeks' time. The virus is technically a bacteriophage, a virus which infects bacteria (specific to the strain of 'phage) and hijacks the cell's mechanisms to reproduce itself. The US Department of Energy is funding this project, with the ultimate goal of enginerring microbes that will leech carbon dioxide out of the atmosphere (which sounds like a bad idea to me, because some amount of CO2 is necessary in the atmosphere to maintain balance).

Sluagh
Sluagh. You tend to be solitary, and that is just
fine with you. Moldy texts, ancient secrets,
bring them on. You have no qualms with asking a
spider to aid you, and you know a lot more than
you will ever let on. It feels like no one ever
understands you though.

What Type of Changeling Are You? (Now Including Pictures for Each Kith)
brought to you by Quizilla

2003/11/13

Most of today was spent with a sickly feeling in my stomach.. shortly after I'd left for work this morning the Lab lost power, and the Children were knocked out. Leandra and Lucien were offline until I got home this evening and rebooted them. For some reason, Lain came back up when power was restored some time this afternoon. I found this out the hard way trying to log into the Network today, and failing miserably. I suspect it was the wind that's been whipping the land all day today, in fact since last night.

The temperature plummeted yesterday, and around 2200 EST the wind began to blow, harder and harder.. I fell asleep last night while the wind sang to me. On and on it went, a high wail, between a C and and E in an upper octave. It sounded beautiful.. I havn't heard that song for months, and I must confess, I love the coming of winter solely because the wind blows harder and harder, and it whistles past the house like the tune of a score of pipers... I slept well last night, and woke up feeling quite refreshed. This morning we were all surprised to find that it was snowing hard enough to notice even in the early morning, pre-coffee grogginess. For once, the weather around here is right on the button: Cold, grey, windy, and snowy. Yay, Pittsburgh.

To those of you waiting for e-mail responses, please be patient. Lucien (my mail server (send the packets to me....)) was offline all day today. Messages will get through as mail servers Out There retransmit. To everyone who couldn't log in to Lucien to get their e-mail.. sorry about that. There's nothing I could do to restore the power from work. I need a much, much larger UPS, and I can't afford one right now.

Now playing: Brian Tyler - Summon the Worms - Children of Dune soundtrack

A review of the Sharp Zaurus SL-C860's been published. This device looks like a sweet little piece of gear, let me tell you.. running Linux and Metrowerks' OpenPDA system, it's packing 128MB of flash memory (65MB of which is available to the user, probably more if you use a custom-built OS image, like Open Zaurus) and a VGA display running 640x480. If the images are accurate it's built like a laptop, though you can fold the display around and give it the configuration and form factor of a PDA. Interestingly, the unit will come standard with English-to-Japanese-and-back-again translation software built into the OS. I wonder how accurate it is... it's got the standard compact flash and secure digital slots for expandability and additional storage, which really makes me happy (compact flash GPS, here I come!) The processor core is what floors me, though - it's an Intel XScale PXA255 clocking in at 400MHz. Damn. If it comes with a decent speaker built in (so I don't have to plug a pair of headphones in to listen to .mp3's) I'll start saving up for it this moment. The power cell has got a lot of potential too - it's a 1700 mA lithium-ion batter with a continuous runtime of eight and one half hours if they're not talking through their hats.

Hell, just give me the power cell for my current Zaurus.

2003/11/12

A company called EmergeCore Networks, LLC now has in production what could easily be the Swiss Army Network Appliance. The device si called IT In A Box, and it looks pretty slick. It's basically a small computer running a Transmeta Crusoe 544MHz CPU and 128MB of RAM, and a flotilla of essential services to LANs of today, like an e-mail server (no word on how you're supposed to pick up your mail, like POP3 or IMAP), a web server, and a DHCP server. It's described as being an ethernet hub as well (which can get kind of slow, I'd feel better about it if it was a switch instead, because they don't replicate traffic to every port on the unit), a wireless access point (yay! another rogue AP to annoy and confuse the IT staff!), and quite a few other things. The configuration is managed through a web-based interface (probably the aforementioned webserver). The AP functionality, to its credit, doesn't broadcast its ESSID, so an attacker would have to listen for a time to pick it up. While the device has VPN (virtual private network) functionality, this capability isn't extended to any wireless clients accessing the unit, which is a shame because WEP (wired equivelence protocol; an encryption scheme which is supposed to give 802.11b the same security as using a cable) is very insecure. VPN support would go a logn way toward locking it down. The hard drive built into the unit is only 20GB in size, which is in all probability shared between the OS, any web pages stored on the unit, any e-mails stored on the unit, and whatever files are copied over. It's probably possible to modify the unit to use a larger drive but I'm just speculating at this point; give me one and a screwdriver and I'll let you know. The firewalling support is very limited, which makes me not want to trust it overmuch. I'd rather be able to sit down and define a firewall schema and not have to trust "high", "medium", and "low".

Microsoft's taking another stab at opensource security by trying to claim that their turnaround on writing patches for security vulnerabilties is faster than that of opensource (in particular, Linux) code. Their argument is that it could take days or weeks, sometimes months to find holes in open source code, while it takes them only days to release a patch for Windows. What they fail to mention is that those holes in Windows have been present in the system for days, weeks, or months as well. You don't know a hole's there until you find it and play around with it to see a) where it is, b) what it breaks, and c) what impact b) has on the system. Microsoft also conveniently fails to mention that not a few times in the past they've had to pull and re-release patches because they either broke things worse or just didn't fix the bug in question. They're arguing from a fallacious position while trying to cover their butts.

I love this.. I've been reading the writeup of MS03-046, the memory exhaustion DoS attack in Exchange v5.5. Workarounds: "Only accept authetnicated SMTP sessions." That kind of implies that contacting the server to deliver mail (the reason for Exchange in particular and the SMTP protocol in general) will be harder. "Use a fireall to block the port that SMTP uses." If other systems can't get to port 25/TCP, they can't deliver mail at all. While internal mail is itself useful, communication with the Net is still pretty important.

Sorry. This just struck me as borderline absurd.

As if there wasn't enough drek to put up with right now, spammers are hunting for new and annoying ways to inundate the Net with their advertisements. Now they're cracking Exchange servers (and I'd wager other authenticate-to-relay systems) to reflect their crud. The way that e-mail relaying works in theory is that you connect to a mail server and instead of specifying an account on the server you specify an e-mail address someplace else. The mail server takes the message and relays it to the address you told it. This is good because POP3 users often have to rely upon the mail server to transmit their replies for them, but bad if the mail server will relay messages for anyone Out There who connects and asks nicely. That's originally how spamming got its start. Nowadays any e-mail server that's worth being called one will only relay messages coming from the same IP subnet it's on (often done behind firewalls) or for people who've logged in somehow, thus providing valid credentials. Exchange handles this with the SMTP AUTH LOGON command, other e-mail servers work differently (I'm kind of partial to how Qmail can do it, myself). The thing about passwords is that they can be guessed, rapidly if the user chose an easy password, not so if they chose a good one, but any password will fall if you work at it long enough (even the good ones that look like line noise will fall eventually, though it might take a couple of years of continuous guessing). There's a good writeup of the what and wherefore here, I strongly suggest that all admins give it a look just in case. In a nutshell, the Guest account should be disabled (wow.. 'guest'... that takes me back..), along with any other accounts that really shouldn't be recieving e-mail directly.

mRNA
You are mRNA. You're brilliant, full of important,
interesting information and you're a great
friend to the people you care about. You may
have sides to you that no one understands. But
while you understand more than most people,
you're only half-there most of the time.

Which Biological Molecule Are You?
brought to you by Quizilla

John Constantine Pic
You are John Constantine. John has a strong knowledge of the occult and at
times he appears to wield strong magical powers
but he has also become known as something of a
con-man, more likely to talk himself out of
trouble than pull a rabbit out of a hat.

What Gritty No Nonsense Comic Book Character are You?
brought to you by Quizilla

If there's any comic book character I can see busting out the Ritual of the Star Ruby, it's Constantine.

I Am

Which tarot card are you?

Reading this article on star hackers made me think of the song Star Trekkin', for some reason... a filk of a filk?

I know I havn't been writing much light of late; I'm havn't felt up to it. I think part of the problem is that the weather's getting colder and my wrists are acting up no matter what I do. Even if I don't jack for a day or two straight my wrists trouble me, which I can only chalk up to the cold and changes in air pressure. Today wasn't a particularly rainy day, but it was chilly and wet, two things that traditionally don't do bad joints a whole lot of justice. It's slowed me down on the console, and more and more I just want to sit with a hot cup of coffee, my kittyband, and a good book. Maybe I'm betraying my heritage as a cyb, but if I can't move my hands (or, more to the point, feel anything with my hands) it's kind of pointless.

Dataline and I went to pick up my car at the garage tonight. The bill came out to a hair over $340us. Winterising the car didn't take much at all, it was the least of the bill, in fact. They worked on my brakes, re-doing the front ones and doing a little work on the rear brakes. I'm hard on them, what can I say? Maybe I should start being more careful about that.. they wound up replacing the rear left lamp assembly, which topped out around $120us. From what I could tell in the parking lot they had to replace the entire housing and most of the part that gets bolted to the body. While I'm all for modular design this is nothing more than a means to make more money by making it impossible to replace just the part you need (in my case, the red refractive plastic lens covering the entire assembly). I could have taped it up, but that looks like hell (okay, my car's as vain as I am) and it would probably obscure the light so much that I'd get pulled over for driving with a burned out brake light, knowing my luck. So I bit the bullet and had it replaced... I think insurance will cover the tail light.

It was only a matter of time, I guess... crackers in Eastern Europe are blackmailing small companies by threatening to DDoS them unless they cough up tens of thousands of dollars in the latest incarnation of the protection racket.

Audiophiles will be pleased to note that the SID chipe in the C=1 are up and running. Check out the .mp3 files that Rob Parsons put online for yourself.

v0.65 of ClamAV, the open source virus scanner, has just been released. Among the latest changes are stability fixes all over the place (I don't know, v0.60 is rock-solid by my reckoning, and Lucien beats on it 24/7), many new documentation files (a new HOWTO, instructions for running clamd under DJB's Daemontools, clamav-milter now handles percent characters (%) in e-mail addresses, a few buffer structures were changed to more reliable implementations (SCANBUFF into FILEBUFF), and archive analysis (read: unzips bloody near everything) was fixed. Check this out.. I'm seriously wondering if it'll compile on my Zaurus. It'll be interesting to find out, if nothing else.

2003/11/11

Yep, I'm spending a lot of today unplugged.. I won't be doing my usual memory dumps until this evening, I'm afraid. Everyone needs a break now and then, and I'm no exception. In the interim, check out Polymer City Chronicles today. The Pokemob is back.

Okay.. I feel compelled to write something about this. I'm off from work today, and I was flipping channels on cable to find some noise, and I chanced across The Movie Channel, which is showing Gor, of all things. If you've never heard of this, plug it into Google and read every link on the first five or six pages returned.

Back? Good.

Have you clawed your eyes out yet? No? Excellent!

That's how bad this movie is. Ordinarily I'm a fan of really bad movies, but this takes the taco. This is even worse than Barbarella, and you all know how much I hate that movie. It's easy to tell why the world the protagonist is on is a desert, it's because the ozone layer was destroyed by the use of so much hairspray. The dialogue is so poorly written it'd be funny if I wasn't so busy retching. The costuming is laughable; the armour sort of looks like bronze but looks more like the toys you'd buy in a department store. Rubber and plastic can look good if you try, but these folks obviously didn't. The plot is contrived at best... this is like watching an automobile wreck. I can't stop watching it even though I feel like my hearts are being cut out with a straight razor. I wish I could call this Flash Gordon Meets He-Man, but that's denigrating both sets of myths.

This is so bad I won't even do a solo-MST. Take it from me, if you see this movie on any channel or in any store in any form, walk away and break out the brain brillo to ensure that you forget all about it.

And let's not forget the new hairstyle, which thankfully never caught on. Hair, I dub thee the Kassar Mullet!

Most interesting.

My car's not going to be ready until tomorrow. It needs its brakes worked on and a new taillight assembly, which won't arrive until tomorrow. It only makes sense for them to keep the car and fix everything at once, it'll be easier than driving out to pick it up and having to drive it back down to the garage again tomorrow night to finish the job. I'm hard on my brakes anyway, and go through about two sets every year. Better spending the time to do it right rather than risking something bad happening farther down the road.

Well, today was by far the most relaxing day I've had in quite a while. I feel like I was very productive as well, even though it's not 'productive' in the sense that people usually think of it. I did some reading, made breakfast during the week for a change (something I never do, mostly because I don't have time in the morning), and did some more reading. I also sat down and wrote a bunch of recipes in my notebook, a couple of chicken and pork meals that I'd like to try some time in the future if I ever throw another dinner party, and a cake or two as well just because I can't ignore my sweet tooth. I collect recipes; I've got a few hundred of them written down and somewhere in the neighborhood of a score of cookbooks of various kinds scattered around the Lab. I also took the opportunity to work on an essay that I've had kicking around in the back of my head for a while. I dug out some of my research notes and got my ideas in order, which is ordinarily pretty difficult for me (being more the sort to wing it). I think in another hour or two it'll be finished. Maybe if it's not too bad I'll type it up and let some colleagues critique it. I also got my bills paid and balanced my chequebook, which I find myself doing about once a week now that I get paid hourly again. I even found the time to exercise this evening.. I feel like a million bucks right about now.

For the first time in a long while, I feel pretty good about life in general.

2003/11/10

Stupid fucking Windows active directory... some services require my old password, others require the new domain password, most everything just can't be reached... give me plain LDAP any day. As for SOCKS proxies, I think it would really be easier to have their connection trackers not bother with credentials and base their access allow/deny rules on the IP address that the requests are coming from. Then again, that's just me.

And They said that computers were supposed to make life easier.. if only I could sit down and have tea with the entire Net.

Attorney General John Ashcroft is at it again. New rules for investigating computer crime have been passed that allow the FBI to proactively gather information on theats to national security, which is a kind way fo saying that they don't need a reason tostart digging, unlike the old rules which stated that they needed probable cause to begin collecting information on groups or specific people. In the reasons the bill gives 'foreign computer intrusion' is considered a viable reason to monitor activities. You can download a copy of those guidelines here. I suppose it's easier than actually making your security better. So many US government systems have been cracked in recent history and so many websites have been defaced that even the tiny hacker news sites don't bother keeping up with them anymore. It should have been a sign that things were getting bad when Attrition stopped archiving them for posterity because it's such a common occurrance anymore.

The virus writers have responded to Microsoft's placing bounties on the heads of virus coders, and they seem nonplussed. Benny of 29A and a member of IKX (who asked to remain anonymous) stated that virus writers know full well that what they do is illegal and the bounties won't act as a deterrant. At the very least they'll go even farther underground and will become even less likely to trust anyone, and thus even less likely to expose anything about themselves. Spokesman Paul Bresson of the FBI stated that the bounties were not meant to act as a deterrant but instead to make it easier to get leads, which they hope will translate into jail time and a deterrant to others who would write viruses. Greasing the wheels to get things done, as it were.

On 20 November 2003 Transgender Michigan will be taking part in the yearly Transgender Day of Rememberance, a day of memorial for those who have been murdered by the closed-minded and hostile because they were transgendered. The Day of Rememberance was begun in 1998 in memory of Rita Hester. The number of murders of transgendered people has been steadily growing since then, reaching an all time high in the year 2003 (if you watch the transgenered mailing lists there is a veritable flood of news reports coming in from the east coast alone; so many that I've lost track of them). There will be two events on 20 November at 1900 local time (is that CST or EST?) at the Metropolitan Community Church of Detroit in Ferndale and at the Unitarian Universalist Church of Greater Lansing. For more information please visit Transgendermichigan.org.

my immo
My Immortal

*What Song by Evanescence are You?*
brought to you by Quizilla

  • My #1 result for the SelectSmart.com selector, What Neon Genesis Evangelion Character are you Most Like?, is Ritsuko Akagi

    Well, today was a long one.. I still don't know why it turned out that way, it just wound up feeling that way. I wasn more tired than I'm usedn to, which never helps. Today was spent hacking on firewall rules, learning MySQL, and trying to figure out why a system suddenly died. At first I thought I'd screwed up the schema I was writing but firewall schemas shouldn't lay a hurt on a filesystem. Ungood. By the time I left this afternoon I was wondering what was going on.. time will tell. Tomorrow is Veteran's Day and I've got the day off because it's a county holiday. I plan on spending tomorrow working on some things that I've been neglecting, like some of my studies, scrapbooking some recipes, writing an essay that I've had kicking around in my notebook for a while, and catching up on my e-mail. Earlier this evening Dataline and I dropped my car off at the garage to be worked on. It's about that time that it needs winterised, and the mechanic's going to order a new tail light assembly. I should have it back by tomorrow night, but if I don't it's not that big a deal because I generally don't drive much during the week. We also stopped off at the supermarket to pick up a few things. We found cinnamon ice cream, which is next to impossible to find around here. I snapped that up without a second thought.

    I'm thinking about jacking out early tonight to get some sleep. My body's starting to complain that its energy reserves are running low, and I don't want to push it, especially with such low temperatures lately (20 degrees Farenheit when I got up this morning).

    Birth of a Paradroid: Because I'm feeling nostalgic right now.

    2003/11/09

    Most of today was spent wandering around the North Hills, enjoying being Outside and going shopping. I don't get to do that much, so whenever the opportunity strikes I take full advantage of it. I prowled around Half Price Books and picked up some old RPG books, which I collect as a hobby. After that I headed out to Michael's (a chain of craft stores) to pick up stuff to finish Fern's book of shadows. I chanced across a book on journal making and bookbinding (John C. Lilly, thou art avenged...) and bought some tapestry needles to sew the pages together. I'm going to use high-density cardboard to make the covers and linen twine to bind the packets of paper together. I also broke down and bought some silver Sculpey and a lucite roller so I can start experimenting with another medium that I've had my eye on for a while, and that's jewelry making. I was pretty good at it back in high school but graduation left me with no access to the tools I'd grown accustomed to (like a centripital caster for silvercasting and the solder and torches for setting-making). Now that I've got a little time on my hands I've got a few designs in mind for rings and amulets (and if I ever get enough time, a Deep One-in-a-bottle).

    Last night I went out with Silicon Dragon, Elwing, Seele, and some of the 412 crew to see Matrix: Revolutions at The Carnegie Science Center in the Omnimax theatre. While waiting for Silicon to arrive at the Lab I spent the evening gazing up at the skies with Dataline watching the full lunar eclipse last night. While lunar eclipses are rarely anything we'd think of as spectacular, it was neat to watch the moon slowly be occulted as it passed behind the Earth. The shadow moved from the left side to the right (from our relative position on Earth, north to south), eventually going into full eclipse somewhen around 2008 EST last night. Silicon arrived shortly before the eclipse reached its peak and we set off toward Oakland to drop off Punitha and then headed into Squirrel Hill to pick up drinks at the 61C Cafe' (I splurged and bought a large hot chai with soy milk, a favourite yet rarely-gotten treat) and then we picked our way across the city toward the science centre.

    The neon sign at the Carnegie had been reprogrammed to show green blocks (think bowling ball-sized pixels) cascading across and down the letters of the Carnegie Science Centre sign. A nice touch, I thought. We made it in time for the 2125 EST showing and after meeting Seele and Slojo to pick up our tickets and seating passes (people were seated by group to keep things orderly) and then kill time waiting for the first showing to let out. I didn't expect to see a wet bar there... given the number of teens who showed up for the movie, it was very out of place to my ken. At any rate, we found a block of seats in the bottom left corner of the stadium (it's that big), which made it very difficult to see anything at all. All of the images were badly distorted and our position was such that we couldn't see more than a fraction of the image at a time, so the movie seemed very fragmented and difficult to follow. The lighting in the movie was such that the fight scenes were hard to follow anyway - lots of strobe lights and muzzle flashes making it hard to see who was doing what. The scene showed in the trailers of the fight in the rainstorm was similiarly hard to follow for that reason. The woman who replaced Gloria Foster in the role of the Oracle did an excellent job, but they never explained in the context of the movie why that happened.

    Fans of Mage: The Ascension will largely enjoy the movie if they look at it in such terms. People interested in Greek mythology or who are fans of Neil Gaiman's The Sandman series will also find elements of the movie enjoyable. If you think you can get away with heckling the movie ala MST3k, by all means do so. It needs it.

    2003/11/08

    lou reed
    You're Lou Reed. God, you are cool, can I touch you so the magic
    will rub off? You are perceptive, witty, and badass. You wear
    cool shades, even at night, and probably wear
    black more than most people. You don't give a
    fuck what other people think, but you are also
    very sensitive in the way that you pick up on
    things that others don't. Sometimes you come
    off as an asshole, but that's what makes you
    cool. You are a poet, and you embody New York
    City. You will still be hip when you are old,
    and artists love you.

    Which rad old school 70's glam icon are you? (with pics)
    brought to you by Quizilla

    SCO just doesn't quit, do they? In its infinite generosity, they've decided to give Linux users a way out by letting them migrate to a different OS by providing to them financial incentives (which feels to me like "Use a different OS so we don't sue you flatter than the interstate"). They also don't specify which OS that you'd have to migrate to (*BSD, perhaps?) to get out of the bind they're trying to put us in. Right about now, I'm going to stop speculating on this, lest I start sounding like a zealot. All I'm saying is that something doesn't feel right here.

    Song that best describes life right now: The Introvert - Cosmicity

    Saw Matrix Revolutions tonight. It's late so I can't write too much. Suffice it to say that it's not bad. Not great, not wonderful, but it didn't suck. Fans of Mage: The Ascension will enjoy the story if they look at it with a gamer's eye.

    'night, folks.

    2003/11/07

    My early morning rant for the day: Four little words, people. Four little words summed up by these letters: RTFM.

    It's too early for this kind of cluelessness. I need some coffee..

    The attempted compromise of the v2.6 series of the Linux kernel discovered yesterday has lead people to begin contemplating the sophistication of the attack. The attempt was a very subtle one from what kernel experts are saying about the compromise. Wait4() is a pretty standard system call; the trigger that would cause it to give the user root access was a combination of flags that ordinarily is illegal. It's a very subtle change, too. What should have read == was changed to read =. If you're not a programmer, a test for equality (==) was changed into a value assignment (=), which are worlds apart (and one of the more annoying bugs to track down). Security researchers say that this took an in-depth knowledge of the kernel tree to pull off in such a subtle manner. I have to admit, I'm impressed too.

    Hal Flynn of Securityfocus wrote one of the more interesting Java advocacy articles I've ever come across, of course from the standpoint of secure programming. To his credit, he doesn't slam C. C is a wonderful language - it's midway between low-level and high-level languages (level meaning how close you are to the bare metal) and for systems programming it does a fine job. However, one of its biggest drawbacks, and this is what turns a lot of people off on the language, is that you have to do a lot of things yourself, like memory management. If you want a data structure, you have to set it up and allocate it yourself. C doesn't do bounds checking, so if you accidentally go too far in a structure, overflow a value, or don't test to make sure your structure's got enough room for your data you've got problems. Quite a few of those problems result in security vulnerabilities. He goes on to say that Java has a foot in the worlds of high level languages (ease of design and development through object orientation) and low level languages (portability, being able to be compiled into bytecode (also known as "write once, bomb run anywhere" *grin*), and running on many architectures). The biggest advantage that Java has over a lot of other programming languages is that it does memory management for you. Need a structure? Define one, and the Java virtual machine will allocate memory for it automatically. Don't need one anymore? Just forget about it and it'll be reaped during garbage collection. Not to say that Java's a perfect language, it too had its share of security holes, but it goes a long way toward making them harder to creaet.

    Having been coding for quite a few years, I can see his point. I love C because it puts the programmer close to the bare metal. You can even embed assembly code in it if you need to (or if you're feeling adventurous). That brings a smile to my face. But debugging memory management always pisses me off. It usually takes me a pot or two of coffee to get everything running smoothly, and that usually translates into two or thre days of nonstop hacking. If it's a quick yet reasonably complex hack, sometimes I just don't want to go that far.

    Okay, so I get lazy.

    Another thing that gets old after a few days straight is the cycle of edit/compile/edit again/do until it compiles/run/debug. Specifically, how long it can take per iteration of the cycle. Scripted languages (like Perl) beat it hands-down; the cycle becomes edit/run/debug. No recompilation, no screwing around with Makefiles. And no memory management. I've grown quite fond of Perl for these reasons, and of course how easy it is to chew on data. If you've never written a shell script before, take it from me - data analysis of any kind in shell script sucks. Don't do it. You could take three days just to debug one line. Perl does most of that (and more) for you, get a book and learn it. I've coded a little in Java back in college, and while I think it's a neat language it's not really my language of choice. Also, for what I do most of the time (system administration-type stuff), it's overkill. Automating batches of commands with a shell script or doing data analysis with Perl is much better suited for that, I've found. Java's good for applications, in my experience.

    Someone sat down and used the Netcraft website to figure out what OS and webservers the 2004 presidential candidates are running. The list is pretty skewed in the direction of Apache on some for of Unix or Linux by a score of 7 to 3. I don't think that it is an ideological choice of what OS they host their websites on, I think that it's a function of what web hosting companies they choose to go with. What I did find interesting was the average uptimes of the web servers they use: The Republican party's webservers averaged out at 16.91 days of constant uptime, while the Democratic party's uptimes average out at 395.38 days.

    Just for fun, I plugged the query "anarchist party" into Google and hit the first link that came up, Overthrow.com, and then plugged that URL into the Netcraft webserver query form. They are running Microsoft IIS v5.0 on Windows 2000. That's kind of funny.. I'd have thought that something a little closer to home would have been more to their liking. Oh, well.

    Dammit. The Salmon Days movie site (a.k.a., The BOFH Movie) has been replaced with a porn site. Where's my LART?

    Okay, this is my first meme, technically speaking. But it's one that I actually feel like I can answer. If I could have ten modules installed in my mind, they would be...

    2003/11/06

    I discovered last night that my car hadn't escaped Samhain unscathed - the left tail light's been broken out. I noticed it last night while I was at the grocery store.

    *sigh*

    That's what insurance is for, I guess.

    Yesterday someone involved with the Linux kernel project noticed some suprious changes to the CVS code tree, managed by the Bitkeeper application. One of the files in the code tree (kernel/exit.c) had been altered by someone and not correctly documented or checked back in, which raised some eyebrows. The nature of the problem raised more of them: Someone tried to put a back door into the code. By passing a certain option to a certain function, the access privileges of the calling process would be set to root, which gives unlimited control over the system. The attempt was caught and foiled. Way to go, guys.

    Whoever thought that rackmounting equipment made it easier to handle never found a bum batch of mounting rails in their NOC supply room before. One-unit servers are not supposed to fall straight down when their support is removed because the rails don't reach far enough toward the center of the server's mass. Also, never try to re-organise a rack single-handed, or even with just two people. Always have a third to help you put stuff in order before you try to do anything with it.

    And I thought that unit-racks were supposed to make things easy.

    I found out that I wasn't the only one who took a blow or two last weekend. My next door neighbor, I found out, has to replace the siding on his house due to the neighborhood kids throwing bricks at it. Little sods couldn't even hit his front window. The family who lives three houses in the opposite direction, however, has to replace their front window as a result of a well-aimed brick shattering it.

    As if that weren't enough, the house across from the Lab is at it again. Every night for the past two or three years, the same pattern has manifested: All of the outside lights go out around 2100 EST or so, and soon after cars pull up and park either on the street or on the front lawn. They immediately kill their headlights, and when the doors open the dome lights are invariably turned off. Someone gets out and runs to the front door, goes in for about ten or fifteen minutes, then comes out, gets into the car, and drives off. They are not subtle about it, either - riceboys driving cars with specially tuned exhaust systems that are louder than the PA systems at some raves I've been to aren't hard to miss, even down in the Lab proper. While I've no proof, I've my suspicions about what's going on over there.

    I find it annoying that this is starting all over again. A few months ago, early in August if memory serves, Dataline woke me up as she was getting ready for work and steered me into the living room to peer through the curtains at the house across the street. The house was surrounded by police, much to my surprise. Patrol cars were parked blocking the double-wide driveway completely and boxing in the two cars parked off to the side, on a dead-end street. Police officers, some in uniforms, others in windbreakers helpfully stenciled 'POLICE' in letters difficult to miss were swarming around the house, covering the lower windows and all the doors. One team knocked at the front door, entered, and about fifteen minutes later came out with a gentleman who lives in said house in handcuffs. He was summarily bundled into a car and driven away. No one saw him until two or three days had passed. I've no illusions about why he was raided, nor how he got out so rapidly. The late-night shenanigans stopped that night, to everyone's relief. Now they're at it again.

    I don't think that I have to mention how much this disturbs the people in my neck of the neighborhood. For those of you who know me Outside, I think I've given enough clues to tell you who and where I'm talking about, so if anything untoward happens to me in the future, I suggest to you that you start your search there. The usual protocols apply.

    Did the United States turn down a peace agreement with Iraq?

    Holy crap. Enlightenment v0.16.6 is out. It's only taken.. what? Four years? Maybe three? It's been a long time since the last release of any kind. I seem to recall hearing something about even Rasterman giving up on it. After doing a bit of checking, I found an article linked off of Slashdot a while ago (I'm too tired to post the link, it's searchable) that says that he only gave up on a desktop system for Linux. Frankly, I have to disagree with him, having used Linux as my desktop for going on seven years now (running Enlightenment for five of those years), but what do I know?

    Greetings, readers from the United States Postal Service.

    2003/11/05

    It's too early for cluelessness on mailing lists.. where's my coffee?

    Good luck to Marko Makela of the Helsinki University of Technology. On 28 November he'll be defending his doctoral thesis.

    Last night was amazingly relaxing even though I got a lot done. It must have been the fact that I went to bed earlier the night before and got some more sleep. My laundry's done and most of it's been put away (I'm rotating out my younger t-shirts to make room in the dresser) to make room for the turtleneck sweaters that I found in the attic. It may have been in the mid-70's all week (which is extremely unusual for November) but I don't expect that to last. For some reason the temperature outside has been unseasonably warm, in the 70's or so, all week. It's been nice, don't get me wrong. It's a welcome change from wearing three and four layers of clothing by now. Working in the office all day I never get to enjoy it, but I digress. However, everyone's bodies are geared to colder temperatures right about now, so sniffles and colds are going around a bit more than usual. If the forecasts are right, Friday's going to be a rough one, what with snow flurries predicted and all. Whether or not that'll actually happen is anyone's guess.

    I wound up rebuilding Leandra's kernel from a pristine v2.4.22 source tree because I was having some trouble with the latest revision of the GRsecurity patch. No matter what I did Staroffice and GAIM wouldn't start, and sometimes I'd have trouble with X as well. Unable to fix the glitches left behind by un-patching the source tree, I untarred a fresh copy of the source, rebuilt it, and rebooted, and Leandra hasn't complained since. My troubles with GAIM, as it turns out, had nothing to do with the GRsecurity options but what appears to be a glitch in the ICQ module; deactivating just that account causes GAIM to go up and stay up. Maybe something happened on the other end of things now that America On-Line owns the rights to ICQ. It's not beyond the realm of possibility that they changed something to disable the old clients. I'll do some looking around later today and see what's what.

    Five years ago, Linux wasn't a threat. Riiiight...

    Software manufacturer Novell, with the assistance of IBM (sounds like a round of Illuminati, doesn't it?) will be purchasing Linux company SuSE of Germany for $210mus. IBM will be investing $50mus in Novell to help with the plan. Market analysts are saying that this could put SuSE in the #2 Linux company position, right behind Redhat. This might save Novell as a company; Netware's been on its way out for years now, since TCP/IP became the dominent networking protocol all over the world. As much as it might give me hives, Microsoft's SMB protocol suite (whatever revision of it is out this week) ate Novell's lunch when it came to making network resources available over networks. SuSE is one of the bigger distributions out there; it's got a solid userbase and is well supported. The support of that userbase could prop up Novell easily.

    Speaking of Illuminati, there's a new game out: Crimelords. The game mechanics are based up those of Illuminati (the old-school version) and INWO (Illuminati: New World Order - the CCG version). While it's not an Illuminati expansion (like Y2k, and Subgenius were), it still sounds like fun. Maybe I'll pick it up soon, grab some folks for a game, and review it.

    Speaking of reviews, I've been working with Redhat Advanced Server v3.0 lately, and I have to admit, they did a fine job on it. I've built two systems with it so far using the GUI installer, and I don't really have any complaints. The GUI installer is very cleanly laid out and stable. Disk partitioning is very easy with the graphical fdisk utility; I strongly suggest working out your partition sizes on paper with room to correct because you can do quite a bit of juggling of the disk layout. Unfortunately, the installer only gives you the really viable option of formatting everything with the EXT3 filesystem (EXT2 + journalling). I'd feel a lot better if ReiserFSA or JFS were also offered; I've had a lot of success with ReiserFS on the enterprise level, and havn't had any problems with it. EXT3, on the other hand, I've seen get badly damaged on some systems in my care, and it's left a bad taste in my mouth. The installer also gives you the option of using GRUB or LILO for your bootloader.

    One thing I discovered about AS3: It'll let you uninstall GRUB without blinking. If that's the only bootloader on your system when you reboot, your system will reboot after a few seconds, but because the boot loader runs in graphical mode your screen will be munged. On the other hand, this does not appear to cripple the system in any way, only the console is affected. I'm pretty sure that if you were to log in via SSH or a serial terminal you'd be fine.

    Package selection is much simpler than in earlier releases. Packages are broken down into logical categories (like 'Development' and 'Graphical Administration Tools'), and each is further subdivided into packages that will be installed and optional packages in each category. It is possible to install any number of optional packages; it is also possible to not install an entire category. I made heavy use of this option by skipping every GUI tool in the distribution without any trouble. All told, the box I just built fit into less than one gigabyte of disk space (1,011 MB if memory serves). Dependencies between packages were automatically resolved (and rapidly, at that - it took less than twenty seconds) and installation began. All told, building a new AS3 system took less than 30 minutes. After the initial reboot, I went back through the system and stripped out all the stuff that wasn't needed, removing 215 of 410 installed packages. I was able to rip out almost all of the graphical stuff on the entire system without much trouble.

    On the other hand, there's also an option that you can pick during package selection to only install the core package set and nothing else. I didn't try that one because I'm not as familiar as I could be with the packages in this revision and didn't feel like tracking down RPMs across four CD-ROMs (though I was only asked for the first three; I'm pretty sure that's because I skipped the XFree86 stuff). If I get a chance I'll give that a try and see how well it works. On the whole, I've got to give Redhat Advanced Server v3.0 9/10.

    This isn't a good sign: On 4 November 2003 the crew at Cryptome was visited by representatives of the Federal Bureau of Investigation. Two representatives of the New York Counterterrorism office said that Cryptome had been reported as a source of potentially harmful information. While nothing on the web site is technically illegal, some of the information, they say, could be used in a malevolent manner. On the whole, nothing came of this visit, but it is for certain that they're watching.

    I guess they're doing something right. They got the attention of Someone and made it through without disappearing.

    Microsoft is offering a $250mus bounty on whomever built the MSBlast and Sobig worms. Very Shadowrun. Today would have been nice if I hadn't found out that some folks that Dataline works with were talking about turning me in for the reward. I'm flattered guys, I really am.. but I didn't do it. Nor would I do such a thing. And even though it was a joke, I don't find it funny. I find it an insult to my integrity and my reputation. My life, such as it is, is the product of years of fighting like a bastard to get out of school and cobble some semblance of a self-image together, to say nothing of simply working my ass off to get things done. I'm not about to risk what I've got.

    Greetings, readers from usmc.mil!

    2003/11/04

    Maybe it's not so far-fetched that the law will reach across intenational boundries... a 17-year old cracker, native to Brasil, was busted in Otawara, Japan not too long ago. The kid's handle wasn't released, nor his birthname. He's suspected of being a member of a crew called the Cyber Lords, who have a rep for defacing websites (1,032 at last count). South Korean police gave Japanese police the heads-up through Interpol, it is said.

    Oops - a permatemp at Microsoft posted an image file of Apple Macintosh G5 systems being delivered to the campus and was fired for violating corporate policy. It's not that they were Macs (Microsoft does release MacOS software, after all), it's that he went public with something internal, related to development. I've got to agree, actually. That's part of the development effort, and it releases unnecessary details. Bloggers everywhere are starting to pay attention to this incident; it's not uncommon for people to post about what's going on at work, though sometimes in a heavily edited or obfuscated manner (myself included). Some of this stuff could compromise internal security or unannounced projects. The problem I can see here is that it might be possible for a company to axe you for this very reason... they might even consider doing so just because you keep a weblog, and not because you've posted anything compromising. My theory is that this could be construed as an ongoing security risk, and thus grounds for termination (L. Bob Rife, anyone?). It's not uncommon to find in employment contracts a clause that states that an employee may be fired at any time for any reason, and that reason need not be disclosed to anyone save HR and management (just about every job I've ever worked has had that clause); that'd be the perfect way to get rid of someone who's said something in their weblog that someone doesn't agree with. Food for thought.

    And speaking of the freedom of speech and websites, companies aren't the only ones who are keeping an eye on what goes onto webpages, the US government is as well, only instead of firing people for posting things or watching what they write, they're instead quietly going back and deleting pages or editing content in subtle ways. Pretty much anything on a US government website that could make someone look bad or provide reason for questioning someone's motives is quietly being removed. The US Army has pulled quite a few of its publically accessible unclassified websites lately because the information on them isn't the most flattering. In particular, admissions that troops are having trouble with hardware in the field or problems in training are being slowly removed. Neither the information being removed nor the fact that people have noticed this information being removed are conducive to giving people a whole lot of confidence in the Army right about now. Wouldn't it make sense to fix the problems and then state that they've been fixed, though? Instead, they are quietly covering up what's going on and not really fixing it.

    Spackle on a bullet wound means that there's still a bullet wound.

    Attorney General John Ashcroft released a memo in October of 2001 stating that FOI requests were to be delayed or denied as much as possible, which diminishes the accountability of the government by the people. Membership of various advisory boards is slowly being classified - now you can't tell who's pulling what strings and who is making what decisions where. Unclassified regulations documents are disappearing as well - how, exactly, are things run on a tight ship? Good question.. no one can find out anymore.

    Read that article, and more importantly, read the mirrored documents linked through it. It's a real eye-opener.

    Database-like file systems aren't really all that revolutionary. IBM was there first with the OS/400 file system.

    The new dishwasher was installed yesterday.. it's slick, let me tell you. It fits pefectly under the kitchen sink, and it blends in perfectly with the cabinets and countertop. Unless you're specifically looking for something with a keypad you'll probably miss it. Bloody thing's just about silent, too; when it's running you have to put your ear against it or have a very quiet house to even know it's running. Colour me suitably impressed.

    I'm getting old. When my body was younger I used to be able to stay up for a few days at a stretch (mostly due to chronic insomnia), go out all night, and get up for work without thinking anything of it. Now I can stay up without any real trouble, but I pay for it for days. I was up until 0400 over Samhain when I went out with the Bipitt group and I've been wiped out ever since. I wound up crashing early last night just to get enough sleep to get up this morning, and I'll probably wind up doing the same thing again tonight (crashing early, I mean). In a similiar vein, travelling wears me out, too. It takes a lot of energy to travel the way I'm accustomed to (road trips, cross-country trips, what have you), often so much that my body's ill by the time I get there; its immune system can't take changes in climate or location very well anymore. Nothing sucks worse than going to a con and winding up with a cold or the flu. It's downright frustrating, truth be told.

    2003/11/03

    Another day, another dollar.

    Lucien's doing as well as can be expected; I'm very pleased with that. I wish I could add some more RAM to his mainboard to help things along but if I recall the AMD K6-2 mainboards, they can accept only up to 372MB of RAM at once, which is a little bit disappointing. I was hoping to put at least a GIG of physical RAM in him to be safe. I guess those extra DIMMs I have are going to have to wait.

    A new variant of the Mimail Win32 worm, called strain 'c', is steadily working its way across the Net, and it's got a rather unusual mission: A DDoS attack on the domain Darkprofits (which you've no doubt heard of if you get any spam at all). To get around SMTP proxies, it masquerades as a ZIP-compressed file. W32.Mimail transmits itself via e-mail and has the nasty habit of also stealing data from infected customers. If you find the file "Netwatch.exe" in the Windows system directory on your box, there's an excellent chance that you've been hit by it (I say 'excellent chance' because I don't know if there really is a Netwatch.exe file standard on a Windows machine). It ransacks the hard drives looking for e-mail addresses to propagate to, copies data from whatever windows you might have open at the time (nice touch, that), and then starts to spread. Symantec has released a removal tool in case your deck's been infected.

    Software patents are really starting to make me wonder what the next decade is going to bring. The way things are going these days between the the US Patent Office and some of the terms in non-disclosure and intellectual property agreements anymore, pretty soon you'll need a license just to have an idea. US patent #6,636,857 was granted to Bluecurrent, Inc. of Austin, TX for downloading software updates from a website and installing them. You can read the full text of this travesty here. There's so much prior art for this, it's not even funny, from Windows Update to APT and APT-RPM, and I'd go so far as to say the *BSD ports collections (FreeBSD's only linked here).

    The stakes have gotten higher, and you have to wonder if it's even worth it anymore. Probably the biggest gripe that researchers, prosecutors, and IT staff have about crackers is that nothing ever seems to happen to them; most cases never even see a jury, and they can be tied up literally for years in court, only to see nothing at all happen. Cases against crackers in other countries rarely if ever come to anything because extradition is too big a pain in the six and un-cooperative foreign governments for 'such trivial cases' are the norm. New federal laws took effect on 1 November 2003 to change that. If death or bodily harm can be proven as the results of a computer being compromised, the penalty will become 20 years to life in federal prison. Highly nontrivial.

    The American Civil Libertie Union did a writeup of the Multistate Anti-TerroRism Information eXchange with a rather amusing title not too long ago. This is another government data mining project that hasn't gotten too much notice lately (I did an article on it back in August of 2003) but probably should. It's basically another data mining project, in which the databases of government agencies at the state and federal levels are cross-referenced with the records of as many private systems as they can get to. The idea is to compare each amalgam of records to some statistical norm to guess who might be involved in terrorist activities (or maybe just a smart ass). The ACLU has put together a pretty good collection of resources on this projet in the article, check them out when you have the time. They've also filed quite a few Freedom of Information Act requests (good luck, guys) on the the project.

    The Electronic Frontier Foundation has filed suit against Diebold. Diebold, in case you havn't been following events, is issuing legal motions against people who have been hosting mirrors of documents which contain evidence that Diebold's electronic voting terminals are so insecure, elections held with them could be fixed without anyone knowing. The EFF is stepping in to protect those people's right to free speech.

    Closer to the home front, Redhat is killing off several versions of Redhat Linux by the end of this year. Redhat Linux versions 8.0 through 7.1 will reach their end of supported life on 31 December 2003; Redhat 9 will be EOL'd on 30 April 2004. This is not surprising, because the manpower and time necessary to maintain older versions of the code is prohibitive; in many ways it's better to have engineers working on the latest and greatest version to keep things moving forward. However, an e-mail sent out recently stated this: Red Hat does not plan to release another product in the Red Hat Linux line."

    Huh?!

    While I haven't really been following it, I suspect that their Fedora project is going to be replacing what we normally think of as Redhat Linux. I don't think that the company's going to be going out of business, and neither do I think that they'll be supporting only Redhat Enterprise (Advanced Server and Workstation); that'll cut them off needlessly.

    The spammers seem to want a war... on Saturday the virus W32.Mimail.D was detected on the Net, infecting systems and preparing for its mission - a DDoS attack on Spamhaus.org. In addition to Spamhaus, Spamcop.net and Spews will also be attacked. I don't need to say that this is also all kinds of illegal - why isn't anyone in law enforcement taking notice? Spammers are cracking systems (illegal), releasing viruses (also illegal), and conspiring to commit major acts of electronic vandalism (waiiit.... waiiiiiit for iiiitt... illegal). This isn't reason enough to hunt them down and bust them??

    2003/11/02

    Crash and Burn are no more. I've finally finished constructing Lucien, their replacement. He's already handling DNS resolution, e-mail transfer, and DHCP for the Lab. Now I can rest.. if anyone's sent me e-mail in the past two or three days, please re-send it because Burn might have sacrificed them to Shub Internet to maintain her life just a little while longer.

    "And shepherds we shall be, for thee my lord for thee. Power hath decended forth from thy hand so our feet may swiftly carry out thy command. And we shall flow a river forth to thee and teeming with souls shall it ever be. In nomine Patris, et Filii, et Spiritus Sancti. Amen."

    2003/11/01

    Halloween last night was noticably thinner in terms of kids and decorations. I havn't seen much of it as time's gone on but now that I've had a chance to actually watch (and not spend the entire day studying for midterms or working long hours) I can see that the number of kids going around has diminished greatly. That, and no one seems to really decorate anymore. I think that's mostly due to the fact that for the past few years any decorations for Halloween that people set up are destroyed in fairly short order. I know that's why my family doesn't really decorate anymore, they got tired of cleaning up the aftermath. For years we used to do dioramas on the front lawn and make dummies out of clothing and frameworks. The dioramas were smashed at first, though the last one was set on fire. The dummies tended to wind up in the middle of the street, which wasn't so bad until someone thought that a trick-or-treater had been hit by a car and dialed 911. That took some explaining. Eventually they just took to stripping everything outside for whatever they could steal. What really did it was the kids who stole the dummies had the audacity to wear the masks that they'd stolen the next year. But I digress.

    I'd gotten permission to leave work early yesterday, and took the early bus home to get ready for the evening. All the rain this summer let them grow to a considerable size, with thick rinds and not much in the way of 'guts' inside to scoop out. Dataline and I took carving knives to them and began cutting away; hers turned out goofy, mine a bit more predatory. She cut shapes out, I cut outlines of features. For the aforementioned reasons we didn't do much decoration, only putting out a hanging ghost, the pumpkins, and one of those flickering flame sculptures that are so de rigeur these days. They're actually kind of cool... kids started making their rounds around 1800 EST last night. Not many did much in the way of costumes; there were a lot of princesses and kids going around in blackface, that's about it. There were't many little ones out, either. As for myself, I don't know what I did.. I followed what something inside me dictated; that's the only way that I can describe it.

    I wore my leather suit and one of my spandex t-shirts, and a white button down shirt over top with a necktie, my oroborous tie-tack, a pair of black boots, and my red prosthetic lenses. I found the time to put on a bit of makeup and some clove essential oil. Finding pictures of my grandmother and uncle, both of whom I lived with when I was younger, proved to be a bit more difficult. Dataline helped me track down some wedding pictures and an old photograph, both of which are on my altar right now. I discovered something last night: Just as your bus will come whenever you light a cigarette, everyone you've ever met will call you when you start putting on makeup or start a rite. I put on foundation, someone called. I started putting on eye shadow, someone called. I was doing my hair, someone called... I picked up my sword, someone called... it's amazing. Someone should do a government-sponsored study on it.

    All told, it didn't take very long.. most of my rites don't. The samhain incense I bought at Pagan Pride Day smells really nice, and doesn't need charcoal to burn. It fills the room nicely and works well for an offering. That done, I headed upstairs to hand out candy. Most of the kids didn't like my contact lenses, and refused to make more than cursory eye contact. I wish I could do that at will... there weren't many kids out trick-or-treating, and quite a few were skipping houses with apparantly no rhyme or reason. There was one cosplayer making his rounds; he was dressed as Ken from Hokuto no Ken (Fist of the North Star), down to the seven scars on his chest. That got a laugh out of me; I havn't seen that movie in ages (and that series in ever, because it appears to have gone out of print). By the end of the night each basket of candy barely had a dent in them. The suckers and hard candies were hardly touched, the chocolate a bit more but there's still more than half a basket of chocolate left. There are going to be leftovers for quite a few weeks, I have a feeling. Once 2000 EST rolled around (which is when Halloween trick-or-treating is over in my neighborhood) Dataline and I set about packing up our decorations and turning off the lights. The pumpkins, strangely enough, are still in one piece.

    Burn has spontaneously rebooted twice in as many hours. I have to work fast.

    Once we'd gotten everything put away I jumped into the car to meet John, Lara, Lupa, and whomever else would be going to Pittsburgh's Samhain Bi Night Out for dinner and perhaps a night at the Erotic/Exotic Ball at The Matrix, a dance club downtown. I had a few misgivings about the entire thing: I could not find any word about what the dress code would be (The Matrix is a proper-dress only establishment, which means that males have to wear shirts, ties, coats, no sneakers or hats or baggy pants; women must be nicely dressed). Erotic/Exotic says, at least to me, that fetish gear is involved (leather, rubber, spandex, restraints, collars.. things like that). Would that be permissible? I had no idea, and neither did anyone else. Secondly, the cover charge wasn't known. For all we knew it could have been $40us to get in the front door. Third, if we were to bring some toys with us, would we be allowed in? When last I was there I was searched, along with quite a few other people. Could I get in with, for the sake of argument, a flogger?

    Questions, questions.

    The four of us wound up hanging out at the restaurant for a good three or four hours, talking and catching up and generally touching base. Lupa's really getting to be good friends with John and Lara; I'm happy about that. They're all good folks. Anyway, after dinner we picked up and headed downtown to hit The Matrix and see if it would be worth our time. We swung past the building a few times to scope out the crowd and see what was going on. Unfortunately, we didn't see anything ordinarily considered 'erotic' (as we reckoned it, and probably as most vanilla folk would reckon it, either) or fetish-related (I'm not counting two women wearing bunny ears). Verdict: Not worth the time or the money. Action: Abort. We turned around and drove back to the South Side to wander around and check out all the costumes people were walking around wearing.

    The number of male nuns was scary - I lost count at seven. There were a few old-school pimps walking around, complete with fur coats and flashy swagger sticks. They got applause with the windows down. The guy dressed as Adolf Hitler, I have a feeling, didn't survive the night unaccosted. For some odd reason there were a lot of cowgirls and sailor-girls walking around. The girl wearing a cat tail and mouse ears drew some puzzled looks from everyone in the car. Mixing one's metaphors is one thing, but that just doesn't work. I'm sorry. The guy walking around in full body paint dressed as Baron Samedi was most impressive, as was the gentleman dressed in most of the ER Room and a nearby junkyard - a junkborg. I wish I'd gotten pictures of him.

    We stopped in at the Tuscany for a quick drink - I introduced Lupa to the spice, and I think I've made another convert. We didn't stay for very long because there really wasn't a lot happening, and it was decided that we'd head back to our cars and then reconvene at John and Lara's doss to hang out. All of us were feeling a bit peckish, anyway, and munchies sounded like a good idea.

    scscs
    Shh...everything must be quiet around you,
    secretive one. What customs are you doing now?
    Your strange ways may cause you to be some kind
    of an outcast, but you don't mind that. The
    things from the 'other side' fascinate you.
    Sounds good. Who knows why you took this quiz?
    Happy Halloween, O Powerful One.

    What Halloween Figure Are You? (Fun Quiz! MANY RESULTS!)
    brought to you by Quizilla

    HASH(0x8752038)
    You're Brigitte Bardot!

    What Classic Pin-Up Are You?
    brought to you by Quizilla

    I didn't get home from John and Lara's until 0400 EST this morning, or therabouts. After hanging up my clothing I crashed, not waking up until 1045 EST or so. After a shower and breakfast I sat down to read for a while. For some reason Dataline and I wound up talking. I wound up (diplomatically) telling her everything that's been going on with me lately... not wanting to be at home, feeling trapped, feeling obligated to stay there, the whole nine yards.

    That was probably the hardest thing I've ever done to date.

    I don't know what to say here that isn't embarassing for the both of us; it isn't my intention to do that to her. Suffice it to say that we see eye to eye on more than I thought we did. We had a discussion on the topics of obligation, and wanting to be alone, and what it would take to fix things. There was the initial speculation on who had done what wrong to the other and why it's not financially feasible for me to move out of the Lab right now. It took time to explain that I don't blame them - far from it. I'm caught in a trap of my own design. Just as I never do things without less than three reasons, I don't get stuck in situations like this for less than three reasons, either.

    I hope that we at least understand each other, now.

    OpenBSD v3.4 is out.

    2003/10/31

    Well, after a lot of coaxing, pleading, and cajoling, Burn's back on line. She's steadily working her way through the queue of backlogged messages on her /var partition. When I logged in this morning I found hundreds of duplicate messages in my mail spool, and likely there are more in other people's inboxes. Delete them as you see fit, everyone. Once that was done, however, things got a lot faster. I'm still going to be building her replacement this weekend, however. I've got a spare P-III machine that's not doing anything, so I'm going to bring it online (oddly enough, I can't find any sites with Slackware v9.1 .iso images, so I'm going to go with Debian.. maybe that's a subtle hint) on Saturday and get everything configured before I pull Burn's drives and transfer them over. Then I'll be able to retire her, along with Crash (who's really not doing anything right now aside from acting as secondary DNS resolver). That'll free up space on the rack as well as mean that the Lab's drawing less power. I figure that a gig of RAM or so will be of immense use. As a bonus, I'll be able to start that file archive server I've always wanted... I'll be able to move the FTP site over to it and dedicate a couple of hard drives to just storing the files. I'll work on making it web-accessible later.

    Once I'm sure that the new system is stable and running the way it should, I'll decomission Crash and Burn, pull the usable parts, and ship them to Goodwill. Maybe they'll be able to help someone else; unfortunately they're underpowered enough that they're not doing what they're supposed to be doing for the Network (i.e., delivering mail in a timely fashion, acting as secondary DNS server/DHCP server/file server). It has to be done.

    This is the first I've ever heard of a benign strain of a virus going around. A variant of the W32@Sober virus is making its rounds that can slip past antivirus software, but which doesn't actually do anything; they're calling it Sober-enc (for 'encrypted', if I read the article correctly). Sober, from what I gather from this article, was designed to encrypt itself before retransmiting itself. When it arrives, the header decrypts the payload. There is a runtime case, however, when Sober can't decrypt itself (it sounds like it accidentally re-encrypts its payload, which can cause problems with decryption using some algorithms), and as such can't execute teh payload. SophosAV has a signature out for this new variant.

    Hmm.. have to do some reading on this today.

    Centaur Technology, a company specialising in producing hardware that holds to the x86 standard, announced at the Microprocessor Forum in San Jose, CA a few days ago that they've developed an x86-compatible CPU with security functionality on-board. This probably doesn't interest you, until you find out that Glenn Henry (president of Centaur Technology) is talking about a strong random-number generator and AES (Advanced Encryption Standard) encryption and decryption in hardware; specifically built into the CPU itself. ARM has something similiar in mind, only they've extended security to the memory management system also.

    A research team funded by NEC and the Japanese Institute of Physical and Chemical Research claims to have fabricated a Controlled NOT gate in hardware . CNOT gates are said to be the basic building block of quantum computers, along with qubits (QUantum BITS) and the one-qubit rotation gate (at this point, I must confess myself lost).. Researchers are saying that even if this pans out, it will still be at least a decade before quantum computing is a feasable technology. The basic idea is that a qubit is in many states at once. Each state corresponds to a discrete value, so qubits can be said to be storing many different values at once, in contrast to von Neumann-architecture CPUs, where each chain of gates holds only one value at a time. Back in February, this same research team (headed up by Tsai Jaw-Shen) managed to get two qubits entangled: Even though they weren't physically connected to one another, as far as anyone can tell, they were still interacting over a measurable distance. The major problem they've got right now is decoherence, the qubits disentangling themselves before they can do any useful work. The article says that there's a full writeup in the 30 October 2003 edition of Nature. I think it's time to head to the bookstore...

    2003/10/30

    Fuck. Burn crashed again. E-mail to me is going to wait until I can get back to the Lab to reboot her; everyone else using Burn for the same purpose is going to have to wait as well. Anyone know where I can get a P-II mainboard and CPU cheaply?

    Maybe she's picking up on how I've been feeling lately and is acting the same way. It wouldn't surprise me - Leandra's been refusing to run GAIM for the past two days, too. It keeps segfaulting even though it was working perfectly.

    On the other hand, I did some writing that I'm rather pleased with last night. I finished reading the first binder of stuff that collects in my home directory and once I finished digesting it I think I found some useful patterns in the information that I wound up writing up. In rolling the concepts around in my mind to see how they fit together, I think I found out how they're supposed to link up - tracing the connections far enough showed me a shape, if you will, to the data. I also did a quick pencil-then-ink sketch of it to make sure I had the pattern right. I'm no Picasso and my distance technique needs a lot of work, but the visual depiction makes sense.

    The fastest network printer in the office has been acting flaky for the past two days - it eats half the documents that are sent to it, which can only be fixed by opening the chassis and pulling out the crumpled paper that somehow gets stuck in the feedway. It and I had a little discussion this morning.. I think it's seeing things my way now. A little guerrilla magick never hurt anyone.

    Remember the woman who accidentally spammed an FBI agent with an AOL phishing attempt? On Tuesday she pled guilty to federal conspiracy charges and might be looking at a few years in prison. She was in cahoots with a few other spammers in a scheme to get their hands on people's credit card information by passing themselves off as America On-Line's billing center, complete with a faked website. That's a few spammers down.. time to take out some more.

    It's about time, guys... Microsoft has made the decision to deactivate the Windows Messenger service and turn on the integrated packet filters by default. It's taken you long enough. What's more, MS is now working on a new RPC (remote procedure call) API that will keep the same functionality but work in a more secure manner.

    More information's gotten out regarding Microsoft's Longhorn project, scheduled to be released some time in 2006. They've come up with yet another way for end-users to look at their files (how about one that makes it easy to find things in a hurry?) It sounds like the API's been reworked some to make it easier to write native software, which is never a bad thing. A technology called SuperFetch is supposed to make loading applications faster; my guess is that a loader of some kind will run in the background at all times and when the app is triggered, it'll load the rest of the package (like Office can be set to do now and Mozilla for Win32 can be configured to do). Come to think of it, it also sounds a lot like the "Fast load" option on my Zaurus, in which an app is running all the time, it's just not displaying it's UI until it's told to by the underlying desktop system or OS. Time to check prices on RAM... The bitmapped graphics subsystem currently in use will be replaced by a vector graphics system, which is expected to be faster and produce better images. The WinFS initiative is built on top of NTFS (version 5 or (the hypothetical right now) 6, I'm guessing) and is based upon the paradigm of a relational database management system. NTFS file streams (FAQ here) were mentioned specifically, so it sounds like they're finally going to make use of that largely unknown featureset to make this happen. The file metadata will be in some dialect of XML, it's been written.. love to see the DTD on that. Documents will no lnoger be stored in definite directory locations in the WinFS system; WinFS will index the entire drive and make all the documents available from the "My Documents" folder. I have to admit, this'll make things a lot easier to find; I just hope that the subsystem that figures out what's supposed to be indexed and what isn't works very well. The WinFS effort is also expected to make it easier to share data across applications (for example, your Outlook contacts list), which if done right is going to be extremely powerful. The first beta release is planned for the third quarter of 2004.

    Sharp Zaurus fans take note - the new generation Zaurus, called the SL-6000, is on its way. A few pictures of the new model have been leaked to the Net, and it's looking like a sweet piece of hardware. The unit itself will be larger, mostly because the screen will also be considerably larger (480 wide by 640 high). The linked image shows the usual pull-the-cover-back thumb board will be included. It will also be possible to flip the display between horizontal and vertical use (it's about time...) The capacity of the power cell is expected to be greater to take into account teh larger screen, rumoured integrated wireless LAN card, and Bluetooth capability. 64 to 128MB of RAM are expected along with the usual compact flash and Secure Digital, integrated speaker (usable for playback, I hope) and microphone (neat). I can't wait to see this one in action.

    Frequent airline travellers will be thrilled to know that Orbitz was cracked by spammers, who stole what appears to be their entire database of customers' e-mail addresses. As far as they know, no one's credit card information was stolen, just the e-mail addresses. Okay. This is nine kinds of illegal. Spam is one thing, but cracking boxes to get more targets is just plain wrong. I hope the anti-spam brigade gets hold of these folks before the courts do (as if international or United States law can do a single bloody thing about spam). I'll leave it up to your imagination what I hope they do to them... suffice it to say that it involves a pair of channel lock pliers.

    Here's an odd thing to hear: The United States and Israel are collaborating to the tune of $57mus on a laser weapon to shoot down short-range missles. Congress just signed off on funding for Project Nautilus, the code name for this effort. There is no public record of approval for this, however; the author of the orignial article suggests that it might fall under the auspice of the 2004 Defense Authorisation Bill, which has both public and classified sections of funding. Even more unusual, the system was reported to have been tested successfully back in 1996.. I wonder if anyone on the fringe heard about that.

    I'm really surprised that this hasn't been mentioned on the news.. what if the gigantic forest fires in California (so large they can be seen from orbiting satellites) were set by terrorists? A few of the fires were confirmed acts of arson, so it's not all that far fetched.

    I had some spare time, so I put together that Debian package of Nmap v3.48. It's not official, it's just something I do. The features of v3.48 are amazing; it's a very useful tool. I figured that I'd save Debian users some time and make a package for them. Enjoy, folks... and remember, if it breaks, you get to keep all the pieces. It's not my fault.

    Well, I've rebooted Burn.. and boy, is she getting hammered with the backlog of messages. So many retries are coming in that she's barely squeaking by under the strain. It took two minutes just to log into her console, another three to get a process list, five more for /usr//bin/uptime to run. When it finally did, I saw this:

    21:16:18 up 2:09, 1 user, load average: 27.59 27.73 27.37
    

    Come on, Burn.. you can do it.. you're elite..

    ...

    Morpheus preserve me, what the hell did I just say?!

    Earlier tonight I ran to the optomitrist to pick up my new glasses. They're so light, I can scarcely feel them on my face, and the lenses are extremely thin. So much so, in fact, that they're slightly prismatic. I can see halos around things if I look too close to the edges of the lenses. It's kind of neat, actually, my new frames make me look more feminine and really bring out my eyes. I like them. I'm coming even closer to the line in day to day life. It's just a matter of time.

    I also picked up my prosthetic contact lens tonight, the solid white one. As I mentioned a while ago, my local library is having an anime con in about two weeks, and I'm coplaying as Sakurazuka Seishirou again. I'm hoping to get a few more people hooked on X while I'm there.

    I just had a little talk with Burn. I'm helping her thresh through the queue of messages that are pouring in. Between the two of us, I think we can make it through the flood without too much trouble.

    Villian
    You're A Villian! You evil person, you. You have a dark side to you.
    Your destiny is world destruction/domination.
    Just so long as those pesky heros stay out of
    your way.

    What Type Of Anime Character Are You?
    brought to you by Quizilla

    The only thing I hate more than spammers are spammers who don't know that a mail server isn't an open e-mail relay. Fucking idiots.

    2003/10/29

    Sometime yesterday, a new washer and dryer were installed in the basement of the Lab. The dishwasher's on its way out (the cooling fan's broken and running it might cause it to flame out) so Dataline and my grandfather decided to buy a new one, and get a new washer and dryer at the same time. They're over twenty years old, anyway, and were beginning to act up in annoying ways (like a lack of hot water when washing clothes). Sears came out sometime yesterday afternoon, pulled the old machinery, and installed the new ones for us, and to boot hauled off the old stuff for a very reasonable fee ($15us, if I recall). The new dishwasher won't be installed until next Monday, they tell us.

    Something's been kicking around in my head lately. The corner I catch my bus in to work on is shared with a local school bus stop. It strikes me as odd that their parents wait with them still (they're in middle school, so I'd guess their ages between 12 and 14) until the bus comes, that they're driven to the bus stop (some of them live in the house at the corner), and that they even get to wait in the car with the engine and heater running. Something feels wrong about that. When my body was their age, I never did that; in fact I never even considered it. Standing on the corner in the rain with an umbrella, in the snow with a parka, in the cold with a coat, and the rest of the times just standing there was a fact of life. If it was cold, I dressed warmly. If it wasn't, I didn't. I acted practically, and with what I like to think was a bit of forethought and attentiveness to the environment. It's cold, so they get to sit in the car with the heater going.. how about wearing a coat and standing with the rest of us for a change? It's good for you.. it gets you used to surroundings that aren't idealised.

    Maybe I'm getting getting bitchy in my old age. Next thing you know I'll be telling tales of walking home from school in snow up to my knees (which I did once, during the blizzard of '88) and braving thunderstorms to get to school (which is a fact of life if you live in Pennsylvania and you didn't have the luxury of a car to sit in with your folks).

    Diebold's obviously worried about something.. you'll probably remember that a few months ago some enterprisnig hackers found their electronic voting system to be horribly insecure, and easily tampered with. Copies of the documents they'd gotten hold of, the results of their analysis of the system, data sets, and other documents were released and copied all over the Web. Now Diebold's putting the lean on activists who host copies of the documents. Ceast and desist letters are starting to be recieved by various people and privacy advocacy groups. Folks who move in privacy circles are taking these letters as proof positive that Diebold's got something to hide (and some of the documents that have gotten out suggest that they have a lot to hide; things like senior developers telling coders lower in the food chain that running the product on an OS not independently certified was all right (legally, it isn't)). If I can get some more disk space, I'll get hold of copies and mirror them to the Network; from what I've seen they fit on multiple CD-ROMs.

    A bill is about to hit the US Senate that could potentially compromise some financial privacy laws around the United States, particularly in the state of California. In conflict with a proposed amendment that will extend California's financial laws to the rest of the country, this bill would remove restrictions on the part of financial institutions regarding the sharing of customer information. The law says that states cannot restrict how companies share information with their affiliates, and that includes banks and credit bureaus. On the bright side, you're allowed one free copy of your credit history every year. How kind of them. This bill also permanantly prevents the States from ever passing laws that restrict the sharing of such information.

    whitehouse.gov is now fully indexable by search engines once more. It has been said that the webmasters of whitehouse.gov are now encouraging the Internet Archive to crawl the entire site, thus making a point in time copy of the site for posterity's sake. An interesting backpedal.

    I found my makeup! Yay!

    solitary
    Your soul is bound to the Solitary Rose: The
    Alone. "When I wake up alone, the shades are still
    drawn on the cold window pane so they cast
    their lines on my bed and lines on my
    face."
    The Solitary Rose is associated with loneliness,
    melancholy, and patience. It is governed by
    the goddess Merope and its sign is The Sword,
    or Unrequited Love. As a Solitary Rose, you may be summed up as a
    hopeless romantic. You desire love and have so
    much love to give, but thing just never seem to
    work out the way you want them to. In life,
    you can be very optomistic, even when things
    are gray and nothing works out to your
    expectations.

    What Rose Is Your Soul Bound To?
    brought to you by Quizilla

    2003/10/28

    Meetings all morning, catching up right now. Writing later.

    let's see.. what's been going on today... I've been in meetings all morning with the management team of the office I'm working with, first to discuss the impact of various burgeoning technologies that seem to be springing up all over the place like mushrooms at one of Terrence McKenna's dinner parties, later to witness a demonstration of some new software and given an opinion or two of it. The meetings went very well; I'm fairly well versed in what they were talking about and I think that I can help them out in some way if they need it. The latter demonstration, however, left me cold. I'm not familiar with the interface to the system it pertains to in the first place, so putting a new UI on the front of it didn't mean a whole lot to me. I hate to say it, but it's not my department, and I don't have a lot of time for it anyway.

    Between the first and second meetings today I tried to log into the system I've been developing on, a small workstation in the security office that I could access remotely and code on. Occasionally, the machine dies after throwing some errors from the IDE interface drivers, at which time the machine gets rebooted and all is well. Until today, when the disks failed the initial boottime fsck(1) and dropped to single-user mode for manual repairs. Lovely. Two of the partitions came back without any trouble and no major corruption, but the root partition, which held pretty much everything we were using was so full of errors it took fully two hours just to finish the initial badblocks scan with fsck(1). Not good. Another 80 minutes were required to attempt to repair the filesystem, which is so badly corrupted that I had to do everything by hand. Through a minor miracle the machine came back up under its own power long enough for me to copy off all the work I've done in the past few weeks (we're not allowed to back it up to tape, you see) but a fair amount of the OS is hosed. I'm going to rebuild it myself when I get a chance but I really think that there is a hardware failure someplace, either the hard drives themselves (which might not cause the IDE drivers to throw errors) or the IDE interface itself (which is more likely, and I've encountered once or twice). I really don't think it's the EXT3 filesystem because we're using it in several other places on the LAN and those machines aren't having trouble as far as I can tell.

    So today's been one of those days.

    My fellow IT Ninja, go put on a pot of coffee. As you're probably aware, a new virus called Sober is making its rounds on the Net. It's been loose for at least a day now, and its forte' is sending itself as an attachment to an HTML e-mail (I need to make a macro for that string) and resending itself through its own SMTP engine. You can read Symantec's writeup of W32.Sober@mm here.

    A curiously good article at MSNBC about net.terrorism on a global scale was released not too long ago. Given the way things have been going lately, I can see why people are worried about how things might go down. From DDoS attacks to compromised computers all over the Net being used as relays for spam and jumping-off points, the threat is becoming more and more real every day. Years ago, when being a computer geek was still a curiosity to most people, folks used to ask me why crackers had never broken into the networks of power stations and telephone companies. I used to tell them that it was because those networks weren't accessible from any networks that we knew about (such as the telephone grid); mind you, this was before I knew anything about the PSNs (packet switched networks) all over the world, like Telenet and DataPAC. Nowadays, the sheer fact that critical nets are accessible from In Here scares me. Pretty much anything can be used to overload a system from the network, from hammering it with TCP or ICMP packets in a DDoS attack (which at the very least will suck up all of the available bandwidth, and as a bonus slow down backbones for everyone else) to causing it to page itself into oblivion by using up all of the RAM and virtual memory in a computer. That's just the easy stuff.

    Viruses and worms do just as good a job at making life hell for admins, and the traffic they cause uses up even more bandwidth. The Great Worm was nothing compared to some of the stuff that's come out in the past two years. The article mentions the possibility of someone using explosives to blow up a few trunk lines.. that would knock entire sectors off the Net, potentially entire geographic regions (well.. I'm thinking something along the lines of a county in a state, but in some areas that might include an entire state (or region the size therof)); because so many critical grids are linked into the Net anymore, that would do some serious damage. The proliferation of wireless networking technologies reminds me a lot of a viral incursion itself: For less than $100us you can plug an access point into a CAT-5 jack and set up a wireless LAN. Some APs act as NATting routers (network address translation: One IP address that can be reached from the outside mediating for any number of machines behind it), which means that any number of machines may be hidden on networks that can only be found with a detailed, physical search of the premises.. and sometimes not even then, given the range of 802.11x links. Some of those machines might even be vital to the functioning of the network.. or of an entire project. It's easy to jam 802.11x (some models of cordless phones will do it, like the one in my Lab...), which would knock those machines off of the Net entirely. Uh-oh.

    Dangerous times, indeed.

    Magdalen
    Your medieval name is: Magdalen. Out of conformity
    and inducing sexual meaning, you're seductive
    and passionate, silent until spoken to and only
    violet when provoked. Gorgeous and mysterious,
    you've got it all.

    What is your Medieval name?
    brought to you by Quizilla

    "Contractors".. so that's what they're calling them these days.

    2003/10/27

    Okay. Monday morning.

    Friday night was Iris' birthday party. After I drove out to get Fern and the kids, we headed out to the South Hills to find the house.. one misadventure (I missed the proper exit) and one hour later and we finally pulled in to the party. There were lots of people I didn't know there, which naturally put me on edge (too many people I don't know bothers me) so I spent a lot of the evening in the kitchen (having not eaten that day) and generally monitoring conversations all over the place to figure out who everyone was. I did run into someone who was the spitting image of Pooka, an old friend of mine, but the confusion soon passed. I didn't know that 'pooka' means 'bitch' in Spanish, but it's been a few years.. I did eventually get to talking with a few people that night before Iris and Leslie opened their gifts. Watching Iris go is fun; she's extremely extroverted and has the kind of personality that makes sure that you realise that what she says is in fun. Everyone loved the tiramisu I'd made; the recipe I hacked together is going into my collection for sure.

    The next day I wound up dropping last week's paycheque on an eye exam (two years overdue), renewing my membership in the America's Best Contacts and Eyeglasses contact lens club (which gives members a serious discount on all the lenses they sell; it's worth the $99us), a new pair of contacts (well, a pair and a half - I bought a prosthetic lens for my right eye), and a new pair of spectacles as well. My lenses are pretty badly scratched up from sticking my head into computer cases (no, I'm serious; some Sun Microsystems servers and not a few HP Netservers are simply huge, weighing more than I do easily, and to examine some components you literally have to remove the side of the chassis and stick your head inside), to the point where my vision is impaired. They were running a special on new glasses last week and I got in on the last day. They should be ready within a week or so, they tell me. Something that I had not expected was that my eyesight has improved somewhat since my last checkup: My left eye is 30/20 and my right is 30/10 if I recall correctly. Anyway, that was last week's income. While I was at it I bought a new belt holster for my Zaurus at Circuit City, more as an investment than anything else. I use it so often at work I'd rather spend some money to protect it for as long as I possibly can, rather than buy a relatively cheap pouch at a truck stop and risk it coming apart all the way at the worst possible time. After that was done I headed back to the Lab to pack and get ready for the rest of the day.

    I printed out directions to Lyssa's hotel and to get to her family's homestead way out in the Lovecraftian part of the state, where you expect to see tentacles squirming out of the lakes and people wearing odd silvery crowns around town. The hotel turned out to be not far away from the last place I'd worked and as such the directions were only a formality. Once I'd checked her in and dropped off a bag or two of stuff just to make sure I headed southward toward the countryside... basically once I got out onto the highway I was able to turn on cruise control and keep going for over an hour. At least part of Pittsburgh makes sense in that respect. This worked out fine until I missed my turnoff and wound up about a half-hour past the Pittsburgh International Airport. The directions I'd been given, you see, said to look for a certain exit and then go past it, which I did. I was supposed to take that exit. Once that had been figured out (with a quick call to Lyssa's place) I was back on track after losing a bit less than an hour of travel time.

    Ironically, I wound up turning around in exactly the same place that I had with Fern and the kids less than a day previously...

    Once I'd gotten on the right track getting there was pretty easy. We loaded her stuff up and then set off for Pittsburgh once more to go to dinner at the Szechaun Inn, a Chinese restaurant with which both of are quite taken. The wait was minimal and we spent an evening catching up and relaxing, perhaps for the first time in a considerable period of time. After dinner we went on an abortive trip to Oakland to check out a store or two but everything was closed by that time, so we decided to call it a night and crash early. Oddly enough, the urge to get dessert struck around 0200 Sunday morning and we walked across the parking lot to the King's Restaurant next door for ice cream. They have cinnamon ice cream there.. but it's nowhere near as good at Stucci's. After our midnight snack we headed to Giant Eagle to pick up a few things that both of us had forgotten and then returned to the hotel to crash once more. We wound up sleeping in far later than we'd intended, not getting up until twenty minutes before the checkout time. I sprinted down to the front office to pay and check us out while Lyssa cleaned up some stuff in the room. We traded off jobs to clean ourselves up before piling into the car and heading back to the homefront for an early dinner. Lyssa spent some quality time with Kabuki on the ride back down south.. for some reason, XMMS kept playing everything on her hard drive by Iris, even though we'd been listening to Iris on the way back to Pittsburgh and pretty much constantly all weekend.

    Lyssa was due to return to Maryland late in the afternoon so her family had made an early supper and I was invited to join them. And what a supper it was: Chicken, pork tenderloin (which I ordinarily eschew but this was quite tasty, and well-cooked), new potatoes, garlic bread, a caesar salad, steamed asparagus, and a pumpkin cheesecake for dessert.

    Amazing food. I loved every minute of it.

    After dinner I spent some time getting to know her family, seeing the house, helping Lyssa shop for a laptop, and talking with her brother. All too soon it was over and the dining room was picked up, the cars were packed, and Lyssa was off with her brother and his girlfriend back to Maryland by way of Virginia. At this time I set my sights northward for the Lab and getting some sleep. Two hours later (due to the rain and traffic conditions) I pulled into the driveway and pulled everything out of the car. Unfortunately I had to go grocery shopping to stock up for this week, and got back into the car to head to the local supermarket, which had most of what I needed but little of what I actually wanted. Oh, well.

    Intel will be launching its first TPM-enabled mainboard this week. TPM, the trusted platform module, is a system in which a hardware encryption/decryption system for data is built into the mainboard's firmware. Data files accessible by the end user can be stored in encrypted form and decrypted, pending verification of the user's identity, transparently to applications and the user. If the file is copied to another machine or another medium, the data remains encrypted. Something that I find rather interesting is that a secure data wiping utility will be included with the system to securely delete the original data after it's been encrypted by the TPM system. Law enforcement is going to be pleased to hear that... a problem that they are already aware of is that if the mainboard dies any data you've protected with TPM can't be decrypted because one of the keys necessary to do the job (built into the chip) will be gone - each mainboard has a (theoretically) unique key, and by replacing a dead mainboard you'll be installing a new key, which will lock the files effectively permanantly (unless there's a back door in the crypto system or someone figures out how to crack it). There is a function which lets you back up the data unique to a given mainboard (copying the hardware keys) but the copies themselves will not themselves be protected.

    Congratulations to Jesse Daniels for passing the PA Bar Exam!

    It's about bloody time.. a judge in Santa Clara county, California ordered two spammers operating out of Los Angeles to pay a $2mus fine. Moreover, the judge placed the defendents under additional business restrictions (which aren't given in the article). The two spammers never showed in court. Call me crazy, but isn't that defying a bench warrant, or at least contempt of court? Then again, I can't really say that I blame them for not showing; I know that if I found out someone was a spammer I'd be reaching for my LART in fairly short order. No one is sure if the court's actually going to collect their fine.

    In response to Citigroup's support of a bill in the US Senate right now that would prevent individual states from protecting the privacy of consumes, a privacy advocacy group called the Foundation for Taxpayer and Consumer Rights had the first five digits of the Social Security Number of Charles Prince, CEO of Citigroup written in the sky by a skywriting plane in an attempt to get a point across. The stunt was pulled in the skies above Citigroup's world headquarters in midtown Manhattan. Banks say that the bill will make it less expensive to present services to customers, others say that it increases the risk of identity theft and fraud. Citigroup is known among privacy circles for sharing private information about its customers to whomever is willing to pay for it.

    The NSA recently licensed Certicom's elliptic curve cryptography system for its internal use. Word has it that it'll become their standard cryptosystem for protecting classified communications. The terms of their license suggest that they could sub-license the libraries to other government agencies whom they regularly interact with.

    Billy Mackenzie.
    Billy Mackenzie

    Which New Romantic Icon Are You?
    brought to you by Quizilla

    2003/10/26

    Brain fried. Can't write. Sorry.

    2003/10/24

    Last night was my first attempt at making tiramisu. I'm rather afraid that I didn't do a good job of it as I couldn't find ladyfingers anywhere and had to make do with strips of anise spongecake (which is still pretty tasty). I don't really know how it's supposed to turn out, so I guess we'll find out tonight when I take it to Iris' birthday party. I jumped out briefly last night to get her a birthday gift as well (the protocol for times like this I'm not certain of) and while I was at it I spent some time wandering around the mall to see if I could find a new belt holster for a PDA, one large enough for my Zaurus. I found one that would have fit it rather well but unfortunately it wasn't a belt holster, so I had to pass. Eventually I made it to Barnes and Noble and picked up something for her. Somewhere between the time I left the house and the time I got back into my car for the drive home I lost one of my gloves. One of my good leather, insulated gloves. Given that every morning it's been in the low 30's Farenheit, this is rather annoying. Oh, well.

    A neat whitepaper just showed up on Securityfocus about using honeypots (systems boobytrapped to gently restrain intruders so they can be monitored going about their business) to trap worms loose on the Net. The example given here was using honeyd to simulate a Windows XP Professional Edition system to catch a sample of the MSblaster worm for later analysis. Even thogh honeyd was running on what I think was a Linux machine, it simulated XP well enough from the network side of things to be considered a viable host by a sample of MSblaster. Once it was downloaded from the attacking system the binary couldn't do anything, and could be reverse engineered safely. The article also mentions that honeypots don't just have to act as boxtraps for intrusions, they can also limit the damage done. For example, there's no reason that a honeypot couldn't send back specific replies (the equivelent of a command like "This is the cracker speaking. Backdoor daemon, uninstall yourself from the OS and then terminate your running process.") to an attacking system. Attacks that are time-dependent in the sense of waiting for a reply from the target box before moving to the next stage of the attack could be hung indefinitely by slowing the speed at which responses are sent to the attacker. The article also touches briefly on the topic of active response (when an alert is registered and verified, the attacked machine fights back somehow) and why this isn't such a good idea. It's fairly nontechnical and interesting to read.

    The United States Senate passed yet another antispam bill. This one, I think, will do about as much good as the last two. This one talks about a don't-spam-me list, like the one passed recently for telemarketing (and was found unconstitutional, if memory serves).

    I'd not heard anything about this before, but it seems kind of neat to me. Toy manufacturer Mattel makes a laptop for 4-11 year olds called the B-Book which runs PalmOS. In time for the Yule holiday they're going to be releasing a new version of the B-Book running a Linux distribution called BarbieOS v1.0. This model is going to be a full desktop replacement aimed at younglings. Neat. The distribution of Linux they'll be using is based upon Debian and as been in beta for several months now. If this article is accurate (it's based on what appears to be a third-party report so I'm taking a larger grain of salt than usual with it) the kids Mattel interviewed have heard positive things about Linux but have little to no experience actually using it. Even more interestingly, and here I'm starting to ponder exactly how many youngsters have heard of the TCI (Trustworthy Computing Initiative) and know exactly what it's all about, almost none of the kids were satisfied with Microsoft's TCI programme; all the patching's getting them down and they're looking for a way out.

    Maybe I'm not giving them enough credit.

    The fact that someone claiming to be Mattel's Chief Software Architect (okay.. I didn't know they had one but in this day and age what doesn't run software of some kind?) was quoted cursing in the article makes me wonder if this isn't a clever parody of a news article. He sounds a bit of a zealot. The last quarter of the article is also pretty patronising. I suggest reading it and making up your own mind.

    Well, I decided to rewrite most of my current project at work in Perl after fighting with shellscript and awk for most of this week. In one hour I rewrote three days of work. I'm sold. Not only did I not have to call tinkertoy utilities from all over the file system because exactly the functionality I need is already in Perl but it just fell together without much trouble at all. Splitting a single command line into fragments is the work of one function (split, incidentally), walking through that array takes a simple loop (foreach $entry (@array)), and support for using regular expressions as part of if..then conditionals is standard.

    Larry Wall is a god.

    2003/10/23

    The morning started off decently well, with a hot cup of coffee, a flannel shirt, and coming up with a new technique while walking to the office. I'm going to experiment with it and see what happens; maybe it'll be worth an essay or two in the future.

    Redaction isn't forever, especially when it comes to binary files. Last week the United States government released a report, in censored form, on the diversity of their internal networks in .pdf form. On Tuesday The Memory Hole downloaded a copy of it and un-censored it, then posted it to their website. Whomever originally worked on the document used the highlighter tool in Microsoft Office (no, it's not MS' fault...) to black out parts of the document and set the colour to black. In Adobe Acrobat you can pick up the highlighted blocks and move them around the screen or delete them from the document entirely. This isn't the first some someone's made that mistake, either. Remember, everyone - if you want data gone from a final document, use the delete key to wipe out the text.

    Here's an unexpected software release.. instead of making the Ximian mail suite interact with Microsoft Exchange, why not release a connector that gives Exchange the ability to interact with Ximian? Novell has done just this by releasing the Ximian Connector for Microsoft Exchange v1.4.5. The connector is compatible with Exchange 2000 and 2003, and gives Ximian users the same functionality as someone running Outlook. The Ximian Connector can be licensed for $69us per end user and can be gotten from Novell Authorised Resellers or the Ximian Webstore.

    IT ninja take heed - Redhat Enterprise Linux v3.0 is out! Redhat's AS (Advanced Server), ES (Enterprise Server), and WS (Workstation) are out of beta and available, and add many new features and upgraded functionality. POSIX threads are now fully implemented, allowing over 30k process threads to execute simultaneously on a single system. Moreover, AS is now available for x86, Itanium (Intel's 64-bit processor core), AMD's 64-bit processor core, the IBM zSeries, iSeries, pSeries, and the S/390 mainframe. Talk about sharing the love.. multiprocessor support can now handle 32 CPUs in a single system at once, which really impresses me. By default Redhat Enterprise is running the v2.4.21 kernel, heavily modified by Redhat's kernel developers, of course. Good luck getting through, though. You can check out the release notes here in Redhat's website.

    I realise that this article is late in coming, but I've got a few things on my mind about it. Office XP launched on 7 October 2003, if my calculations are correct, and included the usual avalanche of new features. Among them is the option to make documents and e-mails self-destruct. The idea behind this is to keep sensitive information from leaking out because any copies of the document will erase themselves after a certain period of time (or, I'm willing to say, if it's removed from the system it was created on; a script embdedded in the document could examine the system's unique identifier (whatever form that would take) and delete itself if it wasn't on a list of authorised systems, which would be kind of neat, I have to admit). This is dependent on the presence of a service called the Rights Management Service. Protected e-mail messages are not downloaded to the local system but kept on the server (can we say IMAP4, boys and girls?) and access to them is mediated by what the server tells the user's installation of Outlook. It's now possible to set what appear to be NT-style ACLs (access control lists) on documents, which restrict what users can do to documents (just read, read and update, delete, create new documents.. mix and match them to make up an access control list), but this concept has been extended to forwarding messages and attachments ("Never let someone forward this document if it's attached to an e-mail"), copying, and printing files. Documents can also be encrypted such that only certain users are allowed to decrypt them (sounds like public key crypto to me) and alter them.

    But if there's a will, there's a way.. the print screen key can be used to take a screenshot, which is placed in the system clipboard. You can cut the images out of there and edit them to reclaim the document. You can write down or speak and record the contents of the document. Because Windows uses a virtual memory system, you could probably open your swap file in a hex editor or debugger and pull out at least some of the contents of the document if it's been swapped to disk to free up some room for other applications (though there is a good chance that this can't be done after a reboot if the "Clear page file on shutdown" registry key is set, to be fair). Hell, if you wanted you could probably take a track-and-sector editor to the hard drive and pull it out that way (I'd love to see what cryptosystem they implemented, specifically their keysize). You could go into the Exchange server's mailstore or backup tapes and dig it out that way, or just set up a sniffer and catch it en route if you were lucky (and somehow between the end-user and the Exchange server, or between the other SMPT server and the Exchange server). There's always a way, and I'm willing to bet that I missed a few other ones, too, far better than these basic techniques.

    Still, this is pretty cool.

    Oh, for pity's sake.. more darkprofits.[com,net] spam, this time from their fraud department about some charges made... will someone hunt these idiots down, please??

    2003/10/22

    The commitment to computer security that Microsoft announced a few weeks ago leaves me worried. On one hand, they're talking about throwing more energy into making Windows harder to abuse. On the other hand, their track record this month has been less than stellar. A few days ago, Robert Muglia, the overseer of the MS Enterprise Management Division was interviewed by ZDnetUK, and he had a few things to say on the topic of securing the end-user's system. Something that he didn't mention but should have was that end-users, by and large, don't lock down their decks without a good reason, like being burned by the virus-of-the-week. They're going to have to start shipping Windows either with local firewall configuration a part of the first-boot process or turned on by default if they want it to do any good. A good configuration utility will make all the difference here. "Shield technology" seems like just another buzzword to me - the idea's there but the implementation needs fleshed out. What do they have in mind? The usual "We're going to find and fix bugs" talk is in there - so why are all the bugs reported coming from security researchers? Protecting one's login credentials is important, yes.. but so many remote exploits give SYSTEM or ADMINISTRATOR access it isn't even funny. Why spend a few hours guessing a passcode if you can just overflow a buffer? The domainance argument, I think, is pointless. Any OS can be made secure if you know what you're doing, and any OS can be compromised if you don't.

    Years ago, I worked with a guy who called himself Onivel; he was the MS admin at the company. From watching him harden Windows boxes and seeing them stand up to many attacks launched from Out There (without the protection of a network firewall; they were hanging outside of the office LAN) I learned respect for that statement. If you know what you're doing, you can make Windows as secure as a Linux or BSD box. For any system, keeping a system secure takes work and keeping up with everything going on. Just as one of Onivel's Windows servers could have been taken out by a single worm exploiting a 0-day vulnerability at any time, so could any of my Linux systems if I wasn't careful.

    My point is that security isn't on any one head in the team - computer security is the responsibility of the designer, the programmer, the OS folks, the admins... as the cliche' goes, a chain is only as strong as its weakest link. If you want to keep everything secure, everyone has to work together.

    Now, as for stability... that's a different rant.

    As for Steve Balmer stating that "Nobody is held accountable for security rpoblems with Linux,", that is incorrect. The developers of a given package are responsible. The OpenSSL team is responsible for its security. The developers behind mutt (a text-based e-mail client) are responsible for any security vulnerabilities in there. The Linux kernel team is responsible for bugs in there.. just because there's no one body in charge of the OS as a whole does not mean that there is no one responsible. The Open Source community is based upon distributed effort, many people coding different aspects of a system all at once. And there is a reason that open source code tends to be of higher quality, and that's because you've got so many people not only hammering on it and reporting bugs that they find but that there are so many people who write patches for those bugs and send them in. Believe me, if you contribute a feature to a project and it's buggy or poorly written.. you find out about it. In spades. I can't think of a better impetus to become a better coder than to at least try to not get called on it again.

    Not too long ago someone found a vulnerability in Sun's JVM v1.4.2_01 in which unsigned Java applets from different sites can wind up sharing access to certain parts of memory because there are some static variables in the Java virtual machine that aren't documented. This means that applets can step on one another, which is never good.. the XML processing facility is particularly at risk here. A day later the same guy posted a proof of concept exploit of this bug to the Bugtraq mailing list. This is a cute demonstration which causes the floppy drive on the machine to start grinding. Mark Schonefeld (the discoverer of the bug) states that Sun was notified a week ago but hasn't said anything about it. Be careful out there.

    At long last, the stage of the project I've been hacking on at work is done. Now I can get on to the lengthy stuff.. learning SQL.

    2003/10/21

    The only thing that bugs me more than users who don't read the contents of their error boxes are users who are genuinely trying to be clueful, but report an error because accessing /proc/sys/net/ipv4/tcp_syncookie doesn't work but by running a simple directory listing they could easily have found the file /proc/sys/net/ipv4/tcp_syncookies in existence. Open your eyes, people, that's why you've got them!

    This is slightly odd, even as net.music goes. Brad Sucks, sole member of the Ottawa band Outside the Inbox has put together an album of songs based upon the subject lines of spam he's gotten. I'm genuinely curious about this; I'd give his stuff a listen if I wasn't at work right now.

    Microsoft's pushing for better security in Longhorn, the next generation of Windows. Given the way things have been going in the past two weeks, I'll believe it when I see it.

    Years ago, some good friends of mine ran IBM's OS/2. I never got to use it much but I do recall their BBSes running amazingly well under it. It didn't take much tweaking, they said, to get everything going, and I admired them for that because Leandra, at the time, was only an 80386 with 4MB of RAM. OS/2 was out of my league. As the years wore on, however, I remember hearing the OS/2 community talking about the lack of drivers and software support as Windows gained more and more market share, and along with it the efforts of developers. In this day and age it's not uncommon for emulators or ABI (application binary interface) compatibility layers to be used to run non-native software on other operating systems (such as WINE), but drivers are still a bugaboo.. or they were, rather. Now it is possible to run non-native device drivers inside a compatibility framework called DriverLoader, by Linuxant, Inc. DriverLoader lets you run late-generation Windows drivers on Linux systems running Intel CPUs. For a limited time the DL system can be downloaded from their website. Even more interesting, there is now a system called Win32PRN which lets you use Windows 2000 and quite possibly Windows XP drivers on OS/2 systems. This particular project is in beta right now but I think that there is going to be a considerable ruckus made about this project in the right circles. The homepages of those two projects are linked from that article, hit them and take a look. Unfortunately, I'm at work so I can't right now.

    That seems to be a repeating theme..

    Your Years at Hogwarts by nevermindless
    Name:
    The Sorting Hat places you in: Slytherin (Green and Silver)
    Subject you are naturally best at: Divination
    Your favorite book: Common Magical Ailments and Afflictions
    Pet you bring to school: African Marsh Owl
    You are most known for: The weird animals you try to keep as pets.
    Created with quill18's MemeGen!

    cflatmaj
    Cb major - life is full of complecations,
    commitments and organisation. You love to make
    sure everything is just perfect, but sometimes
    this can cause you to fall over your own feet.
    A slightly unsociable key: why Cb major when
    you could be the identical Bmajor? It has less
    accidentals.

    what key signature are you?
    brought to you by Quizilla

    What Irrational Number Are You?
    You are e

    Of all the irrational numbers, you are the most intense. By nature you are powerful, although sometimes you can spiral out of control. You are good with money; the interest seems to just compound whenever you are near. When someone uses the word "exponential" they are probably talking about you.

    In some ways you and φ are a nearly perfect match. Not to mention how attractive φ is. But then, there is the remarkable π...

    Your lucky number is approximately 2.71828183

    Shiny Lemur
    Straif's Blog

    This afternoon was interesting... after the staff meeting at work I ran out with the new guy (a server admin) to see if we could find a book on MySQL. I'm supposed to be writing an application that uses it but I've almost no practical experience; the documentation's so large that there's no way I could print it out safely, so we hit the bookstore in Kaufman's downtown to see what they had. Aside from a number of books on clearance that I wouldn't mind picking up just to read they had nothing that I really need right now. He headed back to the office while I ran through downtown (yep - full tilt) to get to the local Barnes and Noble before 1700 EDT. As it turns out they had the Dubois MySQL book, which is about as comprehensive a manual as you'll find anywhere. It's about as long as the docs that come with the system, which makes me wonder if maybe it isn't the documentation itself in dead-tree form. I'll compare them tomorrow at work. I'm surprised that I managed to run down to the store and then back up to the office. Aerobics class has really paid off.

    And with that, I'm off for Evening Rite and then bed. More tomorrow.

    2003/10/20

    Well, I'm kind of conscious again. I'm at work, awake, and ready to face another day. Time to start reconstructing things again.

    As much as I hate HTML-formatted e-mail I saw something neat today. In a post to mailing list someone included a .jpg file of their signature as part of their .signature (well, the HTML equivelent, anyway) file. While this is a pretty neat idea, who says that someone unscrupulous can't save the file (Outlook will let you save a copy of it to the hard drive) and use it to forge that same signature? That strikes me as a really bad idea.. as bad as throwing out cancelled cheques without shredding them and scattering the important bits. I wonder when each message is going to require its own Cascading Style Sheet, at the rate things are going...?

    People worried about the preservation of their personal privacy should find this particularly interesting: A bipartisan group of US Senators have proposed yet more cuts to the USA PATRIOT Act. They're calling their initiative the Security and Freedom Ensured Act (what's with all the acts - is this a play or something?) and they propose that some of the more worrisome aspects of the PATRIOT Act be redacted. Among the changes, the FBI will no longer have the power to obtain covert execution search warrants ("sneak and peek" warrants) save when not diong so could bring someone to harm, place an ongoing investigation in jeopardy, or allow a suspect the opportunity to flee or destroy evidence. Such searches could only be kept secret for seven days' time, though this delay could be repeatedly extended in increments in one week. The US Attorney General would have to tell Congress every six months how many covert execution warrants had been requsted and obtained. Surveillance would be curtailed as well - no longer would they be able to bug every computer you use anywhere, they'd have to state who they would be monitoring and where that person is before beginning surveillance. And as if that weren't enough, the kinds of data that they can get access to are limited to investigations of suspected terrorists and spies and not just anyone they choose (which is how things work right now). Access to library records would also be limited. I'm interested in reading the text of this... I wonder if there are any riders attached.

    The saga of Aaron Caffrey is over - he's been aquitted as of Friday, 17 October 2003. The jury took three hours to come to their verdict. Nothing I've seen so far says exactly why they decided the way they did - the theory that the IRC logs on his deck were either planted or altered was blown away, and they found no trace of a trojan horse (though most remote control trojans can be commanded to delete themselves) anywhere. Anyone hear more on this?

    I'm genuinely surprised at how rusty I am with shell programming. I'm writing a few scripts to chew on data and it disgusts me how often I have to refer back to the man pages for a command or a built-in variable. I havn't coded for fun in too long, those parts of my mind are stiff and need to be exercised. I think my love affair with sed (Stream EDitor) is reawakening, though. vi-like regular expressions in a command line utility do it for me.

    As mentioned a couple of days ago, there's a proof-of-concept exploit for the Win32 Messenger Service vulnerability going around - it just hit Bugtraq. This code currently causes a system to reboot after two uses; it was tested against a Windows 2000 service pack 4 machine. On a brighter note, Microsoft SUS (Software Update Services) now offers service packs as well as hotfixes. Now if they can just get Windows Update to offer all of the hotfixes they release I think we'll be in better shape. On the other hand, there's a box somewhere on Southwestern Bell's DSL network that's infected and been probing systems since June, and no one appears to have done anything at all about it. Sad. And irresponsible.

    HASH(0x87044c0)
    Wind

    The Force of Nature Quiz
    brought to you by Quizilla

    I amAzathoth!

    Known as the "Blind Idiot God", the center of all cycles known as Azathoth is the great void itself, infinite creation and inescapable oblivion made one. The Great God is without ego, as it has been embodied in a seperate consciousness as Azathoth has cast off the curse of self-awareness. Surrounded by the host of flautist servitors, piping the songs of the unknowable, Azathoth is not to be known by his aspirants. That is the purpose of another God...

    Which Great Old One are you?

    Pride
    Which deadly sin do you represent? (Angel Sanctuary Pics)

    brought to you by Quizilla

    You're the Cheshire Cat!
    You're the Cheshire Cat. Your mysterious aura and
    your penchant for riddles keep your friends
    guessing. You dislike staying too long in any
    one place. Your advice is always sound, if
    somewhat enigmatic. The sum total of this is
    that people are always following you and you
    just WANT TO GET AWAY!

    Which famous feline are you?
    brought to you by Quizilla

    I wasn't aware that the field of bionics was so advanced, but what technology we do have now to repair the human body is sophisticated in its own right. This article proclaims that the Six Million Dollar Man (now there's a pop culture reference for the new millennium) can exist right now. Blindness, deafness, and paralysis can be conquered through the use of neuroelectronic implants that bridge damaged nerves. Professor Chris Toumazou presented a speech at Heriot-Watt University not too long ago, and he painted a vivid picture in which medicine and electronics work hand in hand for the betterment of mankind. Toumazou spoke of biomechanical limb replacements replacing damaged limbs (the ones I've seen in recent years, while sophisticated, are nowhere near as advanced as what he was referring to, though I'll be they were pretty hackable) and augmenting internal organs with mechanical devices (the example he gave was the LVAD, left ventricular assist device, which augments a weakened or damaged heart). Interestingly, he made a passing reference to ongoing military projects which involve experimentation with bionics to improve the performance of soldiers, which I've not heard anyone talk about before (something along the lines of "Everyone thinks about it but no one actually talks about it").

    My writeup of that article is about as disjointed as the article itself, just to clarify. This guy sounds very excited about advancing the state of the art of bionics.. but what, exactly, has he been working on? Hard data would have been nice.

    Lucien
    You resemble Lucien, Rule-abiding, proper, and
    sensible as any librarian could aspire to be.
    Lucien fulfils the measure of his creation
    admirably, upholds his responsibilities as
    Librarian of the Dreaming, and worries just a
    bit more than is healthy for him.

    Which supporting character from the Sandman series are you?
    brought to you by Quizilla


    You're Duncan Idaho.

    Which Children of Dune Character are You?
    brought to you by Quizilla

    Which Fantasy/SciFi Character Are You?

    2003/10/19

    Okay, a quick update before I go to bed (it's now 0241 EDT). I just got home after dropping off Fern and the twins after the Witches' Ball. The party was a resounding success - standing room only, and there were even people dancing. Bonus. The atmosphere there was friendly and fun. Alexius and I counted four witches (most were staff at the party) six faerier of various sorts, five cats, two interpretations of William Wallace (from Braveheart, including one guy named Jay who's the spitting image of William Gibson), and miscellaneous other folks. I spent a good deal of time talking to Frater AChDAE and Lyssa Ernst there and bouncing around talking to other folks I knew. I feel rather vindicated at this time - for every person who asked me who I was there was another person tapping me on the shoulder to say, "You wear your stillsuit in the traditional Fremen manner, young Atreides. How is that so?"

    I'm happy.

    I ran into a friend of mine who draws amazing art in the manga style - I finally bought her eighteen-inch print of Kameui from X.

    It's going on my wall.

    I got to spend a while hanging out on the dancefloor with everyone. Eloria was the DJ for the night and she did a Rocky Horror set which was well recieved. The Frank N. Furter who showed up did an excellent job.. and he even had chest hair. Bonus. Many pictures were taken of everyone... Lyssa Ernst's Anubis costume (complete with prosthetic fangs and leather mask) was most impressive, I must admit. The evening was a whirlwind of walking around talking to people I havn't seen in ages, looking at stuff, and generally trying to make heads or tails out of things. The silent auction was a big success again - I actually remembered to buy tickets. I won something called Inner Calm In A Box, which is a box that'll fit neatly in a bookcase of incenses, a prayer bell, and a book of mantras for relaxation purposes. The sysadmin's survival kit, I call it.

    And with that, I should be going to bed. More tomorrow.

    Info Grey
    Your Heart is Grey

    What Color is Your Heart?
    brought to you by Quizilla

    Fuck. I screwed up the truncation and lost a few days worth of entries. Dammit. Sorry, everyone. Maybe the Google cache has them. Nope, they really are gone. Sorry, everyone. I'm stupid.

    Today's not been a very good day. Instead of doing what I needed to do, like get ready for work tomorrow, put books away, and try to transfer the rest of the data I need for work over to my Zaurus I wound up cleaning upstairs. Three hours wasted. And I'm so far behind on my e-mail and everything else, it'll take days to get everything deleted, checked, or otherwise taken care of.

    I need to get out of here.

    Okay.. dinner to raise my blood sugar (Dataline makes excellent wedding soup, I have to admit), some time hacking on my Zaurus to transfer the last of the data from my Palm Pilot III over, and some exercise and I'm actually feeling half-decent. Some ice cream helped, too. I think I'm at the bottom of my cycle right now... anyway, my head's clear and I think I'll be able to get some sleep tonight. I hope. I'll go back to my usual stream of consciousness and weblogging tomorrow, but for now I'm going to get some sleep.

    To everyone waiting for responses from me, please be patient. I'll get to them soon.