I don't know if it's the chronic lack of sunlight these days, the low temperatures, or what, but it's back - the distinct lack of desire to do much of anything. No, not lazing around to relax and recuperate, but the infamous final line of Ministry's Jesus Built My Hotrod; that's been deliberately left vague so my readers behind content-filtering web proxies can read this (sorry, everyone). Maybe I'm just getting selfish in my old age, or burned out at work. I haven't figured it out yet. Anyway, that's how things have been going lately. Maybe I'm just too individualistic, requiring too little social contact and too much time to do things I find fulfilling in life. The curse of consciousness... It's getting harder and harder to work up the energy to do much of anything.
Checkpoint's at it again, this time releasing a worm activity detector that uses a database of activity signatures of worms and monitoring network activity for signs of their presence (kind of like a specialised IDS). The appliance is called InterSpect, and uses a frequently updated database of vulnerabilities to sniff network traffic. If a system starts sending out packets that fit the profile of a particular worm it quarantines the system from the rest of the network and sounds an alarm (like a knowledge-based IDS/dynamic packet filtering firewall combo, then - the IDS sees something shady going on and tells the firewall to change its set of filtering rules to block the traffic in question). The InterSpect network appliance is aimed at the intranet and not the perimeter, because it's very easy for infection to sneak in on someone's laptop (which I've seen happen a couple of times; finding one infected laptop out of a few dozen is a royal pain in the six when everyone's breathing down your neck), and I say more power to them. It makes our lives a lot easier in the long run, and for fewer semi-drunken rants at the pub after work. The appliance costs between $9kus and $39kus, and can be purchased immediately. Yay, 2004 budgets.
When I was younger, there was a phenomenon that appeared occasionally called the crazed weasel effect: If you were going down, you'd grab onto the person you disliked the most and dragged them down with you, hopefully to screw them over worse than you were. SCO's doing something very similiar by suing Novell for slander of title. They are claiming that Novell has done great, irreperable harm to SCO's good name (I though they were doing an excellent job of that themselves, personally) by saying that they, and not SCO, owned the copyrights to Unix and UnixWare, and that they'd made statements intended to keep people from doing business with SCO. First of all.. when did this happen? Did I miss a newsfeed in the past few days (which is, I will admit, entirely possible)? Did someone on their legal team change the dosage of something? As for getting people to not do business with SCO, I thought that was called advertising: "Buy our stuff, not theirs!" SCO is demanding that Novell sign away the copyrights they've registered and retract everything they've said about owning said copyrights. It's too early for this sort of thing. I'm going to get some coffee. SCO, you're going to overload my forebrain soon...
The infamous Gartner organisation is at it again, this time warning everyone about cyber attacks. Ooh.. ahh.. forgive me for being cynical, everyone, but every time I read something about an "electronic Pearl Harbor" or "the 9/11 of the Internet" I feel like retiring and getting a job at a gas station. This is mostly due to being sick and tired of being told to be afraid because the alert level's gone up a notch or because people walk around carrying the Old Farmer's Almanac (which I have been known to do while reading the latest release of, incidentally). Potential catastrophe, Internet-based technology.. guys? Reality check, here: Why, exactly, would anyone hook systems that control such critical functions as the control rods of a nuclear power plant, a hydroelectric dam, or a hospital's C&C (command and control) network into the Net? Logic dictates that isolating critical functionality to prevent it from being attacked from outside is the proper strategy here. This isn't an episode of TekWar, people (and my hats off to those of you who not only remember that show, but know what episode I'm thinking of). Yes, there are networks of critical systems - that's been proven. But those networks aren't connected to the Internet; you can think of them as running parallel to the Net, or alongside it, without points that touch. If there are, then someone's screwed up royally.
That would be like connecting the environment control unit of a department store to a modem so it could be controlled remotely.. oh, wait. K-Mart used to do that (and probably still does). Okay. Bad example.
The article goes on to talk about all the lovely hazards of today's Net striking control nets that are also running TCP/IP. Yes, such a thing would be possible. What they don't tell you is that you'd have to get into those isolated control nets, first, and therein lies the rub. And to do that, first you have to find them. They also talk about voice-over-IP being disrupted if those nets go down. If any net goes down, communication across it will be disrupted, not just voice-over-IP. That statement sounded to me like they were overhyping the importance of VoIP in the near future. They even mentioned SS7 (switching system 7) in their report as being a target. Guys, SS7 has been a target since the early 1990's. Look up the MoD (Masters of Deception is the most common expansion of that 'nym)/LOD war of the late 1980's/early 1990's for more information on that. In conclusion: This isn't anything new, and it's missing a healthy dose of common sense.
What the hell.. seal noises, now?!
Early this morning I taped part of the OAV of Fist of the North Star (Hokuto no Ken). This is delightfully bad anime, if there can be such a thing. There are only a few basic archetypes of character, visually speaking, there's lots of violence and blood and only a few different kinds of plot lines. It's fun to watch because it's mindless. The dubbing is just funny, and if you are a fan of old-school anime (sort of like Voltron or the first Vampire Hunter D) it'll be a walk down memory lane. There are even mullet-children in the series.. ye flipping gods. This makes me happy. There is quite a bit of tech-step in the soundtrack, and of course there are overly verbose, almost poetic names for special maneuvers... fun fun fun.
I've decided to start taking St. John's Wort again. I think I need something to alter my neurochemistry just enough to get me on the up and up. Willpower alone won't cut it, neither will tweaking my mental programming. I also plan on turning in early tonight, because I've been having trouble sleeping lately. When I start running on a sleep deficit, I tend to get depressed. I've also cut back my coffee intake in favour of the Good Earth herbal teas that Lyssa gave me a few weeks ago.
Better living through science and chemistry, and all that.
I woke up this morning to a song that'd been looping in my head from a dream that I must have been having - Final Countdown by Europe.
Lord Morpheus has an odd sense of humour.
It's actually days like this that make me look back on life and smile, if only because at the time I'm thinking about them they were either so challenging or so surreal that I have to laugh. For example, right now I'm remembering why I love Unix so much: With a handful of simple commands, all strung together in the proper order, one can reduce fifteen megabytes of raw data to a text file containing twenty-five entries, no more. Impressive? I think it is. I have only what I need, no cruft to ignore in the data, and best of all I didn't have to re-type anything. Time necessary to figure out what I wanted to do (and remember what utilities to use): Twenty minutes. Time for the system to analyse the data: Less than three seconds. Time to write the report: Ten minutes.
Let's hear it for grep, cut, sort, and uniq, ladies and gentlemen!
The deadline for the test run is past, and I'm one happy camper. It wasn't a failure, but we did find a lot of things that we're going to have to work on for the.. next.. one... <sigh>
I've never quoted the Litany Against Fear to anyone before. It seemed appropriate.
While nice to think about, I really don't think that this'll ever be used: The US federal government is asking for suggestions for sentencing for spammers that violate the CAN-SPAM Act. A team appointed by the president is soliciting the public's opinions on this matter.. CAN-SPAM doesn't make it illegal to transmit spam, but it does make many of the obfuscatory practises employed (such as forging points of origin, spamming from five or more fake names, or hijacking five or more IP addresses) illegal. I wonder how many people will demand the death penalty.
There's a new virus making the rounds called W32.Beagle.a (alternatively spelled 'bagel') that's another mass-mailer: It scans for .wab, .txt, .htm, and .html files on your deck's hard drive looking for e-mail addresses, and sends itself to the ones that don't match certain criteria (like having domains ending in hotmail.com or microsoft.com). Theoretically it'll stop itself automatically on 28 January 2004 but if your system clock's wrong you've got a problem on your hands. It does the usual 'add keys to the registry' song and dance and opens a back door on port 6777 (which can change) so someone can access your system remotely, uplod files, and terminate the worm remotely. If you get an e-mail with the subject 'Hi' and message body of "Test =)" followed by junk, for gods' sake don't open the attachment! That's how it spreads. When the attachment is run by the user the first thing it does that you see is start the calculator utility so it looks like someone sent you a legitimate piece of software. A lot of us are going to have a long week, I fear.. thankfully there's a removal utility avaibale from Symantec to speed things along. You might want to download a copy and keep it handy in case you're accidentally infected with it.
19 year old Joseph McElroy of Woodford Green, East London, UK will be sentenced on 2 February 2004 for cracking the computer network of the Fermi National Accelerator Laboratory in June of 2002. McElroy, charged under the Computer Misuse Act, plead guilty to seventeen county of cracking US government computers. He claimed that he hoped to use the lab's bandwidth to download movies and music. Needless to say, the US Department of Energy, which runs the lab, isn't too happy about this - they had to cut off their net.access for three days when the intrusion was detected. The US government is seeking approximately $37kus in damages for McElroy's actions.
It's the little things that get you, sometimes. Recently (and quietly) the licensing terms of the MySQL database system changed subtly. The license of the client libraries, which let applications connect to the database server to do things, changed from the LGPL license (which lets anyone, commercial project or not, use the libraries without having to release their source code to encourage use) to the GPL license (if you use the libraries you have to open your code) and developers are taking this as a sign of bad faith. A lot of perfectly good, quite possibly nifty applications that happen to be closed source are now in a jam. Already, someone's written an LGPL-licensed wrapper for the MySQL libraries to get around this, but it's the principle of the thing: Unless developers re-read the license file that came with the latest release, they'd be stung by this. Many are shaking their heads and asking, "What were you thinking?!" More on this as it develops.
Tonight was an interesting one, as times go. I made it through today in one piece and bundled up to hike down to the bus stop. Some time later, at the bottom of my hill, a powerful stench filled the air, the scent of burning heavy petroleum products, probably engine oil. The bus made it as far as the top of the hill before pulling over and giving up the ghost. The bus following us up the hill, headed in the same direction pulled over and the driver leaned out.. to tell us that we were on our own, because he didn't actually go into the neighborhood. Gimp. Dataline got off the bus, and nearly collapsed due to the fumes irritating her still tender lungs (after the flu). Thankfully, the husband of one of the other women who ride our bus arrived to drive us the last few miles back to the Lab.
Greetings, readers from the Department of Veterans' Affairs!
Last day of vacation, Martin Luther King Day. Got up late, had breakfast, and I'm just hanging out right now. I'm going to check on Fern's book of shadows, take a few pictures, and then probably go roaming around today while I have the chance. I've got to do some shopping to stock up for the week as well, so I might as well make a day of it. Right now I'm just going through the day's news and listening to the Jeff Rense archives. I think I'm going to jack out and start...
Microsoft's at it again - they're suing someone for copyright infringement. While this isn't ordinarily something to write about, their target is 17 year old Canadian high school student Michael Rowe, who owns the domain mikerowesoft.com. He wonders how anyone could mistake his personal site for microsoft.com; they're saying that a phonetic spelling is stepping on too many toes. Rowe, unfortunately, asked for one thousand times the cost of the registration of his domain ($10k Canadian), which is probably why they're coming down hard on him, because they think he's in it for the profit. "Bad faith," they call it; because he would have made a profit, they're assuming that he did it only to make money off of its sale. As much as I'd like to see him keep his personal site, he made a serious mistake doing that. He should have stood his ground and not asked for money. If anything, people hearing about him would have gone to the Microsoft homepage and not his own.
Pictures of Fern's BoS are taken, and I've just finished gluing the rear endpaper. I'm going upstairs to take some pictures of the Deep One and then I'm heading out for a while. I'll put the pictures up tonight.
Pictures of Fern's Book of Shadows are now on line.
Pictures of the finished Deep One embryo are now on line.
Well, the afternoon was well spent, as I reckon things. I left shortly after noon EST to wander around the area and see what there was to see. I stopped at the supermarket to stock up for the week because they've been talking about a winter storm rolling through some time this week; due to the unusually low temperatures (less than twenty degrees Farenheit) I left everything in the trunk of my car and went off to do my own thing. First stop was the local cafe' to drink more coffee (probably more than I should have had today, to be honest) and study for a while. I reviewed the first chapter of my CISSP textbook and took quite a few notes on the high points. I also started writing down the memories that I've been finding here and there inside my head, in the hope that at some point there'll be enough to form a pattern, and I'll be able to draw some conclusions from them. After that I wandered over to Barnes and Noble on a lark to see what new stuff they had. They've having a huge 75% off sale on some of their stock; I picked up two fairly thick books for less than $5us. As if I don't have enough to read right now...
As I mentioned earlier, after I got home I put the writeups of the book of shadows and Deep One embryo projects online. After that was dinner. Right now I'm just getting everything ready for work tomorrow. <sigh> Tomorrow's the deadline - into the crucible.
Another lazy day, yay.
The entire day's been spent in the Lab lazing around, reading, writing, working on perfecting a technique, and watching the last DVD of the Sci-Fi Channel's version of Dune. Life is good.
The back cover of Fern's Book of Shadows sealed perfectly - the glue didn't soak the leather, it just bonded it in place. When I took the clamps off of the edges they stayed down, and they're quite smoothly joined. I glued the end flaps of the cover this morning and clamped them to dry. They should be done by tomorrow morning, when I plan on gluing the end papers to the covers to lock everything in place (and mostly hide the bindery job I did on the signatures. I have to be honest, the seams where I stitched the three pieces of leather together for the spine, front, and back covers annoy my sense of aesthetics (the leather Fern gave me to work with wasn't large enough to make a contiguous book jacket, so I had to cut it up and sew them together into a large enough piece) because they nestle the sides of the binding.. only just. The seams can move around a little bit and mess up how the cover looks. I also didn't glue the binding to the back cover because I wasn't even sure that it would work that way (though there's nothing that says that I can't inject glue or liquid epoxy into the resulting space and weight it on end to lock it down). The way the covers are glued, the hindmost edges are still loose, so the spine's cover can move too much.
I'll figure out what to do about that once the front cover's done.
I also hope that the marks from the clamps fade as the leather relaxes. There isn't much I can do if they don't, though.
Another airline has decided to sell out - Northwest Airlines has been sharing its passenger information for months, after telling everyone that they did not hve such a policy. On Friday, they finally admitted that they'd turned over three months worth of airplane reservations to NASA's Ames Research Center for analysis. The reason they gave for this is that they are hoping that the data they have released to the government can be used for improving airplane and airport security. They haven't said how many people's records, exactly, were made available. Another company to stop trusting, I think, and to stop patronising as well.
Remember the rumours going around about there being a live-action movie of Neon Genesis Evangelion that were making the rounds? Weta Workshop, the same company that worked on The Lord of the Rings has published some concept art for such a project. The images are amazing, as good as some of Gainax's concept art that's been released over the years. The first image appears to be Unit-00 (judging by the eye configuration), the second is Unit-02, and there are some cool images of the evas in the storage tanks (and what might be maintenance restraints or the launch platforms). There are a couple of sketches of the NERV control room and some of the Angels, and a few sketches of the children.. with the names changed to fairly generic American names ("Kate Rose"?! "Asuka Langley Soryu"!) Sheesh. Anyway, it's interesting to note that some folks are thinking about it seriously.
While we're on the subject of paranoia, check this out, cats and kitties: The US is planning to recruit 1 out of every 24 people to act as spies. They're calling them "domestic informants". Personally, I can't help but wonder why they're getting ideas from accounts of World War II. Civil liberties groups are already crowing about this, and as well they should. One man's "suspicious behaviour" is another man's "I locked my keys inside my car." And you know that grudges of all sorts are going to flare up and people are going to rat out other people that they just don't like, very much like the witch hunts. Domestic spies would be recruited from groups of people who would have access to the insides of people's homes, like landlords, utility workers, delivery folks, and truck drivers. An alpha version of this programme (excuse me while I mix my metaphors) is scheduled to start in February of 2004 in 10 of the largest US cities. What in the hell are they thinking?!
Earlier today I decided to try to make a headband of wiring, leather, and some cables (sort of like the hair extensions that are de rigeur in the clubs these days). I don't know how well it's going to work out, but if it doesn't look too bad I'll post some pictures of it.
Aside from a minor annoyance this morning, I'm actually doing pretty well. I'm in the lab watching the theatrical edit of Army of Darkness on DVD, there's a stick of soda-scented incense burning next to the candles on my altar, and I'm wearing one of my kitty bands. Two more books came in the mail this morning, which I've been steadily reading from cover to cover, the second edition tradition books Sons of Ether and Virtual Adepts for Mage. Today is a day for lazing around the house relaxing; I don't plan on doing much of anything right now, and hope to keep it that way. The most intensive thing I've got planned is perhaps heading out to Swift Fox's for game tonight, even though John and Lara are on their way down to Maryland to visit Lyssa (or hopefully; they mentioned having problems with the brakes on their car earlier today). Lyssa and I spoke for a couple of hours earlier today. She's doing well, about as well as I am right now (which is pretty good, to be honest). I wish I could be down there to spend the weekend.
If I may digress for a moment about next week, something that I promised myself that I wouldn't, one of the reasons I couldn't go down to Maryland was because I've got a pair of deadlines on Tuesday: A trial-by-fire test of a plan that we're long overdue working on, and a traffic analysis report that's fairly important as things go. They're short-handed right now; I know what it's like to run part of a department short handed, and it sucks rocks; I also can't leave a job unfinished. If I'd gone down I'd be fried and/or sick by the time I got back, and that's not good.
Please keep in mind, this is not the only reason. I rarely do anything for a single reason.
Anyway, I'm staying home to rest, and I'm mostly enjoying it.
The fever blisters on Dataline's back are almost gone. The skin's just badly discoloured where they were, and the weakened tissue is torn in places, which is normal for this stage. The new skin should start growing in a day or so. Thankfully, all the fluid underneath has drained on its own, which is the first sign that the tissue is regenerating.
That's the first time I've seen fever blisters someplace other than the face and lips.
Because the microwave's broken, this morning for breakfast I made turkey bacon in the skillet. I haven't had bacon from a skillet for a very long while. I'd forgotten what it looks like when it's cooking - the amount of.. I don't know what that stuff is, but the stuff that boils out of it is amazing. I just sprayed the skillet with Pam before putting it in and when I turned around a minute or two later, the skillet was full of dun-coloured foam. Still, when it was done it was quite tasty (after blotting the strips on paper towels, mind you - that stuff might be good to cook in but it's still nasty). Anyway, that was one of those everyday things that fascinates me.
Swift Fox called - apparently it hasn't stopped snowing all day (I've been in the Lab all day, so I haven't looked outside much) and the roads are pretty bad. Judy called Dataline and said that she had a lot of trouble driving, and she's got a four-wheel drive truck. Anyway, game's off tonight, so I think that I'll be staying home this evening. Maybe I'll finish Fern's book, and I've got to research a few things - I'm in a mood to write.
Last night wasn't that great, what with the snow coming down and the roads remaining hazardous until well into the evening. The ride home from work took a good bit longer than usualy because so few of the roads had been cleared. I had to head out to pick up a few things after dinner, and the main roadways in my area were still pretty bad. A jaunt down to the bottom of the hill and back took a good hour or so. Still, sometimes you have to stock up to keep going. This morning I awoke to sub-zero temperatures (4.8 degrees Farenheit without the wind chill, some value much lower than that with) and a sense of dread about today. Thankfully I've been able to keep the mask of 'deep hack mode - don't disturb' up since I got in and what happened yesterday seems to have been forgotten, though I doubt forgiven. Cie la vie. I think going back to silence is the best tactic right now.
Apparently, yesterday was Personal Firewall Day on the Net. The heavy hitters in the industry, like Microsoft and Zone Labs got together to put together a public service site (I think that's the URL) to educate end-users about the dangers of the Net and why personal packet filtering software is a good idea.. I've got to hand it to them, the opportunity for advertising aside, this was a really good idea. More people should know how to secure their workstations and how to protect them from viruses, and most of all how to install security updates. I wish this had gotten more press, more people could have benefitted from this.
It looks as if SuSE is making a grab for the enterprise Linux server market with the release of SLES recently. SLES is a heavily optimised version of their standard Linux distribution, aimed at the big-budget 24/7/265 server market. The review I've linked above is a fairly decent one, and would be of great help to someone deciding what server OS to run and which distro to go with if they chose Linux. The documentation is said to be excellent, which is a must if you're building a server of any serious complexity. The package selection subsystem, also like many server OSes, tends to pick everything and leave the admin to remove the unnecessary stuff. This is unfortunate, mostly because it can take a lot of time to uninstall the stuff you don't need on a particular box. As for installing X and a desktop environment on a server, I still have to take issue at this, not because it's Windows-like, but simply because it's more overhead that a system has to deal with. A server of any kind should be a dedicated-use system (only for e-mail support, only for serving web content, only running a database.. you get the idea), so that every last compute cycle goes to the application at hand. Installing X takes up more memory and CPU time that could otherwise go to your application.
But then again, maybe I'm just a throwback to the times of building a mail server or a MOO on an 80486 and optimising the hell out of it to make it run better than it otherwise would.
Anyway.. there's also an installation method which isn't quite as automatic, and will give you much more control over what happens. I like the sound of that. The usual server-type software comes with SLES (Apache, MySQL, Samba, et cetera), along with YaST (Yet Another Setup Tool, screwy capitalisation not my doing), which not only manages packages but lets you configure everything as well. YaST's functionality include package updating (ala Redhat's up2date utility), editing the core system configuration file (/ec/sysconfig), timed backups of the database of installed RPM packages (some revisions of RPM like to corrupt the database; can we say "ouch", cats and kitties?), a firewall configuration tool, and the ability to tweak the kernel through menus and not poking values directly into /proc (I'm impressed that they thought of that). This seems like a good one to experiment with if you get the chance.
On the research and time-killing fronts, Mozilla v1.6 is out. Lots of nifty changes have been made, hit the link and look at the changelog. There's too much for me to go in to right now.
More on SCO's stall tactics: Ryan Tibbits claims that he began complying with the court's orders to produce documentation on 12 December 2003, one week after the orders had been issued. They didn't bother trying to get things going until then.. what does that say? That going on holiday is more important than a court order?
In the best of all possible worlds, I suppose it would, but this is far from being such.
The versions of AIX and Dynix that IBM produced for SCO were so old, they say, that they couldn't be used for the purposes of comparison. As the affadavit says, "Our engineers have reached the conclusion that parts of Linux have almost certainly been copied or derived from AIX or Dynix/ptx." That's all well and good... but isn't the issue whether or not IBM put SCO code into Linux and not AIX or Dynix? Maybe I missed something here, but this doesn't make any sense. Is SCO after the rights to AIX or something?
At this point, I must confess myself completely confused. What the hell's going on here? When did they start demanding the source code to AIX?
I've been laying in the Lab most of the evening watching VH1 Classics on cable. My word.. the music takes me back. Melody, rhythms, lyrics that hint at something more to life, something that scares us, or make us want to get up and dance and forget that things hurt in life. Rock music with horns and accoustic guitars, a sharp contrast to the power chords, distortion pedals, and vocoders used to add noise to otherwise pure sound. Not bad, not broken, just different from what things were then. Still, I feel the same thrill that I once felt the first time I ever heard the sound of a synthesiser, like a stream of cool water from a hose down my back and over my scalp. I can feel my nerves light up with pules of octarine light and the wiring seems to hum in sympathy. Oh, and don't forget more mullets than you can shake a pair of hedge clippers at.
I know this has been going around for a while, I haven't had a chance to talk about it: HOPE 2004 has been announced. 2600 Magazine has made it official. The convention will be held 9-11 July 2004 at the Hotel Pennsylvania in New York City. Details regarding The Network's meetup will be announced as soon as we get around to planning it.
At long last, goatse.cx has been taken offline. If you've never heard of it before, I envy you. It was a fairly tiny website with a single, now famous image file on it that would make anyone cringe in horror.
One month after the latest Internet Explorer bug was announced publically, one which makes it possible to fake the URL shown in the browser, it still isn't patched. By including the character %01 (which is a character code, if you've never seen this format before) in a URL (uniform resource locator - the most commonly encountered kind is a web addres) everything following that character will not be shown to the user, but will still be followed if you click on the link. For example, the URL http://email@example.com would be shown as http://www.openbsd.org/ in your browser's URL window, but would throw you over to http://nonexistent-example.virtadpt.net/ without your realising it. Identity thieves only needed a week to figure out how to exploit this particular bug, and folks are falling for it. A Microsoft spokesman has gone on the record as stating that a patch for this particular bug-of-the-week will be released whenever it's ready. Microsoft has written a knowledge base article about this bug detailing ways to confirm URLs that you are sent; it's a good one, too, so check it out if you use IE.
I think the phrase "fucked up" has officially become a technical term. As the saying goes, "profanity is the one language all programmers know best."
I think it's amusing that they're finally catching on to something we did years ago using stunnel. A new breed of VPN (virtual private network) is arising, built not out of IPsec or anything like that but the same SSL technology that protects web transactions. For starters, it's much easier to set up and use than IPsec VPN links are, and much more flexible as well. It's also much cheaper to implement SSL than it is to set up everything required for IPsec, and much more rapid as well. Because there's less to configure there's less to have to support. The only thing you have to remember is that there's no filtering done on SSL connections: If something happens to sneak through your link in one direction or another there's nothing stopping it.
It's official - Redhat's AFbackup, which we're not using at work, incidentally)). MySQL is a lot of fun, don't get me wrong; it's got some nice utilities for dumping the contents of databases and even making hot copies of running databases, but when it comes to running someone else's data backup and archival software there's a problem: How to make what already exists work with it. mysqlhotcopy is great, but some of our databases are so large that it doesn't work on them. mysqldump, which I'm playing with right now, will back up anything, but spitting the contents of each database out to a text file of SQL (structured query language: the native language of most (relational) databases these days) statements can take a while. At least I'm in the process of benchmarking right now and not trying to run an emergency backup. I wish I knew about how long it's supposed to take to back up a database of this size; I can't find any references anywhere to even base a guess off of.
Well, I guess that's something to write about. I still feel bad about last night, though. I always seem to do stuff like that at the worst possible time.
I think I learned a valuable lesson today: When trying to sound intelligent and get someone to tell me something about something I've never seen before (one of my variants on "What is that?") I sound like an idiot who "says the first thing that comes to mind", and a few refinements on that theme. The grille marks covered my back and thighs pretty well up until I hit the coals and started going end-over-end, if I may be facetious for a moment.
And here I was thinking that I was doing well, trying to be personable and all. It looks like that plan's a failure. I guess I'm going to have to fall back on my usual plan of keeping my head down and my mouth shut at work. Let the folks who actually work there do the thinking; I'm just hired help. Point me at the problem and I'll get to work on it.
Gods only know what'll be waiting for me tomorrow morning because of this. I should have started bringing my books home tonight; I forgot.
Now that I think about it, perhaps I should be slightlu more specific as to why I "don't need this right now." Further consideration of the connotations of that sentence fragment leads me to conclude that perhaps I should disable that particular part of my linguistic cache, because I really don't feel like explaining the reasons for it to people who really don't have a need to know.
On the bright side, I glued the front and back covers of Fern's Book of Shadows tonight. The leather's in place as best I can get it and the glue is drying at the moment. I'll fold and glue the edges tomorrow night (if the roads are okay) or sometime Saturday (if I get the chance), and the endpapers after that. I should take a few pictures of that soon.
Maybe I'm going to stop taking quizzes.. this isn't a good time.
Greetings readers from the United States Postal Service. Happy New Year.
Ye flipping gods.. l33tsp33k in an inter-office memo. I suddenly feel very ill.
Last night was one of those weird ones.. I didn't do a whole lot of anything but it still feels like it was productive for some reason. Dataline's shoulder was acting up due to how she'd fallen asleep on it, and I had to work the muscle away from the scar tissue so it would move again. After a few stretches it seemed back to normal. She said that she was going to try to go to work today. By the time I left this morning she wasn't up yet, so only time will tell on that. How the weather went from a relatively balmy 36 degrees Farenheit yesterday evening to 17.6 this morning is beyond me. It's been snowing intermittantly the entire time. I don't think it'll really pile up, so it shouldn't be a problem right now. I got the bookmark of Fern's Book of Shadows glued last night; I'm hoping to glue the front and back covers in place tonight the end-flaps tomorrow night, and the endpapers sometime this weekend. I think I'm going to line the parts facing the pages with waxed paper or foil to keep excess glue from seeping onto the pages and then press the book again between a few spare computers for a day or so. Since I've started working out again my body's muscles haven't been sore afterward like they have lately. It doesn't take long to get back into the swing of things.
SCO's still playing games with the court order that says that they have to start showing their evidence. They filed their 'notice of compliance' with the court order a few days ago, but they still haven't complied. The court demanded that SCO release another set of documents as requested by IBM, including identification of the alleged misused trade secrets, documents stating everyone who had rights to the code, the nature of SCO's rights, documentation of SCO's efforts to preserve the confidentiality of the information, all agreements, copyrights, patents, and whatnot of those trade secrets, documentation of the origin of those trade secrets (who came up with them when and where).. the list is pretty long. Read it for yourself. They have not yet produced what was asked for by IBM in the fourth demand: The actual source code that SCO says was illegally released under the GPL.
Ummm.. guys? That's what you're basing your entire case on. The more you backpedal and stall, the less anyone believes you. Besides, internal e-mails were released and authenticated that say that not only did management know they had coders working on the Linux kernel source, but they had the go-ahead for their release to the public at large under the GPL.
SCO has stated that they have not yet reviewed all of the documents they were asked to release due to the Yule holiday of 2003. In other words, they haven't complied by their deadline. Funny, how they keep stalling on the same thing every time... the evidence.
I've been trying to figure something out.. I've got a three-day weekend coming up due to Martin Luther King, Jr. Day (it's a government holiday), and Lyssa asked me to drive down to Maryland for the weekend to see her. On one hand, I'd love to drive down and spend the weekend. On the other, I'm tired and I'd really like to stay home and rest for a while. I haven't gotten much downtime lately and, lifestyle maintenance aside, I'd really like to just stay local and relax. I'm afraid that if I drive down this weekend I'll overtax my reserves and disable my immune system.. and I've seen what the flu that wants to grow up to be a plague can do, and I have no desire to fall to it. It's a long drive, and it takes a lot out of you if you don't have the time to recoup after you get home.
There might be other reasons for Microsoft having changed its collective mind on terminating Windows 98. There's a good possibility that if they did kill off 98, the people who currently rely upon it around the world might look into other OSes to replace it. Makes sense to me: If you can't get fixes for your OS, chances are you are going to start considering an OS that not only is still supported, but might run better than what you've got right now. Lars Ahlgren, a senior manager of marketing at Microsoft, stated that they hadn't made any money off of 98 licenses for a while now, but they'd still like to keep the userbase as long as possible, the better to bring them into the fold. Also, I would think that 98's system requirements, which are much less than those necessary for Windows 2000 and XP, are keeping outdated hardware around and running Windows; one of the hallmarks of open source operating systems like Linux and BSD is that you don't need bleeding edge hardware to run them on. They're perfectly happy running on something as old as an 80486. Userbase is everything when you sell licenses of something...
It could be said that there is such a thing as going too far. Guillem Jover has developed a script that will convert any Linux install into Debian automatically. All kidding aside, he wrote it to transform a server housed in a colocation facility into a Debian box without rebuilding it from scratch. What it does is install a base system from a package of some sort (maybe a .tar.gz or .zip compressed archive, maybe a Redhat .rpm package; when you run the script you have to supply a location and file of your own), remove the unique parts of the old distro, and transform some stuff (like parts of the /etc directory) into a configuration matching that of a native Debian system. It's been tested on Redhat and SuSE so far, and more ports are on the way. You can examine the tool here - note that the site's crawling right now due to the Slashdot effect. I'm half tempted to build a quick Redhat system at home tonight and give this a try to see what happens.
Some days I really hate my lives... I spent most of the evening paying the bills for the house. Paying the bills for an entire house always looks grim, there's no two ways about it. But that was two hours that I was going to use for working on sundry projects that I've been putting off for a while. On one hand, the bills have to get paid to keep everything running.. on the other.. well, I just hate it when my plans get taken out from under me. It's the principle of the thing.
But that's not what's getting me right now.. Lyssa read one of my earlier entries, about probably not being able to drive down and visit her this weekend. I really feel bad about that.. she had to read about it in here and not hear it from me first hand. It's understandable that she's upset. Now I'm not sure of what to do - I can stay at home and probably hate every last moment of it, or I can drive down and spend the weekend. I'm not sure what I should do. Travel takes a lot out of me; it might knock me flat. But it would help fix things with Lyssa... which should I do?
I wonder if wrecking one's life is an in-born talent, or if it's a skill that I learned along the way without realising it.
Holy cow.. these are chalk drawings on sidewalks!
Someone on the Bugtraq mailing list posted something interesting this morning: There was a serious compromise of the computer network of the Israeli Post Office not too long ago. The author of the message states that the IPO acts as something like a bank; several thousand shekels were stolen as a result. Supposedly, someone snuck a wireless access point into the building and plugged it into a core switch. The intruders rode in through that AP and went to town. This only went on for a couple of days before the AP was discovered by someone on staff there. Not much else is in the message, presumably due to the international embarassment factor and the fact that this is an ongoing investigation. Gadi Evron's post also hints at other stuff going on over there, such as the theft of a number of servers hosting the databases used for face recognition systems and something about industrial espionage.
There was a very intelligent response or two to this post on Bugtraq today but I can't seem to find the relevant posts in the Securityfocus archive. Maybe they'll appear tomorrow.
"You just can't trust anyone anymore."
You know, the number of people who just jump onto mailing lists to ask about stuff without doing web searches (or reading the FAQs on the project's website) is amazing. I just read a post to the snort-users mailing list filled with questions that could be answered easily by reading the FAQ and online documentation. If I were playing the Snort Drinking Game I'd be having my stomach pumped right about now. Sheesh.
SCO's got incredible stones to release letters like this, I'm sorry. Maybe it's the glue fumes from the change of carpeting outside my office, but this is for the birds. SCO claims that it's been forthright with the Linux community, yet they still refuse to say what code is infringing upon their rights, which means that if there is any trouble it can't be fixed! Through the legal firm of Boies, Schiller, and Flexner, they plan on opening fire on companies using Linux in the middle of February 2004. If you go to http://www.sco.com/ibmlawsuit/ you can look at the IBM court case documents and the seven .pdf files labelled "Exhibit [A-G]", which is exactly what I plan on doing when I get home tonight. Maybe something's changed in there. However, I strongly doubt it.
I nominate this Perl module for the WTF?! 2004 award.
When they say "In the spirit of.." what they really mean is "It's nothing like it, we just wanted to fish you guys in."
<cheering> Two! Four! Six! Eight! Everybody caffeinate! Twitch! Twitch! Twitch! </cheering>
I took a couple of minutes during lunch today to do a few quick web searches on why the Calendar application of the v3.13 Sharp Zaurus ROM crashes whenever you examine an entire month at a time. I found this bug report in their database as well as the fix: If you have the Zaurus port of OpenSSH installed, you have to install it to the internal data store; you can't put it on an SD or Compact Flash card. When you install it, it creates a directory called /home/zaurus/Documents/OpenSSH, which is owned by the user "root" and group "qpe". Everything else under /home/zaurus/Documents is owned by the user "Zaurus" and the group "qpe". For some bizarre reason, even though the calendar app shouldn't try to access the OpenSSH directory, it tries to and crashes. If you install the Console application (which basically runs a shell for you in a window) and change the ownership of the Documents/OpenSSH directory to "zaurus.qpe" (su root ; chown zaurus.qpe documents/OpenSSH ; exit ; exit) this will fix everything. I've been playing around with it and it does the trick. Yay! Now I can dump the port of Korganizer, which doesn't even handle repeating events!
Waking up this morning to discover that the temperature outside was a balmy 36 degrees Farenheit did my hearts some good today. That's practically a heat wave, considering that over the weekend it was cold enough to freeze everything solid and shatter plastic as if it were glass. I shouldn't be alert this early, and I can't chalk it up to the coffee I usually have before I step out the door. I vaguely remember a few dreams last night, though I can't recall what went on in them. They must have been relaxing to put me in this kind of mood.
No, I don't think they had anything to do with the serial Catwoman dream I've been having.
I even didn't mind spilling coffee down the front of my white button-down this morning. No big deal, just throw it in the wash and change shirts... must be a good day on the horizon. Maybe it was just getting stuff done last night (like cleaning, at long last), finishing laundry, exercising, and paying my bills. Getting all of that out of the way removed a lot of worry. Applying for five or six jobs helped, too. I'm carpet bombing the east coast again with resumes; here's hoping that something comes of this.
It figures. I brought in my French press and a small bag of Viennese blend this morning because I sometimes would like a cup of coffee partway through the day (usually after lunch) and they started ripping up and replacing the carpet in the office. The first thing that was taken out (aside from normal access) was the water cooler, along with its hot water dispenser.
The fur's flying over Microsoft's latest marketing effort, called "Get the Facts on Linux". The FUD factor (fear, uncertainty, and doubt) is a part of that, to be sure, but the information they present is based upon out of data information and obsolete studies. The gist of the campaign is that enterprise Windows servers are cheaper to maintain in the long run than open source alternatives. Whomever wrote that particular report must not have seen the licensing fees for Windows 2000 Server and Datacenter Edition, nor the fees for Windows 2003 Server (which are considerable). Per-CPU and per-seat licensing are not cheap, even for smaller companies who only need a few workstations. Linux distributions are much less expensive than Windows licenses (even for Redhat Enterprise Edition I've seen, from administering it at work); they can also be downloaded from the Net for free. Server and application software cost out the wazoo for Windows servers: IIS comes bundled with each installation, but don't think about all the security vulnerabilities that have been reported. Apache for Linux, Unix, and even Windows is free and generally more secure.
Windows needs to be courted constantly; Linux just runs, smoetimes for years at a time. Windows machines need to be rebooted when they're patched. This means downtime (sometimes hours or days if something went wrong). You only have to rebooted a Linux or Unix machine if you update the kernel; everything else happens in userspace, so you don't have to take the entire system offline to install a patch. At most you only have to deactivate two or three services to upgrade something, and if something does break you can have multiple copies (usually different versions, though sometimes not) of the same services installed at the same time in parallel directories. Downtime: Minimal. Because I'm at work writing this offline, I'm going to stop here and advise you to read the article I've linked. It does a better job than I can from the trenches.
In response to SCO's legal shenanigins lately Intel has thrown its hat into the ring by forming a legal defense fund for certain users of Linux. SCO has threatened to sue people (usually companies) for intellectual property infringement who are using Linux; this defense fund would go toward legal fees for the defense of these companies. The Open Source Development Labs hopes to raise $10mus for this fund; so far is has $3mus, raised from a number of companies.
Microsoft Windows 98 has been granted a reprieve until 30 June 2006. Previously, there were no plans to continue support of the OS past the second quarter of 2004, but critical security vulnerabilities will be patched and telephone support will still be available (I thought you could only get support from your original vendor..) The decision to keep 98 alive for a while was made because of all of the desktop installs still out there that are still in use. Microsoft is trying to bring 98 and 98 Special Edition <bites tongue to avoid making smart-ass remark...> into line with their current software lifecycle policy, which is now seven years before support is terminated.
On one hand, I'm glad that they're still going to be patching 98 for a while. On the other hand.. just kill this fork(2) bomb of an OS. Put it out of its misery (memory?)
I've learned something in the months that I've been hacking around with IDSes. First, I've learned that I've got a lot yet to learn about security in general and IDSes in particular. Computer security isn't an easy thing, especially when there are systems on the line that not just a department counts on, and not just an organisation counts on, but thousands of people. Security is paramount in situations like these, and everything you do has to be justified in writing. If you change a setting, you have to write down somewhere what you changed, why you changed it (sometimes citing sources, sometimes not), what the change will do, what problems it might cause, what benefits it will have, when you did it, and why (again) you changed that setting. The idea is so that there is a record of who did what where at such-and-such a time; there's a record of events, so if something does happen (say, the security admin gets hit by a bus) there's enough information for the admin retracing his steps to figure everything out. If something breaks suddenly, you go back to that record of events, see what the last changes made were, and un-do them, hopefully fixing what broke.
But I'm straying a little bit from where I was taking this.
IDSes are only as good as the sets of rules that they're using to analyse traffic. Some rules are less accurate than others, and go off more often, resulting in false positives (alerts that really aren't alerts at all). Other rules are very exact in their detection criteria, and will only go off when they match a bona fide situation (for example, the first thirty packets of a SYN flood). No matter how well you tune your IDS, regardless of which one it is, you're going to get some false positives, it's the nature of the beast. If you somehow manage to eliminate false positives completely, there's an excellent chance that you're no longer listening for enough possible situations. A good way to test this is to run a vulnerability scanner (like Nessus) against one of your boxes neighboring your IDS; if it alerts on your scan, chances are that you didn't cut too much stuff out; if not, there's an excellent chance that your IDS won't pick up on someone trying the same exploits from outside of your network).
There's a variable in Snort's config files that lets you define what your network address range is; there's another one that lets you define what the rest of the Net should be when you take out your own network. Let's say your network block is 22.214.171.124/24. The HOME_NET variable looks like this: var HOME_NET [126.96.36.199/24]
Knowing that, there are two ways to set up the EXTERNAL_NET variable: var EXTERNAL_NET any, meaning that every IP address possible falls into this category (including 188.8.131.52/24), and var EXTERNAL_NET !$HOME_NET, meaning that every IP possible address on the Net but those that are a part of your home network falls into this category. If someone on the outside fires an exploit at your LAN, it should be picked up by the IDS and logged. However, let's look at the very real and unfortunately common example of a worm that uses an exploit to propagate itself across a network. In the former case, the IDS would see the worm fire its exploit at some IP address that's a part of your address space (whether or not a system's actually using it at the time) and let you know. In the latter case, however... it wouldn't notice the exploit because it would actually be looking everywhere but its home network for attacks.
When you set up an IDS, you're going to have to think about stuff like this. You're also going to have to think about the other things that you might run into, like seeing traffic from addresses that really shouldn't be talking to your LAN (like 127.0.0.1, the loopback address that every system running TCP/IP has). Usually, this means that you've got a network appliance, like a printer, that's not configured properly. Find it and fix it to make the noise go down somewhat. You also have to decide how much noise you're willing to put up with: Techncially speaking, a box that responds to pings is actually a security vulnerability because an attacker can ping addresses on your LAN to see which ones are active as the prelude to an attack. You can either deal with alerts from pings (which are perfectly legitimate network traffic) or you can turn off that rule in the IDS and ignore them. The same thing goes for FTP traffic to a server: It used to be that Linux and BSD boxes had an FTP server running by default after installation; this is no longer the case, but there are enough old distro CDs floating around out there that someone who grabs an old version and installs it might be leaving themselves open to attack (remember WU-ftpd?). As a result, FTP traffic is included in the rule sets of a lot of IDSes. Someone tries to access the FTP server on one of your boxes and you find out about it. Great. Now let's say that you deliberately put up an FTP server, and secure it so that the old exploits floating around are ineffective. Legitimate FTP traffic will still set off that IDS rule. Disable it or deal with the false positives?
IDSes take a lot of research and forethought to get running well. They're twitchy beasts, but incredibly useful once you get them tuned and learn how to configure them properly.
Holy cow.. I met another technomancer tonight at the North Hills Pagan Discussion Group. Greetings and salutations to Flagg!
I'm leading the next discussion.. it's on Discordianism. Take cover, cats and kitties...
Well, today's gone much better, all things considered. I've spent almost the entire day downstairs. Everything's done and out of the way and I said "screw it" and cleaned. I feel a lot better now that I've pitched a lot of empty boxes and shelved a few things. I'm on my last load of laundry, a second episode of Coast to Coast AM, and my second job application. I've also gotten Mplayer working properly on Leandra, and playing back at 30 frames per second on a 1600x1200x16 bit display (by using the XV extension to XFree86).
I think the Lab's got a background count after this weekend. Ick.
I'm doing everything I possibly can to get out of here before I lose what remains of my sanity. I'm hunting for jobs not only in Pittsburgh but in the states surrounding Pennsylvania, and I'm willing to move farther to find steady employment.
I'm truly glad that I was able to get out for a few hours last night. I'm glad that I didn't go to B'witche's Tavern, a) because I can't find the place without a navigator, and b) because drinking (or anything addictive, for that matter) would be a really bad idea right now due to my stress levels. I drove down to Swift Fox's den last night to hang out with he, Sil, John, Lara, and Azanti. No sooner had I gotten in the door that I just stopped and listened to the quiet. The blessed quiet. I could drop the masque that I have to wear at home and be myself and not "who I'm supposed to be." Ironically, it was D&D night. However, the chance to let my hair down for a while and decompress was welcome. I think I ranted for a good hour or so after I took my parka off (damn, it was cold last night). I might take John and Lara up on their offer of asylum soon. I got to relax a little gaming last night; the running gag of the night was my dice mojo taking a serious hit due to stress. After game was over and we'd divvied up everything out came the DDR pads and we played a couple of rounds of Konamix 2. I'm amazed that Swift did as well as he did with two injured ankles. I threatened to take Azanti to Club Chemistry soon to expose her to rhythm.. I was serious about that, though gods only know when that'll happen. The snugs from li'l S'ifty were muchly welcome; unfortunately, I couldn't stay for the night to play. I got home some time around midnight and spent the next two hours jacked in. Something that I have to take care to avoid when stress builds up, I become quite the escapist. I synched for the first time in months last night, and had to tear myself out of the Net before my body fell asleep on me.
Sleep's been bringing me serialised dreams again. Something about getting a tour of Catwoman's private vault, hidden somewhere in a hillside, and catching a group of local teens trying to follow us in to loot the place. I hope it continues tonight, I want to see how this ends.
The CAN-SPAM bill passed at the beginning of this month has had almost no impact upon spam. And we're surprised because...? The company MX Logic has analysed a miniscue portion of the spam sent every day (1000 e-mails is a drop in the spam bucket) and found that only three of them comply with the CAN-SPAM Act. I think spammers are taking the name of the act to mean that it's open season for them.. and it's going to wind up open season on them if they're not careful. The chances of spammers who don't comply with this law being caught and prosecuted are infintesimal, and so much comes in from overseas, where this law doesn't apply it's going to wind up one of those laws that nobody will bother to repeal.
A few days ago I set up Spamassassin on Lucien a few days ago and configured it to filter traffic coming to my personal account. It's caught a lot, I have to admit. I'm going to have to tweak it a lot to get it working as well as I'd like, though. The single thing that's had the greatest effect has been using UCSPI-TCP to block incoming SMTP traffic before it even hits the mail service on Lucien. I've blacklisted most of China and a good bit of Korea, which has cut the amount of spam over 80% in just two weeks. Every once in a while I put the latest revision of Lucien's tcp.smtp file up in case someone'd like a place to start. Feel free to download it once in a while and use it on your own server. Soon I hope to put up a page of domains that don't listen to mail abuse reports or that have non-working abuse reporting mechanisms in place, so you don't waste time and bandwidth trying to contact them (save with a magnetic pulse weapon...) I also hope to put up a page of domains that do listen and where to send reports to, so you don't waste time trying a bunch of different possible e-mail addresses at each.
Spammers are the cockroaches of the Net. I only hope that if nuclear war comes, they won't survive with the rest of the planet's cockroaches.
Uncharacteristically blood-thirsty and violent of me? Yes. I'm sick of what's been going on, and I'm sick of the bullshit that's been going on lately, and possibly my least-favourite denizens of the Net are a perfect target to take it out on. Now ask me if I care.
Greetings, readers from Los Alamos National Labs. Please don't mind yesterday's nervous breakdown.
Today is certainly a day that was designed for one thing and one thing alone: To piss me off.
First was shopping. That wasn't so bad in and of itself, save that it kept me from studying as I'd hoped, as well as from doing my laundry. I'm trying to prepare for the CISSP certification, which is going to take me a while. The book's pretty thick (up around 750 pages of information, not counting the index) and there are review questions, as well as practise tests. Not a rapid process, by any means. Of course, there's already a load of laundry in the washer that needs rewashed because it's been fermenting for two weeks now. As I write this, I'm half wishing that the stench had knocked me unconscious. And then there was cleaning out the fridge (stuff from Yule dinner?! Ye gods...) to make room for the groceries and having to make dinner tonight.
Making dinner has been complicated by the fact that the microwave decided to roll over and die sometime this morning. I made breakfast in it; Dataline did the same about an hour later. Now it refuses to even heat a mug of water to make tea. And don't get me started on not being able to do laundry.. they've had laundry in the washer for two weeks now. I had to re-do theirs before I could even start my own. After being told to hunt down something while down there and bring something else back up (am I the only one who can hear the damned dryer go off?!) I gave up in disgust. I'm sick of this.
I'm really starting to hate life right about now. I came back why, exactly?
He really did it - on Thursday Adrian Lamo plead guilty to cracking the New York Times network. Lamo could be sentenced to five years in prison and a $250kus fine at most, depending on the direction the case goes in. Lamo is currently out on bail and awaiting sentencing.
I still can't believe how cold it is. I put out the garbage today and the garbage can outside shattered and fell apart. PVC plastic doesn't do that normally.
The January 2004 Netcraft survey of web servers is complete, and the numbers are looking good for the first month. Of 46,067,743 web servers surveyed, over 31e6 of them are running some version of Apache, with Microsoft IIS in second place at 9.6e6 detected installs.
The hijinks in the office have progressed to real flatulence. What did I do to deserve this?
Everyone's favourite owner of fibre and copper, Verizon is planning on spending over $1bus on a nationwide wireless net.access project planned to require at least two years to implement. Ironic, considering that just last year they said that there was no need for such a thing.. their wireless access system, if it goes according to spec, will be between five and ten times faster as standard dialup access; a few major cities will be ready to go by summer of 2004. Verizon has also announced plans to invest another $2bus in voice-over-IP technology, to take advantage of the already dense Internet framework already in place (as well as cut costs for carrying voice traffic; a tactic that hundreds of fly-by-night calling card companies have mastered already).
Never ones to leave a good thing alone, the US FBI and Department of Justice are also concerned about voice-over-IP technology and are trying to coerce telecom companies into altering their networks to make eavesdropping of the (probably, if people have any sense these days) encrypted voice traffic possible; at any rate, they want to be able to monitor the conversations with as little trouble as possible. Legal eagles, privacy advocates, and cypherpunks have undoubtedly already made the comparison to CALEA, the Communications Assistance for Law Enforcement Act of 1994, which made telecom companies do the same thing to the POTS (plain old telephone system - no, I didn't make that acronym up) network, which at the time was becoming more and more computerised. Of course, they're playing the "criminals, terrorists, and spies (oh, my!)" card to make their efforts more palatable. The US Drug Enforcement Agency is also getting in on this. In July of 2003 an attempt was made to weaken VOIP technology such that it could be more easily monitored; this attempt focuses upon the providers of VOIP service. In general, the companies involved in this field have agreed to go along with their demands but a group of twelve smaller companies have refused, stating that they won't make any changes until this becomes official. Way to go, guys.
D-, one of the guys next to me, has perfected his electric guitar imitation. I have to admit, a chorus or two of The Chicken Dance, sounding as if it were played by Jimi Hendrix, can pass the time quite nicely.
The article I mentioned yesterday about target-based IDSes has provoked a response from one Martin Roesch, an employee of Sourcefire (best known for Snort). He posted a few criticisms to the focus-ids mailing list today, among them that the original article didn't review any TBIDSes per se, only the correlation systems of true TBIDSes. Roesch also had some words to say about simplifying certain aspects of the discussion for public consumption - IDSes aren't a simple topic, and by not getting the brunt of the blow you're missing out on a lot of important information. As I found out the hard way, the devil's in the details with these beasties. He references a post he sent out in November of 2003 justifying his statements. This isn't your usual oil-and-vitriol defense, this is actually a well thought-out and executed rebuttal. Feel free to skip this one, but it caught my eye.
At last, the Debian packages website appears to be back on-line after its hiatus due to a system compromise.
After a lot of playing things cool (and by cool I mean the temperature of liquid helium) this week, I feel the need to vent.
Once again, it appears that life as I know it has been placed on the back burner. Work has been hitting hard lately, and with little time to sit and think due to a laundry list that could be printed in Flyspeck-8 font on several boxes of fanfold paper and not have room left over for margin notes, I've been treasuring the time I've got to myself to reflect and unwind. Since Dataline has been at home sick the busrides home from work have been a string of all too short respites from stress. The Sight has given me fleeting glimpses of beauty in the past few days, images that I'll treasure for the remainder of my life. The beautiful sunsets over Pittsburgh, for one thing: As the frigid wind comes in winter the sky becomes crisp and clear, revealing a twilight sky coloured the deepest purple you can imagine, with tiny stars peeping through holes in the shroud of the heavens. The sky just over the horizon has been a rich, bloody orange colour, almost a shocking counterpoint to the darkness overhead. Each and every tree and building as far as the eye can see was perfectly outlined in the rapidly dying evening glow. Through the gaps between the tree trunks I could see, quite clearly, the hilltops the trees stand upon.
I just sat and stared at what I could see, slackjawed with awe. How could such beauty exist on a planet like this?
Like all good things in life, the experience was fleeting. Coming home at night is just more of the same that work throws at me - get this done, do that, something else comes up... the Sight departs as abruptly as it sees fit to gift me with something. Right now, I suppose that I should not complain much (even though I shall) because Dataline's been knocked flat by the flu that has aspirations to become the next plague. However, I strongly resent being the only one who has to do things. Even when she's well, she sits around after dinner watching bad sitcoms (oh, how I've come to despise those wastes of RF bandwidth knows as Everybody Loves Raymond and Dharma and Greg - a curse of satellite downtime upon the both of you!) and munching potato chips. I still fail to see why she asks me what I've got planned for the night because I always wind up having to do something. Just once I'd like a chance to sit and unwind. Just once. Even on the days where work has me so tightly compressed that I could explode like a faulty scuba tank there's always something to do, even though Dataline is perfectly capable of getting up and doing it herself. She is not the only one who has bad days, who would like nothing more than a sympathetic shoulder to cry upon ("Everyone hates their jobs; deal with it."). Anger and frustration, I have been told my several different people at several different times, are perfectly reasonable emotions in context and may be expressed reasonably. Being told that they are not valid emotions is not.
Having nothing more than wanting to sit down and look at a book (not even reading one!) planned to come down from a particularly rough day does not translate into "I'm not doing anything, what do you want done tonight?" in any language that I am familiar with.
Months ago, I gave up meditation because the fights over "I was calling you for a half-hour! Where the hell were you?!" became too much. If you'll please excuse my vulgarity, "I shut myself the hell off!" Adam Sandler on a god-damned moped..
What I've come to realise in the past year or so is this: What I want is irrelevant. I exist to carry out orders as if I were some sort of relatively unintelligent (make that 'nonsentient') servomechanism, when the comptroller is in fact capable, though unwilling, of acting on his/her/its own. Stress management for emotional stability is one of those irrelevancies that gets in the way of performing tasks, I've gathered. At this point I've pretty much discarded the idea of having an existence apart from being someone's son, the last hope for the family, the one who gets things done around the house, and the one who has to stay calm when everyone else is fighting (when in fact I'm anything but; I've got my problems too, just no time to fix them). Most of the avenues of relief I had are closed to me now; even the simple pleasures of sitting down with a cup of tea and a book are rapidly vanishing. The Sight seems to taunt me with things that offer only a momentary sense of peace.
I wonder if it's possible to divest oneself of self-awareness... that would make handling this much easier.
And for the record, no, I cannot move out, because I have no time to hunt for a job that will pay well enough to let me pay rent, pay bills, and eat simultaneously. I can live off of my savings, but the added drain of rent will bankrupt me within seven months, even living in a college slum near Pittsburgh. Then I'd be right back where I started.
Fuck. I gave up cutting for this?
The next time I open my mouth about a good thing, someone please hit me before I actually have a chance to speak.
The bus was late yesterday morning and continued to be so all day. Standing in sub-zero temperatures for extended periods of time isn't fun. I was frozen solid by the time I got in yesterday, but the ride home was even worse. Some time in the past two days (I'm writing about yesterday, by the bye) a water main near my usual bus stop in the city ruptured and the city department was all over the place trying to fix the line and clean up the mess. This required blocking off two streets, which snarled traffic up but good during rush hour yesterday. My bus home was almost 40 minutes late in arriving, which actually was helpful because many of us had to figure out where our bus stop had been relocated to.. Then it was just a matter of standing around waiting. Not a few people (myself included) took to sharking up and down the sidewalk in search of the relevant bus; generating more heat by doing so was just icing on the cake. Once the bus arrived, however, all was right with the world, or at least the workday.
Dataline's still on the shelf but at least she's now able to keep some soup and crackers down. That's an excellent start. Motrin's about the only thing that's helping the head- and body ache.
Possibly the only thing that's keeping Linux from taking computer users as a whole by storm is the fact that there's no desktop environment, no GUI that everyone can use (or figure out how to use) easily to get everyday tasks and general screwing around on the Net done. Well, actually there is. There are actually quite a few of them out there. The best known is Gnome, which is extremely modular and reconfigurable. Gnome's appearance can be easily changed, there are dozens and dozens of applets out there (not unlike all the widgets that can be placed in the task tray in the bottom-right corner of the screen or next to the start button), and it integrates every application that uses the Gnome libraries (of which there are so many I've lost count; hit Freshmeat.net and do a search on 'gnome' and see what you find; then remember that Freshmeat isn't the end-all-be-all of open source software indexes...) Then there's KDE, the Kommon Desktop Environment (which started life as a clone of the Sun Microsystems CDE for Solaris) and grew into a fully featured desktop environment in its own right. I've never used KDE before so I can't comment on it; I will say that the folks I know who use KDE have fallen in love with it. Then there are sundry window managers out there like Enlightenment, Afterstep, Openbox, Blackbox<... the list goes on and on.
Because so many people are unwilling to try a new desktop, and often because the applications that people are used to are not yet available on Linux (or because they don't want to spend the time learning a new application), this has stopped many people from trying something new. On occasion, however, orders come down from on high that there will be some changes made - this time it's one of the heavy hitters in the computer industry calling the shots. IBM has declared that they're going to start using Linux on their desktop systems by the end of 2005 along with sundry open source applications. Quite a jump. Good luck, folks... you're paving the way for a lot of other places (and possibly families) to do the same thing.
It's official: The British Mars probe Beagle 2 is MIA. The diminutive space probe has yet to transmit a signal back to Earth or to its original host, named Mars Express. Controllers in Germany are not hopeful that any signal will be received; if all other attempts fail the mission will be written off. There will be a number of flyovers in the days remaining in January but if there's no response by 22 January 2004 that's it. Some time tomorrow the orbiter will scan the surface of the planet for any sign of Beagle's deployed landing gear (bad mental image of the parachute not opening, there), and the spectrometer on the Mars Express will search for any signs of the ammonia gas used to inflate Beagle 2's landing airbags. Strangely enough, all word about Beagle 2 has vanished from the national news in my area (and I suspect most of the United States in general) because the US Mars probe landed safely and is roaming around as I write this, their first success in many years. The timing feels a little weird to me, but what are you going to do?
Will whatever gods there be please preserve what remains of my sanity? The other guys in my office have a new toy: An Old Fat Bastard talking stuffie from one of the Austin Powers movies. The bloody thing won't shut up. As if that's not bad enough, they somehow managed to track down a George Bush parody website, featuring enough samples of flatulence to make one want to break their eardrums with an icepick.
One of the hot technologies in information security right now are IDSes, intrusion detection systems. An IDS is basically a system that sits on a network and listens to all the traffic it can reach, like a big packet sniffer. It then checks each packet it picks up against a set of rules to see if any show signs of being a part of an attack in progress (like an IIS or SSH exploit coming in from Out There). They're a great technology, don't get me wrong. I work with a couple Snort boxes every day. There is one drawback, however: They don't often tell you if an attack was successful. An attacker can run an OpenSSHOpenSSH exploit against a random IP address on your LAN but if there isn't a vulnerable copy of OpenSSH running on that system then it's not going to do anything. The more popular scanning scripts these days just fire the exploit at every IP address they can reach, whether or not a copy of SSH is even running. The IDS, however, will still dutifully report that it detected someone trying to break in with that script, though. It is possible to fine-tune your IDS to only log alerts going to certain IP addresses (those of systems that you know are running certain services) but on a big enough network that's really not feasible.
A few enterprising folks have found a way around this problem, however. Now on the market are a couple of what are referred to as target-based IDSes, which take the output from IDSes and analyse the alerts to determine if each one is applicable. Target-based IDSes keep an internal map of every IP address on your network, what kind of system is using it (Windows workstation, network switch, BSD server, firewall, et multiple cetera), and what services each has running (the Linux box is running proFTPD and OpenSSH, the Windows machines have file and printer sharing enabled, the OpenBSD box is just running OpenSSH because it's your firewall...) From this information, it determines which alerts should be at the top of the list (a copy of the Slammer worm just hit your SQL server) and which should be at the bottom (someone threw an Apache exploit at your IIS 5.0 server). The idea is to save time when analysing all the alerts by giving the analyst the alerts that they should be worrying about first and keeping most of the noise at the bottom of the stack. It's a cool idea, I must admit. It'd save a lot of time every day when going through the records for the past day or so. The article is a review of some of the rising stars of the TBIDS scene, manufactured by Cisco, Internet Security Systems, and Tenable Network Security. The products manufactured by each company all act in pretty much the same manner (re-filtering and reclassifying the alerts before they show up on the analysis console) and all use pretty much the same three components: A network scanner, IDS sensors, and an analysis console of some kind. The shortcomings of each product are also broken down in a fairly nontechnical manner. It's an interesting article, and I don't want to quote it here - give it a read if you've got some time.
Read more of my memory logs. The entire plan's in there, if only you can find it...
The phrase 'bitter cold' has never been more applicable. Since this week started the temperature outside has plummeted to the low teens if we were fortunate, in the negative low teens if you count the wind chill factor. I ran around searching for my parka this morning before work without success. Consequently I froze my six off outside while waiting for the bus. Of course, since I mentioned the bus being on time lately it won't be so anymore. I jinxed something, surprise surprise. Dataline's still on the shelf with the flu, she's having a hard time keeping anything down at the moment (which is a shame because a friend of hers dropped off some chicken soup for her). The Theraflu seemed to help her, but I didn't realise that it was the non-drowsy kind, so she was up most of the night.
Something occurred to me this morning: Theraflu is the medicine to take when you're so sick you can barely get out of bed, let alone face the world. It knocks you out and keeps your respiratory system in comfort while your body's immune system can do the work, right? The non-drowsy form of Theraflu is formulated that way so that you can go to work while you're sick but still get stuff done. Does this strike anyone else as a bad idea on a number of fronts? If you're sick you should stay at home to get better and so that you don't give everyone around you what you've got. That's nature's way of saying "Catch up on your sleep." Why in the hell would anyone who's got the flu, especially this one, go to work? If you take out the rest of the office with the bug du jour what have you accomplished? For gods' sake, people, take the day off for what it is and let your immune system do its work. Being at work won't help it do its job any faster, and the extra expenditure of energy will probably hinder it. Even I know when to sit on my six and rest...
Correction regarding the Linux kernel bug I was talking about yesterday: The mremap(2) bug has to do with resizing memory segments that have no size (0), rather than of size two. Sorry! My kernel-fu is quite rusty.
Incidentally, proof of concept code for this bug was released to the full disclosure and bugtraq mailing lists on Monday. Now it's really time to get those updates in place. No doubt this exploit is already being refined into an attack tool by the underground, and systems are going to start falling to it.
Just great... after a while at work I realised that my body's still feeling a chill, despite having been in a warm environment for an hour or two. When I stood up my head started pounding, and I'm seeing flashers in my peripheral vision that often hearald a migrane. My body's temperature is slightly elevated at this time, too... I think I caught the flu.
Dammit. Life's going to suck for a while.
The SCO Group has found itself under the gun as the court has decreed that they have until the end of this week to show IBM's lawyers the code that they claim was put illegally into the Linux kernel. Oblivious to (or perhaps uncaring of) the precarious legal position they're in right now, they've stated that they will begin filing copyright infringement claims against one (so far) customer by the end of February 2004. They also sent cease and desist letters to a number of Fortune 1000 companies late in December of 2003, claiming that these companies were illegally using ABIs (application binary interfaces; think 'code libraries') written by SCO. It's time for them to put up or shut up, and the way things are going for them, I think that they're going to put up, but the court's going to tell them to shut up.
Chances are, if you've ever worked with computers on a network someone in the IT department has warned you never to write down your passwords because they could be stolen by someone and used to compromise security. Ironically, people who listen tend to cause a lot of trouble by doing just this. As it turns out, all those jokes about "In case I get hit by a bus" are turning out to be true. In this article, one Jon Hansen was en route to the hospital with a near-fatal case of encephalitis and spent the entire unpleasant time telling his wife about passwords to various documents and services that she'd need to know in the event of his death or incapacitation. Mr. Hansen survived, but this anecdote makes a point: If you're the only one who knows a password, and you happen to wind up on the shelf or in the junkyard (so to speak), other people who need that password are screwed. There are companies out there who will decrypt data or break passwords in cases like this, usually for a fee, but depending on how complex the password is the cost of data recovery might be prohibitive. There's also the chance that the password used is too complex to be broken, which means that you're up a certain creek without a means of propulsion. With the rise of electronic banking and stock trading, portfolio management, webmail, encryption, and web journals, important data of all kinds might be held hostage by a bad situation. In the first few examples I gave, this could make the difference between keeping the house and being thrown out on the street. What's worse, the laws governing electronic security and privacy can work against people with a legitimate need to get in; great care must be taken when trying to break into the computer of the deceased if someone decides to make a case of it (which has happened on occasion). The laws governing the estates of people who died without leaving a last will and testament are even more hairy in situations like this. It seems like the safest thing to do is to write everything down but put it in a safe or a safety deposit box down at the bank anymore. Either that, or use an encrypted password storage utility like Password Safe by Counterpane Labs to store everything. Keep in mind, however, that not all passwords may be stored on paper or in a database. Not everyone writes everything down...
Greetings, readers from atstake.com!
There's a new version of the Adore rootkit out there, called ng v0.31 (probably for 'next generation'). Rootkits are the bane of any sysadmin's existence, as they are left behind by crackers who want to ensure that they keep their presence unknown and their access intact by replacing certain system utilities with modified versions that keep certain files and running processes invisible. Nowadays they also tend to include kernel modules that patch the OS at such a low level that it becomes extremely difficult to detect the presence of an intruder, unless something happens to draw the admin's attention (like random crashes or seemingly unrelated system errors in the logs). You can get the latest revision of Adore here. This new version runs on all Linux systems running a v2.4 series kernel as well as the v2.6.0 kernel and is safe for use on multiprocessor systems. It is capable of hiding files, directories, processes, and sockets; it includes a fully functional backdoor, can filter out system log entries from hidden processes, and can even survive a reboot of the system.
A serious vulnerability has been found in the v2.2, v2.4, and v2.6 Linux kernels in the do_mremap function. This vulnerability, while not easy to exploit, could possibly allow a local user to increase their access privileges to that of the root user (system administrator account). A common operation performed by computer programmes is to increase or decrease the amount of RAM that they're able to access; this is done by allocating a new block of memory and copying the data from the old segment into the new one, and then freeing the old segment for later re-use. The vulnerability as I understand it, and if I'm wrong please let me know so I can correct myself, occurs when two pages are remapped, leaving a hole of one page of RAM that isn't claimed by anything. This memory hole, because it's not watched over by anything, can be used to mess around with the kernel in fairly subtle ways, though the one that everyone is worried about is being able to break root. Because processes don't have to be running with any particular access privileges to exploit this, theoretically any account on the system can take advantage of this.
Proof of concept code has been written but so far as I know not distributed yet. If you hit your favourite news site you'll no doubt read more. It is strongly suggested that you upgrade to the latest revision of the kernel, either from source or from a package acquired from the group that maintains your distribution of choice, like Redhat or Slackware.
There's an excellent chance that you've heard about Redhat dropping support for its end user-oriented Linux distribution (Redhat Linux, currently at v9.0) in favour of its Enterprise distributions that are geared toward big business and big-bore projects (like massively parallel computing clusters and high availability servers), with a correspondingly huge price tag. They've replaced this with a community-supported Redhat-like distro called Fedora, which is right now still in the development and testing phases. Robochan of linuxbeginner.org has written an account of his/her (?) first week of experimentation with Fedora. Day one was rife with re-downloading the installation disk images and rebooting. It took a few tries before Anaconda (the Redhat/Fedora installation system) would even start, which isn't a good sign at all. It appears that some of the problems that Robochan was encountering were due to the mirror site that (s)he was using being overloaded, and consequently not being able to download packages in a timely manner. It appears that they're going with a Debian-like installation method this time around (at least, this is strongly suggested by downloading packages as necessary from a server somewhere Out There). Once the installation process was done the test box came right up on its own. Always a pleasant sight.
It appears that the set of packages installed by default for a given system profile (workstation, desktop, server.. general uses for a computer) leaves something to be desired, but then again you can say that of any distro. Some people will find everything they need/want, some won't. It's a fact of life. There appears to be a Windows-like "Add/Remove Applications" utility of some sort, in which the user can pick and choose what they'd like to (un-)install on their system. However, it tends to ask for a distribution disk for Fedora, of which there isn't one yet. The yum utility can be used to install things as necessary, though, so while that might be daunting for a new user for someone who's got a bit of Linux experience under their belt it shouldn't be too bad. I wonder if apt4rpm would work on Fedora...
Everyone's favourite kernel problem, getting the sound card working, is unfortunately still present. Sad. Oddly enough, plugging in J. Random USB Scanner worked perfectly. It doesn't look like it's too bad for a distro that's still in the testing phase, but it's not polished enough for most end-users yet. I think it's got a lot of potential, though. I think I'm going to try to find a spare box someplace and give Fedora a try, so I can write my own review of it. Should be an interesting exercise.
This gave me a bit of a start this afternoon: The core developers of the XFree86 project are disbanding soon. XFree86 is an open-source version of the X Windowing system, the de facto GUI for Unices of all flavours as well as Linux; it could be said to have been one of the earliest of the 'well-known' open source projects because it was ported to just about every platform there was years before 'open source' became a buzzword on the Net. One of the more powerful features that it's known for is the ability to run across a network: A programme can run on one system but project it's user interface to another system somewhere else on the Net so it can be operated remotely. X is also well known for being a royal pain in the six to program in due to all the features and library calls.. it's one of those systems that you either (learn to) love programming in or hate with a passion, but once you get used to using it you start to wonder how you ever did without it. David Dawes, developer and release engineer of the XFree86 project announced quietly that a vote to disband was taken on 30 December 2003 and the resolution was passed. There was no explanation given. Now the question remains: What happens next? There is another X server project in the works, called Xouvert but how far it'll make it and how compatible it'll be with all the software built upon the X framework (and the dozens of derivative libraries that try to make X easier to work with, with various degrees of success) is anyone's guess.
Remember Adrian Lamo, the homeless systems cracker who surrendered back in September of 2003? He's supposed to appear in court on Thursday, 8 January 2004 to accept a plea bargain. If he really goes through with this, and I see no reason that he wouldn't, he could face up to six months of home detention. US Federal Guidelines do not mandate a specific penalty in cases like this, but they do give the sentencing judge a considerable amount of leeway in sentencing; the plea bargain doesn't say anything in particular about this. Lamo's hearing is scheduled for 1130 EST in New York City, before US District Judge Naomi Buchwald. Good luck, Adrian.. we're pulling for you at the Network.
Well, today's been a far cry from the weekend. The temperature's been hovering in the low teens all day and it's been trying to snow off and on all day today. Thank the gods the bus has been on time; let's hope it keeps up the good work. Dataline's on the shelf right now, she's caught the plague that's been making its rounds, and it's looking like a nasty one. I'm already taking zinc supplements to augment my body's immune system. No sense in tempting fate, is there? I ran to the store tonight to pick her up some Theraflu; nothing else has worked so far, perhaps this will. I finally re-sewed the buttons on my new trenchcoat earlier tonight. Whoever did the original work did a pretty poor job of fastening them in place, the threads were all but pulled through. I've fixed things as best I can, which is pretty good if I do say so myself. For the first time in about three weeks, I had a chance to exercise tonight. I couldn't do as much as I normally do, mostly due to my muscles being out of practise (but that'll change in the days to come) but I did work up a good sweat to work the kinks out. I'm still feeling a pleasant buzz from the endorphins running through its bloodstream.
Sometimes it's the little things that make life all worth it.. like a good workout.
Around 0330 EST today my trip came to an end; I pulled into the driveway of the Lab after a five hour drive back to Pittsburgh after spending the evening with Lyssa at her home down south. All was smooth driving through Maryland and Virginia after I departed well after dark to take advantage of the relative lack of traffic on the highways and quietness. The fog rolled in around 2330 EST last night as I entered Virginia, which slowed me down considerably; instead of merely raining and cutting visibility, which is easy to handle, the mist only smeared the windscreen and cut visibility badly. It was almost a relief to hit actual rain as I crossed the border.
Driving at night is one of the few special joys that I partake of whenever the opportunity presents itself. There usually aren't many people on the roads after 2200 EST or so, which makes the roads not exactly deserted, save in certain spots, but very empty. A perfect time to travel and reflect. It's just me and the road.. Good music on the radio makes the trip go much faster, and it makes the Sight easier to concentrate upon. I love the sound of the engine on the highway, and the way the trees look under the starlight. There's something special about the way the miles are chewed up beneath the tires and the flashing of the roadway lines as the highway passes beneath me. If there was a perfect life, it'd be that journey.
The evening of New Year's Day Lyssa and I set off for her home down south,
on the outskirts of the college she's attending the masters programme of. The
part at John and Lara's place wrapped some time early on New Year's Day, none of
us really know when. Most of New Year's Day was spent lounging around talking
and eating the remains of the feast we'd bought at Whole
Foods the night before. At some point we headed back to the Lab to
see my folks again and wound up hanging out and talking with them. I took a
quick shower and packed for the trip south, and then we set off from her
family's home in Pennsylvania to shorten the trip. Lyssa packed and we got the
car loaded up in what felt like record time. Her proximity to the border
shortened the journey considerably.
Our first stop was at a nearby Chinese restaurant for dinner before we set out for Maryland called Lam's Garden. Their food was quite good; the pot-stickers were cooked to perfection, the hot and sour soup not too spicy, and the kung pao chicken done to perfection. I need to ask Lyssa the name of the shrimp dish she had that night.. afterward we aimed southward and headed for the border and a well-deserved vacation. The trip down to Maryland took us about four hours, counting a stop-off for petrol somewhere in Virginia. I think we arrived at her apartment shortly after midnight EST, and after emptying the stuff in the back seat of my car we collapsed in bed from exhaustion.
The next day was spent roaming around the campus. First we stopped off at Plato's Diner (I don't know if there's really a website there, I'm guessing there is because they've got a valid domain; yes, I'm lazy today) for lunch. They've got excellent Greek food there, I strongly recommend stopping in for a meal or two if you're in College Park. Next was a trip to the local comic book store (come on, you're surprised?) called The Closet of Comics, at which we happily browsed the shelves looking at all the new stuff. I picked up a bunch of back issues of Ghost in the Shell 2: Man/Machine Interface to fill out my collection and found issue #6 of X by CLAMP in a clearance box. Because I was wearing Lyssa's Gem and the Holograms t-shirt (which I've got to pick up, now that I know I can pull it off <grin*>) we got into a conversation with the owner (Steve?) about 80's cartoons. As it turns out, he's also a fan of one of my favourite series, Galaxy Rangers. He's looking for episodes on tape; I've got a few squirreled away. We're going to talk again soon...
It felt good, wandering around the city with Lyssa.. we were wearing the clothes that we'd picked up a few days before, the bondage pants that she'd bought for me at Torrid. It felt good to go around in my war jacket again.. just like old times. Some days I feel like a throwback, others like my body's sixteen again. Dupont Circle is one of my favourite places in the country, hands down. Yes, we got lost; it's been a while since I've been there. We eventually found the Lambda Rising bookstore down on Connecticut Avenue and wandered around for a while looking for a particular book. It felt both strange and oddly natural to be hanging around an LGBT bookstore. There has to be at least one in Pittsburgh but I don't know where it is. The other reason is that I'm bisexual but hanging out with the 'mainstream' of queer society, as some would put it. Maybe I'm on the fence, but I really don't care. If people have a problem with me there's a certain device node in /dev called "null" that they can send their comments to.
Anyway, they've got some good stuff there. If you're in the area check out the store and get a business card, because there are actually four Lambda Rising bookstores in the general area (DC, Delaware, Maryland, and Virginia). E-mail me privately if you'd like to find out more.
I sort of regret not looking up Rialian while I was down there. Oh, well. Time being what it is, we didn't have much time to do so, anyway.
By the bye, please forgive the slight disjointedness of these updates. I'm trying to do a number of things at once right now on about six hours of sleep. Also, the memories are not quite as fresh as they usually are, which helps little.
Lyssa and I wandered for a good couple of hours around the Circle, seeing what there was to see. The weather was beautiful - not too warm, not too cold. A wonderful day to get lost if there ever was one. We found the stores that we were after and picked up a few toys for later.. while they weren't the ER Room, Pleasure Place and the Leather Rack come pretty close. Pleasure Place is mostly clothing and novelties; not much in the way of toys but they do have a small selection of hard to find scene-related books. They're worth seeking out only for that reason. The Leather Rack has a lot of nice toys at a fairly decent price. Their clothing, while nice, is a bit overpriced. Stay local for that sort of thing if you stop in while you're travelling. Lyssa and I met some nice folks who were also from out of town while we were there, and spent a good hour or so talking shop and making friends. They gave us a few leads that I plan on running down. Good folks. Later that night we nosed around the Oriental shoppes and picked out some munchies for the ride home. There are some good delis in the area as well, where you'll pay relatively little for extremely fresh produce. Try the Asian pears; they're the size of softballs, firm, and juicy. They also tend to go bad rapidly, so don't save them.
Saturday was spent on the road. We were supposed to hook up with the.Silicon.Dragon and Elwing while we were down there but Lyssa and I slept in and consequently we were late. We didn't get going until the early afternoon, where we were snared by traffic for the better part of two hours. My lack of knowledge of the area's roads didn't help any. The beltway, apparently, is made up of two concentric rings of roads (one inner, one outer, leading in opposite directions). We got on the wrong ring and wound up far out of the way. Thank the gods for decent cellular coverage in DC, we called Elwing and she managed to lead us in the right direction. This pushed our plans back a few hours, which wound up not being such a bad thing. Running on empty as we were, we hit up Eatzi's, which is a strange mixture of grocery store, deli, coffee shoppe, and restaurant. The premise of Eatzi's is that you walk in and pick up or ask for whatever you like, pay for it, and then either take it with you or eat at one of the tables up front. It's easy to be overwhelmed there due to the sheer variety of stuff both in the deli and sitting out to be picked up. You can drop $30us there and get enough food for four, though. Everything they have is excellent; try it all, but not all at once.
I enjoyed Return of the King very much. It wrapped up the trilogy of movies nicely. To reiterate, the rumours of there being footage of the razing of the Shire or the razing of Isengard Keep are false. There is no footage after the credits. Pass it on. I really don't have too much to write about the movie because a lot of it would wind up being spoilers. That aside, I'm also really not that much of a Tolkien fan. I can read him and appreciate his work, but I'm more of a sci-fi fan.
After the movie was over the five of us (Brian, friend of Silicon and Elwing was with us) went to Hinobe (I think; the typeface on the card is weird), which is a Japanese hibachi restaurant in Rockville, MD. The food there is excellent, but be prepared to spend at least $50us for two. The chefs prepare the food at your table, and they're very good at what they do. The one who was cooking for us had a definite sense of style; once he put his 'game face' on there was no distracting him from his task. It was a pleasure to watch him in action. No wasted motion. No break in concentration. Tasty food, too. Afterward the urge to play pinball struck us after a discussion of the Revenge from Mars pinball game, so we drove to the local Dave and Buster's (don't feel like finding a link to the homepage) to get our fix. We spent about three hours there playing pinball and sundry other games and having a good time. Elwing cleaned up when it came to tickets (I forget which game), and I got to do something that I've never done before: Gun-fu on a shooter game. Got through three levels before getting bored with the game, too. Try it some day.
The next day was, thankfully, spent mostly lazing around the city. Lyssa and I went out in search of an Indian restaurant near the college campus, and stumbled across a small Afghani deli called Food Factory II after we found the restaurant that we were looking for closed. FF II isn't much to look at either inside or outside, but those are the best places. The food is nothing short of amazing, down to the kebabs piled waist-high in the display case. The chicken jalfreezi is nothing short of amazing, and the samosas are pretty good, too. If you're ever in the area, pick up a few as a snack. The gentlemen behind the counter were very patient with us as we looked around and eventually made up our minds (mostly because I can't remember the names of many dishes, as much as I love Indian food they escape me for some odd reason). It's definitely one of College Park's best kept secrets. Their selection of sweets (ye flipping galloping Elder Gods, my sweet tooth has been on a rampage this past week) is quite tasty, and sold by the pound. Lyssa doesn't much like Afghani desserts because they're too sweet for her tastes; personally, I love them. I love the taste of rosewater and honey. It's an uncommon combination. I avoid eating them because I love them... you see where this is going.
Basically, I deliberately backslid for New Year's. In a lot of ways, it's time to start over, and that's one of them. I need to hammer through some problems if I'm going to get anywhere, and I may as well start warming up for the challenge now.
I don't stop.
Which brings us more or less up to the present. Last night Lyssa and I watched Pirates of the Caribbean and ordered pizza. That was a perfect way to finish vacation, with a couch picnic and someone I care deeply for. The goodbyes get longer and longer...
Okay. Now we're caught up. I took today off to recuperate from the trip home. I'm catching up on everything now, and I go back to work, if the gods are feeling kind, tomorrow.
I am The Lovers
The Lovers often refers to a relationship that is based on deep love - the strongest force of all. The relationship may not be sexual, although it often is or could be. More generally, the Lovers can represent the attractive force that draws any two entities together in a relationship - whether people, ideas, events, movements or groups.
For a full description of your card and other goodies, please visit LearnTarot.com
What tarot card are you? Enter your birthdate.
"No! Stop! I still function!"
I'm still alive, everyone. I haven't had to regenerate; I haven't been killed by a rampaging cult or someone from my past; I'm relaxing on vacation, enjoying good food, good company, good toys, and good movies. I plan on heading home this evening (Sunday, 20030104) and staying at home to recuperate the next day.
One entry while I'm connected: There is nothing following the credits of the theatrical release of Lord of the Rings: Return of the King. Nothing. There is no footage of the razing of the tower. There is no footage of the razing of the Shire. There is nothing but the big, blue screen that says what the movie is rated. The rumours of things following the credits are false. You do not have to stay all the way through them; go ahead and leave the theatre by way of the bathroom.
Happy New Year, everyone.
I'm in DC right now and it's actually very early on the second. More to write when I get a chance.
I honestly hadn't expected yesterday to be so busy or stressful as it turned out by the end of the day. Things haven't been going well at work lately and there's a lot to do before the end of the year to make sure that nothing breaks over the holiday. By the time I got home I was run ragged and feeling like crying for the first time in a long, long while; a situation which amounts to having Demonseed Elite in geostationary orbit over one's head has a way of doing that. The specifics of this I'm not allowed to disclose due to my NDA, but suffice it to say that I'm not sweating bullets, I'm sweating enough molten lead to make enough to fill a clip or two. Enough.
I was greeted at the end of the day with a voicemail from Lyssa; she'd planned a dinner outing with some folks and asked me to meet them at John and Lara's after I got home from work. After getting in the front door and fending off Sadie I jumped into the car and headed out there with some trepidation (the stuff that I needed to get done last night). Lyssa and Azanti were already there and John shortly after left to pick up Lara from work. Much of the time was spent trying to come to grips with what had been going on and figure out what would be happening that night. We eventually settled on a small Italian restaurant that I'd never heard of before, Mariani's. Mariani's is small and simply decorated, though the wealth of scents in the air was telling: This was a family restaurant, with food done right and in fairly large quantities. The food is not only done right, it is excellent, and extremely affordable. Coffee, a salad, and a plate of four different kinds of pasta came out to $12us, with plenty left over for a meal the next day. The marinara sauce was excellent, down to the chunks of tomato in the sauce (the fact that all that usually gets made around the Lab is meat sauce made it even more welcome to my palate), and the bread was tasty and moist. I really think I like that place... afterward we stopped off at Whole Foods to pick up stuff for tonight. I'm going to be baking tonight for New Years and I need supplies. Unfortunately I wasn't able to get anything because I just didn't know what I needed.
That's the problem with going places: I don't get done stuff that I need to (in this case, checking the pantry to see what I had to get and copying down the recipes I was going to prepare so I knew what would be necessary). As expensive as Whole Foods is (I can see why people call it 'Whole Paycheque'), most of it is organic and seems to be excellently prepared (like the stollen.. ye gods!).
By the time I'd gotten home it was almost 2200 EST and I was in a rush to get a few things done. I scribbled down the two recipes I was going to make for everyone in my travel journal and gave some thought to what I might need, though not nearly as much as I should have. That's going to have to wait until tonight, when we head out again to stock up. I still haven't balanced my chequebook, which is going to be necessary for vacation in a few days' time. Fern's book of shadows is nowhere near complete, and probably will not be until after I get home. I have to finish taking pictures of Pegritz's Deep One in a Bottle and get it to him somehow; shipping will be prohibitive because it's already been bottled, and the risk of it leaking en route is too great (and with the paranoia of the shipping companies these days, I really don't want to risk the possibility of such a thing in today's political climate). I also have to wonder if John and Lara have everything that I need to actually bake all those cookies tonight...
Sleep last night was at least restful and deep. Perhaps it was that, in light of everything that's been happening, which has been doing odd things lately. The Sight has been giving me surprises lately, though not unwelcome ones. During the morning bus ride into work (which now has so few people in the office right now that most of the lights are turned off)...
I've become completely sidetracked due to the holiday. This update is going to have to wait. Sorry.
Last night was slow, boring, and thoroughly enjoyable. I laid around the Lab reading, fixing my coat (another button was about to come off; I'm thinking about just re-sewing all of them to be done with it), and writing. I also had the chance to practise a technique or two and iron out how it's supposed to work. I'll probably write an essay on it to put online while I'm on vacation.
This morning while I was packing lunch I recieved an unexpected visit.. no, not from Sadie the dog, though we are taking care of her for Dataline's boss for the holiday. A small brown house spider, about the size of my thumbnail was going for a stroll around the kitchen sink early this morning. Out of the corner of my eye I happened to see something small and dark moving under its own power, which always raises an alarm. I don't much like spiders, though I do respect them and give them a wide berth in the house when I see them. This little guy was wandering around trying to figure out what was going on. I didn't think that there were any from that generation still alive, but I guess I was wrong. When I left he was still stuck in the sink, trying to climb out. I wonder where he crawled out from...
The reported insecurity of electronic voting appears to be causing people to take matters into their own hands when it comes to finding facts. VoteHere, Incorporated of Bellvue, WA reported that its computer network was cracked a few months ago (way to tell your customers in a timely manner, guys - you really gave CERT a run for their money). The intruder(s) downloaded copies of sensitive internal documents and software design specs, which VoteHere claims it was going to release publically. Jim Adler, CEO of VoteHere was quoted as saying that the company knew who was behind the intrusion and was cooperating fully with the FBI and US Secret Service, and that they'd resecured their net. The going theory is that the same person who released the Diebold documents in March of 2003 was behind the break-in. A second article states that the intruder set off what is described as a "trip-wire" (probably a NIDS (network intrusion detection system), though it might actually be a copy of Tripwire) and he was monitored while the FBI was contacted. It was stated that the compromise did not result in the alteration of any software in development, only documents like payroll and salary records. Given the run-around that Diebold has made famous when it comes to electronic voting machine security and the stuff that's been leaked to the press about it, I don't blame whoever was behind this. In fact, I have to be honest by saying that I condone the break-in of these two computer networks. If these compromises had not been done the public would have absolutely no idea that there were any problems at all with e-voting, that the security of these machines was weak, that the design of the software and hardware countermeasures has major vulnerabilities in it, and that some of the staff of Diebold did this deliberately. Why did the intruder head for the payroll and salary records? I don't know, but my theory is this: "Follow the money." It works for private investigators, why not a cracker digging up data?
Forewarned is forearmed.
The National Institute of Standards and Technology has approved OpenSSL for use on government networks. OpenSSL, an open-source secure sockets layer library, is used for encrypting data in transit on a computer network by tunnelling application layer protocols (like HTTP and FTP) transparently. The library has passed the FIPS 140-2 level 1 tests, which means that sensitive yet unclassified data may be encrypted with this system.
The weekend's been a long one.. it felt like a vacation, albeit an extremely short one. On Saturday morning I drove out to Lyssa's to pick her up, though not without life throwing the occasional curveball. Getting up early and getting the car packed is one thing, but when my new coat threw a button just before I walked out the door I had to stop and sew it back on. Driving out to the hotel to get her checked my coat threw the matching button on the other side with a festive little "Click!". So much for workmanship these days. Then, I discovered that the usual checkin time for that particular hotel is 1400 EST. Having arrived around 1030 EST this posed something of a problem, but had little actual impact. Turning westward I refueled at a nearby gas station and stopped off to pick up a sewing kit to repair my coat at a future time. It was around this time that I helped a gentleman who'd coasted into the gas station's parking lot get his car restarted. I'm no mechanic, and I've little knowledge of cars from the 1970's (a real beater if I ever saw one, rusted to hell and back but somehow still mostly running) but it doesn't take much to jumpstart a car. One of these days I'm going to start carrying a pair of cables with me; thankfully someone else parked at the station had a pair with him. That done, I took off toward southern Pennsylvania.
I noticed on the way down that the highways were far emptier than usual, and not just for such a relatively early hour on a Saturday morning. I guess everyone who would normally be on the road either got to where they were going or stayed home this weekend. After arriving and saying 'hello' to her family we loaded up the car and trucked back in to Pittsburgh. Our first stop was breakfast to finish waking up and catch up on what had been going on. Lyssa's rewriting parts of her last paper before turning it in; the only problem has been getting computer time at home to perform the final edits. It makes me wish that Kosh, my old laptop, was still workable, otherwise I'd have loaned him to her. After breakfast we headed back to the hotel to get her checked in and rest for a while (I find long road trips incredibly tiring, even though I love to travel) before gearing up to go to the Bisexual Pittsburgh meeting. We got there much later than we'd planned, arriving just after everyone else had left. So far I'm still 0 for I-don't-know-how-many meetings. <sigh> We did, however, manage to hook up with John, Lara, Lupa, and Anomie for dinner shortly afterward at Eat and Park, which seems to be the strange attractor in Pittsburgh if you've never been to one.
Once again, I'd proven that I really can't parallel park. It took me twenty minutes just to get situated, though five to eventually leave.
Because Bi Night Out was going to be held at B'witche's Tavern most of us ate sparingly, because the kitchen there produces quite good fare, and at a very reasonable price. I wound up getting into a discussion about the benefits of colloidal silver supplements for the purpose of strengthening the human immune system with Anomie while we were there. To be honest, I remain skeptical about colloidal silver. Silver is a bio-neutral metal in the body, and the purpose it serves in the immune system, as it is usually explained, I find dubious at best. I also find it questionable that the terms used to describe the colloid itself are less than technical (having studied chemistry for quite a few years in college I tend to notice things like that) - for example, describing the colloid in parts per million of silver in colloid rather than a molar concentration. But that's neither here nor there. Lyssa was kind enough to sew the other button back onto my coat while we were at the restaurant and figuring out how we were going to go to the Tavern.
Eventually we split into two vehicles and set out for the night. The Tavern, while not terribly busy, was in full swing by the time we'd rolled in and placed our first orders of mead for the night. I'd been loitering around waiting for everyone else to arrive (Alexius had organised a pagan night out for the same evening and location) and running around keeping busy. Dinner consisted of a chili breadbowl and nachos to better pad by stomach lining for the evening to come. Eventually 'lex and crew arrived and moved in like they'd become regulars there (which they had), taking over the pool table and the karaoke setup. I have to hand it to Nicky, the man can sing extremely well. The tricky part was crossing introductions between the two groups. A lot of people had been waiting to meet Lyssa for quite a while, and that night they'd had their chance. Lyssa had some henna work done while I was being social.
I noticed something very strange that night - no matter how hard I tried to get John into a conversation with someone it never seemed to work. Not from lack of trying on his part, mind you, he was doing everything but waving white flags in front of people trying to get their attention. I'd bring him over to someone, they'd ignore the two of us and keep doing what they were doing. John would walk away, and I'd be grabbed in a hug like I'd just walked into the place. This happened no fewer than four times that night, even with Alexius.
When life gets weird, it gets weirder than a Tupperware party where someone has spiked the punch with a goodly amount of LSD.
That oddness aside, much fun was had that night. It was great to see everyone and party. I hope we can do it again sometime.
The Bi Pitt group wound up departing shortly after midnight due to the length of the drive back to Pittsburgh. We split up once again and Lyssa and I retired to the hotel to sleep.
The next day we got up in plenty of time to clean up and make checkout time. Afterward we went next door to the restaurant for breakfast and to wake up. Lyssa was feeling under the weather from the night before (though not actually hung over) so we took it easy for most of the day. I called John and Lara from the restaurant and we decided to go out for a day of shopping around the city. We picked up John and Lara and then headed southward once more to Robinson Town Center, first to Best Buy so Lara could get a new cellphone while the rest of us looked at DVDs (I picked up the Barb Wire director's cut - I love bad sci-fi, especially when Udo Kier's in the cast) and the stuff on the return tables. One of these days I'll buy a Playstation 2, but not anytime soon the way things are going. After that we blundered around an area even more confusing than Pittsburgh is in an attempt to find the mall. Eventually we found the right parking lot and headed to Torrid, your basic city mall 'counterculture' store, slightly more upscale than Hot Topic, from what I've been able to tell. Lyssa bought a few new outfits, including a vinyl dress, some new pants, and a few new t-shirts. The rest of us wandered around looking at everything they had to offer. I've never been in Torrid before so it was a new experience for me.
I still find it amusing that they now sell t-shirts for television shows that have been off the air for almost fifteen years now (like G.I. Joe and Jem (which I still have a soft spot in my hearts for)).
Lyssa bought me a pair of bondage pants while we were there. They're black linen and have the usual zippers, straps, chains, and odd random pockets all over them. I've always liked the look of carpenter pants though I'm used to bondage pants that I make and not buy. Call me odd. Anyway, they fit very well, even in the height of the holiday season. I also bought the new Projekt Records sampler CD for a song (so to speak) and a couple of pins that I've already added to my war jacket. It's been so long since I've listened to anything that Projekt releases, it'll be like catching up. Lyssa was still feeling poorly at the time and we also had a previous engagement to fulfill, so after a quick bite to eat we dropped off John and Lara and then headed back to the Lab.
My family has been waiting for literally months to meet Lyssa but never had the opportunity to do so. This time around we made the time to pay them a visit. Lyssa and Dataline get along famously on the phone, and they struck up a conversation right off the bat when we walked in the door, one which lasted the better part of two hours. I gave Lyssa the fifty-cent tour of the Lab, including my bedroom (such as it is) and the Lab itself on the bottom floor. Lyssa loved the place.. she spent a long time going through my bookshelves and the stuff laying around, and looking at what's left of the walls. She even met the Children. We spent a long time going through my sketchbooks and photo albums. Unfortunately, our time was all too soon over, and I dropped her off back at John's apartment for the trek back home. Earlier that day fatigue had begun to set in and I was beginning to doubt if I'd actually be able to make it all the way out there and back again. Discretion was the better part of valor and I accepted John's offer to drive Lyssa home that night.
Lyssa came out to her folks late last week. Thankfully it went better than it usually goes.
Every once in a while articles about CIA wormtech gadgets appear in the public media. True to their reputation they'v got some neat gear kept under wraps, like cameras that strap onto pigeons, robots of all sorts (usually aquatic) that are used for monitoring (though exactly what is monitored is kept restricted information), and transmitters of all kinds. Mind you, this is the obsolete, unclassified stuff that makes it out; gods only know what they're sitting on (or using right now). I suspect these articles are more for the purpose of "you're never going to know what we've got until it's long after too late" rather than "this is what we had working for our side, just so you know" if that makes any sense.
I just goes to show that the old adage is correct - "Eat right, exercise, and die anyway." No matter how healthy you live the amount of toxic material that builds up in your body is incredible from exposure to the environment alone. Eating organic to avoid fertilisers and heavy metallic ions in the soil doesn't mean a whole lot. Flame retardant compounds from fabrics leech into the body. Residual environmental contaminents still make it into our bodies no matter what we do. Frankly, I don't have much to say on this topic, not from lack of wanting to but simply because there's nothing intelligent that I can say. Eating organic (which I've begun to do in recent months) doesn't help because the air, water, and soil are still polluted, so much so that even if you don't add anything to it while you're growing anything it's still going to be taken up by the plants and stored. You can use a water purefier (which I did when my body was younger) but that's not going to stop the intake of toxic gases with every breath from combustion. You can't not breathe, nor is it possible to make a simple filter that strips out those gases, and it's not that simple to fractionate mixtures of gases. It's all around us, there's no escaping it. As far as anyone knows there's no way of getting the pollutants out of our bodies safely (chelation therapy is limited to only certain heavy metallic compounds, like mercury), as far as I know.
Among the other DVDs I bought this weekend was the final volume of X. On one hand, I've been waiting for it for a while now, to bring closure to the series. On the other, I'm very disappointed in how it ended. The body by now is extremely high and now only the most powerful Dragons remain. At this point the series just started to feel like they rushed it, which they probably had so that they had enough episodes to fill a season. I can accept that, though I don't like it much. What really got under my skin, however, was everyone suddenly throwing themselves into the fray to die because "that's how it's supposed to be." That struck me as being very unrealistic and fanatical. The subplot with Hinoto went from being very shadowy and mysterious to lame in about five minutes. The final battle left me wanting. I'm going to have to watch it again before I say anything more about it, but suffice it to say that it's far from my favourite. I might start on the Ninja Scroll OAV next (yes, they finally made one).
Lyssa's in town, I'm out and about. I'll write tonight.
Okay.. let's see.. what happened yesterday? Perhaps I still feel the excitement of Christmas Morning as I did long ago, I was up bright and early to face the day. After a quick shower the family and I exchanged gifts in the living room, per our custom. My grandfather recieved some new clothes, a new pair of sneakers, a new pair of slippers, and a voice-activated remote control for the home entertainment center. I gave Dataline some clothes that she'd suggested a while ago, a new book, a copy of Chicago, a velvet photograph album, and some more Lady Stetson, a perfume which she's been taken with for as long as I can remember. I recieved from everyone a USB data card reader (I don't know what else to call it, it reads compact flash type I and II cards, secure digital cards, MMC cards, and four other varieties of data storage module) and a compact flash card for my Zaurus, a Barnes and Noble gift card and some discount certificates, a copy of Shadows Over Baker Street (a collection of short stories that area crossovers between H.P. Lovecraft's world and Sherlock Holmes; some of them are quite good), and my final gift.. a full length leather trenchcoat.
I'm quite a fan of leather clothing, so this blew me out the door. I plan on wearing it quite a bit.
After that we picked at the leftovers for breakfast and watched movies for most of the day. Lyssa called shortly after breakfast and we caught up. Then, not long after that we recieved a call from an unfamiliar number - First Child was calling from overseas to wish everyone a happy holiday. I've never gotten to speak to him before, we've only communicated via e-mail and the sundry VR systems that dot the Net so it was quite a surprise to hear his voice for the first time. We spoke for a while and caught up on old times, but all too soon it was over. I hope that we can speak again soon.
The rest of the day was spent lounging around trying to read (I didn't get much done) and relaxing. We put the turkey in around mid-afternoon and then sat back to watch The Matrix Reloaded and wait for dinner. We made stuffing and yams from the ground up yesterday, two things that I'm going to have to write down soon before I forget how to do it. One thing you've got to love and hate about the holidays, it's all the good food. After dinner we got the house cleaned up (doing the dishes and other lifestyle maintenance-type stuff) I headed downstairs to read a little. the.Silicon.Dragon arrived shorly before 2200 EST to exchange gifts - I gave Elwing and he a package of cookies (my last one, incidentally) and a pair of gift cards for Borders, and he gave me a small package wrapped in duct tape and neatly written SMTP commands - a compact flash 802.11b WaveLAN card for my Zaurus. I immediately got my pocket computer and jacked it in. The drivers in the Sharp ROM picked it up immediately and off I went, downloading new packages via the Zaurus channels (there's more to it than that but I'd rather keep the vagaries of my WaveLAN quiet - e-mail me if you're curious) and testing out Kismet.. and discovering that I didn't know how to send a control-C command to kill kismet_server. Hee hee hee... I'm definitely going to be experimenting with this new toy this weekend.
All too soon it was over. Silicon lives down south now and I had to get up early for work today, so we said our goodbyes and parted ways.
Which brings us up to the present.
The close of the year inevitably brings with it a recap of the highlights, including news stories (both good and bad). Here is one such story about boobytrapped software that doesn't do what it's supposed to. Serial numbers that don't work, applications that phone home, malfunctions that trash critical functionality in your system, and everything in between. The article talks about what's been reported as being bad and what you can do about it (or why you should avoid them if you can). Give it a look if you like to download shareware or freeware from the Net. And update your virus scanner (which is good advice anyway, but I know that some folks were partying last night.)
I've been getting a lot of use out of my French press lately. I can now make all of the exotic coffees that I love that have been piling up around the house because I'm not allowed to make them in the big coffee maker. Not everyone particularly likes raspberry/Arabica espresso, so I can understand that. Now I can get torqued whenever I like...
I hate to say that I was expecting this but I was expecting this: The British Mars probe Beagle-2 didn't report back after it touched down. The Mars lander, which was designed to look for signs of life on Mars is MIA, like all the others in recent years. At first the research team thought that the orbitting satellite missed the probe's report but the Jodrell Bank Observatory also didn't pick up any signals. There's talk of scrubbing the project if they can't pick up anything by the end of today (probably GMT). Beagle-2 must opens its array of solar panels to recharge its power cells if it's going to have any chance of carrying out its mission. Whether or not it'll do so is anyone's guess. Professor Colin Pillinger, chief scientist of the project, was quoted as saying that they're going to give the situation more time to unfold. Speculation is rampant right now: The lander might not have touched down where they thought it would, or the antenna arrays or solar panels might not have unfurled properly, or it might just be that it's facing the wrong direction; they remain hopeful.
Personally, I'm not holding out much hope for Beagle-2.
My bus driver mistook me for a woman this morning. Damn, I'm good.
We Time Lords have to stick together, after all.
Joyous Yule, everyone.
I'm spending the holiday jacked out, folks.. I'll write tomorrow.
Last night was looking like it'd be one part consulting gig, one part black op because I went over to Grant's last night to set up the deck he bought for his kids (so they'd stay off of his and his wife's machines and not wreck them again with spyware, adware, and screw-your-deck-up-ware) and wound up working on every system in the house. He bought an eMachines system for the kids (I didn't know they were still in business; shows how much I get to Best Buy these days) which I unpacked and assembled in his office under cover of closed door because it's supposed to be a Yule gift. I doubt it's stayed a surprise but it happens when there are kids in the house. He bought one of the Linksys WaveLAN-via-USB units to connect it to the wireless router upstairs. That actually wound up being the biggest pain to work with because the office has poor signal quality to begin with, and everyone had forgotten the WEP key. The solution was simple: Go upstairs with the router's CD-ROM and re-set everything. Amazingly, I got Kabuki working on their waveLAN last night for an extended period of time, which to date has been impossible. While the new box was updating I set to work on Grant's laptop by installing AdAware and disinfecting it of all the spyware that had settled in. This had the added side-effect of messing up his waveLAN configuration for some strange reason (it would only try to associate with the AP at work) but he's going to have their admin take a look at it today. Also, I noticed that the keyboard on the new eMachines deck wasn't all it was cracked up to be: They keys are mushier than normal for a keyboard these days, the spacebar barely worked, and the slash-and-question mark key tended to slowly sink into the down position and get stuck. I advised him to get a new one if at all possible. All told, not a bad gig.
I'm hoping to go home early today so I can get some cleaning done around the house - decorating's left it a mess. An odd turn of events, no?
Because there were so few people on the bus today the bus driver was able to skip most of his route, which got us into town a good 40 minutes early. Maybe I won't go home early, after all...
The MPAA appealed Jon Johansen's acquittal a few days ago, and their appeal was denied. Judge Wenche Skjeggestad, who presided over the trial, stated that Johansen can copy and play DVDs freely and that he had not violated any laws meant to protect intellectual property. Kudos to Skjeggestad for knowing the score on that one. Prosecutors are at this time considering an appeal to the Norwegian supreme court.
I don't know if I think that this is cool, or if it's scary - someone turned their cubicle at work into a house for the holidays. A roof was added, everything was covered in wrapping paper, there are Christmas balls all over it, there's even a doormat. The reason I think it's scary is that a lot of folks like me (IT people) have to work over the Yule holiday (as most people, not I, reckon it) or are on call. Too many of us also have to pull double or triple shifts at the most inopportune times, like right now... it's possible to think of your cube as more of a home than your actual homestead.
savannah.gnu.org is back online after being compromised a few weeks ago. Security's been locked down since the server was discovered to be compromised, including everything from chrooted project environments to stronger encryption processes to get anything done. Good work, guys.
Jim, one of the guys I work with (whom I gave a batch of mélange to as a gift) gave me a French press this morning. It's a little cannister with a hopper for coffee grounds and a plunger, and they make excellent coffee in a hurry. I can't wait to try it out.
Much to my surprise the office closed at 1400 EST today - the powers that be let everyone out early for the Christmas holiday. Thanks, guys.. that really does mean a lot to me. I took the extra time I had (I was planning on leaving early today anyway, this just meant getting out an hour early) to wander around the city some. I stopped in at Barnes and Noble to see what they had and to do a little last minute shopping, to make sure I had all my bases covered. As I left the store a homeless guy stopped me on the street, asking for fifty cents for food. It probably wasn't going to go for food, I rather doubt that it ever will, but I gave the guy two dollars and turned down both the change and the two dollar fast food coupon the guy offered me. It's Yule, and I can be wrong. I hope the guy really did use it to buy himself some food, or some warmer clothing (the temperature plummeted after noon local time). Dude.. good luck to you.
I got to the bus stop earlier than I'd intended and froze my six off waiting for the bus, then rode home per usual. Dataline and my grandfather had cleaned up the top floor by the time I'd returned (which I'd planned on doing after I'd gotten home, anyway) and were already producing pierogies. After a brief rest I brought up another load of decorations, these for the outside, from the basement and started setting them up outside. Wouldn't you know it, it's been trying to snow most of this evening. After that they turned me loose in the kitchen to help make Christmas Eve dinner. Dataline made borscht while I washed and fried the fish for the second course (Dataline found perch at another local supermarket somehow). Holiday meals are funny: They take three hours to make but fifteen minutes to demolish. After dinner we sat around for a while and then retired to wrap our gifts. I eventually got all of mine wrapped up and put under the Christmas tree and then finished making Lyssa's gifts.
Lyssa's gifts came in the mail today. She sent me a CISSP study textbook (yay!), a beginning hobbiest's guide to robotics (this is going to be fun..), the latest book from Disinfo, called The Book of Lies (a tip of the pin to good old Al), a couple of novels (everything's upstairs under the tree right now and it'd be difficult to bring them down to look at them, sorry), and another French press. Now I have one for the Lab and one for work. The caffeine will flow..
Last night's Solstice Dinner was fantastic. Thank you so much, 'lex. The night got off to a rough start as tempers flared when we got home but in the end we managed to cobble things back together, and came up with a new, workable recipe to boot from it all. I hurriedly wrapped up the gifts I was going to give and was ready by the time the pierogie lasagne was out of the oven and covered (I'll post the recipe for it later). The drive out to House Pendragon was mercifully uneventful, and I was greeted by a living room full of people that I don't get to see very often at all. Many hugs and gifts were exchanged last night. I gave Alexius a new journal, Andrea and Taja gift cards, and Fern a jar of mélange and recieved a sigil-stone, a beautifully woodburned jewelry box from Fern, and some Evangelion figures from 'lex (Ayanami Rei, both injured and uninjured, and Unit-02). Alexius was showing off his new ink, a gift from Fern.. she got him a tattoo of his family crest for Yule. I wish I could have been there to see that. The night was filled with good food and good friends (and far too much of Nicky's gingerbread; ye gods, it's all about the molasses).
National security isn't, as Los Alamos proves once again. A number of managers and miscellaneous employees have been placed on administrative leave as an inventory conducted earlier this month has revealed that a high-capacity hard drive and nine floppy disks have gone missing; the storage media carried a classification of 'classified', which is why facility security's in a tizzy. While the media may have been destroyed there are no records of this being done, which further exacerbates the problem.
Update your scanners - the Sober.c virus has been upgraded as a security risk because it contains an SMTP (simple mail transport protocol) engine, which means that it's capable of transmitting e-mail, in this case, to addresses culled from the host machine's address book. Network Associates did a writeup of this beastie, give it a read. Just one more pain in the six to waste people's time..
Mmm... that first batch of mélange turned out excellent! What's left of the fog in my head from a rather un-restful evening is already gone.
SCO has decided that they own the copyright on 65 header files in the Linux kernel. For non-coders, header files are text files that hold things that are necessary for a program to make sense, like what arguments functions take and what they return, constant values, and the layout of data structures, but make programs difficult to read if the same code is replicated in multiple files. Headers are included where necesary to reduce clutter and repetition. The files that SCO is talking about are important to programming in general because they define values and functions having to do with error reporting and handling, input/output, signalling (telling a running process to do something), and inter-process communication (allowing two or more processes to interact autonomously). Right off the bat, I noticed something weird about this letter that SCO sent out: The header files are specific to different hardware platforms (like the IBM S/390 mainframe, Motorola 68000 series CPU, Sun SPARC CPU, and the Intel x86 and ia64 cores, to name only a few). This means that each file was rewritten for a different processor architecture when Linux was ported to that platform. SCO didn't port Linux to all of those platforms, a lot of different people working in concert over the years did.
Linus Torvalds has read SCO's letter and done some checking, and his initial response sums up to this: "Umm.. guys? I wrote a few of those for Linux v0.0.1." I'm being smarmy here, but let me continue.. Linus has stated that he wrote the original errno.h file using the tome Intel 386 Family Binary Compatibility Specification 2 (the bible of the Intel x86 series, unless I'm mistaken (if I am, tell me!)), published by Intel. SCO's talking about files that have literally been around since the very first release of the Linux kernel back in 1991, well before they started working on Linux in any capacity at all. Also, the thing about naming conventions is that they make things with a similiar or identical purpose (though not necessarily an identical implementation) look the same, so people who look at them know roughly what they are supposed to do. That doesn't mean that the code was copied, it means that the people who wrote it read the bloody standard and followed it (at least insofar as how things are named). Linus talks about the changes in more depth in this post to the linux kernel developer's list.
Geez.. this is making some of the Church of Scientology's antics look funny.
Openwares.org, the open source company that released a patch for an IE flaw that Microsoft is ignoring has released a second version of the patch because one of the users found some bugs in it. Only a very small fraction of IE's users have installed it, though.
What a weekend.
Last minute holiday shopping has turned the outside world into a madhouse, with all the organisation of a lack of thorazine. In a change from Saturday I decided to sleep in and get a leisurely start. Wouldn't you know it that it would be yesterday that they decided to get motivated. The shopping list was thrown together and I jumped into my trusty car to hit up the supermarket for supplies for the week to come.
First of all.. since when is perch so bloody hard to get? It's one of the more common fish out there. Hell, if I wanted to I could go to the local lake, throw in a line or two, and come home with a couple. Why is it that no markets have it in stock?! Sheesh...
Second, the ratio of processed sugars to real food in stores these days is frighteningly high. But that's neither here nor there.
It wasn't getting everything together in the store that was problematic, it was waiting in line. Per usual, the store's overfilled but understaffed, and if you're out to get ready for the week to come the sheer amount of stuff is too much for the folks there. But I'm thinking about the wait in the lottery line for my grandfather. I'd been stuck in line for over a half-hour while an 80 year old gentleman in front of me was playing a stack of numbers from cards that had to be at least one inch in height one at a time. The guy was only partway through the deck of re-playing lottery tickets when he reached into his back pocket to get his wallet.. and his pants puddled around his ankles right in the middle of the store. As if this weren't bad enough this reminded him of another five numbers to play, still with his pants around his ankles. Only after those numbers were played did he pull his pants back up.
At this point I turned and left the store for a locale where the flags weren't flying at half-mast.
While I was waiting in line to check out my cellphone rang - Silicon Rose called. She was in town and waiting in Squill, as we'd discussed a few days earlier. Added time pressure: Get everything done so as not to keep people waiting. I raced home, unpacked and put away the groceries, and hurriedly wrapped up (well, 'bagged' is probably a better word) the gifts I was going to give Nicole, Lu, and Jason, then jumped back in the car and took off again. Some days there's just no slowing down. Nicole and Lu were waiting in a nearby pizza place; Jason was still at home. It was good to catch up on old times, I miss everyone. Nicole and Lu loved their gifts.
We headed back to Shady House to get in touch with Jason and finish exchanging gifts. Lu gave me a little stuffed raccoon who sits posed.. it's the cutest thing. Nicole got me a Build-a-bear named after my LARP character, Operand. If the raccoon is cute, Operand's adorable. He's dressed in a leather jacket, tanker boots, and fatigues, wearing a pair of mirrorshades, and is holding a cellphone.
My hearts melted when I saw him. I sat on a couch in Shady House cuddling him for a good two hours. I'm going to put up some pictures tonight if I get a chance (because I'll be at Alexius' Solstice dinner).
Thank you, Nicole.
After we met up with Jason we got lost on our way to Station Square - Kiku's is there, possibly the finest sushi restaurant in the city. Much sushi love. Much laughing, crying, wisecracking, joking, venting, and just having a good time. I miss everyone.
By the time I got home last night it was around 2200 EST and I put together a huge batch of mélange to put into those vaccuum jars to give as gifts this week. I brought one in with me this morning to give to one of my friends back in GIS and gave Pete and Chris their gift cards. The other two I'll be giving out tonight at the Solstice dinner. Pete gave me a Coca Cola coffee mug set. It's going to go well with the tiny bit of mélange I have left over at home.
Daniel Baas, who pled guilty last Thursday to charges of of cracking the Acxiom Corporation's consumer information database was caught,as it turns out, because of an unrelated incident in which he used illicit access to a telephone company billing computer to dig up the contact information for a Cincinatti, OH FBI agent, which he then passed on a friend via an IRC network. Baas was picked up for cracking county webservers, and when they analysed his systems they found the log file of said IRC session... and then proof that he'd been owning corporate networks all over the Net. This, understandably, probably caused many bad words and shouts of horror to be heard all over the world. Baas is looking at 46 months in federal prison and is currently incarcerated without bond until his trial for yet another set of charges for cracking Ohio state systems is over, which should be in about two months. There's another article here, at the San Diege Union-Tribune.
Jon Johansen has been acquitted again!
This morning brought with it a brisk hike up six flights of stairs to get to the office because the elevators were out of commission. Maybe I'm out of shape, maybe it's all the food from the holiday season, but it wasn't fun making the climb to the top floor of the office building. I made it in fairly decent time with only a little heavy breathing to show for it. I think I have to work on that.
Remember that Snort rule I wrote a while ago to detect SMTP AUTH bruteforce login attempts? I was browsing the snort-sigs mailing list this afternoon and saw that it had been added to the current set of detection rules. Wow. I did something useful. Its designation is SID #2275, revision 2.
Remember that fight I was talking about a few weeks ago? It finally happened. Twice, actually: Once earlier today, and a second time this evening after dinner.
I hate my lives.
I made sure to get up early this morning (around 0900 EST) because I had a full list of stuff to take care of - laundry, last minute shopping, finishing a few gifts, some cooking... a full day, in other words. I'm rather angry that I got started on everything about four hours late, but the more I think about things I suppose that I shouldn't grouse about that. After trying to move the Christmas tree platform by myself, as well as trying to set it up alone I think I have more of an appreciation for how difficult it is for everyone else to do the same thing together. That sucker's big and unwieldly. As for ripping the old paper off of the platform and yanking out the staples (big, quarter-inch roofing staples) with my multitool... okay. I'll grant them that. I'm still not sure how I got them out. Maybe my multitool is just that good. As Pegritz would say, "Ida know."
How'd I lose the last two paragraphs?
Let's try this again... this is the last weekend before the Yule holiday (if my guess is right - my sense of time is completely screwed up) and it seems like everyone and their backup is doing last minute shopping. I drove out to the local mall to pick up a few of my own (okay, so I was one of them..) and picked up Ziggy's Christmas stocking of toys, which is something of a tradition in our house. I also found a couple of storage jars at Wal-Mart to hold the batches of mélange that I'd promised a few people. It hasn't been easy finding suitable containers but after enough searching I found a couple. Strangely, they're quite similiar to the one I put the Deep One into.
Why do I keep harping on that, anyway? Maybe it's because I'm proud of it.
I made it almost as far as Hack Shack at the mall, then turned back and wandered around for another half hour looking for my car.
This is ironic: I can remember almost three score root passwords but I can't remember where the hell I parked my car. How does that work?
After that I headed back northward to McKnightmare Road, which lived up to its name once again. Being stuck in traffic for a solid hour isn't fun. It took the better part of a CD to make it to Borders, which wound up being a waste of time anyway. I was tired and worn out and didn't want to think about what someone might want. I wound up turning around and heading home, only to discover that Dataline had ordered pizza for dinner. I can't argue with that. It was the time after that which got to me... you all know where I stand on the Holiday season, so I don't see a need to rant about that all over again (if not, scroll back about a week and read that particular entry). Suffice it to say that we definitely do not see eye to eye on a lot of things. She knows that how I feel about being forced to take part; I know that she really doesn't care. Continuing this battle is going to make about as much sense as trying to eat a desert's sand. It'd be scratchy, dry, gritty, painful, and uncomfortable after the fact.
I feel like I'm compromising the last of my integrity. This isn't a good feeling.
Song that best describes life right now: The Cure - Why Can't I Be You?
It's odd. This seems to happen most often when I'm dating someone. It is not because I am easily goaded into acting like an ass (which I assume that I am doing at this time, for the sake of clarity) - in fact I've walked away from both friendships and lovers because I knew I was being manipulated. It's because when I'm dating someone I've got something to remind me that there's more to life than getting up every morning to go to work, that there really is more to life than staying home because I don't feel like getting yelled at for wanting to go somewhere, that there are things to see and do and that yes, it's perfectly permissible to want to live alone and be responsible for oneself.
To sum it up, that it's possible and desirable to have a life.
Morpheus beat me upside the head with a shovel, I sound like a fucking adolescent. I should get some sleep before I blow the last of my credibility along with my integrity complaining in this forum. I should stick to 'formal' weblogging and not crud like this.
It's about time that someone did some sanity checking... in St. Paul, MN, a 112 year old law against crossdressing has been stricken from the books. The law still prohibits nudity, lewd behaviour in public, and other refinements (to steal one from Hard Harry) but it is now legally acceptible to go out in public "in a dress not belonging to his or her own sex (sic)". It's about time. In a public hearing on Wednesday night (presumably 20031217) no one stepped forward to oppose the removal of this statute.
I can't say that the fact that state governments are selling their voting registration records surprises me. It's common knowledge that when you join a political party you're going to get mail from groups that the party supports and you're also more likely to be visited during campaign time by local candidates who are members of that party - party HQ makes its records available to other members of that party who (theoretically) won't abuse the data.. like when they're hitting the campaign trail and they want to round up backers. This has been done in Pittsburgh for years: Candidates knocking on the door asking for signatures. When asked, they say that they got your name and address from the party's membership records.
However, the article I'm talking about means states selling voting records to commercial organisations for the purpose of marketing. This data is then combined with purchase histories (also sold by companies, such as chain stores like Wal-Mart and Giant Eagle), credit histories (purchasable by anyone if you know what to ask for on pretty much anyone), magazine subscription lists, television program rosters (which are kept if you subscribe to a service like Comcast Digital Cable), and other sources of information to build profiles on people. These profiles are then used to predict what else someone is likely to puchase and the appropriate advertisements are sent out. Nearly half of the states in the USA don't have any restrictions upon what can be done with such records, and the rest can't stop someone who is obeying those restrictions from giving the data to someone who doesn't. Moreover, only one state (Iowa) tells its registered voters that they will probably sell the information; as far as I know none of the rest do. Many states also don't strike out sensitive information provided by people when they sell those records (such as the Social Security Number); this is a Bad Thing for obvious reasons. There do not appear to be restrictions on whom may purchase copies of these records, either (a reporter was able to buy California voters' records right off the website).
Anyone else slightly worried about this?
Anyone else planning on making some screwball purchases to mess with their buying history?
Remember the latest IE bug that makes it possible to spoof the displayed URL of a site, which is often used for identity theft scams? Microsoft hasn't released a patch for it yet (and because they promised not to release any patches in December of 2003 they probably never will) but an open source software firm has. Openwares took matters into their own hands and put up a site that call tell you if your browser is vulnerable to this expoit and has released a patch (with source code) for the problem.
Let's hope this doesn't become a habit, shall we? The users aren't supposed to debug Microsoft's software, Microsoft is supposed to debug Microsoft's software. That's the whole purpose of having a QA department, right?
Kevin Mitnick has been commissioned to write another book, tentatively titled The Art of Intrusion, and is supposed to be [ha,cr]acker war stories. To gather material he's putting out an all-call for tales from the underground. The names of intruders and the organisations hit will be redacted, the article says. A $500us prize was offered for the best story that makes it in, and a $200us prize for each story used.
It's the little things that fascinate me the most. Last night after re-sewing the back cover of Fern's Book of Shadows (because I'd messed up the method I was going to use but remembered my original plan on the bus ride home yesterday) I discovered something: It had probably been a bad idea to do so. Between the cold weather and hacking away at work for eight hours straight my hands weren't in the best shape. In fact I think I messed them up a little bit by hand sewing the sheets of leather. At Lyssa's encouragement I packed it in last night and stayed unplugged. To those of you awaiting responses please be patient. But that's just background to what I'm writing about; context, if you will.
As I was saying, I packed it in early last night and retired to the bathtub to relax with a book. I prefer showers because they're fast enough to get the job done but not having anything terribly pressing going on I decided to soak and relax for a while. I was resting happily in the tub, letting the heat and steam relax the muscles of my wrists and forearms (it's a fine art, leaving just the hands, head, and book above water; everyone should master it) when the bathroom door creaked open and Ziggy padded into the room to see what was going on. She hadn't done that since she was a kitten, I remembered. It used to be so cute, how she's sit on the edge of the tub and bat at the water, presumably wondering what it was or why there was so much of it in one place at the same time. She did that again last night, looking for all the world like a kitten exploring for the very first time. It never stops tugging at my heartstrings when she does that; to this day I don't know why.
It's memories like that which I treasure. The quiet times in life; the most simple.
Between the extremely low temperatures that we've been having lately and work I've not been a happy camper - my wrists bother me almost constantly, and the circulation in my hands is so impaired that they're cold even after getting out of the shower. That's not good. Unfortunately when I get like this I'm not in the greatest of moods; it's been putting pressure on at home lately, needlessly so.
That said, I was extremely happy to spend the night alone working on stuff. I finished the last coats of varnish on Derek's Deep One statuette. The little sucker looks sinister, if I do say so myself. It turned out much better than I thought it would. I'm going to take a few pictures of it tonight while I'm baking another batch of cookies and put them up for everyone to take a look at. I'm also considering sending them to the Propping Up the Mythos site for inclusion in their gallery, if it turns out that my work doesn't suck too badly. I also spent some time last night working on Fern's Book of Shadows, something that I've been worrying about for a while now. Because the pieces of leather she gave me aren't large enough to make a proper book cover I'm making it in sections. Unfortunately, I messed up last night when I was attaching the back cover to the spine cover. Namely, I'm not joining them together properly. I'm going to have to remove the stitches I did last night, fold the leather to make proper seams, and re-do them. I hope that the tape comes off cleanly enough to make this possible (the leather has to be splinted somehow in order to go together in the right way). We'll see how that turns out this week because I'm really running short on time these days.
I have noticed something unusual in the past two months or so: I have been wanting more and more to do creative things, like writing, drawing, and sculpting (oddly enough). Some nights that is really the only thing I want to do, and I find myself getting irate when that is not possible. I am not entirely certain of why.
I must confess, I do regret the substantial loss of time in the evenings anymore. There just is not enough time to get everything done that must be done, let alone the things that I actually enjoy. I do not know how to handle this.
It appears that someone pretty high up is afraid of repercussions for something... Mapquest's aerial photograph database has had some of its photographs edited at the request of the United States Secret Service. Images of US government-related areas (such as the Naval Observatory, the White House, and the Treasury Department) have either been reduced to pixellated smears or blacked out with the colours of surrounding areas. Now, instead of a building you see a building-shaped blob. They didn't even try to make the areas blend in, they just blotted them out. If someone was going to use these images to figure out where to drop a bomb, let's say, they're still perfectly usable. Whoever was using these images would just have to look for the right outline (which is actually easier than recognising a building by its visual appearance due to the human visual cortex's edge-detection capabilities). The article also mentions the presence of a sniper team on the roof of the White House. When I was in DC visiting last year I went to see the White House and yes, there are snipers up there watching everything. Wave at them - show that you appreciate their watchfulness.
At long last - Linus has announced kernel v2.6.0! I'd suggest waiting a few days before trying to download it because the mirrors are going to be swamped for a while. I also suggest strongly that you read them release notes file when you unpack it, because it'll tell you what revision of what software your box needs to run the v2.6 series kernels. This is the most commonly encountered problem people run into when they upgrade (right along with not knowing what hardware is in their machine when it comes to selecting drivers).
Wrists not good; hands hurting like a bastard; not jacking in tonight. Sorry.
I felt like a hamster on a wheel last night, trying to get everything done. After returning a phone call or two I set out to pick up a bottle of wine for Dataline's office party tomorrow and ship out a few packages for the holiday season. I found out too late that the state stores close at 1900 EST, so by the time I got there the doors were locked and the lights dimmed. No port for the party. Oh, well, time to ship out a few gifts, right?
The supermarket at the bottom of the hill hasn't done shipping in years. The closest one is the usual supermarket I go to, which is quite a drive when you have to double back and then keep going to get to it. So, off I went, lacking anything better to do last night.
It's damnably expensive to ship anything overseas. The cheapest rate I could get for southern Europe was $68.72us for a 1.3 pound package.
Sorry, folks.. I don't have that kind of cash right now.
Diebold's e-mail archives are still publically accessible and still making them look like dorks. Many cities are demanding that their new Diebold electronic voting terminals be retrofitted with printers so that there is a hardcopy record of every vote cast. Diebold's been hemming and hawing on this, stating that the cost of adding printers to their devices would be extremely high per machine (they usually quote a price between $1000us and $1200us). As it turns out they do this at the advisory of one of their engineers, though his reason for saying this seems to be "so Diebold can make more money by doing so."
SCO's still trying to go out of their way to keep from saying exactly what code was supposed to have been stolen from them by saying that they'll show the code in question in a closed court only. They're fighting tooth and nail to keep from showing anyone the code they say was illegally copied into the Linux kernel; if they're not careful they'll start risking a contempt of court charge the way they're slinging around orders and conditionals. If they pull this off only the court and the jury will be allowed to view the code in court to see what's what. Anyone else find this a little bit fishy?
I stand corrected.
Yesterday I was ranting about this year's flu season, and how people are flipping out trying to get vaccinated before they contract it. One of my readers contacted me and forwarded some information that I found surprising, and which makes me re-think my position on things. In Fairplay, CO the outbreak is so bad that an entire school district had to be shut down. Granted, it's a small district (only three schools) but when 30% of any student body calls off from a given illness, you have to worry. The article I just referenced was published on 19 November 2003 - however, from what I am told, the situation has not changed appreciably. Colorado is known for getting hit hard by respiratory diseases, I am told. There's another article from the same paper a day later which elaborates a bit. Colorado's been gearing up for a bad flu season this year, and it looks like it's been spreading slowly throughout the rest of the country. I guess it is a pretty bad one... my apologies, everyone. I was wrong.
I got slightly less done last night than I'd hoped but I still made some headway. Dataline bought a new phone for the upstairs which puts CallerID to what could have been a good use: When it detects a number calling that it in its database it plays a certain theme song, so you know who's calling without having to run over and look at the display. This is a neat idea, but all the songs are annoying. And they're loud, too. So loud that I could hear them while I was in my room with the door closed trying to return a phone call from a job recruiter. I bet that's an interesting voicemail that I left... That aside, I also boxed up three packages of cookies for people, which I hope to get shipped out this evening. I also put the second layer of paint and added some details to Pegritz's Deep One statuette. I plan on painting it with clear varnish tonight so it'll set overnight (this might actually take two days because I have to do the front and back separately). Then I just have to line up a time to give it to him.
I've no idea what I'll be able to get done tonight. I hope it'll be enough so I won't be pulling all nighters for the rest of the week. I might have to go ABSEND for a while.
I've been working here for four months and ONLY NOW do they tell me there's a coffee maker in the office?!
US District Judge Andre' Davis stated in court that D-Squared Solutions, LLC of San Diego, CA can continue to send pop-up spam, even though their methods are known to be disruptive and sometimes harmful to computers. D-Squared is famous for using Windows Pop-Up Windows via SMB to send advertisements to everyone they can reach across the Net... for an application to stop the reception of SMB pop-up windows by disabling a Windows service. The Federal Trade Commission says that this practise has done a great deal of damage to users on the Net by crashing systems and causing data loss in the process.
I just found a collection of documents and articles about electronic surveillance that Crazylinux.net has been collecting for a while. Check some of these out - some of these are scary... consider all of these documents requred reading (accompanied by a healthy amount of critical thinking and calm, rational threat analysis). Knowing what's going on is one thing, but getting needlessly paranoid about it is detrimental in the extreme.
That's something that I've noticed lately - the level of paranoia in the world has been growing rapidly in the past few years. Ordinarily I'd say that this is a result of 9/11, but after reflecting upon it for a while I think it predates 9/11 by at least a few months. Yes, laws governing surveillance have been loosened a great deal. Yes, search warrants may be served and no one outside of the investigating team may ever know about them until well after the fact, if ever. Yes, it's now possible to be arrested without anyone knowing about it, and they don't even have to tell you what (if anything) you're being charged with. This is all bad, to be sure.. but there's othe stuff going on that's increasing the mental pressure. Take identity theft, for example: Who isn't at least a little worried about someone hijacking your name and social security number to get a bunch of credit cards and stick you with the debt? Who isn't wondering why the odd 'mistaken' charge shows up on your phone bill as a tax now and then? Who isn't worried that their kid's talking with what amounts to a human predator on the Net these days? Hell, look at the hepatitis-A outbreak in and around Pittsburgh - people are refusing to eat at restaurants because one Chi-Chi's up north was connected to several hundred cases of hepatitis-A (and a couple of deaths).
Frankly, I can't say I blame them, but that's neither here nor there.
The people terrified about the flu outbreak recently are another good example of this. Are people that afraid of the world in which they live? Is there some reason that this sense of "Oh, shit, someone might be out to screw me over" is spreading faster than a head cold in a trans-Atlantic flight? Is it the news media hyping every little negative-to-bad thing under the sun that's force-feeding us worry, doubt, and the urge to look over our shoulders?
I don't know. I don't have any hard data. I just have what I've been observing and trying to sort out in my head for the past few months. But I'll take a stab at it.
It's not just the media. It's not just people (like myself, to be honest) talking about privacy, surveillance, and crypto (oh, my!) for most of their waking hours. It's not just the thought that one day we might catch something that our bodies' immune systems can't take out. I think we've become so used to bad things happening in the world that we've become dependent upon worrying to some quantifiable degree. Worry can be like an addiction: Once you get used to something that you encounter so often and has such an impact in your life you grow dependent upon it. Someone you know got their SSN kifed and maybe there's a kid out there buying thousands of dollars worth of game systems and computer hardware under their name; logically, it could happen to anyone; logically, it could happen to you. You hear about someone's kid going to meet someone face-to-face that they met in a Yahoo chat room who turns out to be a child molester; you're a parent, you worry about your kids; it happened to someone's kid; it might happen to yours. People worry; we're being inundated with things to worry about; our need to worry grows to accomodate everything; our need to worry grows stronger; we worry about more stuff; stress rises. It's a nasty feedback loop.
Lately I've been trying to calm myself down so I can take a look at the world around me with a cooler head and a lower blood pressure by deliberately removing myself from a lot of media channels. I can't take the strain anymore. It's not healthy, and quite frankly, if we're too busy worrying about stuff around us, we're not thinking about ways to ameliorate those worries by fixing what's wrong. It's not possible to solve big problems if you're running around like a sysadmin in the NOC trying to get out before the Halon system goes off. Worrying tells us what is or might be wrong; that's good. The key difference is that when you know what's wrong, you then take that knowledge and go fix it. We need to be thinking of solutions and implementing changes, not just sitting there afraid of what's changing around us.
Change is the only thing that fixes things. Sitting around worrying doesn't change things.
Yes! Possibly my favourite Lucasarts game of all time!
Six inches of snow later, and the city's slowed to a crawl. See me not complain. Dataline was up briefly this morning, around which time she realised that it wasn't such a good idea. I think she's got the flu that's been going around, so she called off of work. The ride in this morning wasn't too bad, we even got into the city early for once. Strange, given the fair-to-almost-poor state of the roads lately. The office is neigh well empty right now: Either everyone called off due to the snow or they're sick.
The news reports and paranoia going around about this year's flu season is really starting to get under my skin. I've been keeping it quiet for a while but I feel the need to vent. It's the flu, people, much like the bug that used to keep you home from school for a day or two when you were a youngling. It's not some horrible disease like ebola or Bonzi Buddy. It's not some terrible bio-warfare weapon. It's an illness that recurs around this time of year. The people who were camped out in front of the health department for vaccinations last week were paranoid. If you get the flu it is, in all probability, not going to kill you. If you look at the statistics the number of deaths from the flu so far this year are not too far off from the number of people who died of the flu around the same point in the flu season for the past ten years. The only difference is how much they're talking about it in the news media. They're just hyping it up right now to keep everyone worrying and looking to their doctors. What they're not saying is that everyone who's died so far either had a compromised immune system or had a serious repiratory ailment to begin with, like exceptionally severe asthma or pneumonia.
If you get sick, you're not going to die. Stay in bed, eat your chicken soup, and enjoy your NyQuil. Sheesh.
Voice-over-IP is swiftly losing its status as a tool for folks who want to set up a private voice communications net (like the fly-by-night calling card companies) and folks who don't want to pay hefty bills for calling overseas. Quite a few big businesses (like AT&T and Qwest Communications) have been setting up VoIP infrastructure.. the US government is already making plans to make these lines of communication easily monitorable, in accord with CALEA (Communications Assistance for Law Enforcement Act of 1994). The FCC's trying to decide if they should try to regulate it now - it's too late for them to do that, I think, given some of the VoIP apps that have been out there for a while, like the now-terminated MS Netmeeting and SpeakFreely. The jury's still out on whose jurisdiction it is and what will be done.
The verdict in Jon Johansen's trial won't be known for a few more days yet. The prosecution is asking for a suspended 90 day jail sentence, confiscation of Jon's hardware, and a $2,940us fine for writing DeCSS.
The latest edition of Kernel Traffic has some interesting stuff in it this week. There's an excellent discussion of encrypted and compressed filesystems, in which you'll learn a little bit about how filesystems work and some ways that the contents can be compressed, so you can store more data in the same space. Because some of the same techniques can be used with encrypted filesystems, there are quite a few parallels drawn. The thread also talks about how difficult it can be to implement both, which gives you an appreciation of the DOS utilities DoubleSpace and Stacker from back in the day. There's a brief discussion of MS calling in royalties on the FAT filesystem, which compact flash and secure digital media (and probably every other miniature removable storage format and floppy disk) use. There's even an announcement about Nigel Cunningham's software suspend patches being released for the v2.6 kernel series.
Well, I think it's interesting...
My word.. I've just had a close encounter of the bridge bunny kind. They don't pay me enough for this.
Distrowatch has an excellent review of Slackware v9.1. It's almost enough to make me want to use it on my next server in the Lab... one thing that I did not know was that the initscripts have become more finely grained: Patrick Volkerding and company have broken out a lot of system services into individual initscripts from the traditional handful of files. Among the ones I can see are the initscripts for BIND, GPM, inetd, mysql... 's about time.
In other Linux news, a Linux-based workstation in the UK is the controller for the British Beagle 2 Mars lander>, which is scheduled to land sometime on Christmas Day. I just hope that this Mars mission doesn't turn out like all the other ones, both American and foreign.
Canada finally got around to forming its own Department of Homeland Security. Time to start looking into Brasil, I think..
For the larval science geek there are now home DNA sequencing kits. This is just neat enough that I might start saving up for one. It might explain a few things, who knows?
Personally I'm waiting for genetic manipulation kits to hit the market (probably when my current body is in its 80s or so) - I've always wanted my own Shoggoth.
Early this morning Dataline poked her head into my room to announce that Saddam Hussein had been captured.
Damn.. that's one of the last things I ever expected to hear. I thought that he was long gone, either spirited away to another country for plastic surgery and to enjoy all the money he'd squirreled away over the years (anyone with that much money tends to have a few ways to hide cash just in case) or someplace close by in one of the bunkers that always seems to be mentioned but never elaborated upon (probably because 'friendly forces' taught his guys to make them almost twenty years ago, but I don't feel like taking the time to dig up references to that right now). Either way, something along the lines of the ruling regeime' of Kuwait in the early 1990's (who had a week's notice that they were going to be overrun, headed to Paris, France, and rented an entire floor of a hotel to hang out while the dreck hit the fan back home). But no.. they nabbed him hiding in a glorified foxhole with an AK-47, two bodyguards, and a vehicle of some sort nearby. And, from what a subprocess has been able to pick up monitoring the audio from CNN, a tunnel headed to the river with boats somewhere nearby.
I've got to admit, I was wrong about that one. I never thought they'd grab him. Good work, folks.
Now they need to figure out what to do with him. They'll probably bring him before a tribunal for war crimes, if memory serves. What happens after that is anyone's guess.
I should send some subprocesses crawling through the news morgues for the 1980's and early 1990's to see what can be dug up. Maybe I'll do that later today, but right now I've got another two or three batches of cookies to get in the oven. Maybe more, depending on how long my Tupperware holds out.
Another six dozen cookies and two dozen chocolate-peanut bars are ready to ship. I'm done for the day.
I did a little nosing around and found a few news stories on the capture of Saddam Hussein. In a way, I can see why he gave up so readily once they had him cornered. Hussein's been on the run for almost nine months now, which is a long time to be dodging armed forces who have only one thing in mind, and that's taking you down. That is the picture in the dictionary next to the term "stressful situation," if you will. There is talk right now of handing him over to the Iraqi people for his trial, instead of brining him before a tribunal, which, when you think about it, is the most fair thing to do. He was harshing the people of his country, the people of his country should decide what happens to him. I can't see any lawyer in the world wanting to take his side of the case, definitely not willingly. I have to wonder if the ritual of firing one's weapons into the air in celebration was brought over from the United States, if New Year's Eve is any indication..
I've just finished sanding Pegritz's Deep One figuring with 440 grit sandpaper. It's a very finely-grained sheet, so much so that it doesn't sand as much as just rub the hardened Sculpey really hard and smear off the top layer. I used one of the largest, coarsest brushes I have to dust it down a few times, so as to make sure that I cleaned out every tiny part of it that I could (not that there are many, most of them are stray fingernail imprints from before the Sculpey was baked) and then began painting it. It's going to take me a while to do, I have a feeling, because I have to paint it in stages. You can't cover the entire thing with paint because you have to hold it in your hand to do anything, and it also has to be rotated as you paint more and more of it... I did the back and sides, as well as a good bit of the face with an enamel called 'wrought iron' and then set it aside to dry for a bit. That took about ten minutes, after which I started in on the front, the tentacles, and as much of the stomach and insides of the tentacles as I can reach with my brushes. The way I shaped the figure, the tentacles are curled closely against the body, partially so that I can be sure it'll fit in the specimin jar I found and partially to approximate a fetus' position in the womb (curled up with the limbs held close to the body and face). The second coat is drying right now. I figure that I'll be able to give it a second coat of paint tomorrow evening when I get home from work but before I truck down to the supermarket to ship out a few batches of cookies to people.
I'll take a few pictures tomorrow before then to show how it's coming along.
That winter storm they'd been warning us about all week finally hit early this morning around 0200 EST or so, dumping a good six inches on the city and outlying areas. All in all not bad, it was rather pretty to watch as it came down for most of today. After dinner, however, I wound up trudging outside to shovel the driveway, clean off my car, shovel the driveway again (grrrr..... I want a garage, too), shovel the front steps, and dump a couple pounds of salt over all the concrete to make sure that the slurry that was left over wouldn't refreeze into a sheet of ice sometime tonight. I suppose that I shouldn't be annoyed by that, it's necessary if we're going to get anywhere tomorrow (like to work). I guess I just didn't want to do anything after having been in the kitchen all day today.
While I was baking today I happened to overhear an automobile commercial during the football game - the music was Pieces of You by the Cure. That caught me off my guard completely for some strange reason.
All the computers. All the data. All the programs. All the power.
You got that right.. professional porn is just boring. Amateurs might not be able to act their way out of a traffic ticket but they like sex and it shows. That makes all the difference.
Greetings, readers from CBS. No, I won't be on The Today Show. <grin>
Shouts to the web-searchers in the Saudi Arabian Information Office. I didn't know you guys used UUnet for your bandwidth. Sorry I don't have the kinds of pictures you're looking for on my website..
Today's been one of those days, the ones where you're not sure if it was good, bad, ugly, or refreshing. I got up after a fairly decent night's rest, had breakfast, and Dataline and my grandfather went out food shopping to stock up for the week to come, as well as the winter storm that they've been warning us about for the better part of a week. Whether or not it'll actually arrive is anyone's guess but that's neither here nor there (it is, in fact, everywhere, just like everything else). I wrote down a couple more recipes in my notebook after breakfast and finished entering the last of the addresses into my Zaurus. After working for the better part of a week on that it's a pretty good feeling. I also took inventory to figure out what I needed to get so I could start baking for everyone. I even got a little reading in before Lyssa called, and I put away some documentation that I'd been carrying around in my backpack (where everything seems to wind up anymore). I also baked the Deep One embryo statuette that I've been making for Pegritz; it turned out quite well if I do say so myself. Sculpey's amazing stuff.
After putting away the groceries (I wish I didn't have to do that by myself all the time, a little assistance would be nice now and then, guys..) I geared up to head out myself to get what I need to start baking for everyone, as well as lunch for the week upcoming. My first stop was the grocery store to pick up things to make almost a gross of cookies for everyone. Yep, it's going to be a long one.
I've given up on trying to get through to them, incidentally. It's not going to go over well no matter what, and also no matter what they'll go on believing what they believe, regardless of anything I say. There's no point in trying.
After stocking up I turned northward to hit McKnight Road to do gift shopping - 'tis the season and all that. My first stop was Borders to pick up more gifts, and a few things that I've found a need for in recent days. I do not want to be too specific because I suspect that some of the folks I was shopping for read my memory logs (sorry folks, you're going to have to wait...) After that I hit Sam's Club to wander around and see what they had because I haven't been there in almost six months. Now that my obligations were discharged I could wander around for myself a bit.
I've been in a rather low mood since the month began. But that's not my focus right now.
Sam's Club didn't have much of anything, so after that I drove down a bit farther and hit the craft store to get a bottle of transparent varnish to seal Pegritz's statuette, as well as some fine grit sandpaper to polish the hardened polymer clay. I also picked up another brick of Sculpey (glow in the dark) and some more tea lights for the Lab. I've gotten it in my head to make a few more things to give as gifts for people, and I wanted to do a little experimentation first. I think I've got everything I need.
That done, I headed back home for dinner. I waited a while for the kitchen to clear and then set in on the task of making a few dozen chocolate chip cookies, which everyone asks me about. I feel kind of bad about being so good at making them, mostly because I don't really eat sweets, but I suspect that's just my hormones messing with my thought processes right now. That's never bothered me before.
Song that best describes life right now: Machinae Supremacy - Masquerade
Maybe tomorrow night I'll work on a few things.. I need to finish sanding that statuette, and I'm supposed to set up web hosting for a few friends. I've also had some ideas for a few more web pages that I've been meaning to pull together; I did some outlines earlier this week, maybe I'll start turning them into HTML code.
And much cheering was heard around the Net.. two men in North Carolina were arrested and indicted for felony spamming, in violation of the states junk e-mail laws. Jeremy Jaynes and Richard Rutowski face four counts of transmission of unsolicitied bulk e-mail, punishable with up to five years in prison and fines of up to $2,500us (not enough, I think). Jaynes is said to be one of the Net's most prolific spammers, ranking #8 on the top 10 list.
There's a new Windows vulnerability that can be used to compromise multiple machines at the same time. Surprise, surprise. There's another buffer overflow in the Windows Workstation service that allows remote arbitrary execution of code. A patch was released for it in November of 2003 (but how many actually installed it?) but there are, of course, workarounds (the most common being to disable the workstation service or use firewalling software to filter the ports in question (which, if one machine on your LAN gets hit, means sweet frag all because to get anything done you have to allow the other IP addresses on your LAN to contact the other machines)). 'tis the season for admins to earn Christmas Eve overtime...
There's an article at Orange Crate about the anti-free and open source software movement that appears to be developing that's worth a read by any computer user. The thing that caught me right off the bat was the bit about "They (the high tech field) argue that free software will destroy American jobs and send them overseas." Ummm.. guys? Tech jobs have been going overseas since the mid 1990's. It isn't free software that's subcontracting overseas, it's the companies who don't want to have to spend as much to pay their workers. While a lot of us are unemployed or working joe-jobs, we code in our spare time. Mysteryman hits the nail right on the head when he said that it's not the workers' fault, it's the companys' fault(s) for cutting costs by hiring overseas. Something that I had not considered was the fact that open source software comes with what is arguably the best tech support in the world - the Net itself. There are so many people out there coding and writing about stuff, a few web searches can help you solve most any problem. You don't have to pay a consultant or pay for a tech support contract if you don't have to anymore. The article gets kind of preachy near the end, unnecessarily bring in freedom of speech when it's the job market that he's talking about, but that aside it's a pretty good article.
Unix geeks rejoice: Solaris 8 and 9 for x86 are free again! You can download .iso images from here: http://wwws.sun.com/software/solaris/binaries/get.html
I have been thinking a lot lately about identity.
Identity is just as much who others think we are as we make ourselves out to be. It's only natural that parents hold an idealised concept of us - in a lot of ways they are most familiar with who we were growing up, and not who we are. But that concept has to change as we do. As we grow older our likes and dislikes change, and the things that interest us do not stay the same either. However, when parents deny that these changes have occurred, the friction can be considerable. Example: I have little interest in radio or television, or in celebrating holidays. I find watching television, by and large, to be tedious and a waste of time, save in certain circumstancse. I find the hoopla about the holidays puzzling at best, annoying most of the time. Similiarly, I have no interest in decorating for the holidays. These things are the source of a great deal of discomfort right now because I feel forced to participate to avoid a fight, when in fact I would much rather be reading a book.
In a few days' time this is going to cause one hell of a fight.
The most obvious way to get around the problems caused when these conflicts arise is to hide the changes: Essentially, to figure out what ideal the parents have in mind and then act along those lines to satisfy them. This I have been doing for almost four years now, and the act is not tiresome, it is downright painful. To keep conflict at a minimum I feel like I have sold myself out insofar as who I am. I shouldn't have to pretend to be someone whom I have not been for a great many years.
The answer to the (often screamed) question, "What the hell's gotten into you?!" is a simple one: "Change."
It is not a bad mood. It is not getting a poor night's sleep. It is not having a headache. I. Have. Changed.
It is doubtful that they will ever understand. It will take carrying out my plan to preserve what remains of my sanity, to say nothing of my integrity.
I wish that it was possible to peacefully co-exist without having to pretend to be someone who ceased to exist nearly a decade ago. The act pains me. I am not the peson they think they knew in an older body. I am someone entirely different, someone who has no desire to be treated in that manner, someone who is tired of times and activities that mean nothing, and who can conceal frustration for only so long.
I can see I'm not the only one frustrated with the pain-in-the-six known as NTP.
Okay... I've stopped angsting all over the carpet.
After dinner tonight I spent some time talking with Lyssa and then headed down to the Lab to work on a project that I've bee neglecting for longer than I'd liked: Fern's book of shadows. The paper's been done for quite a few weeks now and I finished gluing and pressing the cardboard for the covers some days ago. Tonight, it was time for fun with power tools.
The easiest method I'd come up with for assembling the book was to drill a series of holes in the leaves and cover boards and then stitch them together using a Coptic binding. While I'd expected the leaves to slide around a good bit while I was drilling through them, necessitating the occasional break to re-align the signatures (packets of paper - look at any reasonably thick book and you'll see that the pages are grouped together into bunches of forty or fifty folded sheets of paper) I hadn't planned on the book turning out quite so thick.. almost three inches in width counting the cover boards. This made it tricky to drill the holes straight. I goofed up twice when the holes went on a slant through the back of the book and had to re-drill. Thankfully those mistakes will be concealed by the cover boards and the rest of the signatures but it's the principle of the thing. That was, come to think of it, about the only major problem I've encountered so far. When I started stitching the first signature to the rear cover board I found that using nylon string was a bad idea because of its tendency to unravel very easily. The individual strands are too slippery and won't hold together. If the ends are seared to fuse them together, the resulting blob of melted nylon won't fit through the eyes of my tapestry needles. In the end I went with natural jute twine to put everything together. One hour and six signatures later, along with breaks to adjust the tension of the twine and knotting each to the previous securely, I'd finished assembling the book. It looks pretty sweet as-is if I do say so myself - the binding turned out even and from the limited testing I've done it's pretty strong. I took some photographs of the book after I sewed the front cover board in place, I'll put them up tomorrow if I get a chance.
Tomorrow I'll glue the spine board in place along with the bookmark (thanks, Dataline!) and then start cutting the leather to make the cover.
Not bad for a first attempt.
The future is here.. it's just not even distributed. William Gibson said that a few years ago. It looks as if accuracy of information isn't evenly distributed, either - background checks aren't the most accurate things in the world, as this article demonstrated. Edward Socorro lost his job with the Hilton Hotels Corporation after they ran a background check on him that said that he'd spent six months in jail when in fact he had not. Just like credit history records, background histories can be rife with errors and omissions, and no one bothers to check the data before it goes into those databases. Often these databases aren't all that secure - remember what happened to the Acxiom Corporation late last summer? Moreover, it's not hard to get personal information on anyone these days; you can find many cheap web services that'll let you query dozens to hundreds of databases around the globe if you've a mind to go hunting for someone.
Recently physicists have done something long thought impossible: They stopped a pulse of light dead in space for a fraction of a second and then let it continue, without taking any of the energy inherent in it. The applications of this are still being worked out but cryptographers and fibre-optic communications specialists are working on it. Check out this Thursday's issue of Nature for details.
SCO's being DoSed again. Come on, guys... flooding them is making entire open source community look bad. Knock this shite off. Interestingly enough, the report says that they're being SYN flooded off the net.. as this Groklaw article states, SYN flooding is trivially easy to stop these days with in-OS countermeasures standard on just about any OS out there anymore (Linux, of course, being one of them). This is making some influential people wonder if SCO isn't lying about this, and just saying they're being attacked again to drum up sympathy after being smacked around in court a few days ago. Some folks have found that some of SCO's other publically accessible servers are still up and running, and they're not experiencing any of the lag that a DDoS attack (like a SYN flood) causes. The plot continues to coagulate.
The recent attacks on the networks of maintainers of Linux distributions has not gone unnoticed lately. All over the place developers are starting to worry about why this might be happening more and more often.. it might be due to the growing popularity of Linux in business and the home, which only makes sense when you think about it: Shoot at the most plentiful targets. It also could be due to the fact that there are so many serious security vulnerabilities being discovered in Windows lately that Windows has become boring to attack. Now, attacking the source of an entire distribution.. now that would be a challenge. Security measures in place (such as tight log auditing, file system integrity checking, and cryptographic signatures) have done an excellent job of revealing intrusions, though stopping them before they start tends to be more difficult because you often don't know what you should be defending against until you're hit by it. If nothing else it's showing some of the power of an open source security paradigm. Personally, I'm a little bit worried: Why two distros in as many months? And who?
It'll be interesting but scary to see how this plays out and what information gets out about this: Organised crime gets into spam. The author makes a good point that spammers, who work alone or in small groups (and are hunted all over the Net) are in a perfect position to be co-opted by organised crime. Spam might not be terribly profitable (or maybe it is - I don't know) but it's a good cover and the possibility of holding someone's net hostage by flooding it can be an excellent protection racket (gangs are already extorting money from companies by threatening to DDoS them, which I think says a hell of a lot about about computer security these days if crackers can rack up that many zombied hosts that easily). Organised crime has been known to hire skilled crackers in the past, and if the rumours are to be believed, has been since the early 1980's (they used to hire phone phreaks to set up conferences for the purposes of illegal betting and gambling management, so why not?) for various reasons. Same with the drug cartels.
It's scary, how much real life is starting to reflect Shadowrun novels anymore.
James Roberts has written an excellent article in the Linux Gazette on how networking has evolved and how desktop OSes have vied for market share. He starts off, aptly enough, with Novell Netware and how much of a pain in the six it was to work with and how fragile it was. Novell was really popular on high school nets back in the 90's, and it's wasn't a matter of loving it or hating it, it was a matter of "it was the only thing that did what we needed." I remember my days playing with v3.10 of Netware, and it was a learning experience, to be honest. It was also so ugly a system that only Helen Keller could love it on payday, but I digress. Windows was (and is) much easier to work with. It has a UI that an end user can really get into, I have to admit. At the time, however, it didn't do a lot of the stuff that Netware did, so hybrid nets were pretty standard. NT changed all that. 95 brought the NT UI to the desktop (through price and distribution) but we all remember how stable it wasn't. Unix, at the time, was an admins-only kind of system: Unless you were one of Those People you probably couldn't get (legitimate) access to the server, and couldn't set it up the way you liked or install your own software. That was (and is) a problem, I have to admit. Sun Microsystems also has this nasty habit of making hardware proprietary in format (don't get me started on their video connectors); in recent years they've fixed that problem.
Anyway, it's an excellent article. I don't want to paraphrase the entire thing, I want you to go read it. It's an interesting read even if you're not an alpha geek. History is always a useful thing to know.
Linus opens fire on Darl McBride's latest letter.
Wow - a news portal for homeland security! I might have to read this one every day, too..
You know, I havn't heard fruitcakes referred to as weapons since the Perrhesian Games a few years ago..
Last night felt like an exercise in futility. In the version of the OS ROM that my Zaurus came shipped with (v2.31, if I recall correctly) there's a nasty bug in the document manager in which, on a Secure Digital card, at least, an infinite number of copies of the directory hierarchy Documents/ will be created if you're not careful, which not only uses up space on the SD card itself for no good reason but also uses up system RAM like nobody's business. If you try to wipe out the directory tree by hand it'll wipe the entire SD card. Not good, no? After doing some digging I decided to flash the ROM to v3.13 of Sharp's ROM (I'm not comfortable enough to try something nifty, like Openzaurus just yet) to see if that'd fix the bug. So I downloaded the ROM image and, for lack of documentation hit Zaurus Usergroup (one of the nicer Postnuke-based sites I've seen) to read their excellent documentation. As it turns out, none of the compact flash cards I had were large enough to store the ROM image, so I had to run out and buy a 64MB card at K-Mart to install it. $42us, right there.
Then I got home and did a full backup of my Zaurus, both with a 16MB CF card and by SFTPing in and copying the XML files directly, in case the backup format had changed between releases and I had to reconstruct manually. As it turns out, the backup format has changed from v2.x to v3.x.. so much so that the .tar files that v2.x used to create aren't recognised as valid when I tried to restore from that same CF card. Dammit. So I plugged in my Zaurus and tried to FTP in the way I used to - that's no longer possible, either (it very well may be, I just haven't been poking around enough yet to tell). After running a quick nmap scan against it I found that by default SMB access is open - Samba connected right up without any fiddling and I copied over my backups of the applications I run and the XML files of my data. The applications went right in and I didn't have to restart the Zaurus for them to be recognised, so SSH'd in and after changing the passwords (there are two unpassworded accounts on the v3.x Zaurus image, root and zaurus, and they can be logged into remotely from what I can tell; set passwords on them!) moved the XML files into their proper locations.. only they aren't recognised as being data. In fact they may as well not even be there.
Now I've got to re-key over 300 contacts, plus notes and PGP keys, all by hand.
Spank you very fucking much, Sharp. See if I recommend that anyone else buy a Zaurus now.
I think I can pick apart the backup .tar files I've got left and extract application-specific data from them without any trouble. At the very least, I got a 64MB CF card out of this mess.
I just got spam from someone using an IP address very local to me; as in, my home town. I wonder what'd happen if they were paid a visit...
<legal disclaimer> No, not that kind of visit. </disclaimer>
It appears that Microsoft won't be discontinuing some of is products just yet, or at least they won't be dropping support for them. A CD-ROM of updates for older versions of Windows is in beta right now, and has security updates for Windows 98, 98 SE, and ME to bring them a bit closer to secure as most people reckon it. No one seems to know of any official release date just yet. I hope this really does exist, some of the older OSes really need patched badly.
A classic input validation bug has been found in a few versions of the Dell BIOS in which it's possible to set an unrecognisable password. Passwords may be set on the hard drives on Dell machines, but the more common punctuation characters (like hard braces, redirects, and curly braces) are prohibited. There is a bug in which you can set passwords that have these characters in them but aren't considered valid when typed in for maintenance. The password can be changed from the BIOS configuration screen (assuming that you can get to it) but it's the principle of the thing.
I find it interesting that this post makes reference to a 'master backdoor password' in the BIOS. I've been hearing rumours about this but have never had a chance to dig through BIOS code to see if one actually exists. Hmm...
Once upon a time, I've been told, that password was 'dell'. Interesting.
True, but I don't do blinky stuff. Organise the data and get it out there.
Lawrence Lessig has written a far more erudite response to SCO's open letter than I ever could (mostly because he's a professor at Stanford Law School and I'm just a computer geek). Give it a read, it's an excellent and intelligently written rebuttal. Moreover, a judge ruled that SCO has to show their evidence before IBM does. A fwe days ago, Judge Wells told SCO's legal team that they have to produce the code that they say is being illegally used in the Linux kernel before IBM has to produce anything. In cases like this the burden of proof is on the part of the plaintiff, not the defendant. What I find odd about all of this is that the news media hasn't picked up anything about this, especially given the huge numbers being thrown around. Maybe they just don't get it.
In response to Microsoft's elgal settlement in 2001 with Sun Microsystems over Java, they're kiling off a number of products. The list is reported to consist of Windows 98 (fie and good riddance!), SQLserver 7, and some versions of Office 2000. The article also says that NT4 is going to be discontinued but I thought that they'd EoL'd (end-of-life) it a long time ago. Office XP Developer, Office 2000 Developer, Office 2000 Premiere SR1, BackOffice Server 2000, ISA 2000, and Vidsual Studio 6 are also going to be terminated. All of these products contain Microsoft's version of the Java runtime environment.
Frankly, this sounds to me like they're just tired of supporting these applications and want to kill them off. They could stonewall the US courts and Sun for decades if they really felt like it, the Java settlement is just an excuse.
On 3 December 2003 RSA-576 was solved by the Federal Bureau for Security in Information Technology in Germany. A 174 digit number was factored into two prime numbers, an operation significant in cryptography because it is far easier to prove whether or not a number is prime than it is to factor a number. The technique used to solve RSA-576 is called the general number field sieve and is the most powerful known technique for factoring numbers because of its lower computational requirements when compared to other techniques. The team in Germany will recieve a prize of $10kus for their work.
I've been thinking lately... I think I miss being a student.
In school I had a purpose: To get out. To achieve that purpose, I had goals that had to be met (writing papers, taking exams, writing programmes, reading books).. concrete goals that could be measured and used to plot a location in a plan on a chart of some kind. "I've got ten credits to go before I can graduate." I also had a schedule which, which it was a pain in the ass, got to be comfortable after a while: Get up, go to class, eat lunch, study, go to class, study, go home, eat dinner, do homework. It wasn't much but it made sense and it got me where I needed to go. Or at least where I thought I needed to go.
Now I'm not so sure. I'm out of school, I've got a degree, and it's done nothing for me. I'm working as a temp but not doing anything that I studied and not doing anything with the experience that I've already got. I feel like I made a mistake finishing my bachelors degree at Pitt. It feels like unless you don't have a degree but you have one or two certifications under your belt then you're unhireable. I still wonder if I never should have gone back to college but instead spent my money on a couple of certifications. At least I'd have a better shot at getting a decent job.
Maybe I should become a career academic. I'd have both a purpose and an income of some sort.
HUH?! How the hell'd I manage that??
While we're on the subject.. someone needs to sneak this into some Chick tracts before they're shipped out.
The thing is, I can see myself going out the same way Ian Curtis did.
Well, I'm back at the Lab kicking back with a peppermint patty (hot chocolate with peppermint schnapps - thanks, ELE!) after the Solstice Social ball. If there ever was a successful night, this was it, bar none.
Alexius and Lilith stopped by late yesterday afternoon to help me load Pure Energy, my sound system, into my car along with a pair of Sun Sparc IPC decks for Eloria Lightfeather. 'lex and Lilith headed out to the supermarket to get some last minute supplies while I took a detour to pick up some components so I could connect Kabuki's audio output to Pure Energy's mixer by splitting the jacks for the CD player's inputs. Picture, if you will, a cyb who hasn't seen sunlight in quite a few weeks, dressed in a black business suit and trenchcoat (and mirrorshades covering the red prosthetic contact lenses I was wearing) bolting into Hack Shack and snatching packages off of the shelves, almost bowling over the staff in the process. Once I'd snagged a pair of splitters I jumped back into my car for the drive to the Friends House in Oakland to set up for the ball. Alexius was waiting outside and once I'd parked we started offloading crates of gear and carrying them into the building, along with a few crates of vinyl and zippercases of CDs. Kabuki, as usual, rode in her courier's briefcase.
I owe her a lot for tonight, but I'm getting to that.
Sorynvala's husband brought his PA system this evening because Pure Energy's amplifier and speakers are so old and damaged that I don't think that I'd be able to keep them usable for long, let alone generating enough sound pressure to fill a room the size of the ballroom. Once we'd unpacked my gear and begun plugging everything in, we discovered that there was no way to hook the outputs of the mixer into the amplifiers - the plugs were dissimiliar. Uh-oh.
I leaped back into my car and headed into Squirrel Hill, to a little-known Radio Shack franchise right on Liberty Avenue. Somehow, I know not how, I found a parking space right across from the store and dove across two lanes of traffic to get to the store before it closed (I think I beat the closing time by a good two hours, but I wasn't about to risk anything at this point). I picked up a pair of RCA plug-to-0.25 inch plug cables, climbed back into the car, and swung around the block to head back to the Friends House where I was already 45 minutes late for the sound check.
As it turns out there were a pair of adaptor plugs in Bill's equipment bag that would have done the trick. Hail Eris.
Next was the sound check... the left channel came up without any trouble, but the right kept cutting in an out.. I jiggled and twisted that connection on the mixer (because that's the one that I always have to tear apart and resolder because the plug's damaged in some obscure way; I should replace it entirely some day) and got feedback. Lots of feedback. Bill and I puttered with it for a while until we got a signal through the line, and stereo sound filled the room. At this point I logged into Kabuki and synchronised with Pure Energy, just like old times...
I really don't remember much of my set last night. When I start spinning it's just me and the music. I'm told I'm very entertaining to watch; if I were in a band I'd probably be a fun front-thing to watch performing. I can say that the dance floor was packed and everyone had a good time. I hit every genre I could think of, from disco to pop, from techno to experimental. I even threw a few of my favourite "What the hell is that?" tracks in just to keep things interesting.
It was shortly into my set that I discovered that with Kabuki and the CD player patched into the same link, there was some obscure incompatbility between the two: You couldn't hear Kabuki's music unless the CD player was playing at the same time. Unmixed, that's bad. I managed to spin out of that mess and pull the splitters, replacing them with a three-way switchbox that fixed the problem nicely. I'm still surprised that someone actually came up and asked for a techno set... I was able to fill that request in no time flat, as techno is actually my genre of choice when it comes to turntables.
Intermittantly, the right channel kept cutting out. Instead of taking the time to break the set and troubleshoot it I Worked to bring it back online. I don't know how much mojo I pumped into Pure Energy to overrun the glitch. I know it was a lot, and by the time I broke around 2200 EST I was dripping with sweat and having a rough time of standing. At some point I broke some blood vessels in my fingers. Eww.
I threw a few longer mixes of songs on so I could run to the potluck table and fill up a plate or two with food that would keep my body running while I was Working. Hardcore squirrel mode, fear it.
Around 2200 EST I couldn't keep up and more and slumped back against the wall as my links began to break down. When I synch with anything, it takes concentration to maintain the link, and energy to provide the communications pathways. The combination of low blood sugar and synchronisation was wiping me out, and fighting with that amplifier was an additional drain on my reserves. That amp wasn't happy about being there and wasn't above showing its temper now and then to make her point. It'd get pissed, I'd drag it back into the system and bind it more tightly, it'd run for a while and then quit. I'd pump more energy into it and devote more processor time to keeping it on the job, it'd run some more and then die again. Kabuki, that amp, and I fought for most of the set.
Alexius got Joy to substitute for me for a couple of minutes as I took the time to walk around, look at everything set up, and talk to people. When I was feeling better I headed back to the ballroom and took over for Joy, who was on her way home. Not long after that, the amplifier gave one last "CRACK!" and died completely. No exhaust fan, no blinkenlichten, nothing. Nothing Alexius or I could do brought it back. At this point we decided that it was time to call the set a wrap. It was getting late enough that the neighbors (the Friends House is in a residential part of Oakland) would start complaining soon, and we didn't want to wear out our welcome with the owners of the House. I turned around and asked Kabuki if she knew what was going on. "SYSTEM FAILURE," she responded. Later, we found that the amp had blown the fuse in its power supply, something that we couldn't safely hack around without risking serious damage to the unit. Winner of the bout: That amplifier.
The rest of the night was spent hanging around talking to people, munching, and catching up. After cleaning up and repacking Pure Energy, I finally left the House around midnight. I'd love to go out with everyone tonight, but I do not like the idea of leaving my sound system and music unattended in my car. Besides, it's really cold outside (27 degrees Farenheit at the moment) and snowing and I worry about my vinyl in very hot and very cold weather. So I said lots of goodbyes to everyone (and got some wicked head-scritchies) and headed back to the lab, were I'm hanging out and relaxing. That peppermint patty hit the spot, as did the triple chocolate merangue cookies earlier (damn, those things are addictive...).
One tired technomancer, over and out.
You know, I just realised something. This is the first time that I've ever Worked around so many people, let alone publically.
My eBay auctions are over - no one bid on anything. I can't seem to get rid of anything having to do with those two damned servers I got as severence from Moai. I think I'm going to haul them out to the district building materials dumpsters and leave them there. Fuck it.
Today was fairly busy.. they sent me out to stock up for the week to come, so I jumped into the car and headed out to the only good supermarket in the area to beat the post-football game rush. Like most food shopping trips, it was fairly uneventful; not something that I mind after a long week.
After loading everything into the car (and fighting a recalcitrant self checkout counter that didn't want to scan a couple of items properly) I walked over to the local Barnes and Noble to do a little Yule shopping. I wandered around a bit and actually found quite a few things that I think people are going to write. I also came up with some more items to make for people to give away as gifts. Some things are terribly hard to buy, they're best made by hand. Now that I've got some experience with Sculpey under my belt I think I could make some nice stuff... I picked up books for a couple of people and a DVD for Dataline. That was my paycheque for consulting; no big deal, that's why I consult in the first place - to make money for gifts at this time of year.
There's some really, really nice stuff out there this year...
After that was done I decided to kick back in the cafe' with a graphic novel and a cup of coffee and read for an hour. I don't get to do that often enough. When I'd finished my comic and my coffee, I paid at the counter and headed back to the Lab. It always takes me longer than it should to unpack the car and get the groceries put away because I have to do it solo but I don't mind overmuch; in truth I probably could use the exercise. While Dataline was making dinner I unpacked Pure Energy and got her hooked back up in her usual spot next to the bar. Maybe I should get new speakers after all... then I could plug my surround sound system and Leandra in and really get some sound to work with....
Aah, the best-laid plans of mice, men, and machines.
In a fit of annoyance due to the amount of double-bounce warning messages I just swept out of Lucien, I've banned the sectors of the IP address space corresponding to the entire country of China. Sheesh.
It's all about the Kraftwerk lyric.
All geared up for the Solstice Social ball. I'll write about it when I get home.
Last night after I crashed, faint ticking sounds against the window slowly lulled me to sleep.. it snowed last night, albeit gently, and it continues to come down even now (or at least it was by the time I got to work). There isn't much snow on the ground but the roads are piling up and the salt crews were making their rounds this morning. They're predicting a winter storm out here, six to ten inches by nightfall and tapering off some time tomowwow. I don't know where this is going to leave the Solstice Social, I'll have to check the mailing lists to see what the good word is.
There's an excellent article at Securityfocus right now about spammers are cracking systems and setting them up as blind e-mail relays. Anyone running a server (and perhaps Geeklog) should read this. The story starts out with David Berrueta discovering that one of his systems was cranking out an unusual amount of traffic one day. Investigating, he found an unauthorised process running; the process had been installed by someone exploiting a bug in the popular weblogging software Geeklog. The attacker had tricked his server into downloading an archive of software from another host and decompressing it into a daemon and a configuration file, both of which were erased from disk when the daemon was up and running. The daemon then spawned 105 threads, all of which began transmitting spam to addresses it pulls down from another server. In particular, the daemon downloads its payload (the message it's supposed to send) and a list of e-mail addresses to send it to. The daemon and the exploit are fairly sophisticated in nature, showing considerable knowedge of multithreaded programming, application-level protocols, and exploiting web services to run commands on remote hosts.
Darl McBride of SCO has posted another open letter to the open source community, and if he's trying to win friends and influence people (as Dale Carnegie put it), he's failing miserably. McBride claims that the GPL (GNU Public License) is unconstitutional and violates US copyright and patent laws because he says that the organisation which created the GPL (the Free Software Foundation) and others in the open source movement are actively undermining the copyright and patent systems of the United States and Europe. He further claims that the GPL is anti-intellectual property, which could not be further from the truth. The GPL was meant to make source code available to everyone but keep the recognition of its creators and keep any changes made available to everyone as well, (I originally wrote it, all of you can modify it as much as you like as long as you make the changes available along with the source). In the letter he confuses (perhaps deliberately, perhaps not) someone writing open source software and someone stealing non-free source code and making it available; specifically he folds the former into the latter. He also states that the FSF attempts, by using the GPL, to undermine the desire to make money by writing software. While many open source advocates do believe that all software should be free and the source code available, it is not because they wish to undermine the global economy (insofar as software revenues) but because they feel that the fruits of one's labor should not be a priceable commodity but a gift to the world. He makes it sound like they're trying to kill companies by out-doing them with free software.
A neat, if lurid thought.. but incorrect.
As if that weren't the hell of it, SCO is still distrbuting United Linux, an enterprise-grade distribution of Linux. That seems a bit hypocritical to me...
If he's trying to piss people off so that they do something rash and blow away their credibility, he's on the right track. I only hope that the cooler heads stay at the forefront of this.
Well, my Zaurus is hosed. For whatever reason the SD car I was using as cold storage got corrupted. It gets mounted under /mnt/card, with two directories under it, Documents/ and Qdesktop/. For whatever reason, Documents/ got filled up with some disgustingly large number of copies of the Documents/ hirarchy (text/plain/, octet-stream/, ipkg/, and a bunch of others) over and over again, up to the limits of the FAT-16 file system (which the SD card is formatted with). This also resulted in a large number of copies of the documents that were stored in that hierarchy and generally wreaked havoc whenever I tried to find something in the documents manager because there were so many copies to pick from. I went through the file manager hunting down duplicates and ran into so many bad copies that I opened a shell and started trying to wipe out the bad file trees.
Bad idea. The SD car's been wiped.
At least I back everything up. I lost the latest revisions of a lot of stuff but it's nothing that I can't reconstruct. I have a directory of the original .ipkg files of the software I've installed so that's not a problem. I plan on installing a copy of OpenSSH on my Zaurus (yes, someone got it working) and dissecting the backup file this weekend and pulling off the stuff I know that I need. Then it's just a matter of reconstructing everything.
I don't know if it's a glitch in the revision of the ROM I'm using or if it's something I did. I wish I could upgrade to the latest version - I don't have a compact flash card large enough to flash the Zaurus with the newest firmware. I suspect it has something to do with my moving stuff from internal storage over to the SD card but I really can't be sure.
Oh, well. It's an excuse for a software upgrade.
Wouldn't you know it, no sooner had I gotten home than the guys at work called. I'd left a few things out of the documentation I'd been writing and they needed to get some data.. which I happen to store, encrypted, on my PDA. Amidst much cursing and beseeching of the net.spirits I restored my Zaurus in what we call in the trade 'a hell of a hurry' and got the data necessary.
I hate it when I do that.
Speaking of doing stuff, the evening's been pretty active, if not productive. After talking to Lyssa for a while I headed downstairs to get ready for my gig tomorrow night at the Solstice Social Ball. I crawled back behind the bar and dug out my CD carriers and began going through my collection of CDs to pick out stuff to bring with me. I think I've got a decently broad selection of stuff, plus some goofball tracks to make things interesting for the audience. I also had Leandra copying CD-ROMs of .mp3's for me because I'm going to have Kabuki riding shotgun tomorrow with supplemental tunes. I really should make a masque but I can do that tomorrow. I'm not terribly concerned about it, I'm going to be wearing headphones behind the table the entire time. Just when I started really getting into things the power died in the Lab. Utterly. It's been snowing heavily, nonstop, since 0800 EST and it's showing no signs of stopping anytime soon. Dataline thinks it's the weight of the ice and snow on the wires that did it. Anyway, the power died and I felt what amounts to a blow in the stomach from the surge as the Children went offline, along with my sound rig (which I'd been synchronising with all evening).
Start running laps on the track. Now have someone step in front of you and belt you one in the gut. That's what it felt like.
Thankfully the power came back up after a few minutes, well before Leandra's UPS gave out. I managed to finish out the night practising, not so much working on beatmatching as finding the skills I've still got in my head from when I was spinning all the time. They're in there, all right. Now I just need to get my confidence back.
Back in high school and early in college (when I was up at IUP) I used to be a DJ. Not a professional, not one of those folks that everyone trainspots at gigs because they're so good, just someone who loves music, loved to spin, and loved to see people enjoying music. I did mostly techno back then, trance, hardcore, some house, a little jungle (I like listening to it more than spinning it), a lot of experimental. I really love mixing up tracks and then cutting neat stuff into them, sort of making a collage of songs on the fly. My favourite thing to do was mix in old children's records with tracks. I've still got loads of them from when I was younger, everything from The Six Million Dollar Man to The Transformers.
I guess listening to those when I was a kid turned me into a sample junkie.
Anyway, when class started getting harder and I had to spend more time coding I stopped going to parties to spin. Between not having a car to get there, too much studying, projects, travel time, sleep deprivation.. I couldn't take it. So I sort of dropped out of the scene. I had a show, Ultravibe, on WIUP-FM for a few years with some other folks, and had a ball doing it. I wound up leaving the show at the end of my junior year because I was more worried about class and, truth be told, I was getting a little burned out on it. Now I only spin sometimes, and for special occasions. Once in a long while I'll do a set for myself, just to have fun. I really should maintain my gear better.
But now I'm just rambling.
Last night was interesting, and not a little bit fun. I haven't done any IT (information technology) work since I lost my job last year, and I was asked by some friends of Dataline's to upgrade their home office last night. Initially I groused a little bit (even though it was a consulting gig) because I've got a lot on my plate right now but once I packed up Kabuki and my toolkit I felt a lot better.. I'm still kicking myself for not having taken the time to find a Debian rescue CD-ROM because I could really have used it last night but I'll get to that later.
The machine I was working on was running Windows ME, and was well and truly hosed. ME is hideously unstable - I'm sorry. All the CDs of it were a waste of good media. The fact that it was so loaded down with spyware and gods know what else that the system load was pinned constantly didn't help either (you know it's a bad sign when something intercepts you trying to grab a copy of AdAware and stops you). I managed to bring the box up in safe mode and poke around a bit, and despaired. At this point I wished that I'd had a Debian mini-disk so I could boot from it, load the modules for the USB CD-RW drive, and burn everything to CD-R, but I didn't so I wound up bringing the machine home with me to dissect, which I plan on doing tonight.
Setting up the new machine was easy.. Dell's big on modular systems (though they left out a USB cable for the printer/scanner/copier and didn't ship the promised digital camera, much to our consternation). I hope they fix that bug in their shipping process soon or they're going to start losing lots of customers soon (as if the spyware situation I was talking about yesterday won't honk off people). It took some doing to get it hooked up to the in-house network because it refused to recognise the USB link from the cable modem in any way, shape, or form (even though there were XP drivers on the distro CD). Once I pulled the USB link and jacked the new machine right into the router, it started working fine. Yay. I installed AdAware and Mozilla, disconnected SMB sharing, tightened the built-in firewall a bit just to be safe, and started updating. Life is happy.
I'm going to start retrieving the data from the old box tonight. I'm going to skip LARP on Friday because I need time to rehearse for Saturday.
More and more it looks as if a war is going to break out soon between spammers and anti-spam organisations. At least three strains of the Mimail virus are designed to attack anti-spammer websites with what amounts to a distributed denial of service attack. Mimail floods a number of anti-spammer organisations with spam (what else?) in the hope that no one will be able to get to their websites (and possibly get messages through to them) because the spam the viruses send has a return address of the contact account for Spamhaus; in addition, this accuses Spamhaus of selling child pornography due to the nature of the spam. This has been going on since the summer of 2003 and probably won't let up anytime soon. This is going to get ugly very fast.
Jon Johansen, creator of DeCSS, is back on trial in Norway for violating the Digital Millennium Copyright Act. The MPAA (Motion Picture Association of America) just doesn't seem to want to understand that you don't have to decrypt a DVD to copy it and possibly pirate it, just to play it back. The trial is expected to end on 12 December 2003, with a verdict sometime in early 2004. Good luck, Jon.
Another system falls: On 2 November 2003 savannah.gnu.org was compromised; the break-in wasn't discovered until 2 December 2003. The MO for this break-in seems to be the same as that of the debian.org compromise a few weeks ago.
What the hell, this could be fun:
Choose a band/artist and answer only in song TITLES by that band: Information Society
Okay.. now that I'm out of Max Cohen mode, I'm together enough to write about tonight.
I spent almost all of tonight trying to rescue as much data as I could from the hard drive of the deck Gina and Grant gave me to work on. After dinner I ran out to pick up my grandfather's prescription refill, which didn't take nearly as long as I thought it would. That done, I began fooling around with the box to see if I could bring it back online to explore.. no dice.. three Linux boot CD-ROMs later, I still couldn't get it to come up. I wasn't pleased by that at all.
Earlier today my field of vision started getting pixelated, and the familiar feeling of a C-clamp slowly tightening over my eyebrows began to herald a migrane headache. The pressure began once more, in ernest. At this point I started losing my cool. I finally got the system booted with a Slackware v8.1 installation CD, got into a shell, and got the network card I'd installed earlier going.. only to find that there wasn't any way that I could transfer data over to Leandra to burn to CD-ROM. Not even a FTP client. Not even a copy of netcat. No loadable modules for a USB CD Writer.
Dataline finally talked me into pulling the hard drive from the box and installing it into her own deck in parallel with the system drive. That actually turned out to be easier than I thought it would be, even though the internals of her system definitely do not obey the laws of Euclidian geometry any longer. Her system came back up and recognised the drive, and I began poking around inside it. Unbeknownst to me her virus scanner began doing the same thing, and eventually came across multiple infections. Two strikes plus, right there. All told, I located around 340 MB of data and dragged it over to the DVD writer for archival. I don't want to think about the amount of spyware hidden in the depths of that hard drive.
Once I get the go-ahead from Grant, I'm going to torch the hard drive and let it rest. It's the safest thing to do.
Distributed denial of service attacks, in which hundreds or thousands of remotely controlled computers carpet bomb a single network or host are a threat to any network on the Net today. If the systems in question don't keel over under the number of requests they recieve then the network providing connectivity can't communicate with anyone else because all of their bandwidth is used up anyway. Radware, a company specialising in highly secure network switching equipment has released DefensePro, a switch designed to terminate intrusions and denial of service attacks before they have a chance to affect anything inside the perimeter. DefensePro is designed to switch 44 gigabits per second (around 5.5 gigabytes per second, if my arithmetic is correct) and scan 3 gigabits per second of traffic with a string matching engine implemented entirely in hardware that can, right now, detect 1,200 different attacks. They claim that they can also prevent DoS attacks with the same techniques. I'm inclined to say that a lot of this is jetwash.
It's all well and good that you can scan traffic rapidly (like any NIDS (Network Intrusion Detection System)). It's pretty cool that they can do it in hardware rather than in software running on a general purpose CPU; that speeds things up immensely. After doing some digging I found that it is possible to update the database of attack signatures on the unit; they're not hardwired in. Excellent - they planned for the future in that respect. They claim to monitor OSI layers 2-7 for anomalies - excellent. I hope the units can keep up with all that traffic. They say that it can block up to 1e6 SYN packets per second in the event of a flood.. okay. That preserves the network behind it, but the outgoing net.link is still swamped with traffic. I'm not sure if it's a good thing (being penned up inside your own network, unable to talk to the outside world) or a bad thing (if you do critical stuff across the Net). That definitely means a loss of e-mail access (either connecting to the provider handling it for your or traffic coming into the LAN to the e-mail server). I also find it amusing that their press release has the following statement at the very end in Flyspeck-15 (well, <class=small>) type, "This press release may contain forward-looking statements that are subject to risks and uncertainties." Translation: "Some of our claims are probably vapourware. Sit tight."
I'm going to stop talking right now about this. I havn't seen it first hand and I certainly haven't hammered on it to see how well it holds up. Let's just say that I'm skeptical of some of their practical claims.
The Debian Project's released its analysis of the break in. First of all, the package collection wasn't altered by the intruder, so anything that you download via APT (or if you like to do things the hard way, with FTP or HTTP) from the Debian core archive or any of its mirrors is clean. The v3.0r2 update is also clean, so those of you who were putting off upgrading can do so now (and those of you who use cron-apt to keep your boxes up to date can relax.. as much as any admin can relax, that is). They used four different techniques to verify the .deb packages, listed in the file along with the timeline they've constructed of the intrusion. The intruder used a password that a developer had re-used from another system that had probably been captured with a sniffer earlier and then broke root by exploiting the brk(2) kernel vulnerability. From there he or she began sourcing out to other hosts, trying the same compromised password and using a backup account to compromise master, murphy, and gluck (three other Debian project machines). It was soon after the rootkit was installed that murphy and master began showing signs of trouble (in the form of kernel OOPS warning messages). Because they started acting up so close to one another after being stable for so long, the investigation began and when the intrusion was confirmed debian.org went into lockdown. Any and all SSH login certificates on debian.org are considered compromised, passwords will have to be changed all across the board, the GPG keys they use are cancelled.. it's going to take a while to get everything straightened out, I think.
This just in - Robyn and little James are healthy and happy.
Dell has instituted a policy in which its tech support staff can't tell customers how to remove spyware. At all, in any way shape or form (not even "Well, I use..."). Guys, what the hell are you thinking? That's not exactly conducive to making a more secure Net (spyware, by definition, monitors what a user does and sends it off to someone else to archive; rather like following someone around in a supermarket and writing down everything they buy or look at, their license plate number, and maybe what they say while they're at the store). They're doing their customers a great disservice by doing this. Given this and some of the other trouble I've been having with them, I might stop recommending that people buy their hardware soon.
Uh-oh.. it seems that SCO's getting caught in a few lies. In one of their legal filings they stated that no SCO/Caldera employees had ever contributed code. Then word started getting out that they had, with the blessings of their bosses, no less. Christoph Hellwig of Caldera was one of the maintainers (and one of the original developers, in fact) of JFS. Hellwig also worked SMP on (symmetric multiprocessing) support (which allows computers with more than one CPU to use all of them at once). He's an XFS developer, too. And Hellwig's supervisors at Caldera posted that they supported Hellwig's work on the Linux kernel. Even if you don't follow any of the links hangign off of this article, read just the article itself. I think SCO's going to be in trouble in court in a few days' time...
The Gentoo Project has had one of its servers compromised as well - one of the rsync.gentoo.org servers was cracked with a remote exploit. The intrusion was detected one hour after it happeend and the machine is now offline and undergoing forensic analysis. This isn't a good month for Linux distributions.