Friday, January 31, 2014

Atlanta Snow AAR

Differ has a great one at his new blog digs, along with some outstanding analysis and tips for driving in the snow.  Recommended.

1300 miles and a World Age

1982, Jack in the snow.  And who was that devilishly handsome young man?


Yesterday, Wolfgang in the snow.  Alas, the devilishly handsome young man is no more.


Jack was a special dog, who occupies a special place in my memory.  I was sad when Little One-Eyed Dog died, but not like when Jack did.  That broke me up in a way, broke up so that it took twenty years to get another German Shepherd.  Jack and I shared a bond not often seen: he wasn't so much my dog, he was in a sense my four legged soul mate.  Wolfgang is not like that, which is a good thing.  It wouldn't be fair to expect him to be Jack, and I've found to my surprise that I don't expect him to be.

Alike, and yet not alike.

Today, it would have been nice to have Jack back, just for a short while.  But I wonder if Jack would have expected that devilishly handsome young man instead of me.  We're different, that youngster and me.

Like, and yet not alike.  In ways generally not agreeable to dwell upon.

Thanks to everyone who left a comment, to the ones who emailed, and even phoned (!).  Nobody's going into the ground, and so I don't need your shovels.  It's very nice indeed to have a group of friends like this, even if we are scattered to the four winds.  The wonder that is the Internet has made this possible, and the next time Mr. Gore is in town (he must have just been here for the snowstorm), I shall thank him for his most excellent Information Superhighway.

Would have been nice to have seen Jack today, though.  Some connections are not easy to replace.

I have something unpleasant to do today

A man knows that someday
there's always the end of the highway.
He knows what's before him,
he won't run away.
Because away is never far enough
and freedom's just a bluff ...
- Lowen and Navarro, Seven Bridges Home

I have something important to do today.  I expect it will be unpleasant, but hope for the best.  I reach down into the depths of my soul and find Dan Rather whispering "Courage". Okay, then.

The past is a deep weight on the present.  John Prebble looks at the later day transnational fascists (sorry, sorry: socialists) in Europe and their utter failure to address basic social cohesion needs:
Transnational progressivism focuses on groups rather than individuals, which means that the individual who doesn’t toe the line of the group is an outcast. Isn’t this just the infamous 1950s conformism all over again?

...

Demanding that immigrants not assimilate has not worked well for either women or gays in immigrant communities. Enough said.
I Want A New Left repeatedly makes powerful arguments (from an honorable leftist position) that the modern State has failed society.  RTWT, which is a latter day j'accuse against the too-comfortable left: those who have like the ancient Bourbon monarchs, learned nothing and forgotten nothing.  The past weighs still on the present.
And it goes on like this forever
so don't ever feel alone.
The same old road that brought you here
crosses seven bridges home.
I posted on this topic a long, long time ago.  The Seven Bridges have led the European Elites back to where they started, nearly a century ago:
The system worked well at the beginning: the French still look back wistfully at the Trente Glorieuses, the years of rapid economic expansion through the 1970s. It's not surprising that after the collapse of the Soviet Union, the European Elites could foresee a time when a united Europe would eclipse the vulgar Americans. Populations were content to allow the elites to control their destiny, since incomes and living standards had been rising so fast, for so long.

That's been pretty much over for twenty years.

...

And now the wheels are starting to come off the EU bus. The PIIGS countries (Portugal, Italy, Ireland, Greece, and Spain) are in serious economic trouble, because the Euro is designed for the stronger economies of northern Europe. Interest rates and the resulting exchange rates are optimized for the industrial economies of Germany, Benelux, and to a lesser extent, France. This has depressed growth (and consequently increased government deficits) in the PIIGS region. They have, unsurprisingly, demanded subsidies from the wealthier northern states. As long as the northern economies were performing - and especially while a real estate bubble in Tuscany, Andalucia, the Algarve, and Greece drove huge amounts of cash south - the elites could keep this crack papered over.

That's done now, and it's hard to see it coming back. The subsidies required to defer a financial collapse and default are the better part of a Trillion dollars, just for Greece. Guess who pays?

You simply cannot look at this situation without a voice in the back of your head whispering die deutsche volk. Nationalism horrifies the elites, but nationalism feeds on an external enemy (or irritation), and the German people have every right to be steamed right now. One of the two key differences between Transnational Progressivism and Fascism is creaking.

And it's going to get worse.
Past is prologue, in Europe as it well may be for me today.  I hope not, for them and for me.  But he knows what's before him; he won't run away.  That weight must be borne .

I'm taking today off, because I'll be distracted in a way that I haven't been at work for, well, ever.  I usually queue up posts the night before, as this is being typed.  Not sure if there will be more posts today or not.
Now life's sometimes a battle.
You just try to get what you're after:
a world full of stories you won't live to tell.
But going on is all we know,
like rivers always flow.
It seems the Years go by so fast
while the Days go by so slow.
You know which way you're going by which side of the road you're on. Hope I'm on the right side.  Europe, too. 

Alas, confidence is not high.  Oh well, could be worse.  Maybe Peter is right.

Thursday, January 30, 2014

Nine Below Zero - Riding On The L&N

It's been cold all over, so here's Nine Below Zero to heat things up.  It really starts cooking a couple minutes in.



Where I come from this is called "Southern Rock", but maybe that doesn't play so well in Europe.  From the South of England, maybe?  Sussex?

Cunning, that

One of the problems with playing "defensive security" (as opposed to "offensive security" a.k.a. hacking) is that people play too nicely.  That may be changing:
Together with Thomas Ristenpart of the University of Wisconsin, [Ari Juels] has developed a new encryption system with a devious streak. It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data.
This would be a neat addition to Stegonography tools.

Life speaks in its Outdoors Voice

Damn.

A red day

Today is pretty stunning in just how many famous people came to a sudden end.

Sir Everard Digby, member of Guy Fawkes' Gunpowder Plot was executed for High Treason on this day in 1606.  

English King Charles I mounted the scaffold of the regicides on this day in 1649.

Turnabout is fair play, I guess, as the corpse of chief regicide Oliver Cromwell was dug up to be ritually executed two years later.

The 47 Ronin avenged their master on this day in 1703.

On this day in 1945 the liner Wilhelm Gustloff was torpedoed and sunk by the Russians.  The ship was packed with nearly 10,000 refugees from East Prussia; 9,500 perished in the worst maritime disaster in history - more than six times the death toll of the Titanic.

Gandhi was assassinated on this day in 1948.

That's quite a list.  Rather an inauspicious day.




Angry Birds gets hacked


The latest Snowden revelations showed that popular apps "leak" sensitive information, and that the NSA snarfs all that up.  This didn't sit too well with the hacker community:
Angrybirds.com became "Spying Birds" as a result of the defacement (Zone-h mirror here). Rovio has confirmed the defacement, the International Business Times reports.

The ‪Angrybirds.com ‬website was back to normal by Wednesday morning. The defacement, which Zone-h has yet to confirm is genuine, must have been brief. Defacing a website is an act more akin to scrawling graffiti on a billboard put up by a company than breaking into its premises and ransacking its files.

...

Files leaked by NSA whistleblower Edward Snowden showed the NSA and GCHQ were slurping data from smartphone apps to harvest all manner of personal information from world+dog. This information includes users' locations, their political beliefs and even their sexual preferences. ‪

Angrybirds.com ‬was used as a "case study" in the leaked files, hence the hackers' focus on Rovio – even though a great number of smartphone apps from other developers are involved in the dragnet surveillance program.
It's very interesting to see how companies are being punished by customers, the security community, and the hacker community for anything related to the NSA.  Rovio almost certainly had no idea that the NSA would exploit their shoddy code - i.e. they're the victims here.  It didn't matter: they were collaborators, at least until they could get their web server back in order.

The NSA is radioactive to anyone who's not bought and paid for.  It's very likely that the next year or two will see a segmenting of the tech market into "Collaborators" and "Non-collaborators".  The Collaborators will cluster in government services, and the rest will be everyone not taking the King's Shilling.

Interesting times.  And we wouldn't know any of this without Mr. Snowden.  I hope he wins that Nobel Peace Prize.

Wednesday, January 29, 2014

Chet Baker - Almost blue


And then I said ....

"Hey baby, want to exchange public keys?"


The Winter Olympics meet Soviet Propaganda Art meet American Pinup Girls

It works really, really well:


It's the brainchild of a Russian artist:
When a young illustrator from Moscow, Andrei Tarusov, decided to picture how the Winter Olympics might have looked in the old USSR if the erstwhile Soviet government hadn't been so zealous in suppressing the sexuality of its citizens, he let his imagination run wild.
The result was an off-the-wall calendar that creatively combined Soviet propaganda poster art with vintage American pin-ups: scantily clad retro-babes in classic pin-up poses but with Soviet enthusiastic fire in their eyes, engaging in winter sports with athletic equipment from the 1940s and 1950s. The pictures were accompanied by rhymed slogans, written by the artist's friend in the traditional propagandistic style with a new, ironic twist.
- See more at: http://thepeoplescube.com/peoples-blog/soviet-posters-american-pin-ups-2014-olympics-calendar-t12954.html#sthash.wEHtzLac.dpuf

When a young illustrator from Moscow, Andrei Tarusov, decided to picture how the Winter Olympics might have looked in the old USSR if the erstwhile Soviet government hadn't been so zealous in suppressing the sexuality of its citizens, he let his imagination run wild.

The result was an off-the-wall calendar that creatively combined Soviet propaganda poster art with vintage American pin-ups: scantily clad retro-babes in classic pin-up poses but with Soviet enthusiastic fire in their eyes, engaging in winter sports with athletic equipment from the 1940s and 1950s. The pictures were accompanied by rhymed slogans, written by the artist's friend in the traditional propagandistic style with a new, ironic twist.
I will leave it to Uncle Jay to tell us how well this reflects the, ahem, enthusiastic fire on display in the eyes of the lady Comrades in Sochi.

Irony is a bitch

People mostly ignore the professional Environmental movement as a major catalyst for globalization and off-shoring manufacturing.  While it would be nice to think that they aren't as shallow as "pollution out of sight, pollution out of mind" they very well may be exactly that.

So after sacrificing millions of good paying manufacturing jobs to reduce pollution in the USA, what do we see?  Asian pollution making our air quality worse:


Well done Greens - people out of work, poverty up, income inequality up, pollution up.  That's a four bagger, right there.  But well done on a perfectly executed class war, you SWPLs.

Atlanta's Snowpocalypse

A little dusting of snow makes everything into a winter wonderland, right?


Especially a cute southern town, right?


Nazzo fast:


That's the main drag through town.  A neighbor took 3 1/2 hours to drive the 6.5 miles from Alpharetta.  I pushed the car of a grandmother who had picked her grandkids up in Alpharetta six hours earlier; they were trying to make it to Marietta, another six miles or so.


Note to gun grabbers in Yankeeland: nobody pulled his heater at the intersection and went all Rambo.  As a matter of fact, people banded together, giving each other rides and pushing cars up frozen hills.  My neighbor spent 3 hours warning drivers not to turn down a main cut-through street because a hill was frozen and nobody could get up it.

Of course, the News is all over the baby that was born in the traffic jam on I-285.  Mom and daughter are doing fine, and no doubt will look back on this as a story to tell in the future.  I didn't see that but did see the Roswell Police Department dispatch a Humvee to take kids stranded on a schoolbus home..  Didn't know they had a Humvee, but actually don't think it's a bad idea.  At least, if it's not up armored.

And the punchline?  There wasn't that much snow.


That's the view of the Camp Borepatch Observation Deck.  Maybe two inches of snow.  Maybe.  Me, I have no problem getting around in the Jeep in 2" of snow.  I do have a lot of trouble getting around in Atlanta traffic with 2" of snow.

Everybody keep safe out there.

UPDATE 29 January 2014 13:34: Seen on Facebook, the real cause of the traffic panic:

Tuesday, January 28, 2014

Snowmageddon





But Mac McGee's pub has Beef and Guinness stew.

- Posted using BlogPress from my iPhone

BBC: UK.Gov Met office forecasts too warm in 13 of last 14 years

Damn BBC doesn't realize that THE SCIENCE IS SETTLED!!!!
It means that so far this century, of 14 yearly headline predictions made by the Met Office Hadley centre, 13 have been too warm.

It’s worth stressing that all the incorrect predictions are within the stated margin of error, but having said that, they have all been on the warm side and none have been too cold.

The 2013 global temperature also means that the Met Office’s projection that half the years between 2010 and 2015 would be hotter than the hottest year on record (which on the HADCRUT measure was in 1998), issued around the time of the Copenhagen climate conference in 2009, is already incorrect.
Settled, I say.  Damn Met Office* deniers.
The Met Office believe one of the reasons for this ‘warm bias’ in their annual global projections is the lack of observational data in the Arctic circle, which has been the fastest warming area on earth.
OK, now is it settled?
They also suggest another reason why the global surface temperature is falling short of their projections is because some of the heat is being absorbed in the ocean beneath the surface.
There.  All better.  Because Science®!  And shut up, Denier.

* "Met Office" = "Meteorological Office", the official UK.Gov weather bureau.

Ah, the Southland in the (almost) springtime

I always notices the first hint of springtime about mid February down here.  Not looking like that today.


Camp Borepatch is in that little clear patch east of Marietta.  No snow yet, but it looks like we're fixin' to get some.  They're calling for an inch or two, so not much, and I can get through that in the Jeep like it wasn't even there.  But I'm scared to death of Georgia drivers in the snow.

New Windows malware infects Android devices sync'ed to the PC

Oh, goody:
Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets.

The Droidpak mobile banking trojan exploits syncing between smartphones and Windows PCs to jump from a compromised PC onto an Android device.

The Windows Trojan downloads a malicious .APK file (an Android application) onto an infected computer. The malware also downloads a command line Android Debug Bridge (ADB) tool, a utility that allows the malicious code to execute commands on Android devices connected to an infected computer.

ADB is a legitimate utility that's part of the official Android software development kit.
This is a pretty neat trick that they pulled off.  Let me emphasize once again that you do not want to bank from your phoneEver.

Monday, January 27, 2014

Busy

I met fellow blogger JP who not only is a photographer, but is an Internet Security geek as well.  A most enjoyable evening of security geekery ensued.

The Internet is a most strange and marvellous thing.

230 years of climate data: sometimes it gets warmer, sometimes it gets colder

Shocking:

Picked up from: http://www.metoffice.gov.uk/hadobs/hadcet/graphs/HadCET_graph_ylybars_uptodate.gif
via this page: http://www.metoffice.gov.uk/hadobs/hadcet/
About 1/3 to 1/4 C from the “normal” line and dropping like a stone. Looks like the “modern optimum” is rapidly headed back to “typical English weather” with the potential to overshoot into “Damn Cold” Real Soon Now. The recent ‘warm lobe’ is not significant in size or duration compared to the past ‘cold lobes’. All in all, normal random walk ranges, IMHO.

Gonna be a damn PITA for the Global Warming folks to explain why after all that warming, the CET is ‘normal’ and plunging. Couldn’t happen to a nicer set of folks…
This looks like the inverse of the 1880s, which was rapid cooling followed by rapid warming.

Go back to the shadows, flame of Curtis Lamay

Srlsy.  Major geek points for clicking the link, but you'll understand it when you read it.  Would that Peter Jackson had that sort of subtlety.

The grid is more fragile than most people expect

The problem with success is that it ultimately becomes invisible.  Electric power generation and distribution is one of the stunning achievements of the last 100 years, and the success has been so complete that most people simply don't even think about how it works.  They flick the switch, and 99.99% of the time lights come on.

They should think about it, because it's not magic, it's engineering.  Engineering is a demanding mistress, and the most important thing to know about it is the need to over-engineer highly reliable systems.  We did that with the power grid, and it worked spectacularly well, to the point that it's now invisible.

That invisibility has led to a series of changes, some in the name of "efficiency" ("It costs us how much to do this?!") and some in the name of political philosophy ("Green" power, which typically is nothing of the sort).  Al Fin (of course) has the go-to reference on the grid's fragility:
It is important to understand that demand for electricity is constantly changing, in an unpredictable manner. This changing demand causes fluctuations in grid voltage, frequency, and power quality. If the grid cannot respond to these fluctuations in a timely manner, the grid is at risk of going down.

As governments mandate the increased injection of expensive non-dispatchable intermittent unreliable low quality power into the delicately balanced power grids — upon which modern societies are perched — they are playing risky games with the lives of ordinary citizens.
Non-dispatchable means that you can't bring the source on-line when you need it.  Natural Gas generation plants excel at this like nothing else, and fracking means that (assuming that fracking remains legal) there's hope for the future.  Coal plants are much less so, as they are basically a World War I Battleship energy plant scaled up: coal fired steam boilers.  It takes some time to bring up a head of steam, as the Admirals of old discovered.  That remains true today.

Germany has shuttered most of its nuclear plants in the wake of the Fukushima tsunami.  Ignoring that tsunamis are as rare as hen's teeth in Deutschland, this means that a dispatchable power source (pull the rods for instantaneous power) has been replaced with a non-dispatchable source (coal or, God forbid, wind).  The engineering implication for the Fatherland's power grid is not favorable.  Al Fin explains:
Wind farms claim capacity factors of close to 30%, but the actual experience in Denmark is closer to 15% or less. In other words, you need 7 times as many wind turbines as you think, to achieve the nameplate power capacity under fair wind conditions. Until the turbines break down. Or the wind stops blowing. Then you can only hope that the coal, nuclear, or gas plants that you hate so much, are still capable of operating. If your government’s energy policies have forced the “backups” to shut down, you are in big trouble.

...

If your government is pushing intermittent unreliable forms of energy onto your power grids, you had better prepare for blackouts and cascading grid failures.

If your government is pushing vulenerable “smart grid” technology, prepare for hackers to shut down your power for fun, or for political reasons.
Yup.  Especially that last point.  Especially that.  And riddle me this, Green Power Man: name the people who benefit from rolling blackouts in Germany.  Extra points for you (no doubt a Capitalism hater) if you said "Siemens corporation".  But the list doesn't end there, it begins there.  And it's not short.  Al Fin sums up:
You don’t need an electromagnetic pulse catastrophe to throw your society back into the middle ages. Normal government policy can accomplish the same thing, given enough time.

There is no need to invent a conspiracy for something that basic corruption and incompetence in government can achieve as easily.
Of course, since the Government is run by Philosopher Kings, this is low risk.  After all, Philosopher Kings like Dick Cheney and George W. Bush would never ascend to the throne of power, would they Green Power Man?

Oh, wait.

Sunday, January 26, 2014

Willie Nelson and Ray Charles - Seven Spanish Angels

Maybe nobody does sad like Emmylou, but Willie and Ray sure come close.


Fried chicken on waffles

Winter is comfort food weather, and you don't get much more comfort in your food than this.  I had never run across this until I moved to the South, but that's almost enough reason to make the move just by itself.

Step 1: fry the chicken.  I'd post the recipe but I already did.  I much prefer pan fried, not deep fried - this by itself is reason enough to get a cast iron skillet.  One difference between the recipe I linked to and what I'm doing today is that I got a frozen bag of boneless chicken breasts.  One large portion per person is plenty, but a chicken only comes with two breasts.  You want boneless for this, so be prepared.

Step 2: make waffles.  I'm putting the kids to work doing this, while I fry the bird.

Step 3: Put the chicken on the waffles, cover with maple syrup (real maple syrup, or we can't be friends anymore).  I like some hot sauce as well, but that's me.

And a Sauvignon Blanc goes nicely with this if you're using hot sauce, otherwise you might consider a modest Chardonnay.

UPDATE 1/26/2014 19:42: Man, that's good. Need to find a hot sauce better than Tabasco, though.  Not much in the flavor department.  Anyone have any recommendations?

53° means just one thing


Not as warm as when I took that picture.  But as I brought Wolfgang back from the dog park sumdood rode past on his Harley.  So bundle up, cupcake.

Happy Australia Day






To our mates down under.

Percy Grainger - Lullaby from "Tribute to Foster"

Today is Australia Day, and so today's music is from Australia's most famous composer, Percy Grainger.  There's nothing particularly recognizable as "Australian" in his music, just as there's nothing recognizably American in most composers from these shores.



Grainger's biggest contribution to music was to popularize the use of folk song melodies, as did Edvard Grieg and Ralph Vaughan Williams.  This is his most famous composition - so famous that it's used in the oddest sort of TV shows.


Saturday, January 25, 2014

Emmylou Harris - Goodbye

Nobody sings sad like Emmylou, except maybe Mary Chapin Carpenter.  And MCC wrote all of her songs, so she missed this one from Steve Earle.


Just how dangerous is climate change?

It's so dangerous that the Antarctic expedition "Ship Of Fools" that had to be rescued from record summer ice is being charged by the Australian Government for the full cost of the rescue operation:
THE Federal Government will seek the full costs incurred during the recovery effort to save the MV Akademik Shokalskiy.

Federal Environment Minister Greg Hunt yesterday said costs, estimated at about $2.4 million, would be sought from the insurer of the operators of the vessel.

Battle begins over Antarctic rescue bill

The MV Akademik Shokalskiy, chartered by the University of NSW-associated Australasian Antarctic Expedition to retrace the steps of explorer Sir Douglas Mawson, became stuck in thick sea ice on Christmas Eve.

The 52 passengers were rescued by the Aurora Australis on January 2.

Mr Hunt said the Commonwealth would seek compensation for the recovery effort.
Heh.

Friday, January 24, 2014

Heh


Captain Obvious, secure call on line 3

The TOR network has been compromised:
Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit.

The "spoiled onions," as the researchers from Karlstad University in Sweden dubbed the bad actors, were among the 1,000 or so volunteer computers that typically made up the final nodes that exited the Tor—short for The Onion Router—network at any given time in recent months. Because these exit relays act as a bridge between the encrypted Tor network and the open Internet, the egressing traffic is decrypted as it leaves. That means operators of these servers can see traffic as it was sent by the end user. Any data the end user sent unencrypted, as well as the destinations of servers receiving or responding to data passed between an end user and server, can be monitored—and potentially modified—by malicious volunteers. Privacy advocates have long acknowledged the possibility that the National Security Agency and spy agencies across the world operate such rogue exit nodes.
It's been widely recognized that State Actors are running malicious TOR exit nodes.  The only thing interesting is that they've been able to identify some specific nodes.

Stay careful out there, and remember that there are other secure ways of passing data.

Human Resources departments: hurting the company's security?

With tens of thousands of unfilled computer and network security positions, the hiring process itself may be a major impediment:
Further up the chain, getting through the hiring filters can be a struggle. Tipton and Kerby both agreed that the traditional human resources process, through which applicants typically are sorted, might not work so well when it comes to cybersecurity hiring.

"Today all the applications are filtered by keywords and reviewed by people who don't necessarily understand what the mission is. If you don't understand what the mission is, how do you find the right person for the job?" Kerby said. "When I was hiring, I used to sit down with a candidate and tell them, I'm going to ask you 20 questions. Here's the 20 questions; it's not a pop quiz. There are no right or wrong answers. By the end of those 20 questions, chances were I knew whether that person was right for the job, but more importantly that person knew whether the job was right for them. You can't know, whether you're the manager or the candidate, if someone is right for the mission until you sit down with them and figure out what makes them tick. And that's hard to do when you're talking about huge numbers of workers and positions."
This is from Federal Computing Week, so it's focused on the Government process.  I think that the Fed.Gov could do some significant good by instituting a German-style apprenticeship program in cyber security.

Remember, if you're looking to make a career change, you can do a lot of this on your own.

Apologies to people who have emailed

I'm a month behind on answering.  Between work and home life, I'm pretty well exhausted by evening - exhausted both physically and mentally.  I type this at 20:45 last night, and I'm settled in to bed already.  I'll listen to Squirrel Report and then hit the lights.

I didn't used to be this boring ...

So please don't take it personally.

Thursday, January 23, 2014

How to make Aquaman less useless


Scientists plan peer-reviewed journal skeptical of Global Warming, hilarity ensues

And by "hilarity", I mean the Journal has been terminated:
In extraordinary news, the scientific journal Pattern Recognition in Physics has been unexpectedly terminated, a “drastic decision” taken just ten months after it started.

The publisher appears to be shocked that in a recent special issue the scientists expressed doubt about the accelerated warming predicted by the IPCC. For the crime of not bowing before the sacred tabernacle, apparently the publishers suddenly felt the need to distance themselves, and in the most over-the-top way. The reasons they gave had nothing to do with the data, the logic, and they cite no errors. There can be no mistake, this is about enforcing a permitted line of thought.

I must say, it’s a brilliant (if a tad expensive) way to draw attention to a scientific paper. It’s the Barbara-Streisland moment in science. Forget “withdrawn”, forget “retracted”, the new line in the sand is to write a paper so hot they have to terminate the whole journal! Skeptics could hardly come up with a more electric publicity campaign.
You will not publish these ThoughtCrimes, citizen.  You will not think these Unapproved Thoughts™

I keep thinking that we've hit bottom, and that I can't be shocked any more at the degraded state of climate science.  Sadly, I keep finding that I'm mistaken.

On this day in 1879

Image via Wikipedia
The battle of Roarke's Drift ended in a blaze of Martini-Henry smoke as 156 desperate British soldiers showed what fortified positions and brass cartridges could accomplish against thousands of attackers armed with spear and shield. 

Valor was present in overwhelming numbers on both sides that day.  Eleven Victoria Crosses were won that day.  In that day the VC was not awarded posthumously, and so the count would have been higher. This was the most number of those awards won - purchased with blood, really - by a single Regiment in a single action in the history of the Royal Army.  The final assault was immortalized in the 1964 film Zulu.



This film could never be made today, more's the pity.

Wednesday, January 22, 2014

Blues Brothers mall chase scene in Lego

You're welcome.


Deer are criminals

They are guilty of being filled with yummy meat.  This one has started its criminal career at a young age.


Why yes.  Please come with me into the kitchen ...

Regarding Obama's NSA "reform" speech

People aren't impressed:

Fundamental to all of the problems surrounding NSA spying is the fact that the government’s notorious secrecy shields it from any sort of meaningful oversight or accountability. This appears, among other places, in the overclassification of documents that should not actually be secret, in the executive branch’s ruthless campaign against whistleblowers, and in its continued abuse of the “state secrets” privilege in the courtroom. Obama could have announced changes to these secrecy standards, embracing transparency as a default, and making some good on his now laughable election promise to be “the most transparent administration in history.” Instead we got nothing.
El Reg fisks the speech for you.

The transparency and oversight issues are perhaps the most important, and I'm unconvinced that the improvements will be substantial; certainly agencies hate oversight and will work to undermine them, and we're starting from a very bad spot:
This morning I spent an hour in a closed room with six Members of Congress: Rep. Lofgren, Rep. Sensenbrenner, Rep. Scott, Rep. Goodlatte, Rep Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn't forthcoming about their activities, and they wanted me -- as someone with access to the Snowden documents -- to explain to them what the NSA was doing. Of course I'm not going to give details on the meeting, except to say that it was candid and interesting. And that it's extremely freaky that Congress has such a difficult time getting information out of the NSA that they have to ask me.
The idea that multiple congressmen need to ask an outsider for a classified briefing on what the NSA is doing, because NSA won't tell them, says everything that you need to know about oversight.

Fever chills

Yesterday it was Fever Chills 1, Borepatch 0.  I guess I'll try to even the score today.

Monday, January 20, 2014

This just in

It's a pain always having to be a Grown Up. It's times like this that I hear friend Burt telling me to get that damn motorcycle. And I hear Uncle Jay tell me he'll use his new found Russian "persuasion" techniques to "suggest" I need to get that damn bike.

Opus 8000

In the five and a half years I've been blogging, I've put up 8000 posts.  It seems that I'm quite the Chatty Cathy.  No idea how many words this is, but a rough estimate is maybe one and three quarter million.

Yikes.

The "Get Out Of Prison Camp Free" card

Rick emails to point out this incredible story:
Monopoly was more than a game for many World War II POWs, who used tools hidden in the boxed sets to help them escape. The story's been told before, but Christian Donland at Eurogamer looks deeply into the life of a high-strung, eccentric British intelligence officer named Clayton Hutton, who designed the escape tools and had them shipped to POWs in Monopoly games. The boxes arrived from phony charities with clues in their letterhead, like the Biblical lines, "Ask and it shall be given you; seek and ye shall find; knock and it shall be opened unto you." POWs could also spot them by the red dot on the Free Parking space, notes the Atlantic. Inside, they found shears, metal files, a silk escape map, mini-compass, and money in the local currency.
Nobody knows just how many escaped using these, but it's a very cool story.

The dynamic of l'affair Duck Dynasty

There's a very interesting analysis of the true roots of the Duck Dynasty brouhah:
As was the case with such earlier TV shows as Beverly Hillbillies, Green Acres, andPetticoat Junction, as well as NPR’s long-running Prairie Home Companion, A&E was seeking an entertainment show portraying Middle America as “hickville” in order to get people to disparage and laugh at those who do not subscribe to “progressive” culture (social liberalism achieved and policed through bullying and government mandates). What A&E was not expecting is that instead of the audience laughing at a self-described “bunch of rednecks from Louisiana,” the 14.6 million who view the program each week have been laughing with the Robertson’s at the hypocrisy, foolishness, and tyranny of “progressive” elites. As CNN’s Ruben Navarrette has duly commented, “The reason that ‘Duck Dynasty’ is on television is to make liberal studio executives at A&E, and parent company Disney, feel superior, while making big profits for the studio.  The Robertson’s are on television so that people in New York and Los Angeles—the kind of folks who refer to anyplace in between as ‘flyover country’—can feel progressive and enlightened by comparing themselves to simple country folks in Louisiana who, according to the elites, are neither. (And can make lots of money doing so.)”
Quite frankly, in Hollywood it's often quite difficult to tell which is more important, the money or the feeling of superiority.  I'd also point out that Beverly Hillbillies, Green Acres, and Petticoat Junction were all wildly popular, and were all cancelled despite that popularity in the "Rural Purge" in the early 1970s.  Also cancelled were The Andy Griffith Show, Mr. Ed, Lassie, and Hee Haw.  The result was the explosion of syndication, with the newly created cable TV networks snapping up rights (and viewers).

Read the whole thing, which gives a quite good summary of the situation and which reminded me that the attitudes of Hollywood have been set for a generation or more.

Sunday, January 19, 2014

Does anyone make any money on blog ads?

I've resisted putting up blog ads here because I don't want to annoy you, gentle reader.  However, the traffic here has been ramping up (thank you, gentle reader) and when Captain Capitalism was here he said that I should make the jump.

And alas for my stoutness of heart, it might pay for the better part of a motorcycle.  Sigh - I'm a bit chastened to see just how low is the price for my principles ...

And so, gentle reader - do you care if I put ads up?  Also, if anyone is actually making some money on their blog ads, please shoot me an email.

People aren't hacking refrigerators (probably)

I was lazy yesterday and didn't post on the big security news that a bunch of you emailed about.  A security research company says that smart TVs and refrigerators have been hacked and turned into a spam botnet:
Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator.
Yes, a fridge.

This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.
Here's the press release on the situation:
Proofpoint, Inc., (NASDAQ: PFPT), a leading security-as-a-service provider, has uncovered what may be the first proven Internet of Things (IoT)-based cyberattack involving conventional household "smart" appliances. The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.

...

The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.
Color me skeptical.  Certainly this is theoretically possible, and I've posted before on the security dangers of "the Internet of Things".  Without doubt these smart devices are a sucking chest wound of security fail, and are indeed a target rich environment.

So why am I skeptical?  It starts off with security-by-press-release, which I've seen more than once before in my career.  Most of these are all sizzle, no steak, the product of media attention whoring that is sadly evergreen in my business.

But maybe Proofpoint is above boards (although I've never heard of them before; strike two).  There is a dismaying lack of technical information from them - a lack of proof points, if you will.  Solid security researchers provide lots of proof, and with malware incidents this proof usually includes code recovered from infected systems and IRC logs from the command and control channel.  It doesn't seem that there's any of this available.

But the biggest reason why I'm unconvinced is because of the way that most people set up their home networks.  You call your Cable company and they ship you a home router.  You plug it into the cable (or the nice Installer does it for you), and presto - instant Internet.

What's important is that things are set up by the Cable company, and you have only one IP address.  That address is shared by all of the devices in the house.  Here at Camp Borepatch, we have a lot of devices (maybe 20) all using the same address.  That's all handled by Network Address Translation (NAT) done in the cable box.

That works great when everything connects out to the Internet; it's lousy when things on the 'Net want to connect in, and you have to jump through some decently complicated technical hoops to make that happen.  The punchline: almost nobody does.

So what I'm not at all sure about is how a refrigerator (using WiFi to the cable router which does a NAT translation when the fridge connects to the 'Net) - how is that fridge reached by the Evil Bad Guy to infect it?  Assume that the fridge is a sucking chest wound of security fail.  That fail is all hidden behind the NAT translation which is effectively a diode (a one way gate) - things go out but nothing comes in.

And by "hidden", I mean hidden.  You can test this for yourself right now, by running a security scan to see what's seeable from the Internet.  Gibson Research (which has been around for a long time) has a free port scanner called Shields Up that will tell you if the Evil Bad Guys can see anything in your house.  You should see something like this, which is Camp Borepatch's electronic secure perimeter:

Green is good, and red is bad, right?  More importantly is why green is good - when the scanner tries to connect to a port, the cable router doesn't send any answer at all.  There's no way to tell whether the IP address isn't answering, or if there's nothing at that IP address at all.

And so, how do you get malware down to that refrigerator?  Like they say up in Maine, you can't get theah from heah.

This isn't discussed in Proofpoint's presser.  And so I simply don't put much credence in it.  Did they see malware generated emails?  I have no doubt about that.  Do I think that they know enough to tell whether it came from a refrigerator of a plain old infected PC?  I reserve judgement on that, waiting for more (and more compelling) information. Bottom line, this smells of too much hype: all sizzle, no steak. 

Your mileage may vary, void where prohibited, do not remove tag under penalty of law.

P.S. I'm not the only one who is skeptical.

Ferdinand Hérold ~ Piano Concerto No. 3 in A major

Image via la Wik
The Nineteenth Century was the golden age of Classical music.  A revolution of lyricism had swept away the older, more mathematical style of Bach and even Mozart.  Now music was expected to connect with the emotions, a shift in appeal from left brain to right brain that's never been reversed.

Beethoven is best known as the flag bearer of this revolution at the very beginning of the century.  He famously tore up the dedication for his Third Symphony - originally an homage to Napoleon - when he found that the First Consul had crowned himself Emperor.  That fixes the date nicely for musicologists.

But Beethoven was by no means alone. Ferdinand Hérold who dies young from tuberculosis on this day in 1833 is one of the most lyrical composers of that most lyrical age.  He, too, composed for the Napoleon family, and had to scramble to find new patrons after 1815.  But find them he did, and one can only wonder what marvellous music he would have composed had be not been struck down in his prime.


Saturday, January 18, 2014

Friday, January 17, 2014

Actually, it is beer o'clock




- Posted using BlogPress from my iPhone

Healthcare.gov security "shameful"

I don't know that I agree that Kevin Mitnick is the "World's Greatest Hacker" but there's no doubt that he knows what he's talking about:
Security expert -- and once the world's most-wanted cyber criminal -- Kevin Mitnick submitted a scathing criticism to a House panel Thursday of ObamaCare's Healthcare.gov website, calling the protections built into the site "shameful" and "minimal."

In a letter submitted as testimony to the House Science, Space and Technology Committee, Mitnick wrote: "It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise."

...

Mitnick concluded that, "After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Healthcare.gov Website, it's clear that the management team did not consider security as a priority."
Gee, ya think?
His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described "white hat hacker," meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on Healthcare.gov.

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said "indeed, it's getting worse," telling the panel that he and other experts have seen little improvement in the past two months.
Nothing got fixed in two months.  I guess that shows that security isn't a priority.  And this isn't cherry picking.  The Gaijin emails to point this bit of sleight-of-hand:
Hermansen discovered a vulnerability that would allow someone to take over another person’s account on the California site, and review or change the information entered there. He tried contacting Covered California “at least 15 times” by email, phone or chat about the problem, but got no response for over a month. “They must have been overwhelmed by people seeking help with the site,” he said.
Maybe security wasn't a priority?
On December 24, he finally got through by phone to a Covered California representative and he explained the issues he’d found, but they remained unfixed and he didn’t hear back from them. Given that it was Christmas, that’s not terribly surprising. But Hermansen, frustrated that the flaw had been out there for over a month already, decided two days later to release a video of the exploit to YouTube and posted it to a security sub-Reddit. That got the attention of a Covered California lawyer who contacted him to take the video down, and also flagged it with YouTube; it was soon removed.
Better security via public humiliation ...
Hermansen then spoke by phone to the lawyer and a chief security person. “They were not interested in talking about the security issues but about getting the video or any other online mention of the flaw taken down,” he said. Hermansen contacted Forbes at the beginning of January.
...
“They didn’t want a conversation about how to fix it,” he said. “They were defensive about the site. I didn’t put the vulnerabilities in your site. I’m just shining light on it.”
RTWT, including the bit about the visit from the FBI.

Relax, Citizen.  All is well.  In fact, all is for the best, in the best of all possible worlds.  Can't wait for Democrats to push Single Payer.

R.I.P., Professor


The soul-crushing bureaucracy of Britain's National Health Service

We're told by the Right Sort Of People® that we need to be more like Europe.  Obamacare is shaping up to be a disaster, and so all the Right Sort Of People® who told us it was all going to be awesome are now saying that of course, what we really need is "Single Payer".  Because that would make us just like Europe.

Oooh kaaay, so how's that going to work out for us in the future, say, fifty years from now?  Well, how's that working out for Europe?  How's Britain's NHS doing, 60 years after its founding?

How about we ask a UK NHS Doctor for his opinion?
I still do work for the National Health Service (NHS), although not full time. Over the years, and especially the last few years, it has become an increasingly depressing, target driven, soulless place. When I re-read [George Orwell's] 1984 recently, virtually every page resonated with the type of management nonsense that rains down upon us each day. Particularly the way that language is distorted into meaningless ‘party’ slogans.

...

One thing that particularly sticks in my craw, are the pictures of happy staff members that adorn various PR brochures.

...

When I opened it, I found that this was a brochure informing all nurses, and doctors, that we would have to pay considerably more money into our pensions. In addition, we were going to receive a much lower pension, at a greater age, than we had been told we were getting in the past. Oh joy, oh joy.

I would have said the picture on the front cover was ironic, but NHS management do not do irony. We are continually exhorted, in a ‘Unite workers of the Soviet Union’ sort of a way, to be smiling and happy in our glorious tractor factory. A frowning worker is a worker who clearly does not love the party with sufficient fervour. A frowning workers needs re-education.
It sounds like the Good Doctor is an Enemy Of The State™ and needs a dose of re-education, good and hard.  So what did he think he was getting in to, anyway?
I wanted to help old people
I got frailty assessments on incomplete information

...

I wanted to diagnose the cause of acute confusional states
I got dementia screening on frightened old people at 3am

...

I wanted role models to inspire me
I got multi-source feedback forms

I wanted to teach the next generation
I got work based assessment emails

...

I wanted to keep people alive, safe and comfortable
I got the four hour target, breach reports, and observation wards to fudge the targets
But hey - this is Britain, right?  Can't expect them to be civilized, what?  Never happen here, old chap.  I mean, lesser breeds from lesser climes, what?  I say, it looks like your Pim's is empty - Bar Man, another round if you please?  Do be a dear ...

Thursday, January 16, 2014

Cab Calloway - Minnie The Moocher

From 1988, about ten years after I saw him in concert.  He was filling in for his friend, Duke Ellington who was in the illness that would finally take his life.  I had no idea who he was, but tickets were easy to get (Duke wasn't there, after all).  But this was when I was in the Chorus at State U (because that's where the Music Major chicks were, duh).  One of them dragged me to the concert.  It was awesome.  Cab had the house rocking to this.



And yes, that was the first time I saw the Moonwalk ...

Is it Friday yet?

No?  Dang.


It's Friday in Australia ...

The abyss stares back at you


Out of the void that is interstellar space comes sunlight:
Is the night sky darkest in the direction opposite the Sun? No. In fact, a rarely discernable faint glow known as the gegenschein (German for "counter glow") can be seen 180 degrees around from the Sun in an extremely dark sky. The gegenschein is sunlight back-scattered off small interplanetary dust particles. These dust particles are millimeter sized splinters from asteroids and orbit in the ecliptic plane of the planets. Pictured above from last year is one of the more spectacular pictures of the gegenschein yet taken. Here a deep exposure of an extremely dark sky over Las Campanas Observatory in Chile shows the gegenschein so clearly that even a surrounding glow is visible.
If you stare hard enough into the abyss, you will find that it stares back at you.
When I consider your heavens, the work of your fingers, the moon and the stars, which you have set in place, what is man that you are mindful of him, the son of man that you care for him?
- Psalm 8:3

Linux gaming

It's getting so popular that there are multiple games and Linux Gamer Grrls doing reviews.



And it will only get more so with SteamOS.


Wednesday, January 15, 2014

Linux Mint tour for Windows XP users

People have asked which Linux is best for XP users to upgrade to.  Your hardware is still fine but Microsoft is ending support for XP - Linux will let you keep your hardware running without spending a penny.  Granted, you don't have to spend a penny to keep XP, but you won't get any more security updates (and you know what that means for Windows).

And so here's Linux Mint, a very easy transition from XP.  The introduction:



The installation (go to Youtube if you want the video on setting up dual boot; my opinion is that dual boot is for Communists and farm animals, and you don't want to keep XP around - no security updates, right?).  Remember, you will have downloaded the Linux Mint 32 bit ISO to, say, a USB drive and double clicked the ISO:



What to do after installing:



Remember, it's minty fresh!  And Linux is magic!



A word to people still running on Windows XP

I know that you're out there:


Microsoft will not provide security fixes for XP after April.  That means that you will live in a Day Zero* world, forever.  So what to do, assuming that you don't want to throw away your computer (which is still working)?

Here's a thought: upgrade to Linux:
I decided it was time for me to let go. I gave Ubuntu 12.04 a shot. My computer felt modern again… except for that damn Unity UI. Why do all my apps have to be full screen? My netbook is not a tablet. And that Ubuntu Software Center is quite large and annoying. I dove in to a pile of configuration files to fix these problems and decided I got tired of fooling around with it. I stuck it out for a few months before giving up and giving Linux Mint 14 with Cinnamin a go, and now I am very happy. The only thing I needed to do post-install is get Google back in to my Firefox. A 5 minute fix. Not bad.

...

My Linux Mint experience has moved closer to my more expensive Mac experience, except Text Edit has been replaced with gedit. I actually like gedit better. It doesn’t scream at me to go to iCloud to just fiddle with a file. Also, “apt-get install” is vastly superior to launching the Mac Store.
apt-get install is the shiznit. There are GUI based install managers that will search for and find apps and then install them.  And you don't need antivirus.

Back to comparing with XP, the only slight drawback I see is that Paint.NET works better than Pinta, but I am willing to make that trade. With XP gone, I get modern memory management and a modern file system. Thanks to ext4, I no longer have to worry about defrag. I am pleased to let go of my virus scanner too.

My little Atom-powered 1 GB RAM netbook feels much faster.
My mainframe here at Camp Borepatch is an old Compaq dual core/2 GB RAM beast.  It's quite snappy on Linux, because it doesn't get cluttered up with defrag and indexer and all the other junk.  Every now and then I might have to kill the plugin-container because Flash is an abomination before the Lord, but that solves it - with Windows I'd have to reboot to clean up the memory leakage.  And dig this:
Ted@Borepatch:~$ uptime
  up 75 days, 9 min,  1 user,  load average: 0.95, 0.89, 0.89
Try that on Windows, suckas ...

Were I to install a new distro, I'd also go with Linux Mint (just back up your Windows data to USB before you upgrade).    Or you can buy a new computer.  Hey, it's your dough.

* A Day Zero security bug is a vulnerability that is discovered and announced (and typically exploited) before a fix is available.  It's the worst sort of security problem, because there's no way to defend yourself even if you want to.

UPDATE 15 January 2014 20:50: R. K. Brumbelow points out in the comments that Microsoft announced late this afternoon that they would extend the XP support window to next year.  You should still upgrade.  It's very unlikely that they will extend it again. The issue isn't going away.

UPDATE 15 January 21:18: The extended support is only for the Microsoft antivirus/antimalware.  The security patches stop in April 2014.  So you will in fact be living in a Day Zero world, relying on Microsoft antivirus to make it all OK after the Bad Guys pwn you longtime.  Start planning your move, whether it's free to Linux on your current hardware or to Windows 7/8 on new hardware.  Or to a Mac, if you're rolling in dough.

Lots of security patches for you

Yesterday saw a bumper crop of security patches from Microsoft, Adobe, and Oracle (Java).  Since of most of all y'all use these, you'll want to top up your security.  Remember, it's like changing the oil in your car - you can put it off, but if you put it off too long then bad things happen to you.

Windows is easiest.  Take Internet Explorer (you need it for this but shouldn't use it for anything else) to http:windowsupdate.microsoft.com.  Simples.  It's a once a month security oil change.

Adobe has important updates to Flash, which drives most video and a ton of ads.  The biggest risk you'll face is malware coming via ads, so go get the update.  Be careful with the update - Adobe packages a bunch of stuff with the patch (like McAfee's horrible Security Scan - not recommended), so pay attention and uncheck the bloatware options.  You'll probably have to install twice - once for the OS and once for your browser.

Adobe also has an update for Reader (the thing you use to read PDF files) that you want to get.  Malware has been embedded in PDFs for several years, so this is a credible threat vector.  Unfortunately, there's no good way to hotlink directly to the update, so go here and search for Reader.

Java has been a sucking chest wound of security fail for a while, and this month is no exception - there are 36 security updates (!).  If you haven't disabled Java in your browser (recommended) then you'll need the update because the Bad Guys are actively exploiting this.  The easiest way to get the update is via the Java Console. - just remember that this will also automatically include crapware (the Ask Toolbar), so make sure you uncheck the crapware boxes.

I will leave for another day the rant about using critical security updates to fob off bloatware on an unsuspecting public ...