Friday, September 17, 2021

Dad Joke CXIV

What superpower do you get when you become a parent?


Thursday, September 16, 2021

The wit and wisdom of Joe Biden


Seen on

Alternatives to College

Insty has been banging the drum lately on how young men are increasingly avoiding College.  You can't really blame them as it's a pretty hostile environment for men, and saddles most graduates with ruinous amounts of student debt.

But if you're bright, motivated, and hard working, there's a path to a six figure salary that will literally cost you only a few thousand dollars - plus a lot of self study time spent.  First, let's talk about the target and the opportunity.  The Bureau of Labor Statistics just published a study that highlights the fastest growing job fields through 2030:

That highlighted line?  Internet Security.  The good news?  Nobody cares where you went to school for your security degree, or even that you have a security degree.  What they care about are industry certifications.  You get the cert, you're in like flint.

Now there's a lot involved with getting the cert, 'natch.  I posted about this repeatedly over the years.  This is a good starting point, and from there you can click through to here which has a fairly detailed set of things to do, and here which is similar but different to the Borepatch Method.

In a nutshell, you can get a Cisco CCNA Exam Prep book for small money, read on your own in your evenings and spare time, take mock tests to make sure that you understand the material, and then take the real cert class for something like $1500.  This will qualify you for an entry level IT job, probably around $50k/year.  You continue with the next level higher certification, doing exactly the same as above.  When you get that you'll qualify for a higher paying job.

You'll get to the point where you're getting certified on ASA Firewall or the like, and then you're an Information Security Analysts.  With the cert, you apply for one of those BLS jobs.

They key, you have to spend a lot of your own time on this in self-study.  That's a pain, but you save all that dough you'd be spending on the Dirty Commies at the University.  Plus you don't have to put up with all the "Be less White and Male" nonsense that they'd make you take (and pay for).

I got an email recently from a reader who had read some of those old posts of mine (thanks, C.H.!).  He had found himself in a frustrating job and took this path.  How he's working in a Security Operations Center and pretty happy at where he got himself.

It's been a while since I'd posted this sort of thing, but this seems like a good time to remind our younger Gentlemen Readers (or our Old Fart readers who have sons or nephews) that there is an alternative to the College Mill.

Those cats were fast as lightening

Daily Time Waster posted this:

 It made me think of this:

Wednesday, September 15, 2021

But everything will be awesome when the Government runs your health care

 Biden orders HHS to cut of shipments of covid medicine to southern states.  But it's all good with socialized medicine, amirite?

Fed.Gov: Summer of 2021 was hotter than the Summer of 1936

This may seem like an innocuous statement, but this all actually encapsulates the Climate Bullshit perfectly.  First, the government's statement:

The National Oceanic and Atmospheric Administration (NOAA) confirmed in a new report that the average temperature during this summer for the contiguous U.S. was hotter than the Dust Bowl in the 1930s.

The meteorological summer between June 1 to Sept. 1 averaged 74F for the U.S., or 2.6 degrees warmer than the long-term average. NOAA said, "this technically exceeds the record heat of the 1936 Dust Bowl Summer, but the difference is extremely small (less than 0.01 of a degree F)."

Remember the Dust Bowl?  John Steinbeck and Henry Fonda sort of made it memorable:

1936 is the year of record heat in the United States.  There's a reason that the midwest dried up and blew away that summer:

You want to see a real heat wave?  Look at July 1936.  Eleven States set high temperature records that stand to this day.  That Wikipedia page is a little shifty on this, trying to hide the decline in record temperatures.  You'll see an asterisk next to South Dakota, which the Wiki page says means Also on earlier date or dates in that state.  So what was that earlier date for South Dakota?  July 1936.

Oh, and three more States set high temperature records the next month, August 1936.  That makes 14 out of the 50 States suffered record high temperatures in the summer of 1936. That's almost 30% of the States.

NOAA (the Fed.Gov's weather bureau) said that this summer was hotter than that.  Oooooh kaaaaay.  So riddle me this, WeatherMan: how many States set temperature records this summer?  One.  Washington State set a record high on June 29.

Not fourteen.

So how does NOAA get off saying that 2021 was hotter than 1936?  Data adjustments:

The data have two components: the raw measurements themselves, and a set of adjustments.

Adjustments are made for a bunch of reasons: time of observation adjustments (you didn't take a reading at exactly the same time each day), environmental changes, weather station site relocations, urbanization, etc.

An interesting question is how much of the 20th century's temperature change is due to adjustments? As it turns out, the answer is all of it.

This chart shows the before-adjustment and after-adjustment temperatures for the 20th century, super imposed. All of the warming is due to adjustments, rather than raw data.  Almost all of the adjustments are for readings after 1970.

Take a look at the blue (unadjusted) line in the middle of the chart.  You know, at the peak.  That's the Dust Bowl heat wave of 1936.  Now look at the far right, how the data shift down (unadjusted) and up (adjusted).

How do you make 2021 hotter than 1936?  Change the data.  Older temperatures are adjusted downwards, and newer temperatures are adjusted upwards.  Presto - Global Warming Climate Change Climate Emergency!

Now all of this is no doubt full of Science® and all that, but if you get a whiff of bullshit, you're not the only one. You know what data don't get adjusted? Records. 1936 set 14 records, 2021 set only a single one.

That's some righteous Science®, right there. But hey, no doubt Climate Scientists are well compensated for their work, if they produce the Approved Results.

Security Smörgåsbord, vol. 13 no. 5

Report: Direct patient safety risk posed by infusion pump vulnerability exploit
A group of five vulnerabilities in the B. Braun Infusomat Space Large Volume Pump could allow an attacker to modify system configurations in standby mode and deliver an unexpected dose of medication to patients without any need for authentication, according to a new report from McAfee Enterprise Advanced Threat Research.

I've been posting about the security problems in medical devices for going on a decade now.  It's interesting to see major security research players start to issue advisories about these.  Hopefully the FDA expedites these sort of security updates.

DEFCON: Internet of Things random number generators stink

In a DEF CON talk officially released on Saturday (many of this year's talks were pre-recorded and available to stream before their scheduled time) Dan Petro and Allan Cecil, both of Bishop Fox, outline systemic problems with hardware random number generators. That creates systemic problems for the devices that obtain random numbers directly from hardware random number generators.

"One of our top-line takeaways is that this process of talking to hardware RNG [random number generators] directly is just untenable. It's far too complicated on so many levels, to the point where it should really be considered like writing cryptographic code, where it is just too unsafe to do on your own," Petro told SC Media.

You might wonder what the heck a random number generator is and why you need a good one.  Basically, all of the encryption in use today depends on cypher computations starting with as close to truly random numbers as possible.  If the "random number" used are not really random - or worse, if they are predictable - than a Bad Guy could decrypt your communications, masquerade as you (well, as your TV), and do all the bad things to you that encryption is supposed to prevent.  Home computers (and cell phones) don't have this problem because they invest in good random number generation circuitry.  IoT devices are so inexpensive that this isn't done.  Probably having unpatched high risk security vulnerabilities in these devices is worse, but this is just another reason why there isn't much security at all in these pieces of junk.

Firefox 91 has new privacy features

Firefox is still around?  Who knew?  They blew any credibility on user privacy when they ditched Brendan Eich to include RIAA tracking features.

The most secure browser is ... Microsoft?

Microsoft has announced that the Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" and designed to bring security improvements without significant performance losses.

When enabled, the new Microsoft Edge Super Duper Secure Mode will remove Just-In-Time Compilation (JIT) from the V8 processing pipeline, reducing the attack surface threat actors can use to hack into Edge users' systems.


Based on CVE (Common Vulnerabilities and Exposures) data collected since 2019, around 45% of vulnerabilities found in the V8 JavaScript and WebAssembly engine were related to the JIT engine, more than half of all 'in the wild' Chrome exploits abusing JIT bugs.

"This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed," explained Johnathan Norman, Microsoft Edge Vulnerability Research Lead.

That's a neat piece of security work.  And I love "Super Duper Secure Mode".  It reminds me of Tesla's "Ludicrous Mode" which is shamelessly stolen from Spaceballs.

 Google to block old Android phones starting September 27
Google has started emailing users of very old Android devices to tell them it's time to say goodbye.

Starting September 27, devices running Android 2.3.7 and lower will no longer be able to log in to Google services, effectively killing a big portion of the on-rails Android experience. As Google puts it in an official community post, "If you sign in to your device after September 27, you may get username or password errors when you try to use Google products and services like Gmail, YouTube, and Maps."

Android is one of the most cloud-based operating systems ever. Especially in older versions, many included apps and services were tied to your Google login, and if that stops working, a large chunk of your phone is bricked. While Android can update many core components without shipping a full system update today, Android 2.3.7 Gingerbread, released around 10 years ago, was not so modular.

This is actually a Good Thing.  Android has a lot of security holes and there are no updates coming for these 10 year old systems.  If you got 10 years out of your phone, it's really in your best (security) interest to update.

US Government Agencies score low on cyber security

In the "Federal Cybersecurity: America's Data Still At Risk" report, the US Senate Committee on Homeland Security and Governmental Affairs graded the departments of State, Transportation, Education, and the Social Security Administration a "D" for cybersecurity. The departments of Housing and Urban Development, Agriculture, and Health and Human Services each received a "C." The highest grade for cybersecurity, a "B," went to the Department of Homeland Security (DHS). Among the major issues, several agencies, including the State Department, did not deactivate former employees' accounts, allowing access for extended periods of time after the workers left government service.

Maybe the Cloud will help.  These Agencies can't buy cloud services that are not security approved (FedRAMP).  Most of these issues are covered under that certification. 

Tuesday, September 14, 2021

Dad Joke CXIII

When I was a kid my neighbors hired me to clean up the leaves in their yard.  I was really raking it in. 

You got no stinking security

OldNFO posted a great video showing just how easy it is for someone to get your info.  The video is a live demo from Defcon, so you know it's good.

Yeah, he posted this a while back - I've been pretty busy.  And the video itself is from a few years ago, so it's not like you're any later.

And yes, I need to post more security stuff.

Monday, September 13, 2021

Dad Joke CXII

Did you hear about the three holes in the ground?

Well, well, well. 

Saturday, September 11, 2021

Optimism on a solemn day

All the cool kids are posting uplifting things today, and so I'll jump in. 

I've posted repeatedly about America as Fall-Of-The-Roman-Empire/Republic before.  It's looked pretty bleak for a while, not being able to figure out how the Next Big American Thing will come into being.  It's looked like that process will be really blood soaked.

But maybe not.  I've also posted before about Curtis Yarvin, who blogged under the nom de blog Mencious Moldbug.  It was ten years ago that I wrote about him in an uberpost titled The Fifth American Republic.  It has perhaps the best opening paragraph I've ever written:

Barack Obama is a communist.  That's a low schoolyard insult, even though it's true, but it doesn't matter.  You see, Mitt Romney is also a commie.  No, this isn't yet another Mitt Romney rant.  All of our political establishment are commies, and have been for a long time.

Glen Filthie found a Tucker Carlson interview with Yarvin.  It's quite something - Tucker is a much better interviewer than I had known (I don't watch much - or any - political TV) and Tucker allows Yarvin great big huge uninterrupted blocks of time to explain his philosophy of how America is ruled by an oligarchy, why the oligarchy is decentralized, how the US Government has evolved over time (with a shout out to his original post that I blogged about ten years back), how the periodic evolutions come to be needed as the system slowly degrades, and how this explains why we lost in Afghanistan.

He ends with a discussion of the end of the Roman Republic and how that could plausibly happen here without the rivers of blood.  This is a very long and very thoughtful interview that left me feeling much better about this Republic's chances than I have in a long, long time.

Go watch this.  I cannot recommend this too highly.  You might want to read my old uberpost as an introduction first, because it will set the stage for much of what Yarvin describes.  Yarvin is a first rate intellect and you will end up smarter when you're done.

Some of Us Will Never Forget


Friday, September 10, 2021

Quote of the Day - Everything They Have Told You Is A Lie edition

This post by Adam Piggott is simply unimprovable.  RTWT, but this is a taste:

And really, they’re just profiting off modern man’s shallow desire to live just one more day no matter what the cost. That’s why they’re trying to jab 12 year olds with this toxic crap so the old fucks can live just one more day, it’s all I’ve got, hey, did you see my boat and my Porsche and the ski lodge?

Everything they have told you is a lie. Don’t take their pills, don’t take their jabs, don’t follow their dietary recommendations, don’t do their exercise routines, don’t take 0.7 glasses of wine per day while you have your 1.2 kids, don’t listen to their music recommendations, or their reading material, or watch their evil films, don’t do any of it. Don’t be a boring shitless bastard that does just what he’s told and then has the sheer stupidity to try and lecture those of us who haven’t fallen for the crap and are trying with some very small success to wake you all the fuck up.


Dad Joke CXI

Has it really been almost a month since I've posted one of these?

What's the most dangerous variety of cheese?  Sharp cheddar.

Good thing it's not fresh fruit ...