Wednesday, September 30, 2009

Microsoft Windows 7 Marketing FAIL

Yesterday I posted a huge FAIL from Apple. Today, it's Microsoft's turn. Warning: this is so bad, it will make your eyes bleed:

It has the complete set of FAIL: the politically correct casting, the dumb idea that nobody would ever actually do (host a Microsoft party at your house? Srlsy?), the inane dialog that only a Microsoft Marketroid could believe:
Middle-aged white lady: I led an overview of some of my favorite Windows 7 features... It took, like, 10 minutes [approving murmurs]... It was totally, informal, like, everyone just kind of crowded around the computer in the kitchen [hearty laughter].
The stupid, it burns!
This is so bad that James Lileks weighed in:
If Microsoft had been put in charge of marketing sex, the human race would have ended long ago, because no one would be caught dead doing something that uncool.
This is maybe the worst Microsoft video ever. Maybe. Microsoft's marketing videos are so astonishingly horrible, that this might not be the worse ever. And because everyone likes it when someone hangs out the bleeding turkeys, here are some Microsoft bleeding turkeys:

Internet Explorer 8: Hide your pr0n, because you care for her so much. And you don't want her to throw up on you:

1980s Big Hair bad Microsoft marketing:

And not to be forgotten, the MS-DOS Rap, yo!

WARNING: That one will make your ears bleed, too.

In 50 years, we'll all be eating our dead ...

I'm not sure where on earth Tam found this particular corner of Al Gore's Intarwebz, but the comments to her post are (ahem) enlivening. Especially when the owner of that corner of Al Gore's Intarwebz shows up to engage in, err, debate. Then it gets really funny.

The whole thing made me think of this:

Inspector General: no time to chase fraud, we're after Porn surfers

At the National Science Foundation:

Employee misconduct investigations, often involving workers accessing pornography from their government computers, grew sixfold last year inside the taxpayer-funded foundation that doles out billions of dollars of scientific research grants, according to budget documents and other records obtained by The Washington Times.

The problems at the National Science Foundation (NSF) were so pervasive they swamped the agency's inspector general and forced the internal watchdog to cut back on its primary mission of investigating grant fraud and recovering misspent tax dollars.

How bad was it? Well, there was the guy who surfed porn for 331 days. Without being detected. So did they frogmarch him from the building? Fire him for cause? Err, no. Seems he was some sort of hero:

When finally caught, the NSF official retired. He even offered, among other explanations, a humanitarian defense, suggesting that he frequented the porn sites to provide a living to the poor overseas women. Investigators put the cost to taxpayers of the senior official's porn surfing at between $13,800 and about $58,000.

"He explained that these young women are from poor countries and need to make money to help their parents and this site helps them do that," investigators wrote in a memo.

Sigh. Let me leave you with a couple stories from the Paleolithic Age of the Internet. Since I was one of the Security Guys, management came to us one day. Someone had turned on logging for outbound HTML at the Firewall, and the list of outbound destinations were (shall we say) not something that Mom would approve. Management asked us what they should do. They didn't want to fire anyone, but they didn't want to just let this continue.

After some discussion, we emailed everyone in the company the Top 10 destinations list *I think 6 or 7 were porn). This let everyone know that someone was watching, and that they should do this somewhere else if that was their bag, baby.

Story 2 was from a security conference, where I spoke on a panel about this very subject. Also on the panel was a lawyer, who had some very interesting things to say about how to set up a program that would let you fire someone without being sued for wrongful dismissal. The whole point, said the lawyer, was to make the situation so egregious and outrageous that no jury would find for the guy you fired.

Your corporate porn policy, said the lawyer, should say that possession of over 500 pornographic pictures was grounds for dismissal. If it were a small number, then someone who went to (a notorious porn site) my mistake (when they actually wanted would muddy the waters. Anyone with hundreds of pix would have crossed the poorly defined "I know it when I see it" line.

So to the NSF crowd, folks have figured out how to solve this problem. Srlsy. Boy, I can't wait until these guys run my health care.

Blogroll Addition

Another day, another blogrolling - and this one was an email saying he'd blogrolled me. Wh00t!

You can learn a lot from Tangalor at Nonsensical Multisyllabic Words, not least of which is that Common Sense seems to be a Super Power lately. Heh.

You've probably run across him via Tam, but thanks for blogrolling me, Tangalor, and welcome to the Borepatch blogroll!

And a note to anyone else who may have blogrolled me. If I haven't added you here, please email me and let me know: borepatch at gmail dot com.

Deport me, please

Seems an illegal immigrant wants to go home, but doesn't have the money. So he turned himself into the police:
Police in Framingham, Mass., say an illegal immigrant from Guatemala entered a police station, told officers he had stolen another man's identity and asked to be deported because he could no longer make ends meet in America.

Police told The MetroWest Daily News they arrested 29-year-old Carlos Boc after he confessed Saturday night.

Lt. Paul Shastany said Boc told police he wanted to return to Guatemala but can't afford a ticket. He told police he has no job or money and is worried about surviving the winter. He told police he came to the U.S. 13 years ago.
Maybe we could take up a collection to help see him on his way.

Free antivirus! Getcher free antivirus!

From Microsoft, no less:
“We're making Microsoft Security Essentials free to download but we're not going to push it down to people. Some OEMs may choose to include the software as a free bundle but that's the closest it'll ever come to being pre-installed,” Evans explained.
Microsoft said its primary targets are the millions of Windows users that currently have no protection at all, rather than any concerted effort to poach users from McAfee and Symantec and certainly not for workplace PCs.
We saw the beta for this back in June. They've worked the rough edges off, so have at it. I plan on installing it on the kids's computers here Chez Borepatch.

Tuesday, September 29, 2009

Lousy Apple Security

Criminey, these guys have a lackadaisical attitude to security:

If you use any Apple program on Windows you may have noticed recently a rather odd Apple Software Update dialog box telling you under the Updates heading that you need the iPhone Configuration Utility 2.1. I did, and my reaction was: "I do?" ...

A little investigation revealed that the iPhone Configuration Utility is actually a tool for business system administrators to set up and administer corporate iPhones . Even if I were using an iPhone, I'd need that program like I'd need season tickets to the Detroit Lions. So, I haven't installed it-and I really wish Apple would stop bugging about it.

I didn't think anything more about it. I don't install programs I don't need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users 'phone' in to the business Web server for updates.

For the millions of everyone else having a Web server on your PC is horrible security risk. It's hard enough keeping Windows secure, but adding a totally unregulated Web server to the mix is like throwing matches at a pool of gasoline.

What was Apple thinking!? Actually, I rather doubt they were thinking.

So they installed web server software (!) on millions of computers. But don't worry, nobody would think of attacking a web server.

This says something really, really bad about Apple's attitude about security. Quite frankly, it doesn't seem that their customer's security registers on their concern-o-meter. Not that this is new. This is not a failure of their technology, or even necessarily of their code. Rather, it's a repeated breakdown of their process. They simply do not have a process in place that makes people think that they need to protect their customers.


UPDATE 30 September 2009 17:31: Hmmm:

Wonder if someone is listening.

Blogroll Addition

I keep telling people to email me if they blogroll me, as I'm happy to reciprocate. Well, today someone did just that.

#1 Son.

And his first post is a comparison of Ubuntu to Google's gOS. Nice quick summary, too. Do me a favor and click through, to give him some hits.

Excuse me while I get all proud-of-my-boy ...

And welcome to the Borepatch blogroll, #1 Son!

UPDATE 29 September 2009 13:55: You know, the world is a strange place when you can even plausibly have the thought "If you clean up your room, and are nicer to your brother, we'll see about blogrolling you."

UPDATE 29 September 2009 17:29: gOS isn't from Google.

Nothing I could write would improve on that sentence. part the sixth

TJIC looks on the International Global Warming Movement, and brings the snark:

… while environmentalists pointed to the deadly floods in the Philippines to illustrate the already devastating impact of climate change.

Yes, deadly floods were unknown before Henry Ford bit into the apple of knowledge of good and carbon, which angered Gaia can caused Her to expel us from the garden of sustainable delights and led her to unleash floods upon the world…


Ever wonder what would happen if you put an engine and some wheels on a beer crate?

A barmy biker has been banned by police after converting a beer crate into a mini quad bike.

The micro machine was given its last orders after Matthias Krankl tried to outrun cops in Maulburg, Germany.
Well played, Herr Krankl.

Receive an email, get your account shut down

Suppose you get Internet email (who doesn't). Suppose that someone somewhere on Al Gore's Intartubes sends you an email by mistake - someone at a bank, let's say. They meant to send it to someone else, but sent it to you. Imagine that they included a file that contained all sorts of sensitive data about their customers: bank account numbers and so forth.

Seems like they screwed up big time, right? So what should happen?

Well, if the bank is Rocky Mountain Bank in Wyoming, they'd sue to get your email account frozen. And some mouth breathing Judge would issue a court order to force your email provider to freeze it:

When Google refused to release the identity of the person behind the Gmail account, the bank sued. Last week, Google told The Reg it would not release the users identity unless it receives a subpoena or court order, and such an order soon arrived.

Judge James Ware of the US district court for the northern district of California issued a temporary restraining order on Wednesday, insisting that Google deactivate the account.
Looks like the account is going to be frozen, and remain frozen, until October 5 at the earliest.

Let's play "Count the idiots", shall we?

1. Whoever at Rocky Mountain Bank in Wyoming sent the wrong email to the wrong address.

2. Whoever at Rocky Mountain Bank in Wyoming refused to approve budget for their IT department to deploy Data Loss Prevention technology, which would likely have blocked the email before it went out onto Al Gore's Intarwebz.

3. Whoever at Rocky Mountain Bank in Wyoming decided that a lawsuit targeting the innocent bystanders why were subject to the fallout from the above screw-ups.

4. Judge James Ware of the US district court for the northern district of Californi, who seemingly does not get enough oxygen at the high altitudes experienced in Wyoming. Or something.

That's one powerful lot of Due Diligence failures, all wired in series.

Monday, September 28, 2009

Simplify, simplify

Near Chez Borepatch is Walden pond, one time home to Henry David Thoreau. Thoreau got tired of the hassle of modern life, moving to a tiny cabin on the shore of Walden Pond to get away from it all.

Henry David Thoreau got tired of trying to get Flash to work on 64 bit Linux.

Thanks to the several readers who left comments on yesterday's Bleg. As the song goes:
You know time comes when a wise man knows the best thing
That he can do is just look her up in the eye
And beg for mercy and face the bitter truth
Here's the Truth about Linux:

1. Linux is flat-out ready for prime time, for the mass audience. That means you (yes, you). You should try it out - it's free, and you'll never need to worry about malware again.

2. It's really ready for prime time - Mom could use this. Srlsy.

3. However, if you stray from the Path of the Masses, yea ye shall wander in the Wilderness. Sudo is your staff and your support, but it may not be enough.

4. 64 bit Linux is not the Path of the Masses.

So I installed 32 bit Kubuntu. Start* -> Applications -> Software Packages brought up the application searcher, which found and installed Firefox. Firefox told me I needed Flash, and one click (!) had it automatically installed.

No sudo apt-get install firefox. No "Did I copy it to to /usr/lib or /usr/lib64"?

I bailed out of 64 bit hell did like Thoreau and simplified, and in the 20 minutes it took to download, I'm up and running.

So how to you get started? The easiest way is to use unetbootin to make a bootable USB drive so you can play with Linux - sort of a "try before you buy". It runs on Windows, too, so you can use it to make a Linux boot dongle straight from your current computer.

Yes, I know that I keep telling you "Free download" is Internet speak for "open your mouth and close your eyes." Yes, yes, but if you know - and most importantly, trust - where you're downloading from (like, say Microsoft, or Ubuntu, or SourceForge), then All Will Be Well. unetbootin is from SourceForge. All the Cool Kids hang out there.

So try it, but stay away from 64 bit (anything with "64" in the title). The easiest distributions (you'll have to pick one; think of it as the quiz at the end of this post) are Ubuntu and Kubuntu. Kubuntu is slightly more "Windows-ish", but only a bit.

So what are you waiting for?

Thanks to commenters Les, Grumpy Student, and reflectoscope for showing a Linux Brother the love. And shout out to #1 Son, who had the skinny on unetbootin. All Growed Up and using Linux. Heh.

* I know, it's the "K" (for "KDE") button, not the "Start" button. You know what I mean.


To my Jewish readers, on Yom Kippur:
Man's days are as grass, it blossoms like a flower of the field.
The wind blows and it is gone, and its place it knows no more.

Psalm 103
Jewish or not, it is good to think on who we are, and who we should be.


We rent guns at the range, since we're not at the place in our lives where we are comfortable with one at home. This has good points, and bad. The good: we've been able to try many different guns, so we know know what we like - 1911 and Ruger Blackhawk/.357 and the Sig P232.

The bad: we don't get to the range as often as we should. Not at all. I probably only shoot a couple thousand rounds a year, which means that my marksmanship is (ahem) modest.

ASM826 has a typically perceptive post up, about practice:
When we first sat behind the wheel of a car and drove slowly around a parking lot, it was all conscious thinking. We drove jerkily, over-correcting and when we did take our foot off the gas and move it over to push the brake, it was all done by thinking about it. And we all sucked at driving at that point. In the scenario I described at the beginning, we would have all hit the other car while we were still thinking about stopping.


What I realized was that the best shooters are shooting the way we all apply the brakes. Reflexively. Yes, they see the target, make the turns, have a plan for the stage, but when the buzzer goes off, they are shooting out of thousands of hours of practice and muscle memory. Draw, mag changes, front sight and trigger. In essence, their brains might fall out too, but they aren't using them anyway. This insight is going to change how and how much I practice. It may not make any difference in the match results, but I will benefit.
Smart guy, explaining to me how my brain is getting in my way. RTWT.


When Barack Obama ran for president in 2008 there were thousands of articles in the press about the "post partisan" promise of an Obama presidency. Rather than the bickering we had been seeing in Washington, Obama the outsider would be able to reach across the aisle to get things working again. Or something.

What we've seen is the most partisan administration that I remember - and I've been voting sinve 1976. Long enough to see real bi-partisanship:

Democrat Zell Miller at Republican Convention A MUST SEE!!!!!!!!

This is Zell Miller, Denocrat Governor and Senator from Georgia, at the 2004 Republican convention. It's long, but the part from 1:50 - 5:50 still makes the hair on the back of my neck stand up. And the part from 7:00 to 8:00 is as fresh today (about Afghanistan) as it was then.

And the bit at 10:50 speaks volumes about candidate Obama's rhetoric compared to his actions.
Twenty years of votes can tell you much more about a man than twenty weeks of campaign rhetoric. Campaign talk tells you what you want people to think you are; how you vote tells you what you really are ...
Zell is an Old School Democrat, as am I. You can hear this clearly at around 13:30. It has an anachronistic feel to it - like a fussy older gentleman who insists on wearing bow ties. You know that the world - or the Party - has moved on, leaving him (and me) behind.
He is not a slick talker, but he is a straight shooter, and where I come from, deeds mean a lot more than words ... Right now the world cannot afford an indecisive America. Faint hearted self-indulgence will put at risk all we hold dear in this world.
Of course, the Mastodon Main Stream Media was horrified by Zell's speech. Chris Matthews tried ambush journalism in a post-speech interview, and was thoroughly spanked:

Matthews tried gamely, even for as disappointing a candidate as John Kerry. No thrill running up his leg back then. Now with Obama it's a whole different game. Post partisan means submission. The Media has become an arm of the Democratic congressional Whips, used to enforce party discipline. No more Zells will be tolerated.

Sunday, September 27, 2009

Valley Falls, NY: Bad place to burn a flag

The local VFW didn't like this fellow burning their flag.

The young man was given three choices: get turned over to the police, go one-on-one in a fight with a seasoned war veteran, or be duct-taped to a flagpole for six hours with a sign around his neck identifying his alleged crime: flag burning.
The young man in question seemingly was turned down at the bar, because he didn't have an ID. Angry, he cut down the Post's flag and set fire to it.

Then he found out the meaning of "a building full of Veterans".

Now before someone starts singing about the young man's First Amendment rights, let me point out two things:

1. He stole their property and destroyed it. They caught him, and gave him the choice of going to jail for theft.

2. As Trace Adkins puts it in his song Fightin' Words, Son, the First Amendment protects you from the Government. Not from me.

Hat tip: From My Position ... On The Way.

UPDATE 27 September 2009 17:20: Link fixed.

UPDATE 28 September 2009 08:17: Welcome visitors from View From The Porch. Take a look around. Good think the young man here didn't run across this soldier, who just got his fifth Purple Heart ...

Linux Bleg

Question for you Linux Gurus out there: does anyone have a pointer to how to get 64 bit Flash working in Firefox? I've downloaded the 64 bit and put it in what I think it the right place (/usr/lib/mozilla/plugins).

After jumping through hoops, I have Firefox 3.5, but it still says that I have an old version of Flash. Looking at tools -> Add-ons -> Plugins, it doesn't look like Firefox thinks it has it at all.

Ah, the joys of living on the Bleeding Edge. I don't think it's Kubuntu, I think it's the 64 bit packages. Anyone running 64 bit Linux out there?

As a note to everyone else, the Kubuntu installation was a snap. I had to install an update to get MP3s to play, but the Amarok player politely told me I needed them, and the update manager pulled them down, no fuss, no muss. So I'm sitting here listening to my tunes, and posting from the Konquorer browser. Just can't watch my Saturday Redneck. Yet.

UPDATE 27 September 2009 16:05: I did fine some useful information here. Even ran the script. I'm wondering if there's a Firefox configuration file that needs to get updated before it will realize that it has the right Flash.

The Right Stuff

I'm late to the game here, but from Soldiers' Angels Germany comes the story of Staff Sgt. Brandon Camacho, just awarded his fifth Purple Heart (!). His platoon has started calling him "Bullet Magnet":
[The bullet] tore a hole through his 10th Mountain Division patch and through a pack of cigarettes in his arm pocket, destroying all but one.

“So I pulled it out and had myself a cigarette.”
And there's also the story of British Lt. Adamson, awarded the Military Cross for an impromptu bayonet charge that killed two Taliban. He's single, ladies. Cruise on over and oogle a hero.

Ubuntu or Kububtu?

I'm replacing my old Linux box with a new one which not only is a screamer, but was $300 on Amazon. More on my trials and tribulations there in a later post.

I loaded Kubuntu Linux on it, which is Ubuntu with the KDE desktop. I've used KDE for a long time, up until I switched to Ubuntu a couple years ago. It has more eye candy than the Gnome-based Ubuntu, and is more like Windows - not that that s a big deal.

What's weird is that I'm considering switching back to regular Ubuntu. I don't need a Windows work alike, and Gnome has a clean interface with less clutter. I'd forgotten just how many widgets a Windows style interface has.

That said, the Konquorer browser has come a long, long way since version 1.0. It's very fast, stable, and with less than 1% market share is the last platform the Bad Guys will target exploits for. Not a bad thing, that.

More later, but let me just say that going from 1 GB of RAM on a 32 bit CPU to 3 GB of RAM on a 64 bit dual-core is a bit eye opening. I'm not sure that this system is so fast that it will answer my question before I ask it, but I'm not sure it won't, either. Not bad for $300.

Saturday, September 26, 2009

Gunshow AAR

The People's Republic of Massachusetts has done a poor job of eliminating Gun Shows, and there was one in the next town over from us. That close, there was no excuse not to go, especially as this would be a chance to meet up with Northeast Blogshoot host Doubletrouble. And so #2 Son and I headed out for a morning of Gun Pr0n.

We had a blast. It was (as always) great to see Doubletrouble, and we also ran into Lissa. Maybe next blogshoot can be at the Gun Show?

We managed to pick up some targets, and electronic ear protection. Also some nice mil-surp mittens that the boys can use when they run the snowblower this winter. #2 Son got excited about several knives, but decided to save his money for the next show, when he thinks he'll have enough money for a WWII GI helmet.

ZOMG! Zombie Cats!

funny pictures of cats with captions
see more Lolcats and funny pictures

If they show up in Nazi uniforms, it's gonna be a Bad Day, Scooter.

The stuff that hits the fan ...

... is probably not going to be evenly distributed. Things are interesting in the Middle East right now, and how the outcome gets distributed is becoming visible, for those who know how to look.

The Czar of Muscovy knows how to look, and gives the play-by-play:
Here is the twelve-step program up until today:

1. Saudi Arabia announces that Israel has flyover rights to take out Iran—if Israel wanted to, for whatever reason—anytime they want. Check!

2. Egypt announces that Israel’s navy has access to the Suez know, in case they wanted to get some cruise missile submarine platforms to the Persian Gulf. For whatever reason. Check!
You should really read the whole thing. Or you can wait to read in the papers about how Israel took out the Iranian reactors.

Patty Loveless - I'm That Kind Of Girl

Her father was a coal miner with black lung. About to get her first musical break, her manager wanted her to break up with her drummer boyfriend. Instead, he quit the band, and they ran off to North Carolina to get married. The honkey tonks she played at got raided by the police and shut down. Her husband left.

That's a powerful lot of living to do, by the time you're 28 years old. So what do you do then?

If you're Patty Loveless, you take that as an opportunity to reassess your life, move back to Nashville, and bust out with a Platinum Album, Honky Tonk Angel. And that was only a start, even though she had to have her vocal chords operated on.

Fourteen albums - four platinum and two gold - and 40 singles on the Billboard Hot Country Charts later, she's still going. Her new album, Mountain Soul II, comes out on Tuesday. But for me, I'll always associate her music - and especially her voice - with the early 1990s, when I started listening to Country again. In particular, I'm That Kind Of Girl captures the sense of the coal miner's daughter - cousin of Loretta Lynn, even - strong, resilient, wanting to go with a partner but willing to go it alone if she has to. Someone who knows who she is:
"I don't jump on bandwagons and try to do what Shania and Faith or any of them are doing. I know them both, and I like them both, but that's not me. It works for them yes- but I sing my songs. I sing my style."
One of the great things about country music is that it lets strong women stand out. If you like that kind of thing, then she's that kind of girl.

Patty Loveless - I'm That Kind Of Girl
Music Video Codes at

I'm That Kind Of Girl (Songwriters:Matraca Berg, Ronnie Samoset )
There's a man in a Stetson hat, howlin' like an alley cat
Outside my window tonight
Sayin', "Baby, put on something hot, meet me in the parking lot
About a quarter to nine"

I get the feeling that he's never read Romeo and Juliet
I'm getting tired of these one night stands
But if you wanna make a real romance

I'm that kind of girl, I'm that kind of girl
I ain't the woman in red, I ain't the girl next door
But if somewhere in the middle's what you're lookin' for
I'm that kind of girl, yes I'm that kind of girl

Let me tell you that I like my lovin' just as much as any woman
But I'm drawin' the line
A little sensitivity always seems to get to me every time
I'm a sucker for a love-sick fool
The kind that carries all your books in school
I'm getting tired of these one night stands
But if you're lookin' for a real romance

I'm that kind of girl, I'm that kind of girl
I ain't the woman in red, I ain't the girl next door
But if somewhere in the middle's what you're lookin' for
I'm that kind of girl, yes I'm that kind of girl

I'm that kind of girl, I'm that kind of girl
I ain't the woman in red, I ain't the girl next door
But if somewhere in the middle's what you're lookin' for
I'm that kind of girl, yes I'm that kind of girl

I'm that kind of girl, oh oh
I'm that kind of girl, oh oh

Friday, September 25, 2009

Hide the (digital) evidence

Not that you'd ever need to do this, of course, but where do you keep digital stuff that the Fed.Gov (or your mom) would disapprove of? Some place like this:

Especially if you're a nerd, tossing this into a bucket of Lego bricks is likely to give you a hiding place that people will overlook. Unless they have a portable metal detector.

It seems that the recent terror bust was due to evidence gathered from the suspect's computer.

Note to the Federales: bring a metal detector on the next terror bust.

Hat tip: Andrew, via email.

Security Smorgasbord, Vol 1, No. 3

Malware from legitimate sites

If you browse to, shall we say the seedier part of Al Gore's Intarwebz (not that you'd ever do that), you know to be on your guard. But what about when you're in the nice part of town? Say the Drudge Report (yeah, I know I said "nice part of town"; work with me, people)? The Bad Guys have figured out how to get their malware into ads served up via Google Ads:

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.

The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, and last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.

There's quite a lot of finger pointing between the companies whose sites were victimized, and the ad distributors (particularly Google). What this means is that there really are no "good parts" of the Internet anymore. This topic deserves a more detailed post, but for now pay extra attention to patches - especially for Adobe and flash.

Oh, and Sitemeter tells me that almost 40% of you are on Internet Explorer 6.x or 7.x. If you have to stay with IE, upgrade to IE 8 right now - it's much, much more secure than earlier versions. That'll also be another post.

People still ignore pop-up warnings

Where this is most important is with bad Digital Certificates (the bit that lets you verify that is really Your browser will give you a popup when there's a problem with the certificate. People mostly ignore it:

In an online study conducted among 409 participants, the researchers found that the majority of respondents would ignore warnings about an expired Secure Sockets Layer (SSL) certificate. The more tech-savvy the user, the more likely they would be to ignore it, the study found.

SSL certificates are designed to provide the user with a degree of confidence about the authenticity of a Web site they are visiting. As a technical security mechanism, the certificate allows the browser to validate the authentication chain for the Web site server. While SSL certificates often expire for benign reasons, an expired certificate can also indicate that the user could be the victim of a man-in-the-middle attack.

What's interesting about this is that bit about tech-savvy users ignoring the warnings even more that everyone else. These are the people best suited to figure out what to do. Me, I'm happy to pass up a site with an expired certificate, but I don't shop online much. However, you have to be pretty crazy to give your credit card to a site with an expired certificate.

In other news of ignoring popups, sometimes you should really really pay attention:

A federal government employee is under arrest this week after venturing into a classified system he was not authorized to access.


The affidavit says Montgomery ignored automated security warnings that told him not to proceed, even though he had a working password. Montgomery says he saw the warnings, but didn't read them and didn't know the system was being monitored by the FBI.

Oops. "I didn't read it" didn't work with my teachers, and I expect that it double plus won't work with the system security officer.

Good Security Blog

John Pescatore is one of the most perceptive security analysts around, and has a (new to me) security blog. If you're looking for a good introduction to real world security issues, John's your guy. It's not techno-geeky, so John is very accessible to a general audience:
... safety is a relative thing. As the old saw says about what one hunter said to the other when they ran into the angry bear in the woods: “I don’t have to outrun the bear, I only have to outrun you.” Animals use “herd behavior” as a basic safety mechanism – humans call it “due diligence.”
John has a nifty "Twelve Word Tuesday" series of posts. I'd try something like that here, but as you all know, the problem isn't getting me to talk, it's getting me to shut up.

Added to be blogroll here, so you know his hit counter's fixin' to spin ...

Mac Malware Group Discovered

Most malware targets Windows, and Mac users really don't have the same level of security problems to deal with. However, there are some good reasons to think that this is changing. A group of Black Hats who specialized in Mac malware has been discovered. Like everyone esle, they did it for the money:

A researcher has unearthed fresh evidence of cyber criminals' growing attraction to Apple's OS X platform with the discovery of a now-disbanded group that offered 43 cents for every infected Mac. was just one of hundreds of "codec-partnerka," a term researcher Dmitry Samosseiko uses to describe the well-organized affiliate networks that pay a small bounty each time their malware is installed on an unsuspecting end user's computer. What makes this one stand apart is its dedication to the Mac platform.

Maybe they'll stay unique, but that's not where the smart money is betting. In the meantime, Mac users should keep your powder patches dry.

Signal vs. Noise

"I can see Russia from my house!"

What cracks me up about lefties is that they are so sure that they're smarter than their knuckle dragging opponents. Their opponents have all sorts of ridiculous, unfounded beliefs that they've picked up from watching idiotic television shows.

The title of this post is a quote that they'll all recognize. It's not from Sarah Palin, but it will make them grin. They heard it on the TV.

They didn't hear this, where she talks about what caused the financial crisis:
We got into this mess because of government interference in the first place. The mortgage crisis that led to the collapse of the financial market, it was rooted in a good-natured, but wrongheaded, desire to increase home ownership among those who couldn’t yet afford to own a home. In so many cases, politicians on the right and the left, they wanted to take credit for an increase in home ownership among those with lower incomes. But the rules of the marketplace are not adaptable to the mere whims of politicians.

Lack of government wasn’t the problem. Government policies were the problem. The marketplace didn’t fail. It became exactly as common sense would expect it to. The government ordered the loosening of lending standards. The Federal Reserve kept interest rates low. The government forced lending institutions to give loans to people who, as I say, couldn’t afford them. Speculators spotted new investment vehicles, jumped on board and rating agencies underestimated risks.

Jeez. What a ditz. [rolls eyes]

Now I haven't heard a lot from Gov. Palin - her signal has been swamped by the noise given off by her opponents. This isn't to blame them - that's what people do in the bare knuckle world of politics. They've done a very effective job jamming her signal.

However, whenever I hear someone talking about what an idiot Palin is, I know that they haven't received signal, they've only received noise. From an idiotic Television show.


Thursday, September 24, 2009

It's not what it sounds like


Flintshire County Council has been forced to swallow dick following its ill-considered decision to rename Spotted Dick as "Spotted Richard" - a rebrand it ordered following juvenile comments from sniggering staff.

According to the BBC, the powers that be pulled Spotted Dick from the menu after "several immature comments from a few customers" at its HQ in Mold.

Cue a furious backlash from dick lovers, including Flintshire councellor Klaus Armstrong-Braun, who'd slammed the rebrand as "ludicrous" and triumphed to the BBC: "It's a great victory for Spotted Dick and for everyone who makes it."
I was going to post all sorts of security goodness, political snark, and Deep Thinking, but really, who can resist Spotted Dick?

For American readers, Spotted Dick is an English desert. The spots are currents. Quite tasty actually, especially as the name sort of lowers expectations.

Shoothouse Barbie FTW!

Quality snark from that lady, yessir. Gonna leave a mark.

So much for Firefox

Gah. Fail. Fail fail fail fail fail:

Mozilla has announced that it plans to bring Office 2007's Ribbon interface to Firefox, as it looks to tidy up the cluttered browser.

"Starting with Vista, and continuing with Windows 7, the menu bar is going away," notes Mozilla in its plans for revamping the Firefox user interface. "[It will] be replaced with things like the Windows Explorer contextual strip, or the Office Ribbon, [which is] now in Paint and WordPad, too."

So, just like Office, everything you know how to do in Firefox will change. You'll have to relearn the most basic stuff. Open a new tab? Err, it's different. Add a bookmark? Different.

Idiots. Don't they know that millions of people think that Microsoft Office 2007 stinks? What improvements can they possibly get that will justify all this user aggravation? Epic, complete, total FAIL.

I've received a secret video from unnamed sources, showing the new Firefox GUI. It's secret, so don't pass it on!

Gee, I dunno ...

Find out Which Movie Hero Are You at!

I'm torn. The description is not so far off. I guess that I need to get more in touch with my feminine side, or something. On the bright side, maybe I can be the prettiest one at the range for a change ...

Hat tip: The Drawn Cutlass.

Wednesday, September 23, 2009

America: Fed.Gov wastes 50 cents of every dollar

Hey, all I know is what I read from Gallup:
Americans are markedly cynical about the amount of waste in federal spending, more so than at several other times in recent history. On average, Americans believe 50 cents of every tax dollar that goes to the government in Washington, D.C., today are wasted. That's an increase from 46 cents per dollar in 2001.
Gee, ya think?

The further from Washington the government is, the less Americans think is wasted:
Americans are only a bit less critical of state government spending. The average amount they now say their own state wastes is 42 cents, again topping the previous high by a few cents. Slightly more Americans today, compared with eight years ago, believe more than 50 cents of each state tax dollar is wasted (23% today versus 16% in 2001).


Local government fares best among the three levels of government, and has not seen much change in its reading since the last measurement. The average amount per dollar Americans believe their own local government wastes is 37 cents, similar to the 36 cents recorded in the Sept. 7-10, 2001, Gallup survey.
So, the closer the government is to the people, the less the people think that the government wastes their money.

I feel this way myself. While I think that the Mass.Gov is even more wasteful than the Fed.Gov*, I know precisely what my town spends. Every spring, we have a Town Meeting where everyone shows up at the High School Gym and votes on the budget. Schools, Police, and Fire make up over 90% of the budget. Is there waste in those? Sure. Waste like the Mass.Gov or the Fed.Gov? Forget it.

This is a law of organizations - the bigger they are, the more wasteful they are. The smaller they are, the more careful they are with their money. This applies to non-government organizations, too. At Internet Security Startup #2, we were the cheapest guys on the face of the earth: we got cheap hotels from When we were bought by Big Tech Company, we laughed when they told us about their "Culture of Frugality" which made us stay at Hilton. We got noticeably more from our dollar than they did.

The poll (and my commentary) is measure of people's perception - the reality may be different. The Fed.Gov could be much, much more efficient than people think. And the Unicorn that pees high test into my tank may show up tomorrow.

* Exhibit A for the case of the People vs. the Mass.Gov is the Turnpike Authority, that consumes something like 85% of all toll revenue they take. Exhibit B is the fact that Massachusetts pays around ten times as much per mile of highway maintained as neighboring New Hampshire does.

Hat tip: Capital Gains and Games, via TJIC.

What's a strong password?

Well, if you were the Strategic Air Command in 1972, and looking for a strong password to safeguard the Nuclear launch codes, you might like "000000":
When: 1960s
What: Midway through the Cold War, American leaders began to worry that a rogue US officer might launch a small, unauthorized strike, prompting massive retaliation. So in 1962, Robert McNamara ordered every nuclear weapon locked with numerical codes.
Effect: None. Irritated by the restriction, Strategic Air Command set all the codes to strings of zeros. The Defense Department didn't learn of the subterfuge until 1977.
Interesting article about a Russian "Doomsday" device, too. I don't buy that they would have built a system that automatically launched ICBM-delivered Nuclear Holocaust (especially given the computer and communication technology of the 1970s), but it's an interesting read.

Hat tip: Rick, via email.

Today I sent money to the Stupid Party

As I've said before, I'm not a conservative. I've also been pretty clear over time about my opinion of the Republican Stupid Party. Just type "stupid party" into the nifty new Search widgit on the right to check.

But today I sent them money. The Democratic Contemptible Party made me:
Obama's decision is complicated by a deepening domestic political divide and no guarantee of success whichever option he chooses. One observer, characterizing the president's dilemma at its most extreme, said: "He can send more troops and it will be a disaster and he will destroy the Democratic Party. Or he can send no more troops and it will be a disaster and the Republicans will say he lost the war."
Let me say this using simple words, so that even a Democrat can understand me.

Our country, our war, our troops.

Not "Republican" or "Democrat". Ours. Scoop Jackson understood that. Joe Lieberman did, too. Damn right they'll say you lost the war. They'll be right.

If you can't figure out that we have to win the war against the @ssholes who sheltered the people who attacked us, then get the hell out of Dodge.

And I'm sending a care package to Soldier's Angels in Germany, who have a lot more of Our Boys back from the front than they had expected. You should, too.

Note to the Contemptible Party: Our Boys. Ours.

Hat tip: The Corner.

Tuesday, September 22, 2009

A Soldier is being railroaded

By the Pentagon, no less.

1LT Michael Behenna was sentenced to 25 years for the murder of an Iraqi detainee he says attacked him. The Government's own expert witness filed an affidavit saying that he told the prosecutors that Behenna's story was the only explanation that fit the forensic evidence. I've read the affidavit, and it is damning of the Government's actions.

Behenna's attorneys were not informed of this testimony. He was convicted, and a motion for a new trial has been denied.

Please pass this on. Bloggers, please post a link to Lt Behenna's site.

Hat tip: A Large Regular.

Math Lessons

#2 Son has a quiz coming up in Math class, about the metric system. It seems that someone hadn't studied perhaps as much as he should have. The following lesson was overheard today, Chez Borepatch:
Me: So which is bigger, a Centimeter or a millimeter?

#2 Son: Uh, a millimeter?

Me: Nope. [discussion of meters, centimeters, and millimeters deleted to avoid driving away 80% of my traffic]

Me: Does that make sense?

#2 Son:

OK, how about this: you remember when we shot the Glock, right? What cartridge does it take?

#2 Son: 9 millimeter.

Me: 9 is almost 10, right? So 9 millimeters is almost a centimeter. Actually, there is a 10 mm cartridge, which is a centimeter, and is very manly indeed. We can shoot it sometime, but you'll have to be ready for some pretty big recoil. So which round will have more recoil, a 10 mm or a 1 mm?

#2 Son: That's dumb, Dad - nobody makes a 1 mm cartridge. But the 10 mm would have more recoil.

And what's another measure for 10 mm?

#2 Son: A centimeter!
Class dismissed. I think I'll tell this story to his math teacher. I hear teachers in the Boston suburbs groove on this sort of thing.

14 reasons why "Anthropogenic Global Warming" is wrong

Michael Hammer is a scientist. Specifically, he's a spectroscopist - an expert in the electromagnetic spectrum and radiation. While he doesn't get much press, he's made important contributions to the Climate Change debate. Ten or fifteen years ago, you heard how Carbon Dioxide will trap the Sun's heat, leading to a run-away greenhouse effect, because Carbon Dioxide was opaque to infrared radiation (heat).

Hammer showed that CO2 is only opaque to IR at a few narrow bands, and the trapped heat just re-radiates to space through the gaps. So much for the run away greenhouse effect.

He's back, with a long and detailed explanation of why he's a skeptic of the theory of Anthropogenic Global Warming:
I HAVE been asked several times ‘why am I so sceptical of the anthropogenic global warming (AGW) hypothesis’? There are many reasons, some of which I have documented in previous articles at this weblog, but these have relied on sometimes complex calculations which I admit can be difficult to appreciate. So I would like to outline here a few of my reasons based only on simple consistency with the AGW proponents’ own data.
Rather than lots of science and math and stuff, he looks at what the proponents of AGW say. And find a lot to be desired:
5. The claimed “proof” of positive feedback is a model prediction of a hot spot in the tropics at mid troposphere levels. However all the experimental evidence from many, many measurements has failed to find any evidence of such a hot spot. In science, a clear prediction that is falsified experimentally means the underlying hypothesis on which the prediction is based is wrong.
Lots to be desired:
8. If I adopt this 10:1 ratio by looking at the last 100 years worth of data I find 1910-1940 temperatures rising while CO2 was not. 1940 to 1975 temperatures falling while CO2 rising, 1975 to 1998 temperatures rising while CO2 rising and 1998 to 2009 temperatures falling while CO2 rising. Three quarters of the period shows no correlation or negative correlation with CO2 and only one quarter shows positive correlation. I do not understand how one can claim a hypothesis proven when ¾ of the data set disagrees with it. To me it is the clearest proof that the hypothesis is wrong.
And he keeps bringing it:
10. I have looked at the raw temperature record for the USA (USHCN data) and the Bureau of Meteorology data for Victoria, Australia. Both show fluctuations of temperature with time but zero underlying trend for the last century. By contrast, the official IPCC endorsed data shows a strong underlying upwards trend. When I investigate why the difference, I find that the raw data has been adjusted for several supposed factors and every one of these adjustments created a warming trend. This implies that the claimed warming trend is due to the adjustments, not the raw data. In any less controversial scientific issue, such a result would be viewed with the greatest possible scepticism and would be extremely unlikely to be accepted.
There's more. He shoots holes in the science, in the models, and in the use (and abuse) of data. Bring popcorn.

But the science is just the warm up. What really has him torqued is the abuse of science for raw, obvious purposes:
When I listen to the public AGW debate I hear very high profile politicians and prominent public figures calling for people who openly disagree with AGW to be put on trial for treason. I hear many cases of people losing their jobs because of voicing sceptical opinions. I hear prominent global warming advocates refusing to enter into debates or trying to avoid debates by claiming the science is settled, and by claiming we do not have time, we have only weeks to act. I hear AGW advocates resorting to personal attacks against people who disagree rather than addressing the technical issues they raise.

I hear AGW proponents claiming to be the under funded underdogs, fighting to protect the planet against greedy capitalists, yet the reality is their funding is at least 1000 times greater than the sceptics funding. I see many reports of scientists refusing to release their workings, thus preventing review of their methodology, despite the fact that their work was funded by public money.

I see how the established media abandons balance in reporting by strongly favouring proponents of AGW, ignoring or denigrating sceptics and forcing most onto blog sites like this one. I hear some environmental groups and activists publicly claim that its OK and even necessary to exaggerate the threat so as to get the public to engage. I see the courts condoning acts of vandalism and even violence against essential public infrastructure. I see high profile public figures supporting such acts and claiming them to be reasonable and justified.

In short I see our society abandoning some of our most vital democratic freedoms over this hysteria: Free speech, impartial enforcement of the law, balance in reporting, freedom of information. These are freedoms our forebears gave their lives to bequeath to us, they are our most valuable inheritance and we seem to be throwing them away over an unproven hysterical hypothesis.

As with me, it's the corruption that sticks in the craw. Something smells fishy about the whole thing - there's a stench of PR spin that just gets worse with the cries of "the science is settled" and "denier".

A lot of this will be familiar to long time readers, but a lot is new, and specific. If there's only one thing you ever read about the whole Climate Change controversy, this should be it.

Oops, got to go. It's those dang deniers again, back on my lawn. Hey! You! Get the heck outta here!

Hat tip: Don, via email.

Restaurants to avoid

Hat tip: Andrew, via email.

Monday, September 21, 2009


You have to be paranoid to carry a gun. I mean, what could happen at a bowling alley?

Security Smorgasbord, Vol 1, No. 2

Interesting mix of security news, from the concrete (could very well effect you) to the esoteric.

First up, this is the Month of Facebook Vulnerabilities. Every now and then, someone in the security community will kick off a "Month of X Vulnerabilities" to highlight, well, lousy security in X. In the past we've seen this for Apple, Twitter, and Browsers (I've probably forgotten several targets). This month, it's Facebook Applications which (surprise!) often don't have much security. The responses mostly seem to be "Hey thanks - we've fixed it", but a couple are (ahem) less cordial:

Responsiveness: I did not receive any responses from Manakki, but they did patch the hole – the example URI below now brings up a page that says, “Please go away.”

Vulnerability Status: Patched

Well, then. At least they fixed it. Clicky through to see who's playing ball and who's a grump. Especially if you use Facebook Apps.

Next up is a retrospective on 60 years of cryptography, with a neat slide show of past cypher machines. No discussion of cipher machines if complete, of course, without one of these:
That's an Enigma Machine, as use by the Germans in World War II. They have these on display at the National Cryptologic Museum at NSA (open to the public, and highly recommended if you're ever in the neighborhood of Laurel, MD - don't forget to pick up an NSA coffee mug at the NSA store!). Seizing the Enigma is also highly recommended, if the history of cryptography is your bag, baby. The Enigma was a machine that would scramble messages, so that when a Wehrmacht unit radioed another, it was impossible to read. Breaking it was a huge breakthrough for the Allies, and was one of the most closely held secrets of the war - because if the Germans had know that Eisenhower was reading all their mail, they'd have changed the code.

Lastly, there's another Facebook story, about how some smart kids at MIT have studied people's Facebook Friend networks, and think they can identify who's gay. They call it - I kid you not - "Gaydar":

Using that information, they “trained” their computer program, analyzing the friend links of 1,544 men who said they were straight, 21 who said they were bisexual, and 33 who said they were gay. Gay men had proportionally more gay friends than straight men, giving the computer program a way to infer a person’s sexuality based on their friends.

Then they did the same analysis on 947 men who did not report their sexuality. Although the researchers had no way to confirm the analysis with scientific rigor, they used their private knowledge of 10 people in the network who were gay but did not declare it on their Facebook page as a simple check. They found all 10 people were predicted to be gay by the program. The analysis seemed to work in identifying gay men, but the same technique was not as successful with bisexual men or women, or lesbians.

“It’s just one example of how information could be inadvertently shared,” said Jernigan. “It does highlight risks out there.”

Not earth-shaking, I know: if you're gay, you probably have a lot of gay friends. Mapping patterns of Facebook connections lets any Tom, Dick, or Harry figure this out. Nothing that your friends didn't already figure out, just that this is public knowledge on Al Gore's Intarwebz.

This is actually one of they ways we beat Al Qaeda in Iraq: if you're a terrorist, you probably know other terrorists. Once there was a critical mass of information in a database, the network of cells started to unravel. Just ask Achmed.

So there you go - a trifecta of security goodness. Don't spend it all in the same place!

On this day in history

In 1327, Edward II Plantagenet, by Grace of God King of England, etc passed on in Berkeley Castle. By "passed on," I mean was murdered with a red-hot fireplace poker shoved where the sun don't shine.

All I can say is this happened to a Gay man in the heart of Berkeley (Castle). Nancy Pelosi's right - all of this hate speech from Roger Mortimer and Queen Isabella Rush Limbaugh and Sarah Palin is getting out of control.

Me, I blame Dick Cheney.

This musical interlude brought to you by Eastern State Hospital

In cooperation with the Spokane County Fair. Everybody polka!

UPDATE 21 September 09:30: Looks like they caught the guy. Everybody polka!

Sunday, September 20, 2009

The Wisdom of Crowds

You don't find it on Facebook:

From Facebook Fails, a blog devoted to, well, Facebook Fail. Heh.

Zombiepocalypse Metal

I work and think and work some more on deep, philosophical posts about Problems Of The Day, and get zero comments. I post about automatic shotguns for the Zombiepocalypse, and get comments galore.

It sometimes seems like nobody cares about my Deep Thinking. Y'all are here for zombies, shotguns, and Johnny Cash.

Well OK, then. It's not Johnny Cash, but it's a dang fine song for seeing off the legions of the undead, and recommended by #1 Son to boot. Offered for your consideration, Avenged Sevenfold:

Afterlife (Songwriters: Baker, Zachary James; Haner, Brian Elwin Jr; Sanders, Matthew Charles; Sullivan, James Owen)
Like walking into a dream, so unlike what you've seen
so unsure but it seems, ’cause we’ve been waiting for you
Fallen into this place, just giving you a small taste
of your afterlife here so stay, you'll be back here soon anyway

I see a distant light, but girl this can't be right
Such a surreal place to see so how did this come to be
Arrived too early

And when I think of all the places I just don't belong
I've come to grips with life and realize this is going too far

I don't belong here, we gotta move on dear escape from this afterlife
’Cause this time I'm right to move on and on, far away from here

A place of hope and no pain, perfect skies with no rain
Can leave this place but refrain, ’cause we've been waiting for you
Fallen into this place, just giving you a small taste
of your afterlife here so stay, you'll be back here soon anyway

This peace on earth's not right (with my back against the wall)
No pain or sign of time (I’m much too young to fall)
So out of place don't wanna stay, I feel wrong and that's my sign
I've made up my mind

Gave me your hand but realize I just wanna say goodbye
Please understand I have to leave and carry on my own life

I don't belong here, I gotta move on dear escape from this afterlife
’Cause this time I'm right to move on and on, far away from here
Got nothing against you and surely I'll miss you
This place full of peace and light, and I’d hope you might
take me back inside when the time is right

Loved ones back home all crying ’cause they're already missing me
I pray by the grace of God that there's somebody listening
Give me a chance to be that person I wanna be
(I am unbroken; I’m choking on this ecstasy)
Oh Lord I'll try so hard but you gotta let go of me
(Unbreak me, unchain me, I need another chance to live)

The TSA's Maginot Line

Philip Greenspun discussed the Fed.Gov in general, and the TSA in particular, marveling at the sheer cost of all the uselessness:

In “TSA: Taxes Spent Absurdly”, Becky Akers asks “How do you turn an industry that costs $700 million annually into one that eats $6 billion?” The answer turns out to be “Nationalize it, as Congress did airport screening after Sept. 11, 2001.” She goes on to note that “The TSA’s nearly 50,000 screeners have delayed, frustrated and harassed passengers at airport checkpoints from Maine to Hawaii. What they haven’t done after eight years and $48 billion is catch a single terrorist.”

Akers is certainly understating the cost of aviation security imposed after 9/11. At our little airport there is a state trooper employed to fingerprint student pilots. An average Massachusetts State Trooper, including pension, is paid over $200,000 per year. A couple of airport employees help with background checks, security education, and issuing badges. Until a student or renter gets a badge, which takes at least four weeks, the customer must be escorted by a flight school employee at a cost of perhaps $25 per hour. The customer who does a thorough pre-flight inspection of an airplane may take all of the profit out of the rental.

It all reminds me of this:

After World War I, the French were understandably nervous about a rematch. They built a hideously expensive set of fortifications from the Swiss border all the way to Belgium. Called the "Maginot Line", it was state-of-the-art for Trench Warfare. Unfortunately, les Bosche weren't interested in Trench Warfare, and France fell in 6 weeks as the Blitzkreig bypassed it.

The TSA spends truckloads of cash at every airport in the land - including, as Professor Greenspun points out, small, commercial ones. This is what they do. Their product is slowing passengers down. High-visibility security kabuki. Of course they haven't caught any terrorists. The terrorists are targeting other targets.

There are two things that have improved air safety since 9/11: real locks on the cockpit doors, and passengers who know they have to fight back. Nothing else has made any difference (with the possible exception of Air Marshalls, but they haven't stopped anyone so far). You may not have noticed, but baggage screening still isn't what it should be, and that problem would be solved if the TSA weren't allocating all their resources elsewhere.

Sort of like the French building forts instead of armored divisions.

None of this poor prioritization should come as a surprise. In other news, we hear that the California government is introducing new TV energy standards:
Energy regulators on Friday moved forward with a plan that could ban the sale of the most power-hungry televisions from California retail stores.

The California Energy Commission released what it hopes will be the nation's first energy-efficiency requirements for the flat-screen TVs. A final vote on the regulation is expected in November.

What's wrong with this picture? California is broke. But they still have enough money to issue new regulations that will make things more expensive. And this isn't the first time.

My budget at work periodically gets cut, as business gets better or worse. These cuts force me to prioritize. If you're clever, you can do anything - you just can't do everything. Cut government 10% across the board, and you'd make a good down payment on health care, you know? Plus you'd do 10% less damage to the economy, with higher employment and tax levels that result.

Chicks with guns in Florida

Seems there are a quite lot of them compared to the past. Even the TV News has noticed.
Florida is on a pace to set a record for concealed weapons permits this year. 17% of all Floridians seeking permits is a woman. More than 15,000 women got permits in Florida last year. This year state spokesman Terry McElroy says the licensing division is on pace to issue 25,000 permits. That would set a record for the state.
It's a good story, and they have video (that won't embed, even though they give you some corny Javascript). Worth a read, and a watch.

Saturday, September 19, 2009

Yeah, that'd work too

I still don't get it


ZOMG! Lots of Zombies!

So you're minding your business one day, and suddenly you're confronted with Zombies. Lots of zombies. You're mobbed by them.

You need one of these:

Interestingly, the BATFEieio doesn't consider it an automatic weapon, but rather a "destructive device". Those tungsten 12 gauge shells will shoot through a brick wall. a hundred of them - fired on full automatic - will shoot a brick building down.

Don't think I want one - and don't think I'd want the hassle of the licensing process - but this looks like it'd do the trick against a mob of zombies.

Roy Acuff - Wabash Cannonball

To re-invent yourself, you first have to be invented. Country music has a long history of re-inventing itself: the Countrypolitan sound of Patsy Cline, the Outlaw sound of Johnny Cash, the New Wave of Country Rock with artists like Keith Urban, or Cowboy Troy's Country Rap.

So who invented Country the first time? You could argue it was Roy Acuff.

There's a musical divide where Acuff stands: before him, it was a regional - even "Hillbilly" - entertainment, only heard at hoedowns, medicine shows, and revivals. After Acuff, it was the Grand Ole Opry, radio, and records. Acuff established the first major Nashville record label, signing Hank Williams and Roy Orbison.

Not bad for a guy who started out in a Depression-era Appalachian medicine show.

"Wabash Cannonball" is an example of this Acuff "before" and "after". This is a very old song, going back to the 19th century - at least to the 1880s. Acuff made one of the first recordings, in 1936, and it became one of his most popular songs. I remember hearing this on the radio as a kid in the 1960s. The Rock and Roll Hall of Fame includes this song in their list of "500 Songs that Shaped Rock and Roll."

It was the ship song of the USS Wabash, AOR-5. It's also played at all the University of Texas football games. Hook 'em, Horns.

The Wabash Cannonball (Traditional; re-written by William Kindt in 1904)
Out from the wide Pacific ocean to the broad Atlantic shore
She climbs flowery mountain, o'r hills and by the shore
Although she's tall and handsome, and she's known quite well by all
She's a regular combination of the Wabash Cannonball.

Oh, the Eastern states are dandy, so the Western people say
Chicago, Rock Island, St. Louis by the way
To the lakes of Minnesota where the rippling waters fall
No chances to be taken on the Wabash Cannonball.

Oh, listen to the jingle, the rumor and the roar
As she glides along the woodland, o'r hills and by the shore
She climbs the flowery mountain, hear the merry hobos squall
She glides along the woodland, the Wabash Cannonball.

Oh, here's old daddy Cleaton, let his name forever be
And long be remembered in the courts of Tennessee
For he is a good old rounder 'til the curtain 'round him fall
He'll be carried back to victory on the Wabash Cannonball.

I have rode the I.C. Limited, also the Royal Blue
Across the Eastern countries on Elkhorn Number Two
I have rode those highball trains from coast to coast that's all
But I have found no equal on the Wabash Cannonball.

Oh, listen to the jingle, the rumor and the roar
As she glides along the woodland, o'r hills and by the shore
She climbs the flowery mountain, hear the merry hobos squall
She glides along the woodland, the Wabash Cannonball.
These lyrics don't entirely match the ones in the video - they're from the Carter Family's recording. It's a traditional song, and part of that is people change the words ...

Friday, September 18, 2009

In other Apple news ...

There's an OS X update available, filled (really filled, like maybe 26 of them) with security patches. This one smells important, because a combination of the vulnerabilities sounds perfect for distributing malware via browser:
Description: Multiple Vulnerabilities have been identified in Apple
Mac OS X in several of its components. Specially crafted input or
data handled by one of these components could trigger vulnerability,
leading to a variety of exploitable conditions. ...

(b) There is a memory corruption error in Resource Manager, in its handling of resource forks. ...

(e) There is an integer overflow error in Core Graphics, in the way it processes PDF files. (f) There is a heap overflow error in CoreGraphics caused by drawing of long text strings. ...

(i) Multiple vulnerabilities have been identified in the Adobe Flash Player
plug-in. Some of these vulnerabilities might lead to remote code
execution. ...

(k) There is a design issue in launch Services, which may cause an unsafe file
to be opened automatically. (l) There is a design issue in Launch Services as a result of which there is no warning displayed while attempting to open a downloaded content that's unsafe. (m) There is an implementation issue in MySQL that might lead to escalation of privilege.
Yikes. I'd think that any Black Hat worth his salt would be able to craft a poisoned PDF or Flash (think YouTube) file that would silently download and run, and maybe escalate its privilege. Sound familiar?

So Mac users want to take a quick visit over to Apple for a heapin' helpin' of security. Srlsy.

iPhone OS 3.1 "Coma Mode"

Seems there's something not so tasty in this bite of the Apple:

Complaints about Apple's new iPhone OS 3.1 are flooding the web, with one poster calling it "the buggiest update that Apple has yet released for the iPhone."

The problems being reported are legion. They include iPhones becoming totally unresponsive, dropped calls, poor battery life, difficulties with Wi-Fi connections, failed Microsoft Exchange syncing, dead GPS service, loss of signal after syncing, tethering no longer working in "legally" unlocked phones outside the US, and more.

Other than that, Mrs. Lincoln, how did you like the play?

Take the unresponsive-iPhone reports, for example. Tartly dubbed "Coma Mode," it's a hot topic on Apple's own Apple's "Using iPhone" user forum.


A blogger at the Detroit News provided a detailed description of his attempted - and unsuccessful - workarounds, and a poster in an Apple thread entitled "Mysterious random total shut downs following 3.1 update" described how he reset his iPhone to factory settings, restored it, set Autolock to Off, deleted his email account, and removed all third party apps - all to no avail.

Since there weren't any security patches of note, and mostly becausae I'm lazy, I'm still on iPhone 3.0. All y'all who are thinking of upgrading are forewarned.

Me, I think I'll wait until the dust settles. "Cancel" is your friend. Well, mine, anyway.