Saturday, August 31, 2013

Any readers in Albuquerque?

I'm flying out tomorrow at 0800 from ATL to ABQ.  I'd be happy to meet up for a beer if there's anyone there who's interested.

If you are, drop a comment or email me at borepatchatgmaildotcom.

I'm a bit tired of being fleeced

Priceline was going to charge me $200 for a compact rental car for a week - and almost $90 of that was "taxes & fees" (!).  Don't think so, Scooter.

A quick trip through the search engines brought me to Booking Buddy, which has a clever search where it pops up 3 or 4 windows, each of which use a single travel site (Expedia, Hotwire, etc) to look for deals.  I got an Intermediate car for $122 for the week, which includes $65 in "taxes and fees".

But dang it all, I'm more than a little bit ready to just check out of the whole travel scam - a movable Galt, if you will.  I don't have a choice on this trip, but this is just example #4,982 on why I don't ever want to go anywhere that's not on my own wheels ...

Save the Cougars!

Even though they are admittedly dangerous ...


Hank Williams, Sr. - Move it on over

Dog is Man's best friend, sharing his victories and defeats equally.  Wolfgang has been with us for a year, making me ponder that mysterious bond between a man and his dog.  That bond is perhaps strongest in times of trial.

You bet there's a country music song for that.

Hank Williams Sr. needs no introduction, even to people who know nothing of country music.  He defined country music in the 1940s and early 1950s, blazing brightly - but briefly, as the bottle combined with a fast car silenced the voice.

This was his first big country hit, getting all the way up to #4.  It's a light hearted song about a man who, returning late one evening (likely from the bar) finds that his wife has locked him out and so has to shelter in the dog house.

Move It On Over (Songwriter: Hank Williams, Sr.)
Came in last night at a half past ten that baby of my wouldn't let me in
So move it on over (move it on over) move it on over (move it on over)
Move over little dog cause the big dog's movin' in
She changed the lock on our front door now my door key don't fit no more
So get it on over (get it on over) scoot it on over (scoot it on over)
Scoot over skinny dog cause the fat dog's movin' in
This doghouse here is mighty small but it's better than no house at all
So ease it on over (move it on over) drag it on over (move it on over)
Move over old dog cause a new dog's movin' in

She told me not to play around but I done let her deal go down
So pack it on over (pack it on over) tote it on over (tote in on over)
Move over nice dog's cause a mad dog's movin' in
She warned me once she warned me twice but I don't take no one advice
So scratch it on over (scratch it on over) shake it on over (shake it over)
Move over short dog cause the tall dog's movin' in

She'll crawl back to me on her knees I'll be busy scratchin' fleas
So slide it on over (move it on over) sneak it on over (move it on over)
Move over good dog's cause a mad dog's movin' in
Remember up before you whine that side of door ain't this side of mine
So shut it on over (shot it on over) sweep it on over (sweep it on over)
Move over cold dog cause the hot dog's movin' in

A year of Wolfgang

Precisely a year ago, I posted this:
Looks like Clan Borepatch is getting a new recruit.

Bringing a puppy into the house reminds you of just how much a puppy metabolism can eat:

#2 Son insists that Wolfgang is bigger than he was a week ago.  #1 Son insists that if you watch him very closely, you can actually see him grow.
But it's your responsibility to train them properly.  In as Intellectual a place as Camp Borepatch, that includes the classics, natch.  Alas, poor Yorick:
I eated him, Horatio.

Wolfgang and I attend Hamlet.
But it's all fun and games until someone's pond dies:
O Puppy! my Puppy! your muddy soaking paws;
Tell your tale -- you battled long and vanquished with your jaws;
For you cascades and gentle streams had no fascination;
Building feats with water flowing just by gravitation;
Here Puppy! dear Puppy!
This hole beneath my feet;
It is some dream that now the yard,
Is sudden uncomplete.
But I have a buddy to "help" me spread mulch on the rose garden:

And those pig's ears won't eat themselves.  Fortunately, I have someone to help me out with them.  Mmmmm, pig ear!

Friday, August 30, 2013

Janis Joplin with Big Brother & The Holding Company - Summertime

I'm on vacation now, and there's still said to be a little bit of summertime left.  And so, some summertime music.  This is a very different take on a classic.

My take on vacation will also be a little different.  Mom is moving out of the assisted living place, and will move back into her house in Albuquerque with Younger Brother to look after her.  My "vacation" is to open her house up, make sure it's clean and livable, with food in the refrigerator and that sort of thing.

Still, I don't begrudge the lack of relaxation time.  It needs doing.  So let it be written, so let it be done.

Oh. My. God.

I didn't realize that Obama ran Linux in the Oval Office.

This is the funniest thing that I've seen in months.


Heart-Wrenching Video Shows Starving Dog Burying Her 11 Puppies After Man Knowingly Left Them to Die in His Yard.

Remember the name Migel Martinez from Memphis.  If there's justice he will never get away from the long arm of Google which sees all, forgets nothing.

Is the NSA incompetent or is it feral?

Outstanding analysis by Bruce Schneier, who ponders what on earth is going on at Ft. Meade:
So if the NSA knows what Snowden has, or what he could have, then the most it could learn from the USB sticks [seized from David Miranda at Heathrow airport - ed.] is what Greenwald and Poitras are currently working on, or thinking about working on. But presumably the things the two of them are working on are the things they're going to publish next. Did the intelligence agencies really do all this simply for a few weeks' heads-up on what was coming? Given how ham-handedly the NSA has handled PR as each document was exposed, it seems implausible that it wanted advance knowledge so it could work on a response. It's been two months since the first Snowden revelation, and it still doesn't have a decent PR story.

Furthermore, the UK authorities must have known that the data would be encrypted. Greenwald might have been a crypto newbie at the start of the Snowden affair, but Poitras is known to be good at security. The two have been communicating securely by e-mail when they do communicate. Maybe the UK authorities thought there was a good chance that one of them would make a security mistake, or that Miranda would be carrying paper documents.

Another possibility is that this was just intimidation. If so, it's misguided. Anyone who regularly reads Greenwald could have told them that he would not have been intimidated -- and, in fact, he expressed the exact opposite sentiment -- and anyone who follows Poitras knows that she is even more strident in her views. Going after the loved ones of state enemies is a typically thuggish tactic, but it's not a very good one in this case. The Snowden documents will get released. There's no way to put this cat back in the bag, not even by killing the principal players.
This is part of a pretty thoughtful analysis which reaches its crescendo with this:
This leaves one last possible explanation -- those in power were angry and impulsively acted on that anger. They're lashing out: sending a message and demonstrating that they're not to be messed with -- that the normal rules of polite conduct don't apply to people who screw with them. That's probably the scariest explanation of all. Both the US and UK intelligence apparatuses have enormous money and power, and they have already demonstrated that they are willing to ignore their own laws. Once they start wielding that power unthinkingly, it could get really bad for everyone.

And it's not going to be good for them, either. They seem to want Snowden so badly that that they'll burn the world down to get him. But every time they act impulsively aggressive -- convincing the governments of Portugal and France to block the plane carrying the Bolivian president because they thought Snowden was on it is another example -- they lose a small amount of moral authority around the world, and some ability to act in the same way again.
The only thing else that I'd add is that the entire security establishment (including the DNI and NSA Director Alexander) are lieing badly, and repeatedly.  They're losing their grip on reality, and on their self-control.  That's actually not a good sign for the Global War On Terror.

So riddle me this, GWOT man: what's the breakdown of NSA resources looking for, you know, actual terrorists like Maj. Nidal Hussein (emailing with al Quaeda asking if it's A-OK with Allah if he shoots up an Army base), and what percent is in a domestic le freak?

Or maybe the NSA is simply incompetent, a dinosaur relic of the cold war that hasn't realized that the asteroid has entered the atmosphere.  A commenter at Schneier's site raises the possibility:
I think you need to remember that most Western intelligence agencies are founded in the cold war. They are used to fighting an opponent who could and would do almost anything except go public. The phone call, "You've had your fun, now we want the stuff back;" calling around and smashing up hard drives; detaining someone's 'agent' at the border for nine hours; these all smell like the tit-for-tat tactics of the cold war. They make good sense against a foreign intelligence agency; the message is, "We know what you're up to, we know where you keep your stuff, we know when your agents are traveling and we can reach out and touch them whenever we want. So back off."

If these actions were taken against a Soviet or Soviet-like intelligence agency, we'd all think it was rather an exciting insight into the world of espionage. Except we'd never know it had happened because the KGB and the Stasi would never have reacted by writing a newspaper article about what had happened. I wonder if the agencies involved are simply struggling to figure out how to deal with an opponent whose best weapon is publicity?
So: incompetent or feral?  To ask the question is to answer it, n'est-ce pas?
When the people fear the government, there is tyranny. When the government fears the people, there is liberty.
- Thomas Jefferson

Nice web server you got there. Be a shame if anything happened to it.

The Gaijin email to point out this reddit thread on the best way to code PHP to let remote web suers create new users (!) on the web server:
I have a form that creates a user by entering the username and their password. The code I'm using in php is:
shell_exec("sudo useradd -p $encpass -g groupname -s /bin/bash $username");
I have used a whoami and have confirmed that it runs as http. In /etc/sudoers I have
root ALL=(ALL) ALL
%sudo ALL=(ALL) ALL
I also added http to group wheel. The problem I am having is it's not setting the password correctly. The user is created, just the password isn't set. I know that $encpass has a value because I can display it. I also know the command works because it runs fine in command line. This was working before, but I had to reinstall Arch Linux, so does anyone have an idea for why this doesn't work?
Angels and Ministers of Grace, defend us ...

Since this is reddit, hilarity breaks out:
RichieSM 760 points  ago
This is some of the most dangerous code I've ever seen in my life.
[–]RichieSM 337 points  ago
I also added http to group wheel.
Are you actually serious?
[–]TheManCalledK 382 points  ago
Dude, obviously Apache needs root. How else is the web server supposed to take over?
I, for one, welcome our new Apache overlords.
[–]RommelTJ 133 points  ago
More like the Apache Trail of Tears.
For those not Linux heads, some of the more patient redditers explain it to Our Hero:
h2ooooooo 94 points  ago
If I actually said that my username is ; rm -rf /, then it'd first run the command
sudo useradd -p $encpass -g groupname -s /bin/bash (which would most likely fail)
and then run the following command:
rm -rf / which will delete your entire operating system (force remove files recursing through directories starting from the base of / (every file)). You might have to use sudo rm -rf /.
This all requires that $username and/or $encpass comes from the user in some way (through POST, GET, etc.).
You see, this is why we can't have nice things on the Internet.  Jimminy Cricket on a motorbike, this is maybe the most colossally boneheaded code I've ever seen.  And I've seen rather a lot, sad to say.  A number of the redditers accuse him of being a troll, but I think the query was legit.  After all, this sort of security fail is so epic that it has its very own xkcd:

Epic thread is epic.  Just know that code like this "escapes" into the wild, sometimes in production systems.  Be afraid.  Be very afraid.

Thursday, August 29, 2013

Elvis Costello - Peace Love And Understanding

An Ode to President Obama's "Red Line" in Syria.

Party on, Lefties!

They get an "A" for effort has a selection of ways to reduce your profile to the Surveillance State.  Their heart is in the right place.

Well, it's a good start, even if it's only a C- (at best) for effectiveness.

Getting off the (surveillance) grid

If everything is monitored, how do you make it so that the monitors don't know that it's you?  The Chiefio does some experimentation, and the results are very interesting:
Our paranoid intrusive and Police State government has leaned on the Mail Box companies such that you can’t just sign up and pay and get an address. You must already have an address to get an address. TWO forms of ID are required (one with photo and government issued…), copies of them are kept, you must have a real physical address that they can take down, they want an email address and a telephone too. Oh, and a credit card (which must have an address too…) Then there is the official Application For Mail Delivery Via an Agent form to fill out. One can show a “power company bill” to show you have a local address, that way you can get a mail box to have a local address… Sigh.
Know going in that the system is designed to identify you when you set up services, and then track those services, linking them back to you.
Not particularly wanting my phone number to get tons of crap calls, nor have it shared with everyone and their cousin, I thought I could at least get a local phone number via either a “Burner phone” or an IP Phone (internet phone). The “Burner phones” looked a bit expensive (at about $40 / month) so I looked into an IP Phone. At $9 and then about $10 / month, not too bad. Wally World has their “Basic Talk” at that price point, so I decided to play with it. “Burner Email” accounts being fairly easy to get, I’m assuming folks can do that on their own. (I went ahead and used a ‘real email’ for the initial set up; but if really working on a “Private Existence” first step looks to be “get a burner email address” since everyone wants the email to do anything.
But how do you pay for this?
So I had already picked the number I wanted for the Gizmo, but it balked at that as my “contact number”. I eventually gave it a number of a phone at work. THEN it was happy to complete the set up. THEN it let me change the number to the one on the Basic Talk gizmo. So as long as you have a ‘Burner’ number, you can eventually get this set up to be your ONE phone number. (One is left wondering how long the ‘Burner’ number is kept in records… and if a pay phone number would also work…) At any rate, you then also must give it a credit card for billing (and the Billing Address for that card, too).
This is long and detailed, and certainly improvable with some thinking.  But it points in the direction of actual on the grid but off the grid anonymity:
So, for example, by getting a prepaid card, using this Basic Talk phone number, and a quasi-valid address, Burner Email, etc., one could then use it to get a Mail Box. Now with that Mail Box, one gets a different prepaid card, phone number, etc. Then the first set are closed up. Move to a different address. Once a year or so, repeat. After a while, the trail back to anything physically you (home, bank, cell phone) can be muddied enough that most folks would not follow it. (Though enough would be in NSA databases for them to unscramble it, at least for the 5 year retention period they claim to be using now.)
If you are interested in this sort of thing, you need to read the entirety of this post.

The Motorcycle Diaries*, No. 2

I was out at the local Kroger, and had my backpack with me since I'd ridden the bike and don't have saddlebags.  As it turned out, there was a nice Harley Sporster parked right next to where I usually dropped the kickstand.

I purchased my backpack full of food (yay! the kids can eat tonight!) and was suiting up (jacket, helmet, and gloves, thanks for asking) when the Harley's owner came out.  He'd been shopping, too.  We chatted about bikes for a bit.

Seems he got a great deal on his bike - $4000 on Craig's List, from a guy who bought it for his girlfriend, not thinking how a 5' 3" girl would handle a big bike like that.  He said it was a little big for him, too, but likely would fit me like a glove.  He said that the one downside was that it was a Harley, meaning saddle bags wouldn't cost him $50, they'd cost him $500.  Or more.

Still, it was nice to hear that if you shop around you can pick up deals.  Probably October would be a good time, as people are thinking about Christmas and how they won't be riding for months anyway.

But it's interesting what a small, friendly club the whole motorcycle circuit is.  It's no problem just striking up a conversation with another biker.

* Standard disclaimer: If you came here by searching for Che, you do know that he condemned teenagers to execution and then enjoyed watching, don't you?  If you don't, let your Google-fu lead you.  He was a sick, murdering bastard who killed children.  Yeah, and a bit dreamy, anti-establishment for ignorant Lefties.  You're not one of them, right?

Wednesday, August 28, 2013


Look, I know that you call yourself a "penetration tester" and a "white hat hacker", but I've been doing this longer than you have. Trying to convince me that your newly discovered denial of service attack is a "high risk" vulnerability is not convincing. You can't get anyone's data and you can't pen someone's boxen with your uber 'sploit.

Sorry, not impressed. It's the Internet: there's nothing but DoS out there.

Your CVSS scores are boring, and it's entirely clear that you have no idea how arbitrary that "metrics based" scoring system actually is.

And your Mom dresses you funny. Get offa my lawn, kid.

This ends today's security rant.

- Posted using BlogPress from my iPhone

You spent $100,000 on a Tesla?

Oh, sorry.  Security will be extra:
Slack authentication in Tesla's Model S REST API exposes the electric car to a variety of non-safety but non-trivial attacks, according to a Dell engineer and Tesla owner.

In this post over at O'Reilly, Dell senior distinguished engineer and executive director of cloud computing George Reese says the “flawed” authentication protocol in the Tesla REST API “makes no sense”. Rather than using OAuth, Tesla has decided to craft its own authentication, which Reese unpicked.
Use a common security standard that's field proven?  Nah - let's make up our own.  It'll be awesome.
While the flaw doesn't offer access to any “operational” aspects of the car – like steering or brakes – the risks are still significant. An attacker could fool around with configuration settings, the climate control, the sunroof, open the charge port, and anything else supported by the API. Apart from tracking owners' movements, “there is enough here to do some economic damage both in terms of excess electrical usage and forcing excess wear on the batteries”, Reese notes.
Like I said, it'll be awesome.  RTWT for all the simply horrifying n00b mistakes that Tesla made.  There's more, so very much more.

Scientific ethics and research

Judy Curry has a very thoughtful post about how climate science research is conducted and potentially skewed:
Scientists will only be able to command trust in society if they follow basic professional standards. Prime among them is to publish the results of their research, no matter if they support a desirable storyline or not.

Last year, I encountered a stark example of this.  One of my colleagues was thinking about publishing a paper that challenges the IPCC interpretation of the previous pause during the 1940s to 1970′s.  My colleague sent a .ppt presentation on this topic to three  colleagues, each of whom is a very respected senior scientist and none of whom have been particularly vocal advocates on the subject of climate change (names are withheld to protect the guilty/innocent).  Each of these scientists strongly encouraged my colleague NOT to publish this paper, since it would only provide fodder for the skeptics. (Note: my colleague has not yet written this paper, but not because he was discouraged by these colleagues).

What is at issue here is a conflict between the micro ethics of individual responsibility for responsible conduct of research and larger ethical issues associated with the well-being of the public and the environment.  Most such examples are related to suppression of evidence including  attempting to stifle skeptical research (particularly its publication and dissemination to the public); the Climategate emails provide abundant examples of this.
I think that this is pretty insightful, and only part of a long and insightful post.  Dr. Curry isn't one of those beastly Deniers like me, but rather a "luke warmer" who thinks that we are on net making our climate warmer.  However, she thinks that there is a systemic problem in how the science is performed and this is effecting the trust that the public has in the scientific community as a whole.  And quite rightly, as she observes from inside the community:
Fuller and Mosher’s book Climategate: The CruTape Letters argued that ‘noble cause corruption’ was a primary motivation behind the Climategate deceits.  Noble cause corruption is when the ends (noble) justify the means (ignoble).  I think that there is an element of this that can be seen in the Climategate emails, but I think the motivated reasoning by climate scientists is more complex (and ultimately less ‘noble’).
There's a lot of dirty laundry being hung out here.


For the motorcycle:

$55, including mounting kit.  Dang, that's almost free.  And they have tail lights you can wire into the turn/braking lights.  Any reason not to get these?

Tuesday, August 27, 2013

Ella Fitzgerald - Summertime


The greatest living Country Music artist

Is right here, in this video.

Which one is a real debate.  Maybe both of them.  But RIP Townes Van Zandt.  Thanks for the great songs.

The motorcycle diaries*

I was riding my motorcycle last weekend, and parked in a rather inconvenient and out of the way place (because parking was a nightmare).  When did Woodstock, GA decide that they were the new Manhattan and that no parking and $25 lunches were the shiznit?

Anyway, I walked back to the bike and was suiting up (kevlar jacket because I'm a wus, helmet, etc) when an older couple parked (illegally?) next to me and got out.  The gentleman looked at my bike in a rather wistful manner.  He struck up a conversation about how he used to ride, back before he got engaged to his wife.  He said that she didn't like it, and so he gave it up.  He clearly missed it.

We had a nice chat, and as they turned to walk away I said "It's not too late to start again."  He turned and said, "You may have cast the deciding vote."  His wife had the charm to laugh.

Me, I hope he does.

* If you came here by searching for Che, you do know that he condemned teenagers to execution and then enjoyed watching, don't you?  If you don't, let your Google-fu lead you.  He was a sick, murdering bastard who killed children.  Yeah, and a bit dreamy, anti-establishment for ignorant Lefties.  You're not one of them, right?

Dang. I missed "National Go Topless Day"?

"National Go Topless Day" was yesterday.  Funny, nobody at the office went topless.

Given the guys here, that's maybe not a bad thing.  But I blame the Patriarchy for the lack of solidarity.  Free the Ta Tas!

Bootnote: I must confess that I was not topless yesterday, either.  Because Patriarchy!

So tell me about the Surveillance State

You don't have anything to worry about if you don't have anything to hide.  Right?

Wrong.  Windy Wilson leaves a very on-point comment to (ahem) a very on-point post here:
Katerina Witt, the East German Olympic Gold Medalist figure skater had two perceptive things to say about the NSA spying in an article in August 17th New York Daily News.

1. Young people today give up a lot of privacy voluntarily with facebook and other programs.

2. She saw her Stasi file, and disagrees with the argument the argument that "'state surveillance shouldn't alarm law-abiding people,' she says 'people are naïve if they don't think storage of their email, telephone and other electronic records doesn't make them vulnerable.'

"You start to worry when it goes into the wrong hands and is used for the wrong reasons," she says, pointing out that some of the intelligence reports about her were totally inaccurate.
The Surveillance State empowers the gosips.  The Surveillance State empowers the busybodies. The Surveillance State empowers the petty who have a grudge.  Just look at the "if you support limited government, you're a Domestic Terrorist" nonsense that we hear.  That's not a one-off, it seems to be the New Normal.

So what this does, in effect, is to empower any Leftie to subject any non-Leftie to his will.  Ooooh kaaaay.  Anyone who says this is crazy talk, please explain Katerina Witt's comments to me.  And please, no "that was the Stasi" excuses.  We have our own Stasi:
Last weekend the words “United Stasi of America” were projected onto the side of the US embassy in Berlin alongside the face of Kim Dotcom. Police are now investigating whether a crime has been committed.
What's the over/under that they're investigating the real crime?

Monday, August 26, 2013


Someone in the office was watching a Corporate™ Training™ Video™ today, and someone remarked that the music reminded them of a 1970s porn vid.  Me, it reminded me of this, and suddenly I was back in college.

WARNING: this is the worst song EVER. Do not play unless you want to join me in mockery.

Ah, my sordid past.  I blame 2cents.  But I had better hair than KC did, Back In The Day (yes, kids, it's true*).  Err, and a similar wardrobe*.

* Get offa my lawn.

Now that's a CEO who really knows how to move the stock price

Steve Ballmer announces resignation as Microsoft's CEO, Microsoft stock price jumps 10%:

Note the gap in the Thursday trading record when NASDAQ crashed.  No word as to whether this was due to a Blue Screen of Death.

Top 10 Ballmer quotes at El Reg.  Here's my favorite:
"$500, fully subsidized, with a plan! That is the most expensive phone in the world and it doesn't appeal to business customers because it doesn't have a keyboard, which makes it not a very good email machine."
The quote is from the time when Apple launched the original iPhone.  Like Ballmer said, it's a stupid phone.  No keyboard, even.  Nobody'll buy that dog.

Plus, the Register has video of Ballmer doing the "Monkey Boy" dance.  If you've never seen it, you're in for a treat.  Just put the children to bed first.  Don't want them having nightmares ...

Someone in the German Government seems to be using security as an election issue

There's an election in Germany next month, and we're suddenly seeing a bunch of stories in the press about American privacy violations.  Last week say the German BSI (Federal Security Office) say that Windows 8 presented an unacceptable security risk because of an NSA backdoor.  Now there's a story in Der Spiegel about how the NSA is tapping the UN's videoconferences.

I don't think this is a coincidence.  A leak to Spiegel likely came from the German Intelligence Service - they're the ones who would know because the intelligence agencies cooperate with each other (and check up on each other).

Someone in Germany has come to the realization that they can use the NSA spying revelations against Frau Merkel's political party next month.   If this is correct, we can expect further similar stories in the coming weeks.

It will be interesting to see the outcome of next month's elections hinges on the disgust at American spying.

Do want

Andrew emails this piece of awesome.

Man, I so want these.  This is pretty cool, too.  It's what happens when men decorate.


The NSA seems to have enlisted all the secret squirrel types for their surveillance.

Sunday, August 25, 2013

J.R.R. Tolkien's children on him and his work

Via Isegoria comes this:

If Gandalf had taken the ring, he would have been worse that Sauron.  He would have been righteous.  And self-righteous.

If you're a Tolkien nut, you should watch this.

"Smart" diplomacy

(Reuters) - The U.S. National Security Agency has bugged the United Nations' New York headquarters, Germany's Der Spiegel weekly said on Sunday in a report on U.S. spying that could further strain relations between Washington and its allies.
Good thing we don't have an idiot cowboy in the Oval Office, making our allies mad at us.  Oh, wait:

In an open letter to British Prime Minister David Cameron published on Sunday, editors of leading Nordic newspapers said Miranda's detention and moves against the Guardian were "undermining the position of the free press throughout the world".

"(We are) deeply concerned that a stout defender of democracy and free debate such as the United Kingdom uses anti-terror legislation in order to legalise what amounts to harassment of both the paper and individuals associated with it," said the letter from Sweden's Dagens Nyheter, Finland's Helsingin Sanomat, Denmark's Politiken and Norway's Aftenposten.
Sure, it was the brits wut don it.  But anyone who thinks we weren't involved from beginning to end is a mouth breather.

It's like all that talk about restoring our reputation in the world was just a bunch of partisan hackery, or something.


Weary, stale, flat, and unprofitable.  Just not feeling it.  There's global warming news, but it's the same old thing.  There's a bunch I've been meaning to post about keeping anonymous when you're online, but NSA looks like they've pwned enough of it that it's probably not safe.  Choose different adversaries, indeed.

Even the motorcycle isn't breaking me out of this funk.  And the weather is perfect for riding.

Not sure what to do to break this.

Carlos De Seixas - Harpsichord Sonatas

It's not clear that the Portuguese composer José António Carlos de Seixas was the greatest harpsichordist of all time.  It's also not clear that he wasn't, and we can pin that ambiguity on Mother Nature, more specifically on the earthquake of 1755 that devastated Lisbon and destroyed all but a handful of his scores.

What we do know is that Seixas was recognized as the greatest harpsichordist in Portugal, and when Antonio Scarlatti was visiting Lisbon, Infante (Prince) António himself introduced the great man to Seixas to give him lessons.  Scarlatti is said to have remarked that he could take lessons from his pupil.

The harpsichord, of course, is the precursor to the piano.  Rather than the key press causing a hammer to fall on the strings to make the tone, the harpsichord key press causes the strong to be plucked, as perhaps a harp or guitar might be.  The resulting sound is unmistakeable, and the compositions had to deal with the limitations of the pluck: where the piano can strike a note that will last for some considerable time, the plucking is much weaker and so the resulting note is much more short lived on the harpsichord.  The music is filled with trills, where adjacent keys are rapidly alternated - where a piano would simply have a long key press.

As a result, the music of the harpsichord demands a high level of virtuosity, one that Seixas supplied in excess.  He died on this day in 1742 at age 38 and most of his compositions were lost in the Lisbon disaster.  Even with this, he's considered possibly the greatest harpsichordist of all time.  Imagine his legacy had he lived the full life of a J. S. Bach with his scores safely archived in libraries across Europe. 

What did survive the disasters were his keyboard sonatas, offered here.

Saturday, August 24, 2013

Your moment of Zen

10,000 people singing Beethoven's Ode To Joy from the 9th Symphony.

You're welcome.

When Margret Thatcher censored Pravda

Britain has been through the Looking Glass for decades, at least as far as free speech is concerned.  Here is a very young Christopher Hitchens describing how Her Majesty's Government seized the entire print run of Pravda.  In 1987.

The story begins at 36:42 into the video, if my Youtube-fu is weak.  The Official Secrets Act was used, not to prevent the Soviets (and Warsaw Pact, and Red Chinese) from getting excerpts of the book "Spycatcher" from retired MI6 operative Peter Wright; all of these commie Intelligence Agencies already had copies of the book.  Everyone in the USA or Canada who wanted to had read the book.  The Act was used punitively, to keep Her Majesty's subjects from reading something that would embarrass the Government.

This was a quarter century ago, and l'affair Snowden shows us that the USA now effectively has an Official Secrets Act.  One frequent defense of the NSA is that "everyone knew that NSA was spying on Americans".  That's wrong, as repeated NSA attempts to keep this information from Congress show, but assume, arguendo, that it is true - it was widely known that NSA was spying on Americans.  If so, then what possible use comes from suppressing the information Snowden leaked?  After all, if everyone knew, then al Qaeda knew, and the only upside to suppressing the information is to make the politics run more smoothly.

Hitchens' entire discussion is fascinating, as a foreshadowing of what has descended on these shores these last twelve years.  It's quite an upside down, mixed up surveillance world we find ourselves in where the Director of National Intelligence uses the "least untruthful" words in testimony to Congress.
“'When I use a word,' Humpty Dumpty said in rather a scornful tone, 'it means just what I choose it to mean - neither more nor less.'”
- Lewis Carrol, Alice In Wonderland

Those government bastards!

Good article about what NSA used to be

And how a former employee is dismayed about what it's become:
Another thing they used to say at those briefings was that the might of the NSA would never be used against U.S. citizens. Back when I signed up, the agency made it crystal clear to us that we were empowered to protect our nation against only foreign enemies, not domestic ones. To do otherwise was against the NSA charter. More importantly, I got the strong sense that it was against the culture of the place. After working there for two summers, I genuinely believed that my colleagues would be horrified if they thought our work was being used to snoop on fellow Americans. Has that changed, too?
This resonates very strongly with me, and I can confirm that in the '80s and '90s people inside NSA would indeed be horrified at the thought of spying on Americans.  I'd give detail, but it's possibly classified, but I know for a fact that people felt this way.

Now, not so much.  Something noble has been lost, and I say that entirely unironically.

Via Tam.
George asks what happens to the NSA Surveillance State when people start to try to misdirect it as a form of civil disobedience*.  Patsy sings a classic about how that plays out.

Bootnote to the NSA Line Eater: Bomb minuteman prepper NSA succession airport gun tea party Anonymous TOR Snowden steganography top secret.

Friday, August 23, 2013

Bomb minuteman prepper NSA succession airport gun tea party Anonymous TOR Snowden steganography top secret

George emails:
Tried to reply to your post on the NSA today. OpenID isn't feeling it.

The only solution that I can think of is to overwhelm the system with false positives.  If enough people are sending enough encrypted data to enough places, then the data itself becomes unreliable.  We need to get the signal to noise ratio higher.

Only question…how many participants would you need to make it impractical to investigate (and prosecute for annoying the government?)  10,000?  100,000? More?
Short answer: I don't know, but maybe we're fixin' to find out.

Longer answer: in security parlance, a "false positive" result is where a system flags something as being suspicious or malicious when it really isn't.  The best example of this is when Senator Kennedy found himself on the No Fly list because the No Fly list is stupid (at least in how it works).

There is also a "False Negative" result, where the system misses actual threats.  9/11 is a great example, where clear jihadists were taking flying lessons without much concern over how to land the plane.

Pre 9/11, the Fed.Gov was tuned to minimize False Positives even at the expense of allowing False Negatives.  Post 9/11 the aversion for False Negatives has been dialed up to 11, with a corresponding skyrocketing of False Positives.

Naturally, this tends to annoy the people subjected to False Positive results.  People like, err, me.

And so, since the system is likely designed and administered by incompetents, it is presumed to be trivial to monkeywrench the system.  From a practical sense, it aims to make the NSA's strongest competence (automated computer analysis of metadata) irrelevant (or even a weakness) by flagging so many clearly innocuous items as False Positive that the cost of manual follow up becomes prohibitive, and the system gets turned off.

It gets even more expensive if the people engaging in monkeywrenching include interesting data, like this picture of Crash the Wondercat that includes a super top secret message (well, top secret in Borepatch land, anyway).  Spend some time decoding that, Mr. NSA drone!

Because at the end of the day, the Fed.Gov will only do this if it pays.  If we make it too expensive to work, they won't do it.

Bootnote to the NSA: this post is protected by the First Amendment:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Emphasis mine.  Note that it is not a crime to make your job harder, and even if it were a crime to do so that  law is clearly unconstitutional per the above.  Putting it in terms that LBJ used, it's better for you to have Internet Security guys like me inside the tent p***ing out rather than outside the tent p***ing in.

Actually a pretty good description of the problem of false positive and false negative, right there.

You likely can't protect your privacy from the NSA

I've been thinking for a couple weeks now about how you can protect your privacy.  I haven't posted, because everything I've come up with is pretty unconvincing.  This sums it up pretty well:
The publicly available tools for making yourself anonymous and free from surveillance are woefully ineffective when faced with a nationstate adversary. We don’t even know how flawed our mental model is, let alone what our counter-surveillance actions actually achieve. As an example, the Tor network has only 3000 nodes, of which 1000 are exit nodes. Over a 24hr time period a connection will use approximately 10% of those exit nodes (under the default settings). If I were a gambling man, I’d wager money that there are at least 100 malicious Tor exit nodes doing passive monitoring. A nation state could double the number of Tor exit nodes for less than the cost of a smart bomb. A nation state can compromise enough ISPs to have monitoring capability over the majority of Tor entrance and exit nodes.

Other solutions are just as fragile, if not more so.

Basically, all I am trying to say is that the surveillance capability of the adversary (if you pick a nationstate for an adversary) exceeds the evasion capability of the existing public tools. And we don’t even know what we should be doing to evade their surveillance.
Pretty pessimistic, but this sounds right.  His conclusion really gets to the heart of what you're facing:
Practicing effective counterintelligence on the internet is an extremely difficult process and requires planning, evaluating options, capital investment in hardware, and a clear goal in mind. If you just want to “stay anonymous from the NSA”, or whomever… good luck with that. My advice? Pick different adversaries.
This ends today's lesson in positive thinking.

Dang kids with their CGI animation

They never had this:

Or this:

Scenes from my youth.

"Windows 8 is an unacceptable security risk"

That's not just my opinion (I actually have no opinion other than that Windows 8 is a web page).  Via The Covertress, we find that this is the opinion of the German Government:
According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA - and in an unintended ironic twist, perhaps even to the Chinese.
Yes, but other than a backdoor for the NSA and the Chinese, it's the MOST. SECURE. WINDOWS. EVAH. And this is extra cool:
From the BSI's perspective, the use of Windows 8 combined with TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. As a result, new risks arise for the user, especially for the federal government and for those providing critical infrastructure. In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties.
"Could" be used for sabotage?  How about "will" be used for sabotage?

By the way, the BSI (Bundesamt für Sicherheit in der Informationstechnik, the Federal Office for Information Security) is more or less equivalent to the half of NSA that does computer security.  They have some scary smart security guys.  This is a Big Time reality check on Windows 8.  That well known computer security expert, Vice President Joe Biden calls it a "big f'n deal".

Linux may suck, but in a whole different way than the NSA and Red Chinese* reading everything on your Windoze tablet.

Hey, Redmondites - I know that you're all a bunch of Dirty Commies who gave money to Obama's campaign.  I also know that you all have stock options riding on the success of Windows 8.  With Germany shutting down, feel the Hope N Change.  It's shadenfreudalicious!

* I only say "Red Chinese" to afflict the too-comfortable Usual Suspects™.

Thursday, August 22, 2013

We Are The Arsenal - Surveillance

I so want tickets to their Ft. Meade show ...

The canary in the NSA mineshaft

It seems like every day the pelt of my Wookie Suit gets longer:
Ed Snowden got away with taking a trove of secret documents from the NSA because an organization whose mission is to watch everyone failed to watch him. The NSA failed IT Security 101: segregation of duties. A single individual should not have the ability to access sensitive data as well as the ability to control the audit trail.

If you own a bank, you don’t want the person you’ve hired to guard the money to be the same guy who’s keeping the books.

By the same token, though, the NSA and the UK’s GCHQ are also operating with almost no oversight, despite what Barack Obama or David Cameron might try to tell you. That’s because they’re the ones who get to say who is and isn’t a terrorist suspect, then scoop them up and lock them away.

In other words, a “terrorist” is anyone the spooks say is a terrorist. In the past, we might reasonably assume our intelligence agencies targeted people who presented a potential threat to us. With the Miranda detention, it’s clear that a “terrorist” is anyone who presents a threat to them.

Not to sound too paranoid, but: This is how totalitarianism starts.
This is a long and very interesting post, about the limits of trust in the modern Surveillance State.  This is the canary in the mine shaft:
I worry that we will wake up to headlines that Greenwald has died in a car accident. Or from a drug overdose. Or that he got caught by a stray bullet in a convenience store robbery. Or maybe they’ll take a page out of Vladimir Putin’s book and just assassinate him in broad daylight. And all we’ll have left are a series of Internet conspiracy theories.

Because if this latest round of intimidation fails to work – and both the Guardian and Greenwald have vowed that it won’t – that’s the next logical step.
RTWT, which includes a plausibly convincing argument that it is simply impossible for NSA to win this.

This is what I'd like to hear Erin read

She's running a contest, and you can vote.

But srlsy, "50 Shades of Gray"?  If you vote for that over this from Henry V then I'm afraid that we can't be friends anymore.  Erin would kill this monologue.  50 Shades is frivolous piffle.

Riddle me this: Who does the Concord, NH police dept think are terrorists?

Remember the former Marine Colonel who spoke against the town of Concord, NH getting an armored car?

The grant application where they asked for funding names names.  Terrorists.  Yeah, right.  Is it inflammatory to wonder if the Police are Domestic Terrorists?

Wednesday, August 21, 2013

Boy, the Europeans sure must be glad that we have an enlightened progressive as president

Instead of that cowboy Bush:
Surely a significant European bank must do some business in the USA, I asked. Can the world’s largest economy really be so onerous that you truly want nothing whatsoever to do with it?

Well he was rather guarded and he knew I was a blogger, which I suspect made him a bit uneasy at the prospect of being quoted, which is why I am naming no names. But to paraphrase the reply I coaxed out of him, it was “yes, the USA is simply not worth the trouble and so rather than complying with their endless diktats and the uncertainties of what are increasingly capricious rules… well… there is a whole great big world out there for us to do business with that does not include the United States.”

Yet I suspect the powers-that-be in Washington could not care less and moreover the notion that sophisticated foreign bankers are starting to see American not as the land of opportunity, but as a place to be avoided at all costs, would strike them as preposterous. Indeed had I not had those documents laid in front of me asking me to attest to a complete lack of economic links to the USA or anything associated with the USA that the US state might claim extraterritorial jurisdiction over… well, I would not have believed it myself.

Moreover, after our business had been concluded and he relaxed a bit, the banker in question, who I very much doubt is on any Interpol wanted lists (well I certainly hope not given that he now has some of my money) said he would not even visit the USA or transit a flight through it, due to the US authorities propensity to detain foreign bankers and ask them questions if they even suspect any involvement with US nationals, particularly from ‘non-compliant’ banks such as his.

Am I the only one who is astonished things have come to this? I am suddenly very glad I do not actually live in Arkham, Massachusetts (not sure which is worse, the IRS or the Deep Ones).
Boy, it's a good thing that Progressives won't be embarrassed when they vacation in Europe, isn't it?  Hope and Change!

Stand still

Hey, where you going?

A parable on the stupidity of Government

They may not be smart, but at least they're busy:
The idea that the data on the hard drives hadn't been copied to backup systems in the offices or the cloud is so far beyond belief as to be risible. The GCHQ technicians must have been laughing up their sleeves, and the Guardian's computer expert chortling away up his. Both knew data copies existed, as the Guardian reports make clear:
The editor of the Guardian, Alan Rusbridger, had earlier informed government officials that other copies of the files existed outside the country and that the Guardian was neither the sole recipient nor steward of the files leaked by Snowden, a former National Security Agency (NSA) contractor. But the government insisted that the material be either destroyed or surrendered.
The destruction is described as a symbolic act, but all it symbolised was ignorance and face-saving. It was petty and stupid, the action of an ignorant and frightened bully, and that is how the UK government's behaviour in this affair seems: petty, ignorant and bullying.

Stalin the Intelligent. Stalin the Wise

 Stalin was the representative of the Free World.  The Socialist World.  But who knew that the statue of Karl Marx was so randy?  The problem is that your Socialism sucked.

But remember that its the West that is uniquely evil.  Strangely, it's a Good Thing that would never happen here.*

This is what's coming with the NSA-TSA-SWAT Totalitarian State will bring, and which will be cheerfully delivered by our corrupt MSM.  Although who knew that Erich Hoenicher was into strip teast?

Notice the regret by "artists" for the fall of Communism around 25:20...  Of course, my post is nothing but crude propaganda.  Obama can't be re-elected, so there's no advantage here for the Progressives.  Expect to see videos of girls praying to Hillary Clinton.  That's the shiznit.**  And Socialist Pokemon are awesome.  And the emphasis on Women's rights and day care centers is even better than Socialist Pokemon.  Because the State looks after the single moms.  Good and hard.  And the East German women's athletics team would never be subjected to steroid treatments that would change them forever.  Oh, wait ...

I was at the mercy of the Stasi.

* This could only ever happen in the evil, Capitalist West.  Oh, wait ...
We threw stones at the tanks.  Hearing the sound of the tanks firing at you causes you to piss in your pants.

** Or so I'm told.  Mostly by Ladys of a Certain Age.

Tuesday, August 20, 2013

I was going to blog this evening ...

... but I spent it with a pair of 3T Postman Pat pajamas, and a bunch of memories of when the kids were little.  You know what a sentimental old fool I am.

It was awesome.

Wolfgang's pictures from Summer camp

Obviously, he had a blast.

Not sure the ear protection really fits him, though.

The Lights of the Internet are going out

Groklaw to the NSA: You're killing the Internet.  And so Groklaw is shutting down:
The owner of Lavabit tells us that he's stopped using email and if we knew what he knew, we'd stop too.

There is no way to do Groklaw without email. Therein lies the conundrum.

What to do?

What to do? I've spent the last couple of weeks trying to figure it out. And the conclusion I've reached is that there is no way to continue doing Groklaw, not long term, which is incredibly sad. But it's good to be realistic. And the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpont of the screeners, I don't know how to function in such an atmosphere. I don't know how to do Groklaw like this.
The government is simply out of control - there's simply no other way to describe it.  The owner of Lavabit says that he may be jailed because he shut down his encrypted email service instead of playing stooge for The Man.  A journalist's partner was detained and almost arrested changing flights at Heathrow because the journalist broke the Edward Snowden NSA metadata story.  This has sparked a diplomatic incident as the man is a Brazilian citizen.

Of course, diplomatic incidents are collateral damage in this situation.  The Bolivian Presidential jet was forced down in Vienna, and was searched - in violation of Diplomatic Immunity - because Bolivia had offered Snowden asylum.

And UK Plods seized hard drives from computers at the UK's Guardian newspaper and had them destroyed.  Not because they had data from Mr. Snowden, but because they might have had data from Mr. Snowden.

And throughout the entire circus show, the Director of the NSA and the Director of National Intelligence have repeatedly and serially lied to Congress.

The TOR network for anonymous browsing seems to have been deeply compromised by the NSA.  TOR was probably the best way to send data securely - encrypted and with anonymity.  Was.

The lights are going out all over the Internet.  I fear that we shall not see them rekindled in our lifetimes.

When I was a lad there was a clear distinction between us and the Commies.  We knew that they hated freedom, or at least wanted to decide what people were free to do and what they weren't free to do.  In college, it was no secret about what the East German Stasi did, and how it made the entire country essentially into a nation of snitches.  Now NSA's Big Data has Stasified the Internet so we all snitch on ourselves.
But as the animals outside gazed at the scene, it seemed to them that some strange thing was happening. What was it that had altered in the faces of the pigs? Clover's old dim eyes itted from one face to another. Some of them had ve chins, some had four, some had three. But what was it that seemed to be melting and changing? Then, the applause having come to an end, the company took up their cards and continued the game that had been interrupted, and the animals crept silently away.

But they had not gone twenty yards when they stopped short. An uproar of voices was coming from the farmhouse. They rushed back and looked through the window again. Yes, a violent quarrel was in progress. There were shoutings, bangings on the table, sharp suspicious glances, furious denials. The source of the trouble appeared to be that Napoleon and Mr.  Pilkington had each played an ace of spades simultaneously.
Twelve voices were shouting in anger, and they were all alike. No question,now, what had happened to the faces of the pigs. The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which.

- George Orwell, Animal Farm

Error messages from Hell

The problem with programs is that they're written by programmers.  'nuff said.

At least he said "please".

Thanks.  Must have been coded on a Monday.

I love it when that happens.

Somethings cannot be unseen once you've seen them.

Best.  404.  EVAH.

And it's not just Windows or the web that suck.  Linux sucks, too (mild language warning).

I love how the Fire Marshall threw out 15 people to get the occupancy to code.  A "Why Linux Sucks" presentation at LinuxFest is SRO ...

Monday, August 19, 2013

John Wayne sushi

Looks good - filet mignon, avocado, A-1 Steak Sauce.

- Posted using BlogPress from my iPhone

Manga guides to science and math

I saw these at DEFCON, and they look pretty interesting if you have Middle School or High School kids.

Here's the blurb:
Megumi is an all-star athlete, but she's a failure when it comes to physics class. And she can't concentrate on her tennis matches when she's worried about the questions she missed on the big test! Luckily for her, she befriends Ryota, a patient physics geek who uses real-world examples to help her understand classical mechanics-and improve her tennis game in the process!
There are Manga Guides for Databases, Calculus, Statistics, Electricity, Molecular Biology, Relativity, Biochemistry, Linear Algebra, and the Universe.

These look pretty fun, I must admit.

Just because you're a third degree black belt ...

... doesn't mean that you can dodge bullets.

Wonder how many guys like him end up in the PoPo.


Man, I've been dead on my feet for a week.  I'm writing this last night at 21:30 and I'm about ready to go to bed.  Not sure why I'm so bushed.  Partly it's been busy as a one legged waitress at the IHOP, partly it's getting plans to move Mom back home (without my two brothers coming to blows; looks like I've managed to keep peace in the family).

But man, I'm dragging.  Getting #2 Son off to school each day is just another drain - although he helpfully pointed out that if he learned to ride the motorcycle I wouldn't have to take him.  He'd thought through an elaborate justification, so he's clearly been noodling on this.

Like I wouldn't lose sleep over that ...

But even drinking even more coffee than usual isn't getting me wound up.  Looks like I picked the wrong week to give up amphetamines ...

Sunday, August 18, 2013

Someone got a helmet

Mail bag: Protective Motorcycle gear

Friend, long time commenter, and long time biker Burt emails what started as a comment to yesterday's post on riding in the rain.  He brings a lot of experience, some hard won:
This email is very long.  I'd rather have a phone conversation 'cuz there's so much to say, but…

I was writing a loooong post in response to a disdainful remark about Timberland boots… and decided it was getting too long for a blog post response.

But it is IMPORTANT stuff, and stuff you should know - if you don't ALREADY know it.

So here's what I was going to post:


Laughingdog: I went down a couple of years ago during a charity ride - got cut off by someone who decided not to wait for the column (450+ bikes) and cut across the road just in front of me.  I had a choice: dump it or hit her.  I dumped it: it's just a hunk of replaceable metal.  Walked away with a couple of minor road rash marks and a bruise on my hip from my Leatherman.  Was wearing Timberland boots.  They protected my ankles and toes just fine.

There's an awful lot of bias about "proper riding gear" made by "folks specializing in riding".  The average rider isn't doing 150mph on a specially-designed track accompanied only by other bikes.  The average rider doesn't need to dress in such nonsense.  And even if the average rider DOES wear that gear, a high-speed accident on the highway is NOT the same as a high-speed accident on the track

A reasonably good leather jacket will protect your upper body from road rash.  Chaps - NOT JEANS - will protect your legs.  A good set of gloves will help, but you have to remember to keep "tucked in" and not try to use your hands to stop your forward motion.  And a reasonably good pair of boots that are tightly laced up will keep your toes and ankles from being bent the wrong way.

Keep in mind the old saying that there are two kinds of riders: those who HAVE gone down, and those who WILL go down.  It's inevitable.  That's why you should always wear reasonably good riding gear.

And since my helmet TOUCHED the ground, I tossed it away and bought a new one.


Here's the rest of the info for you, Ted.

35mph on Mammoth Road in Manchester.  She decided not to wait - she cut across the road.  I had a choice: hit her or dump the bike.  I turned the handlebar to the right to force the bike down on its right side.  As soon as the bike "touched down", I PUSHED OFF WITH MY LEGS.  I hit the road, rolled onto my back, and slid a bit (not much - maybe 10 feet).  The bike went up and over and bounced a bit.  A paramedic came over, checked me out, and we waited for the ambulance.  X-rays at the hospital: no broken bones.  NO DAMAGE OF ANY KIND.  I "walked away".  Madder than hell… but in one piece.

(When I went down, I heard a bunch of other bikes go screaming down the road following her.  I was told they caught up with her and SAT ON HER HOOD until the cop came.  She received a ticket for "failure to yield to oncoming traffic".  Her insurance company paid for the bike, which now had a bent frame and was a total loss, and gave me a couple of thou for "pain and suffering".)

You don't have to be a fanatic about getting the best riding gear made.  Take it from an old rider who has gone down a few times.  But, you should wear LEATHER, not cordura or fabrics.  Neither cordura nor fabrics will protect you from the slide that you might have to take AFTER going down.  Asphalt is too abrasive: it will tear fabric apart.  Cordura may be good for skiing and other outdoor activities, but I strongly recommend leather.

And Hot Leathers jackets are the same basic quality as Harley-Davidson branded jackets -- which are made in China, not the US.  Hot Leathers is made in Pakistan.  The leather quality is about the same: HD leather is a bit thicker, but that's about it.

Chaps?  Leather.  Get a set online and have a seamstress reinforce the seams (they usually only have one seam - add a second).  Then, just wear 'em.  'Nuff said.

Boots that protect your ankles are a must, but you don't have to buy "the best".  Timberland is just fine.  Heck, HD boots are made by Wolverine, another Made-In-China boot company.  Ya want good boots?  Red Wing.  Otherwise, use a reasonably good set of leather work boots.  If they'll protect you at a construction site, they'll protect you on the road -- and you really only need that protection when you go down.  Oil-resistant, non-slip soles are a MUST.  Steel-toes optional, but not required (or recommended).

BTW, when you come to a stop and see oil on the road, PUT YOUR TIRE ON THE OIL, not your boots.  The oil will be rubbed off your tire after it makes 2-3 revolutions, but the oil will be on your boots until you stop and rub it off.  Plus, you'll need your feet oil-free to keep you upright at a stop.

MORE: do NOT wear a Kevlar helmet!  The point of a motorcycle helmet is to absorb the force of an impact and disintegrate, protecting your skull in the process.  Kevlar helmets are made for racing purposes where riders need extra protection on their heads.  For you, a relatively slow-speed rider, the same Kevlar helmet will transmit the impact through your skull into your neck and spine.  DOT-spec, but you don't need OR WANT Kevlar.

Lastly, if someone tells you that you MUST "buy x" or you MUST "wear x", ask yourself a question: why are they recommending a specific brand?  My recommendations are to wear work boots, reasonably good leather (NOT the sheepskin cr*p sold online - sheepskin is too soft to protect you), and a reasonably good pair of leather gloves.  Anything beyond that has a negative ROI.

Skiing and riding are two different sports, require two different mindsets, and require two different skill sets.  Although both require protective gear, DON'T use the requirements for one sport to buy equipment for the other.

Most of your riding will be on surface streets, at between 25 and 65mph.  At 30mph, you simply don't need the same kind of professional riding gear that GXR's use at 170mph on a professional track.  You need gear that's comfortable and will protect you from pebbles (the car ahead of you), bugs, rain, and an occasional "dammit, I though the kickstand was down" fall.

And that protection can be had at a reasonable cost.

Happy riding!
The instructors at the Motorcycle Safety Course also said throw away the helmet if it hits the ground.  They even had us place the helmets on the ground, rather than on the seat - if it fell off the seat we couldn't use it.