Wednesday, July 31, 2013

Sui generis





Out with #2 Son, who is also one of a kind.

- Posted using BlogPress from my iPhone

We interrupt this blog ...

... which has been pretty darned interrupted lately, with helping someone move, flying, and then 16 hour days ... to present a moment of Zen.


The Hoover Dam at night.  It was still almost 100°.  Having fun with #2 Son, although he's been having to make his own amusement during the day.  The Luxor doesn't have WiFi (!), just Cat 5, and his Kindle doesn't do Cat 5.  Good thing that there are ways for a 17 year old to amuse himself in Vegas ...

Students hack luxury yacht's GPS

Did it remotely, by spoofing the GPS radio signals:
A team of university students have demonstrated that it is possible to subvert global positioning system navigation signals to pilot a superyacht without tripping alarms.

The experiment was conducted in June this year, with the permission of the owners of a 65-metre (213ft) superyacht worth US$80 million (A$87 million), the White Rose that sailed from Monaco to the island of Rhodes in the Mediterranean.

A team of mechanics students from the Cockrell School of Engineering at the University of Texas in Austin were on board the White Rose, with the experiment taking place some 50 kilometres off the coast of Italy in international waters.

Faint GPS signals were broadcast by the students from a spoofing device the size of a briefcase, aimed at the positioning system aerials of the ship. The authentic GPS signals were slowly overpowered by those transmitted from the spoofing device, after which the students had gained control over the yacht's navigational system.

Once in control, the students were able to shift the ship onto a new course, three degrees off the original one. As the navigational system reported location discrepancies and the crew initiated corrections, the White Rose deviated further from its original course.
Of course, you should always have charts and a compass (and know how to use them) when you're on a boat.  But 3° isn't much, and might be hard to detect by eye until you were pretty far off course.  Just for perspective, the original Longitude Prize called for accuracy not to within 3°, but to within 3 minutes of longitude.  3° is a lot.

Liveblogging NSA Director Alexander's Black Hat keynote address

Gen. Alexander is kicking off the Black Hat security conference, and so I'm going to live blog it.  The talk begins at 0900 PDT (20 minutes as I write).  I don't expect that his reception will be as ugly as if he addressed the DEFCON hacker convention at the end of the week.  Black Hat is pretty corporate and buttoned-down, and so the crowd likely won't shout the General down like DEFCON probably would.

And interesting thing happened as I sat waiting for the doors to open.  An AP reporter came up and interviewed me.  I gave his a bunch of sound bites that I expect will make it into his story.  I also pointed him to this post about how what the NSA is doing is perhaps futile as far as catching terrorists who have a clue.  We'll see what comes out of all this.  I was pretty candid with him, and said what I've been saying to all y'all here.

Check back if you want to follow the live blog thing.

0855 - There's a moment of silence to honor Barnaby Jack, who died far too young.

0900 - Gen. Alexander is here.  Applause is polite.  The introduction made parallels to the "crypto wars" of the '90s, and how uneasy everyone was then.

0905 - He says he will try to lay out the facts. Focus is finding the terrorists who live among us.

0908 - He's covering background on the authorizing laws and FISA.  He claims that the oversight that is occurring is missing from much of the public discussion.

0910 - He covered the history of terror attacks in the '90s and '00s.  Th 9/11 commission said that the Intelligence community failed to connect the dots.  His slide had the words "Never Again".  Probably a good statement of NSA's motivation.

0912 - Over 6000 NSA personnel have been to Iraq and Afghanistan over the last decade.  I hadn't known that, but am not surprised.

0914 - I have to say that the General comes across as being very earnest.  The audience is listening respectfully (as I suspect the DEFCON crowd would not).

0916 - He claims that they "don't collect everything".  The more data you collect, the harder it is to analyze.

0918 - Lots about oversight by the Courts and Congress.  "Anyone who's been up against a Federal Judge knows that these are people with tremendous legal experience."  His argument boils down to "trust the judges" and "they're not a rubber stamp".  Nothing on the secret proceedings aspects.

0920 - He has a slide with some very explicit claims: NSA does not collect content of phone calls or SMS.  No Names, addresses, or credit card numbers of subscribers.  In other words, just what the telephone companies collect in the Call Detail Records.

0922 - The database that can be queried by NSA analysts is "in a lockbox".  No information if this is the same lockbox that Al Gore said Social Security was in.

0925 - He gave a story about how NSA information given to the FBI let the FBI get a warrant to investigate (probably cause).  I think he's trying to be reassuring, but this didn't reassure me.  At all.

0928 - He says that the system has 100% auditability.  He doesn't talk about how audit is a function separate from operations (for good reason).  Who audits? The "Directorate of Compliance".  Overseen by DNI, DoD, Congress Intelligence Committees.  He doesn't mention that Congress has been complaining that they don't get information from NSA.  Maybe this is new.

0929 - "I know that some of you listening don't believe this."  Well, I'm not sure that I do.  He said that Congress did a 4 year study or something.

0930 - He talks a lot about internal NSA training and individual auditing.  The big concern isn't rogue NSA employees, but a directed program from NSA management.  He isn't addressing this at all.

0932 - "If we make a mistake, we'll hold ourselves accountable and report it."  Uh huh.

0933 - He uses the example of the New York City Times Square bomber.  I thought that the Brits gave us the info on this guy.

0936 - Claims PRISM "helped us understand and disrupt 54 terror-related activities".  That's a lot of disclaimers packed into that one sentence.

0938 - The first heckler: "Bullshit!"  And the second: "You lied to Congress".  He says he didn't.  The first heckler said "I don't trust you".  It doesn't look like the hecklers are being asked to leave.

0940 - "What you're asking us to do is defend the Country".

0941 - Q&A time.  The questions aren't live, but pre-collected by Black Hat.

0943 - A heckler asks a question anyway: Why are they trying to attack us?  Gen. Alexander says because they want to form a caliphate.  The heckler replies "they're attacking us because we're bombing them".  Applause.

0944 - First official question: Is this program causing a problem for the American High Tech sector in overseas markets?  Answer talks to American oversight, not on non-American's suspicion,  This was a complete dodge.

0947 - Some applause when he said "What if some of these attacks had succeeded?"

0949 - Question: Have the media leaks effected the NSA?  He talks about the morale problem at Ft. Meade.  Applause when he said that every time anyone's checked, they haven't done anything wrong.

0950 - Talking about technical controls, he points out that he can't intercept his daughter's email.  People laugh, but it's the same auditability problem.

0952 - Appeal to the audience to help solve the problem.  He says this is why he came - to get help.  A heckler says "Read the Constitution!"  He replies "You should too!" Big laugh line.

0954 - That's it.  Warm applause.  He seemed earnest in his delivery, calm when heckled.  I'm not sure I'm convinced that there is real oversight, but that's me.

Tuesday, July 30, 2013

Why computerized cars are a terrible idea

Here's the symptom:
A High Court judge has blocked three security researchers from publishing details of how to crack a car immobilisation system.
German car maker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals.
The technology is used by several car manufacturers.
The academics had planned to present the information at a conference in August.
So what's the cause?  Volkswagen seems to think that a lawyer can stop the Internet.  The researchers point out that (a) their paper did not include the information that Bad Guys would need to do a hack, and (b) the information can be found on the Internet anyway, if you look.  So what does this all mean?  The auto manufacturers seem to be in the same level of awareness as the KTVU TV station that is trying (and trying, and trying) to get their video taken down from Youtube.

There's actually a bigger deal here, involving hardware that would justify a recall.  Volkswagen used a chip in their computer system that allows the security bypass.  There's very likely finger pointing going on between the chip manufacturer and Volkswagen, leading to no action being taken to fix the issue.  The researchers point this out:
"The researchers informed the chipmaker nine months before the intended publication - November 2012 - so that measures could be taken. The Dutch government considers six months to be a reasonable notification period for responsible disclosure. The researchers have insisted from the start that the chipmaker inform its own clients."
Neither VW nor Thales was able to provide comment.
He did it!  No he did!  Uh huh!  Nuh uh!

[rolls eyes]

Meanwhile, Volkswagen owners are at risk of having their cars stolen. That's the reason not to get a car with this sort of computerized nonsense.

Microsoft derps itself

I guess that you'd call this an Intellectual Property Troll own goal:
Microsoft appears to have asked Google to remove some microsoft.com pages from Google's search engine.

TorrentFreak reportsthat LeakID, an organisation that provides services such as “Monitoring illegal links and sources” and “Send automated takedown notices to ISPs hosting infringing links and websites”, has sent Google a notice to stop indexing some pages on Microsoft's site because they infringe Microsoft's copyright.

The leaked takedown request, visible here makes for chucklesome reading, as the pages Microsoft requests be removed are entirely innocuous affairs like this description of Office 2010 Service Pack 1.
I'd mock them, but I think this came auto-mocked.

Monday, July 29, 2013

I don't think big enough

I've been saying for a long time now that the Bad Guys are better funded than the Good Guys when it comes to computer security.  It seems that I need to expand my thinking, to become more in tune with the Meta.

The big security reveal from the first day of the Black Hat security conference is that the same guys who are funding hacking (Organized Crime, mostly) are funding political candidates.  I guess that I shouldn't be surprised - you can't look at the Kennedys without looking at Joe Sr's rum running during Prohibition - but the idea that there are particular statutes and regulations that the Black Hats want to see enacted is not a happy thought.

Quote of the Day - Decline of the MSM edition

Pistolero brings it:
How does this sort of thing factor into newspaper staffs being slashed? Well, let’s put it like this: if some newspaper hack wanted to see you imprisoned or executed for political advocacy he didn’t agree with, would you take that, let alone pay for the privilege? I sure as hell wouldn’t. If I were a small business owner in a town in whose newspaper this column ran, I would have been on the phone to cancel my advertising so fast it’d make the heads of everyone in the building spin, not just the ad reps.
It's a vicious circle - a lefty slant drives away non-lefties, which drives away advertisers interested in reaching non-lefties, which leads to staff cuts and a sense of being under siege, which leads to more lefty "reporting" out of a bruised sense of what justice should be (according to the leftie reporters, that is).

Friends, Romans, and Security D00dz

Give us ur cash.




I'd forgotten just how many people are here. I've been posting for a while on how the Internet/security industry is booming, and it seems that the cost of entry is low. It's not at the point where HR drones can screen applicants (well, not the same way as with other fields). If you have a certification, that's what they care about.

- Posted using BlogPress from my iPhone

Oh My God Thirty

That's when we got into the room. More later, when I wake up.



- Posted using BlogPress from my iPhone

Sunday, July 28, 2013

Oh, joy

US Air had a perfectly good airplane to carry us from Phoenix to Las Vegas. I know it's perfectly good, because it brought us to Phoenix. Instead of taking us on to Vegas after a mercifully short 60 minute layover, it's on it's way to San Diego.

Meanwhile, #2 Son and I are cooling our heels for an extra 2 hours. The new plane is delayed because of "bad weather on the East Coast".

Ya know, I remember when flying was fun.


- Posted using BlogPress from my iPhone

Airport blogging

Flying with your kid kicks ass over flying by yourself. Hopefully those clouds just stay clouds.



- Posted using BlogPress from my iPhone

Location:Hartsfield Airport

" I don’t think a free society is compatible with an organisation like the NSA in its current form"

Security researcher wins first NSA Science Of Security award, slams NSA:
Yesterday I received the NSA award for the Best Scientific Cybersecurity Paper of 2012 for my IEEE Oakland paper “The science of guessing.”

...

On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.
J'accuse, security bitches.  Gen. Clapper (head NSA honcho) will be keynoting the Black Hat conference.  I plan to sit in on this and report to all y'all on what he says.  I'm prepared to be unimpressed, but we shall see.

Movie recommendation: Sneakers

Most films about technology age poorly.  Tron is fun to watch, but the fun is the retro graphics, not because of any lasting amazement at the tech involved.  Films dealing with computer hacking age particularly poorly, with some (*cough* Hackers *cough*) past their sell-by date at their premiere.

Sneakers is an exception to this rule, a film about hacking that if anything is improving with age.  We watched it last night, and its relevance is more striking today than when it was introduced 20 years ago.

Sure, it has some of the old retro fun, like acoustic-coupled modems.  But the fundamental premise (and thus the film's dramatic tension) is still fresh.

The protagonists are a motley group of computer hackers, ne'er-do-well pranskters who find themselves unexpectedly in possession of a mysterious electronic box.  Because they're hackers, they figure out what it does - it's a universal decryptor, able to break the encryption used to protect any site - government, banks, electric power grid*.

The rest of the film is about how the box gets taken by a shadowy  organization that is clearly Up To No Good, and how the group uses their skillz - believably - to get it back.

Back In The Day, those of us at Three Letter Intelligence Agency loved this film.  We even had a theory about what it did; the clue was a remark from the Russian Attache character that they use a different coding scheme, and the box wouldn't work against them - it was only useful decrypting American's data.  We thought that it would factor large prime numbers, allowing you to break the RSA encryption that is at the heart of X.509**.

The most striking thing was how NSA wanted this so bad that they sent a field team to recover it***.  The revelations about massive NSA data collection programs targeting American citizens has made this fresh again.  In fact, that's why we watched it.  If anything, it's more relevant now than it was in 1991.

If you haven't seen this, you're in for a treat.  If you have seen it, you too will likely be struck at the film's staying power.  Highly recommended.

* If only our grid were protected as well as shown in this film.

** Sorry, just a short diversion into crypto-geeking.  However, the assumption is that it's not feasible to factor large primes; if someone figures out how to do this then you would indeed be able to decrypt pretty much everything, or masquerade as pretty much anyone.  Just like in the film.

*** We all laughed and laughed about this.  Now I wonder.

Konstantin Derzhavin - Gayaneh Suite

Ballet is an evolving art form.  Today's ballet by the Soviet era composer Konstantin Derzhavin has an unusual set of ballerinas.  Or no ballerinas at all, depending on how you look at things.

Today #2 Son and I fly to Las Vegas.  Me, I'm going to the Black Hat security conference, likely the most important security gathering on the Planet.  He's coming with me because he's been dying to see Vegas ever since I took #1 Son to the same conference in '06.  He'll hang out by the pool until I get back, and then instead of going to all the parties thrown by the security vendors, he and I will see the sights.

Including the fountains at the Bellagio Hotel, which are sui generis.  #1 Son and I spent an entire evening there; we'd stopped by to see one of the fountain shows and had been absolutely mesmerized.  The water - in the case of today's piece, ballerinas - combines with the music in a way that creates a completely different mood for each different performance.  The run every 15 minutes, and span the range from country to show tunes to classical.  If implemented by second rate choreographers it would be cringeworthy.  Instead, it is nothing short of sublime.

And so today's video, recorded on a smartphone, rises to the level of High Art.  A ballet by a dirty commie composer, a ballet with no ballerinas, staged at the city that most exemplifies unbridled capitalism.  Awesome.


Saturday, July 27, 2013

Ouch

I'm getting old for moving heavy stuff.

The diary of your cat

Yes, yours.  I'll bet your cat's food dish is only half full right now.  Clearly your cat will starve to death. 



This may be my last diary entry.

I am convinced that they are mad men, devoid of reason.

Ginger bourbon

Because I love* y'all so much, this is a surprisingly good enhancement to cheap-n-decent bourbon whiskey.  Remember, use decent-n-cheap bourbon, and not the top shelf spendy stuff, because otherwise why did you spend the spendy on it?

Ingredients:
One thumbnail sized piece of ginger root, peeled

Ice

Decent, inexpensive Bourbon Whiskey.  I think that W. L. Weller is a great price/performance leader for inexpensive-n-good bourbon,  It's around $12/fifth in these parts.
Procedure:
Roughly chop the ginger root, and then crush in a mortar and pestle.  If you don't have one of these, you can take a (clean) brick from your yard and whale on it until it's, well, crushed

Fill an Old Fashioned glass (half height cocktail glass) with ice

Toss in the ginger root mush and shards

Fill with an ounce and a half of your bourbon
Swirl to combine.  Let sit 5 minutes to steep, and serve to a skeptical but soon-to-be-adoring public.

* Platonically, of course.

Red Simpson - Truck Drivin' Fool

I'm helping a friend move today, because that's what friends do.  Moving means hard, honest labor.  And trucks.  Yup, there's a country music song for that.  Boy, howdy - there's a selection of country songs for that.

Red Simpson is old school country, from the 1960s.  For some reason, trucking became one of his signature themes - not only did he record "20 Great Truck Hits", but he even gave a Trucker's Christmas album to a grateful world.

I must say that while I hated being away from the family all that time while I was in FOB Borepatch in Austin, I didn't mind those long haul drives.  There's something about the open road, the long distance travel, about pointing your wheels towards the sunset.  A poetry, almost.

Me, I'm a piker when it comes to trucks.  Sure, I'll load and drive, and unload, and whine about my aching muscles at the end of the day.  But it's honest labor.  Some do it for an honorable living, some (like me) do it because that's what friends do. 



Truck Drivin' Fool (Songwriter: Red Simpson)
Well I drove the truck from New York all the way to San Antone
And it's a mighty long haul when you're all alone
But I like drivin' trucks and I make my livin' this way
Well I'm a truck drivin' fool and that's how I'm a gonna stay

I like to hear that diesel as it keeps on a hummin' along
I'm a shiftin' these gears and I'm singin' myself a song
Well I see a lotta country as I go on my way
Yeah I'm a truck drivin' fool and that's how I'm gonna stay

Yeah I'm a truck drivin' fool and trucks have got the best of me
I guess I'll never settle down cause I couldn't stay you see
Cause when I'm drivin' that truck I'm like a schoolboy out to play
Yeah I'm a truck drivin' fool and that's how I'm gonna stay

Once I started to marry a gal in a little country town
But she didn't like my truck so way went around and around
She tried to affect me and that's where she went astray
Cause I'm a truck drivin' fool and that's how I'm gonna stay
I'm a truck drivin' fool and that's how I'm gonna stay

Friday, July 26, 2013

"If you see something suspicious, report it"

That's the mantra of Progress "we don't encourage self-help" big government.  So what happens when you report it?  You get called a basket case:
Earlier this month, The New Republic posted an article by Stanford law professor Richard Thompson Ford on the Zimmerman trial. As noted by my co-blogger David Bernstein and Michelle Meyer at The Faculty Lounge, this article included some factual inaccuracies. Most notably, the article (as originally published) contained the following sentence:
. . . Zimmerman was an edgy basket case with a gun who had called 911 46 times in 15 months, once to report the suspicious activities of a seven year old black boy. (emphasis in original)
As written, this sentence contained three errors: 1) the 46 calls were not all to 911, some were to a non-emergency police number, 2) the calls were made over several years, not 15 months, and 3) Zimmerman called the police to report that a young boy was unattended by an adult and was concerned for the boy’s safety, not to report that the child was engaged in “suspicious activities.”
The New Republic has finally (on the second try, presumably because of high profile public shaming) corrected the story.
The New Republic has corrected Richard Thompson Ford’s Zimmerman piece:

This article has been corrected. Zimmerman called various law enforcement officials 46 times, not just 911, as originally stated. He made the calls over an eight-year period, not over the course of 15 months, as originally stated. The original sentence also cited a call Zimmerman made about a seven-year-old boy; the clause has been removed as it implied that Zimmerman was reporting suspicious activity. It appears that Zimmerman made the call out of concern. We regret the errors.
You can see the list of Zimmerman’s calls here, and it hardly suggests he was an “edgy basket case with a gun,” as the piece still asserts. And of course, there’s the glaring error of treating Zimmerman – who would count as a “diversity hire” at any law school in America — as an honorary “white” for purposes of raising the race issue
So just like with 911 - when seconds count, the Police are minutes away - the "if you see something suspicious, report it" will only be used against you.  It sure looks like there's very little upside, and a whole lot of downside there.

Well done, Progressives, attacking the social cohesion that used to bind us together!  But hey, at least you got a fleeting and temporary frisson of moral preening.  It's almost like it's an example of the Tragedy of the Commons!

Bringin' the Climate Change blogging

No, not me, but Mrs. Doubletrouble, the lovely and gracious hostess of the New England Blogshoot.  She emails to point out Yet Another failed ZOMG Thermageddon!!!1!!eleventy!! prediction:
Three academics have written an opinion piece in hefty boffinry mag Nature, saying that humanity must reduce carbon emissions hugely or methane belching from the Arctic seabed will do $60 trillion of economic damage. But the latest research suggests that Arctic methane emissions are nothing to do with rising temperatures.
Gail Whiteman (professor of "sustainability, management and climate change"), Chris Hope (an economist) and Peter Wadhams (an oceanologist) present their arguments in the Comment section of Nature, here (pdf). They start off by suggesting that disappearing ice and warmer seas in the Arctic (caused by human carbon emissions, they say) are already causing methane emissions, and that further warming - with associated ice loss - will see these emissions increase hugely.
Not only is Mrs. Doubletrouble bringing the Climate Change blogging, but she's bringing a pointer to The Register, one of my daily reads (when I'm not too busy, like I am now).  El Reg should be a stop for you, as they blog frequently and excellently on the whole hockey stick schtick.

This is a very good take down of the scare mongering, dealing with not only uncertainties in the science itself, but in the engineering of the solutions you'd need to address any real problem and a cost/benefit economics analysis of the situation.  In fact, it follows the template to a T.

Thanks, Mrs. DT!

Something funny happened last evening

I took the motorcycle to Marietta, to get ice cream and hang out in the town square (very Mayberry RFD).  I was walking around with my helmet and an elderly southern gentleman came up to me to chat.  He'd been a convertible aficionado in his younger days, and did a lot of interesting travel in a lot of interesting cars.  He was clearly a bit of a storyteller - his tales were never boring, and the twinkle in his eye at the recollections was entirely charming.

And then he looked me in the eye and said that his biggest regret was that he'd never gotten a motorcycle.  He'd always thought they were too dangerous, and never tried to master that.  This, I think, was the source of his regret.

And so thanks to all who've nudged me in this direction, especially friend and long time commenter Burt.  It's an interesting group of people you meet when you start riding, more interesting than I had thought.

Solving Detroit's financial problem

This might actually work.  Two really good ideas for stopping the outflow of citizens from Detroit, protecting the city's tax base, and attracting more financially well off citizens to live there.

What's interesting is that these ideas wouldn't take any more government intrusion than the Left usually likes to do.  It's just government intrusion directed towards groups the Left has usually exempted.

RTWT, which is brilliant.

Thursday, July 25, 2013

May-retta





The Marietta town square is a picture postcard, even without the big sister trying to keep her little sister out of the fountain.

I came here on the bike, getting up to 55 MPH and successfully navigating the road construction near the Big Chicken. So far, the bike is looking like it will be pretty cheap entertainment (especially if I get anywhere close to the rated 84 MPG).

Onward!

- Posted using BlogPress from my iPhone

Digital carjacking

The Covertress is doing your security blogging.  She has video, which is pretty horrifying.  Another reason to drive a non-computerized ride like a GTO (or a motorcycle!).

I've been complaining about the shoddy security in car computer systems for ages.  Nice to see others covering the issue.

Observations on how Progressives "think"

Whenever there's an accident caused by a private company - say the Deepwater Horizon explosion that killed 11 - Progressives are outraged and insist on changing how things are done.  Lives are at stake, and all of that.

Yet when there's an accident caused by a government agency - say the tragic rail disaster in Spain with 80 dead and 140 injured (so far) - then they sing a very different tune.  After all, high speed rail is one of their policy preferences, and so you can't let a few deaths stop the march of progress.  Or even a few dozen deaths.

And they don't seem to realize that this sort of thing goes on all the time:
This site lists 18 fatal train crashes in the last decade (excluding 3 acts of terrorism) accounting for almost 1400 deaths.  The list does not appear to be exhaustive (one of the wrecks listed above is not included). [warning: you should probably disable flash in your browser before you click that link; it did strange things with my CPU utilization when I went to it]

My point is not to show that Progressives are hypocrites (well OK, a bit), but rather to point out that being aware of your blind spots is important to all of us.  If a Progressive were to admit the butcher's bill that results from their railroad fetish, we can at least have a rational debate.

I freely admit that private automobile ownership results in a much higher death toll - but that the benefits to society of a free and highly mobile population make this worth the cost.  You can argue that I'm wrong, but you at least would be arguing from a common understanding of the Universe we live in.

And so the dismissive attitude of Progressives to the clear results of their policy preferences make it impossible to have that debate.  Must be because they're so much smarter than us knuckle dragging idiots from flyover country.

86 year old bathing beauties

On this day in 1946, the Bikini atomic test was done.  The explosion was spectacular.  Soon, a scandalous two piece woman's bathing suit was introduced.  It was named after the bomb, and the world has never been the same.

I'd like to point out that the 18 year old bikini models from that long lost day are now 86 years old.  Time waits for no man (or woman), but we were all young once.  At the risk of posting cheesecake, here's an example:


Scandalous by the terms of the day (which was why this photo was - like the bikini - an earth shattering explosion), it seems tame by the standards of today.  Sadly, those standards have lost the class and therefore (it must be said) the sexiness of those long ago days.

Damn.  I'm turning into Paladin or something.  Hey, I have a motorcycle and everything now ...

Wednesday, July 24, 2013

Billie Holiday - I Cried for You

This is her first big hit, from 1937.  The recording quality is still a bit primitive, but the music is awesome.



Almost 80 years old, and it's still a classic.

Senator: NSA data collection could lead to gun registry

And this from a Democratic Senator, no less:
There is nothing in the PATRIOT Act that limits this sweeping bulk collection to phone records. The government can use the PATRIOT Act's business records authority to collect, collate and retain all sorts of sensitive information, including medical records, financial records, or credit card purchases.They could use this authority to develop a database of gun owners or readers of books and magazines deemed subversive. This means that the government's authority to collect information on law-abiding American citizens is essentially limitless. If it is a record held by a business, membership organization, doctor, or school, or any other third party, it could be subject to bulk collection under the PATRIOT Act.
[emphasis mine]

Wonder if the NRA will ask Congress to prevent the NSA from gathering this data.  That would be interesting (albeit unlikely).  Or even better, to sue to prevent this (IIRC, Congress has made it explicitly illegal for any government agency to establish a gun registry).

Library pr0n

Via Chris Lynch, the World's 62 most beautiful libraries.  This one is cool:

Beitou Library, Taiwan
And I will point out that both the US Library of Congress and the French Bibliotheque Nationale show the grand old buildings, not the appalling new ones.

EPIC: why we're suing the NSA

EPIC is the Electronic Privacy Information Center, some of the Good Guys.  They're suing the NSA, and explain why:
In our filing with the Supreme Court, the Electronic Privacy Information Center asked a simple question that we hope the Court will answer: Is it legal for the government to collect so much information about so many people suspected of no threat to national security?
According to the law -- section 215 of the Patriot Act -- the government is only allowed to obtain such information if it is "relevant" to an "authorized investigation" and if its use is for very narrow purposes. How could it possibly be that all of the customers of Verizon could be subject to an authorized investigation of the U.S. government?
RTWT.

This just in

Riding around on a motorcycle is a blast.  Parking in the "Motorcycles Only" spaces (when the cars have to pay the valet) is pretty awesome.  And I love this:


Tuesday, July 23, 2013

Anthony Weiner asks New York City voters for one more last chance

Just one more last chance before you say we're through.


'Tis done

I'm now officially a gun toting biker dude that shaves his head*.




Looking out the Camp Borepatch main gates.

* On that last one, look for "The bitter truth" in the sidebar ...

- Posted using BlogPress from my iPhone

Unless they were chicken feet


Mmmm, chicken feet!  Just like Mom used to make.

I pick up my motorcycle today


Assuming it doesn't rain.

Monday, July 22, 2013

I can haz upgrade?

It's funny when The Old Reader RSS site goes down for maintenance. They don't just put up a "come back later" message, they put up a "in the meantime, here's a picture of a cute kitten" message.

These guys grok how the Intarwebz work.

Royal Baby video!

It's a scam, of course, but this is exactly the sort of high visibility story that the scammers use to push malware:
It's the moment malware writers worldwide have been waiting ages for: millions of royal-watchers at home and at work will be in front of their computers, hunting for the first pictures of the soon-to-be-born third heir to the throne.

The Duchess of Cambridge's labour has started, it was confirmed this morning. Any baby (whatever its sex) will be third in line to become the Britain's king or queen following recent changes in UK law.

And as with many a popular story - be it a natural disaster or celebrity death - malware-flingers have long been gestating plenty of scams and malware which they are more than ready to deliver.

"Malware authors worldwide have been waiting ages for this," according to anti-malware veteran turned independent security blogger Graham Cluley.
No comment on whether people waiting breathlessly for news of the heir to the house of Windsor are more gullible:

Washington, D.C. (SatireWire.com) — With yet another email virus spreading across the globe, 41 U.S. states and six European countries today announced that the act of creating an attachment-based computer virus will now be considered a hate crime because it intentionally targets stupid people.
hate crime victim
Hate crime victim Bob Fnork (center) is stunned to discover he has just opened another infected attachment.

"In a hate crime, the offender is motivated by the victim's personal characteristics, and in the case of email viruses, the maker is clearly singling out those who open email attachments when they've been told a thousand times not to," said California Attorney General Bill Lockyer. "Like any other segment of the population, people of stupidity need protection from bias."


France, meanwhile, said it would not prosecute anyone willing to write a virus in French.

But in London, the British Civil Idiots Union applauded the move, arguing that virus-based hate crimes cause victims to suffer psychological harm. "Every time we pass on one of these emails, our self-esteem is shattered when we are forced to publicize our condition," said CIU President Michael Overly. "It's always a shock to my system every time I have to write, "Hey everybody, if you get an email attachment from me, don't open it! I just found out my computer got infected by a virus! Sorry!"
Let's all be careful out there.

Why do they keep changing the temperature databases?

Long time readers will recall the many rants here about how historical temperature records keep getting changed.  It's like the old joke from Soviet days: The future is always know; it's the past that keeps changing.  Well here we go again:
The surprise (when I plotted the source data myself rather than use NCDC’s tool) was how flat it was in the dust bowl heat of the 1930s.  I know that on the NWS NYC web site, they have archived raw monthly means back well into the 1800s. So I downloaded that and compared.
image

It was dramatically cooler in the NCDC v2.5 than the original data. This plot shows the differences between the original recorded temperature data at Central Park and the final adjusted data that NCDC presents to the public:

image

As is clearly evident, adjustments made the dust bowl period cooler, while post 1995 had no adjustments applied. This results in a temperature trend that is steeper because the past is cooler than the present. The only problem is that it isn’t what the data actually recorded then.
I don't know of any scientific field where it is not just considered acceptable, but considered normal to change the data after it has been recorded.  This is perhaps the strongest argument against paying any attention to what climate scientists say.

Note that all of the temperature readings before 1995 have been artificially reduced, generally by a degree to a degree and a quarter.  Remember, this is the rough amount that we've been told that the world has warmed over the course of the entire 20th Century.  Given this, it seems reasonable to question whether there has been any measurable warming over the last 100 years.  I'm not sure that I believe that, but the raw (unadjusted) data doesn't rule this out.

Your watch of the Day

Over at The Feral Irishman.  Unusually for him, it's entirely safe for work.

I'm sorry, if this doesn't melt your heart, we can't be friends anymore.

Sunday, July 21, 2013

If Abraham Lincoln had an iPhone


This is pretty funny, actually.  Via #1 Son in email.

Quote of the Day - Walmart edition

MSgt B has completed his move from Virginia to Alabama, and is noticing the local differences:
I was grocery shopping at WalMart yesterday and I couldn't find any Velveeta* "Pasteurized Prepared Cheese Product" (Made with real milk protein concentrate!)

I'm not shitting you. Go read that sentence again.

There I was, in a WalMart, in Alabama, and I couldn't find Velveeta...

WTF is the world coming to?


* Don't judge me, bitches.  It makes a great Queso dip.
Heh.  And I'd like him to post his queso recipe, but that's just me.

The ruin that is detroit

In 1950, Detroit was the 4th largest American city.  Now much of it is literally in ruins, as buildings are simply abandoned to return to nature's embrace.  Lots of people are remarking on the bankruptcy, but I want to show just what that all means.

You don't need office buildings when all the businesses head to friendlier locales.

I think this used to be a theater.

Here's the Church, here's the steeple.  Open the doors, where're all the people?

A tree grows in Harlem Detroit.  In the Book Repository.  Looks like the
books are still there on the shelves.  I expect ancient Rome looked like this once.
Was this once a school?
Someone went to some effort to upend that piano.
There's more here.  A cautionary tale, if we will listen.

In this decayed hole among the mountains
In the faint moonlight, the grass is singing
Over the tumbled graves, about the chapel
There is the empty chapel, only the wind’s home.
It has no windows, and the door swings,
Dry bones can harm no one.
- T.S. Eliot, The Wasteland

Not my motorcycle


Pretty cool, though.  Seen at the Owl's Head antique auto show, Autumn 2008.

Jean-Féry Rebel - Baroque Violin Sonatas

OK, so I'm buying a Honda Rebel motorcycle.  What, you might well ask, does that have to do with Classical Music?

Image via Wikipedia
Actually, if you ask that you clearly haven't been reading here very long.  There's always a connection here, just because.  The connection, of course, is that motorcycles are awesome, and baroque music is awesome.  And both the bike and the composer are named "Rebel".  Quod Erat Demonstrandum.

But M. Rebel (pronounced reBEL) is a pretty interesting dude, even if he didn't have (presumably) Harley-Davidson tattoos.  Or even Honda ones.  Instead, he was born into the court of le Roi Soleil himself, Louis XIV.  His father was a musicial in the Court, and young Jean-Féry soon showed himself to be a violin prodigy.

"Soon" meaning "by age eight".  It was a precocious era.

Such was his reputation throughout Europe that no less than Handel himself conducted these works (originally composed in 1695) in the very heart of Perfidious Albion.  Which leads us to a great realization of Baroque music and Honda motorcycles: if it ain't baroque, there's no need to fix it. [ducks]



And so you have it: the Grand Unified Theory of Baroque music and reliable motorcycles.  Sure it's weird.  You knew that when you came here, right?

Saturday, July 20, 2013

That looks like a young man's bike to me


Definitely a young man's bike.  Nice bandana, though.  I'm sure that will come in useful.

The motorcycle


It's a Honda Rebel.  I pick it up on Tuesday.  I'm getting a used one, but it was raining outside and so I'll post a pic of the shiny new one.

The pros: it's pretty similar to the bike I road last weekend in the MSF safety course.  The controls are identical, it's just put on a cruiser chassis.  This means it will be familiar (implication: safer) from the get go.  It weighs half what the entry level Harleys weigh, so it will be a lot easier to control (implication: safer).  It's very inexpensive, so there's not much financial risk if I end up not riding much.  It's not over powered, so when (not if) the kids want to start riding, it will be a good size for them.

The con: it tops out at 65 MPH or so.  No long range trips on this bike, but good for around town.

In short, it's a starter bike.  Everyone more or less says that your first bike will only last you 12 months, and so this is an easy step into the motorcycle world.  We'll see when I start making noise about getting something bigger.

Lefty Frizzell - Saginaw, Michigan

Image via Wikipedia
In the music business, if you have to get beat, you want to get beat by The Beatles.  Lefty Frizzell wrote so many songs that he had 4 of them listed in the Top Ten at the same time.  That record lasted until The Beatles passed him with five on the chart at the same time.

As far as I can tell, nobody else has done it.

Lefty Frizzell made it sound easy with his relaxed vocal style.  That style influenced singers as diverse as Roy Orbison, George Jones, and John Fogerty.  While he got his start playing Honkey Tonks (and toured with Hank Williams, Sr.), he had a number of songs cross over to the pop charts.

This was probably the biggest, and got him a Grammy nomination.  Interestingly, it was one of the few hits that he didn't write.  Sadly, he was one of the many country stars that drank himself into an early grave.  You wonder what songs he might have written had he won his battle with the bottle.



Saginaw, Michigan (Songwriters: Bill Anderson, Don Wayne)
I was born in Saginaw, Michigan.
I grew up in a house on Saginaw Bay.
My dad was a poor hard working Saginaw fisherman:
Too many times he came home with too little pay.

I loved a girl in Saginaw, Michigan.
The daughter of a wealthy, wealthy man.
But he called me: "That son of a Saginaw fisherman."
And not good enough to claim his daughter's hand.

Now I'm up here in Alaska looking around for gold.
Like a crazy fool I'm a digging in this frozen ground, so cold.
But with each new day I pray I'll strike it rich and then,
I'll go back home and claim my love in Saginaw, Michigan.

I wrote my love in Saginaw, Michigan.
I said: "Honey, I'm a coming home, please wait for me.
"And you can tell your dad, I'm coming back a richer man
"I've hit the biggest strike in Klondyke history."

Her dad met me in Saginaw, Michigan.
He gave me a great big party with champagne.
Then he said: "Son, you're wise, young ambitious man.
"Will you sell your father-in-law your Klondyke claim?"

Now he's up there in Alaska digging in the cold, cold ground.
The greedy fool is a looking for the gold I never found.
It serves him right and no-one here is missing him.
Least of all the newly-weds of Saginaw, Michigan.

We're the happiest man and wife in Saginaw, Michigan.
He's ashamed to show his face in Saginaw, Michigan.

Overslept

Wow, did it feel good.  First time in weeks.  I'll get the ice cream machine cranked up, but need coffee.


Friday, July 19, 2013

Fortunately, the comments here are filled with Smart

So this doesn't really do much for me.  But there sure are a bunch of places where it would be a help.


The Forgotten War

Remember.



The "Greatest Generation" fought two wars, only 5 years apart.  One war it talked about all the time.  Tom Hanks made a great feature film about one.  The other one has 614 views on Youtube.

His story is one I remember hearing from the World War II vets, but only when they got older.  When they were younger, they never talked about it, but when they got older they wanted to make sure that people didn't forget their buddies who didn't make it back.

Such a strange war, that robbed this man of his earned heroism.  You might ask yourself why this was, unless you're as nasty and suspicious as I am, in which case Tail Gunner Joe explains pretty much the whole thing for you.

The intersection of "Smart Diplomacy facepalm" and "NSA facepalm"

It's a twofer!
Normally, Daniel Bangert's Facebook posts tend to be of the serious variety. The 28-year-old includes news items and other bits of interest he encounters throughout the day. "I rarely post funny pictures," he says.

Recently, though, he decided to liven up his page with something a bit more amusing -- and decided to focus on the scandal surrounding the vast Internet surveillance perpetrated by the US intelligence service NSA. He invited his friends on an excursion to the top secret US facility known as the Dagger Complex in Griesheim, where Bangert is from.

...
Bangert's doorbell rang at almost the exact same time. The police on the telephone told him to talk with the officers outside of his door. Bangert quickly put on a T-shirt -- which had a picture of NSA whistleblower Edward Snowden on it along with the words "Team Edward" -- and answered the door. His neighbor was outside too so as not to miss the fun.

The police wanted to know more about what exactly Bangert had in mind. "I couldn't believe it. I thought: What? They are coming for such nonsense?"

"Team Edward" FTW!  And I guess we now know where the room temperature IQ Stasi guards are working these days:
The officers, says Bangert, were unimpressed and called him a "smart aleck," before hinting strongly that he should obtain a demonstration permit before he embarked on his outing. They then told Bangert not to post anything about their visit on the web.
Good idea there, Fritz.  Seems foolproof.  Oh, wait ...

There's so much fail in this that I fail in my attempt to describe it, other than this:


As we used to joke Back In The Day at Three Letter Agency, "In God we trust; all others we monitor."  OK, can we stop now?

And can I just say that nothing good can possibly come out of the intersection of NSA and the German Authorities.  Srlsy.  Just don't go there.

Bootnote: This right here is my most favoritist part of the whole article:
The police spokeswoman sought to play down the incident.
Because playing it up would be bad, mkay?  No wonder they lost The War.

St. Bartholomew, George Zimmerman, and Barack Obama's "Fundamental Transformation of America"

Late 16th Century France was a mess.  The Protestant Reformation had, by 1572, led to three religious Civil Wars.  In an effort to heal the torn Kingdom the Queen Mother Marie de' Medici convinced the Catholic Establishment to go along with her plan to marry her daughter to a Protestant, Henri III of Navarre.  She hoped that the union would bring the two warring sides together.

She succeeded in a most unfortunate way.

A Royal Wedding then (as it is today) was a Very Big Deal Indeed.  Anyone who was Anyone expected an invitation, and those invited were expected to attend.  The Protestant nobility turned out in force, descending on the very Catholic Paris for the joyous day.

Image via Wikipedia
What happened was that they were slaughtered in what's gone down in the chronicles as the St. Bartholomew's Day Massacre.  Thousands of Protestants - and especially their leaders - were cut down, hunted like dogs through the streets of Paris, not just by the mob but by King Charles' Swiss Guard.  The killing spread immediately to the Provinces, with an unknown number of dead likely exceeding 10,000.

Remember, France was much smaller then, only 50 years or so after the death of the English King Henry V (of "Band of Brothers" fame) and only a generation removed from when Joan of Arc helped throw off the yoke of English rule.
The King hastily assembled the Paris Parlement, who passed a resolution saying that it was all the fault of those  traitorous Protestants, plotting against the Crown. In a divided Europe, the news was greeted with either horror or rejoicing, depending on your confession.  German Emperor Maximilian - overlord of a divided Germany - called it shameful.  His son-in-law King Phillip II of Spain - that most Catholic Prince who would in 15 years muster an Armada against the English - was said to have laughed.  It is also said that it is the only time that most dour of rulers was heard to laugh.

We are seeing in our own day a fracturing of the old bonds that once united this Res Publica.  E pluribus unum has been undermined by a political class that has seen opportunity to be had in a fracturing of a common weal, in a balkinization where a formerly united polity is fractured into groups that can be played off against each other.  Where once there was a common sense of what it is to be American, now we are immersed in "Press 1 for English", the replacement of the "melting pot" for the "salad bowl", the absurd - but loudly persistent - accusations of racism against those opposed to (or even skeptical of) radical political agendas.

We see today our own Religious Wars, with two groups increasingly divided along philosophical lines.  George Zimmerman was one who found himself unexpectedly on the wrong side of that dividing line.

Zimmerman, a Democratic Party voter and Obama supporter, found himself suddenly a heretic.  He represented the melting pot - mixed white, black, and Hispanic; he tutored black kids; his date to his prom was black; his black neighbors said he was a great guy.  But a melting pot is not useful these days, not to political forces that see opportunity in fragmenting the polity.  It's particularly unhelpful when - like Zimmerman - it shows that it is willing to self-organize (Neighborhood Watch vs. ask the Government for help) and particularly unhelpful when it is willing to use lethal force to defend itself.

And so a minority Obama voter found himself suddenly a "White Hispanic", and facing trumped up charges egged on by a corrupt Press.  The only surprise in the entire sad episode was that he was not tried before a Kangaroo Court.

That's coming.  The eight months since President Obama won reelection have seen the mask slip.  The man who ran as a centrist, post-racial technocrat no longer scruples to bend the supposed politically neutral Government Agencies to discomfit his political enemies.  The IRS is only the most obvious of these, with their astonishing harassment of the Tea Party; the Justice Department itself is seen to be organizing street protests against Zimmerman, and even setting up a central snitch phone bank where American Citizens can report perceived thought crime from this particular fellow Citizen.  He suspends inconvenient portions of lawfully enacted statutes at his whim, and cracks down not just on embarrassing whistleblowers but on embarrassing Inspectors General.

Government is gathering unprecedented power to itself at the precise moment that a President is using that power not to unite, but to fracture the country.  To "reward his friends and punish his enemies".  He is, as he promised, doing his best to fundamentally transform the country.  His vision is a fragmented country, not a united one: some groups are politically useful, and are to be groomed and subsidized; others are politically dangerous and are to be broken by the full power of the State.

That vision is not, as has been often alleged, socialist.  It is fascist, as in Mussolini's original definition: everything within the State, nothing outside the State.  Separation of powers, Constitutional separation of powers, Federalism - all nothing but obstacles to be removed by his transformation.


The soixante-huitard Left, long removed from its glory days of rebellion is the comfortable Establishment.  Those outsiders useful to the cause of extending the fragmentation and group conflict that has brought so many of them to power are welcome into their fold; those who would hold to e pluribus unum and rule of Constitutional Law most definitely not welcome.

George Zimmerman is not welcome in Progressive Establishment circles.  Doesn't matter that he voted for Obama and was a loyal Democrat; he's a Protestant in 1572 Paris and the mob is howling for his blood.

L'affair Zimmerman is not remotely about race, and any Leftie who thinks it is is a tool.  The game is transformation into a balkanized and fractious "Salad Bowl" where the vegetables that support the Right Sort Of People® will find that they are more equal that the other vegetables.  That's the game.

And the game is just begun.  Imagine a decade hence, with a decade's worth of NSA-collected metadata.  The Unblinking Eye will know even more about you, more about me, more about those who might want to join the Establishment.  The ability to screen out the seeming reliable (like George Zimmerman) who are not Politically Reliable™ will be pervasive.  Class makes no difference.  Race makes no difference.  Political Party makes no difference.  What matters is unthinking obedience to the Establishment as they balkanize first one group, then another.

What they want is the Paris Mob to hunt down Protestants, even those who even yesterday were considered to be good Catholics.  Because those traitorous Protestants are plotting against the Crown.

What they want is Transformation.  That's what the Zimmerman prosecution is about.  It is part of a greater whole.  And they are only going to get stronger.  Until it comes apart.

The French Valois dynasty ended with the reign of Henri IV, le Vert Galant who despite being Protestant somehow survived the massacre.  On learning the Throne was his if he would only convert to Catholicism, he said that "Paris is worth a Mass".  He is perhaps the most popular French Monarch ever, and healed a divided country.  At least for a while.

Perhaps we will find our own Vert Galant.  Or perhaps it will be our own Jacobins, where the streets run red with Establishment blood.  That would be a change from the traditional America approach to politics, but given enough Transformation, who knows?

Thursday, July 18, 2013

The Media are a bunch of drooling morons

Well, they are.


The Czar of Muscovy described it well: just assume that the media will act like Middle School girls, and you won't be surprised at what they do.  George Zimmerman is a meanie.  Dzhokhar Tsarnaev is dreamy.  Follow them on Twitter!

Who's up for a blogmeet where we drive a tank?

Tank Town USA, 90 minutes north of Atlanta:
Tank Town USA is the ultimate heavy equipment playground and the #1 thing to do in Blue Ridge, GA...and possibly the world! Whether you want to drive a military tank, military trucks or construction equipment, Tank Town USA has it all.
Our team of professional instructors will put you in the drivers seat as you navigate our 5 acre course designed to let you test what these vehicles can do! It's a fun, fast paced, and exciting adventure for all ages.
This is one of my bucket list items.


There may even be a shooting range up there, and we could do not only a Tank meet but a blog shoot.  Any interest?

Android pwned. Again.

Two huge security holes in Android this month.  First up was last week's Master Key vulnerability:
A four-year-old Android bug could be used to plant malware on 99 per cent of Android devices on the market, according to security researchers.

Bluebox Security CTO Jeff Forristal said the vulnerability in Android’s security model creates a means for hackers to modify an Android app's APK code without breaking its cryptographic signature.

This means that any legitimate application - even those afforded elevated privileges by the device manufacturer - could be turned into a malicious Trojan before being offered for download. The difference between the two would not be readily detectable by either the smartphone or the app store - much less an end user.
You see what's coming next, don't you?
Google Play alert: An information security researcher has spotted two apps that use the master key vulnerability that's present in an estimated 99% of all Android devices. But rather than being distributed by sketchy third-party app stores, which are known for harboring malicious apps that have been disguised as free versions of the real thing, these two apps are available directly from the official Google Play app store.


Fortunately, the apps don't appear to be malicious. But the presence of the free apps -- Rose Wedding Cake Game and Pirates Island Mahjong Free, which have been downloaded by between 15,000 and 60,000 people -- on the Google Play site calls into question whether Google is now scanning for apps that abuse the so-called master key vulnerability that was discovered by Bluebox Labs in February and detailed by Android hackers earlier this month
Doesn't take long for something this big to get out in the wild.  And now there's a second vulnerability that the Bad Guys can play with:
Hot on the heels of the so-called "master key" hole in Android comes what Chinese Android researchers are calling "a similar vulnerability."


They've definitely found a bug, and an another embarrassing one for Google's coders, too.
Pretty heavy duty geekery there.

The real problem isn't that Android has vulnerabilities - after all, everything has vulnerabilities.  The problem is that the process of getting a fix from Google to you is broken.  With an iPhone, Apple releases a patch, iTunes checks for it, and downloads it straight from Apple for you.  It doesn't matter who your carrier is - AT&T, Verizon, T-Mobile, Orange: macht nichts.

It's different with Android.  Google releases a fix, and sends it to the handset manufacturer (e.g. Samsung).  At some time in the future, Samsung includes the fix and sends it to the carriers (e.g. AT&T).  After another delay, AT&T updates the image for your Galaxy S.  Maybe.  Then you can get it.

Fail.  It's so bad that some security dudes created a hotpatch app that you can (and should) download from the Google Play store:
Jon Oberheide, CTO of Duo Security, told El Reg that ReKey provided notification of attempted attacks featuring dodgy APKs as well as blocking the Bluebox master key and similar malware padding attacks.

...

"Since ReKey only patches in-memory (and then re-patches upon boot of the device), it is non-destructive and makes no permanent changes to the user's device. When the official patch is delivered to the device, it can interoperate peacefully."

The ReKey app was released on Tuesday and is available to download at rekey.io as well as through the Google Play Store.

A blog post by Duo Security with more context and technical information about ReKey can be found here.

"The security of Android devices worldwide is paralysed by the slow patching practices of mobile carriers and other parties in the Android ecosystem," Oberheide concluded.
Quite frankly, the whole situation shows that the Android security model is a train wreck.  I can't in good conscience recommend that anyone use Android until the patch distribution process gets under control.

On evil

Sabra muses on the Rolling Stone's glam cover shot of Jahar Tsarnaev and reminds me why I read her every day:
The problem seems to be that, by failing to dehumanize a murderer, he is somehow being glorified.  Which is, of course, patently ridiculous.

Look, murderers all have one thing in common, beyond the obvious: they're human.

Evil is human.  Uniquely human, perhaps.  Animals kill for food, and they kill for dominance, but they don't kill for ideology or jealousy or momentary passing anger.  Humans do all of those things.


But we don't like to admit that. 

...

Susan Smith didn't go around torturing animals; she was from all accounts a devoted mother, right up until she wasn't.



And Jahar Tsarnaev was a nonviolent, chill dude right up until he wasn't.
That's one smart lady.  RTWT.

Wednesday, July 17, 2013

Let's go back in time

I must confess that this is a hugely guilty pleasure for me; from an age where people were still figuring out how to shoot music videos*, when I was in my twenties (barely), had hair almost as good as Huey (almost), and when life was simple.  And had a shirt exactly like his in both videos).  Good times,good times.



This is the point where people roll their eyes at me.  I don't care.  Srlsy.  Because it's hip to be square.



Yes, I cut my hair.

* When people still shot music videos.

Science. That's gangsta.


Well that's your problem right there


Well played.

Tech Sector business hit by NSA spying

Silicon Valley is already feeling the business impact of the NSA data gathering effort:
Will overseas business owners think twice about trading with us because they fear that their communications might be intercepted and used for commercial gain by American competitors? Most chilling of all: Will foreigners stop using the products and services of California technology and media companies — Facebook, Google, Skype, and Apple among them — that have been accomplices (they say unwillingly) to the federal surveillance?

The answer to that last question: Yes. It’s already happening. Asian governments and businesses are now moving their employees and systems off Google’s Gmail and other U.S.-based systems, according to Asian news reports. German prosecutors are investigating some of the American surveillance. The issue is becoming a stumbling block in negotiations with the European Union over a new trade agreement. Technology experts are warning of a big loss of foreign business.

John Dvorak, the PCMag.com columnist, wrote recently, “Our companies have billions and billions of dollars in overseas sales and none of the American companies can guarantee security from American spies. Does anyone but me think this is a problem for commerce?”
This is slowing the rush to "Cloud Services".  I am hearing from people I talk to professionally that a lot of US companies are reconsidering public cloud services, too.  They specifically cite concern over whether the service provider might turn their data over to the Fed.Gov.

And the Government itself is turning away from this technology:
US government spending on cloud technology is set to spike in the next two years, though security concerns have scared agencies away from public clouds.

...

For all the federal government's push to adopt new technologies as part of a major IT refreshment strategy, agencies are still apparently concerned about the security and viability of public cloud technologies.

...

Although providers such as Amazon, HP, and Microsoft have pursued security certifications such as FISMA and FedRAMP – Amazon has set the pace in this area via its dedicated GovCloud data centers – many government departments are hamstrung either by regulation or legacy hardware from going into public cloud environments.
Nice return on Silicon Valley's political contributions last election cycle.