Friday, April 29, 2016

Why is there so much credit card fraud, part 2

Stores can't upgrade to newer, safer equipment because it hasn't been certified.  The banks own the certification companies, and there's no incentive to hurry certification because the stores are (since October 2015) 100% liable for all fraud.
Avi Kaner, a co-owner of the Morton Williams supermarket chain in New York, has spent about $700,000 to update the payment terminals at his stores.
Trouble is, he cannot turn them on.
The new terminals can accept credit and debit cards with embedded digital chips, a security feature intended to reduce the number of fraudulent purchases.
But before the payment systems can work, they must be certified, a process that Mr. Kaner and many retailers around the country are waiting to happen. In the case of Morton Williams, the holdup has lasted several months.
The cost of waiting, retailers say, is piling up.
And so the stores are suing:
Payment processors “don’t have any incentive to hurry the certification along,” said Patrick J. Coughlin, a lawyer for retailers in a recent lawsuit that accuses the major card networks of deliberately creating impossible requirements for merchants. “They’re not the ones paying the fraud charges.”
The whole thing is a mess.

Thursday, April 28, 2016

Why is there so much credit card fraud?

Because implementing the new security technologies can cost a lot more than the fraud loss.  From the comments at Brian Kreb's blog:
I can tell you first hand why so many retailers haven’t implemented EMV: cost. We did the analysis, and our fraud per year number is way below the implementation costs – and I mean WAY below. So our position has been not to spend the money to implement EMV, and eat the fraud costs because of it, as that is a much smaller number. For other retailers that is going to be a different cost benefit analysis, but if you don’t sell reloadable gift cards (or implement a policy like this one to not allow buying with a CC), and you don’t sell high dollar items that are easy to flip for cash, it isn’t worth the cost.
The implementation costs for EMV, much like E2E encryption, are ridiculous. You have a recurring licensing fee from the manufacturer of the PIN pad devices for each device, and that is IF you already have hardware to support EMV, which for many retailers isn’t the case. Or you have older hardware that does support EMV, but the hardware is already maxed out and you would have to remove 1 feature from the hardware just to accommodate EMV. If a retailer has to replace the hardware, you are talking about anywhere from $200-$1000 per lane per store in hardware alone, not counting the costs to send out someone to replace them all. Even if you have all the hardware in-place, and can eat the EMV feature license cost, you still have to spend the money with your POS integration partner to do all the POS software work to even handle EMV, since the transaction occurs in a different way, and completely different data is sent to and from the POS. As is the case anytime you are working with a vendor on software customization, the integration costs are nothing to sneeze at.
If you think not in terms of security, but rather in terms of managing risk, this makes perfect sense.  It doesn't make sense to pay $100 to stop $20 of fraud.  Now what this particular store does is different than what other stores do, but this is the right way to look at the problem.

Apparently, you can't fix that with Duct Tape



The public wants privacy

How do we know?  Congress knows:
In a rare display of bipartisanship the US House of Representatives has passed the Email Privacy Act(EPA) in a 419-0 vote. 
The legislation updates the antiquated 1986 Electronic Communications Privacy Act (ECPA) and closes an important privacy loophole. Under ECPA the police could examine any email that had been read or that was more than 180 days old with only a subpoena, whereas under the EPA they would need a warrant obtained from a judge.
Is this a fig leaf?  Probably.  Will this change much?  Unlikely.

But Congress knows that people are unhappy with police snooping.  They know it to the degree that not a single vote was cast against this.

What hath NSA wrought ...

Wednesday, April 27, 2016

I could go with this

(via)

Lego wars

Get ready to rumble!
A Lego-mad fisherman spent three years building the world's biggest model of a US warship - only to find an American rival had beaten him by inches. Jim McDonough painstakingly built a 24ft scale model of the 890ft USS Missouri with thousands of toy bricks in Redford, near Arbroath in Angus. When he embarked on the model in his garage three years ago, his research told him it was going to be the biggest Lego ship in the world. 
Here's a picture of Our Hero with his creation:


Alas, it was not to be:
But it seems his effort was in vain - after he was been pipped at the post by Minneapolis-based enthusiast Dan Siskind, whose creation is 25.5ft long.
Mr Siskind used more than one million Lego bricks to recreate the 1:35 scale of the USS Missouri.
Here's the undisputed world champion Lego battleship:


Pretty cool, in a scary sort of way.

Unhappy spy chief is unhappy

Awww:
THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.
“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.
I've been saying for quite some time that the grotesquely promiscuous spying by the Intelligence Community - spying aimed at the innocent civilian population - is having a big, negative impact on the commercial Internet security industry.

And why hasn't General Clapper been imprisoned for perjury to Congress?

The NSA has really messed this up, and that toothpaste isn't going back into the tube.

Tuesday, April 26, 2016

Thanks, just water for me ...


Your team's odds of winning the World Series

Interesting on-going analysis at 538.com.  They update it after each game.

The Braves look awful, but you don't need 50,000 simulations to tell you that.  The Red Sox look better than I would give them - their starting rotation has a bunch of question marks.

Update of the Queen Of The World

The crazy strong antibiotics seem to be doing some good, although the pneumonia will take some time to kick.  She wanted me to thank all y'all that left best wishes.

Monday, April 25, 2016

Bloat

It is said that code will expand to fill the available memory.  It looks like it will also expand to fill the available network bandwidth:
The average web page is now roughly the same size as the full install image for the classic DOS game Doom, apparently. 
This is according to Ronan Cremin, a lead engineer with Afilias Technologies and dotMobi's representative for the W3C (World Wide Web Consortium). 
Cremin points to data from the HTTP Archive showing that, at 2.3MB, the average page is now the same size as the original DOS install of the id Software mega-hit.
I remember back in the '80s, working on a minicomputer that had a real-time OS.  The biggest you could gen the kernel was 64KB.  Punks these days don't no programming ...

Remember the Playground?

Here's 11 things you don't see on the playground any more.

I remember really long slides. When you were little, just climbing the ladder was a daunting affair. Really, even then, would my mother have let a 5 year old climb an extension ladder and step up onto the roof? But it was on the playground and no one considered it.

Teeter-totters. 'Nuff said.

Monkey bars and jungle gyms. I never broke an arm or a collarbone, but I was there when it happened.

The most unusual thing I have seen for kids to play on was in Beaufort, S.C. There was a small park on Pigeon Point that had an old fighter jet sitting on it's landing gear. The tires were flat. The canopy was open. You could climb on it, up in the engine cavity or over the wings, sit in the cockpit, it was just there, all sharp edges and oxidation.

I was an adult, working on F-4s, and lived just down the street. I would walk around it, look at things, wonder what year it had taken it's last flight, and who the guys were that had last safety wired a bolt in place.

It was an FJ-2 Fury and the base eventually took the plane back and fixed it up . It is on a pedestal outside the gate at MCAS Beaufort. Kids don't play on it anymore.


What's your memories of playgrounds?

Sunday, April 24, 2016

Saturday, April 23, 2016

Friday, April 22, 2016

Thursday, April 21, 2016

Happy birthday to Her Magesty Queen Elizabeth

90 years old today. And I believe the longeat reigning sovereign in British history.

FBI leader: We don't know how to hack phones

This explains a lot, really:
A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources.
...
Several lawmakers, including Rep. Diana DeGette, invoked the San Bernardino episode, and asked why the FBI could not improve it’s own expertise in cracking encrypted devices. If it were to do that, she argued, the agency would no longer need to challenge technology companies, like Apple, in court or purchase hacks from outside parties.
Hess countered that the types of one-off exploits needed to crack encrypted devices may require resources unavailable to the FBI. “Those solutions may be time intensive, they may not eventually be effective, they may require an additional amount of resources, or an additional amount of skill, in order to get to those solutions,” she said.
I'm not sure whether to be relieved or alarmed that the Federales are not competent to do investigative work.

Wednesday, April 20, 2016

The healing power of music

Bob over at The Drawn Cutlass has an amazing musical find.  Go listen to the music but make sure to click through to the story.

Wow.

4/20 Day

It seems that the stoners celebrate this day, for some reason.  That's not my poison of choice, but this is:


Sweetwater 420 IPA.  An Atlanta beer, it looks like they're getting serious distribution.  I can get it up here in Yankeeland, even.

The Rescued Film Project

In this case, it's 31 rolls of undeveloped film from a WWII soldier. You can view all the recovered images at the link.

At the top of the page are links to hundreds of other images from the 1930s forward. They are all images that were taken and then never developed until this project received them and went to work.

Here's a video about this particular recovery effort:


Windows users: uninstall Quicktime

Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for it, warns the Department of Homeland Security‘s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won’t be patched. 
“According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation,” US-CERT wrote.
Apple has an Uninstall Quicktime page for your convenience.

Big Science is broken

Reproducibility failures everywhere, incentive structure stifles new theories challenging establishment ones, peer-review basically provides no value.  It's all here.

I'd like to see Big Science dethroned from its current perch as a modern day religion, but there are too many political groups invested in it for that to happen.

Tuesday, April 19, 2016

Last Midway dive bomber pilot turns 100

Nice story.  And this cracked me up:
After the war, his family used to take him on roller coasters but he fell asleep on them, finding them boring after diving down on Japanese carriers from 20,000 feet.
Hat tip: Chris Lynchm.

The sign making department has a sense of humor


About that 60 Minutes iPhone hack

While it might have made for good TV, it's not a common threat scenario:
America's flagship news program 60 Minutes has demonstrated how to "hack" a US congressman's smartphone. One little thing to bear in mind about this incredible scoop: the vulnerability has been in circulation since 2014 ... and it requires high-level access to global phone networks.   
John Marinho, vice president of cybersecurity and technology at cell network group the CTIA, said: "While we are aware of the research hackers’ manipulation to exploit SS7 technology in the international wireless networks, it’s important to note that they were given extraordinary access to a German operator’s network. 
"That is the equivalent of giving a thief the keys to your house; that is not representative of how US wireless operators secure and protect their networks". 
So, is this possible?  Yes - and not just for iPhones (Android is also vulnerable).  Is it likely?  Not a bit.  You either need the connivance of the carrier or the carrier's network has to be really badly pwned by the Black Hats.  In either of these cases it's not at all clear how secure your phone would be.

Monday, April 18, 2016

The Real Theft



This is foyer of an 11,000 sq. foot house built by a man in Michigan in 2002. Pretty nice digs. Makes you wonder what he did for the kind of money that builds a place like this, doesn't it?

He sold school supplies to the Detroit public school system. Well, he sold some school supplies. Then he conspired with a dozen school principals and pretended to sell a whole lot more school supplies that never got delivered.

So Norman Shy is not a very trustworthy man. The school principals are worse, however. They took a million dollars in kickbacks to help Mr. Shy complete his theft. For over a decade, the principals of schools in the absolutely worst performing school system in the United States allowed the schools to go without paper, pens, new furniture, and so on. Mr. Shy got rich. The principals got a little payola.


Just so it all makes sense, Detroit has the lowest test ranking of any major metropolitan school system in the country.
 "They are barely above what one would expect simply by chance, as if the kids simply guessed at the answers,” he said. Detroit Public School fourth-graders scored in the 9th percentile and eight-graders were in the 12th percentile when compared with students in 17 other large, central U.S. cities."
The other major cities are not preforming at some high standard, either. Both nationwide and major city statistics are alarming if you think that basic proficiency in reading and math are somehow important to future success.

Taxpayers have every right to be outraged at Detroit government, their school system, and the individuals involved in this crime. Their tax money was stolen. But the people that really have a grievance are the students of the Detroit public school system. They have been robbed of their future.

Voters of the World, Unite!


Seems the Sanders campaign isn't very happy about this:
If you want to know why Democrat leaders and party officials are scared to deathski about Bernie Sanders at the top of the ticket in November, take a look at the Featured Image, the graphic on a T-Shirt sold by Liberty Maniacs. 
Bernie is doing well in head-to-head polling against Republicans because Republicans, including yours truly, have laid low in going after Bernie. Hillary, meanwhile, is too afraid of the progressive base of the Democrat Party to lower the hammer-and-sickle on Bernie’s head through negative advertising. 
Buzzfeed reports that Team Bernie is not happy with the T-Shirt and related merchandise:
An online merchant has accused the Bernie Sanders campaign of “trademark bullying” after a Bernie 2016, Inc. attorney sent him a cease and desist letter regarding T-shirts, mugs, and sweatshirts depicting the candidate with historic communist leaders.
No word on whether Leninaide was the official soft drink of the Sanders campaign.

"Solar Flare". Riiiight.

Swedish Air Traffic Control administration says that it wasn't a Russian hack that took down their system.  It was a "Solar Flre".


Riiiiight.

Sunday, April 17, 2016

All Four

I'm convinced you have to break three of them to shoot something you didn't intend to put a hole in. When you break all four, it's like you did it on purpose.

H/T to SayUncle

Saturday, April 16, 2016

Not in Germany anymore

Five year olds learning baseball. They're good at the "kick dirt" part.


Friday, April 15, 2016

Detroit Airport stinks

Long line at passport control. They're obviously not set up for this. Lobg line at customs - it was manned with a skeleton crew.

And then you have yo go back through TSA screening. What a stupid airport.

Auf wiedersehen, Deutscheland

I'm at Flughaven Frankfurt spending my euros on breakfast. It's always a good flight when you're going home.

And I probably won't show this picture to #2 Son. The drinking age here is 16. The kid on the far right looks to be about that old.


Thursday, April 14, 2016

A look into the climate databases

Coyote Blog continues his excellent series about climate change/global warming, this time talking about the databases of historical temperature.  This is something that long term readers will recall is my biggest beef with the "establishment" science.  Coyote does a great job introducing the issues in an easy to understand manner, with illustrations.  Like this:

That's a weather station.  Just how accurate do you think its measurements will be?

Highly recommended.

Just how bad is the proposed anti-encryption law

It's bad, filled with magical thinking:
All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders.
This is the crux of the issue. The senators want to have their cake – by requiring tech companies to protect their customers' data – and eat it too – by insisting that law enforcement can break the code. 
According to the best minds in cryptography this simply can't be done – it's not a moral or legislative issue but a mathematical one. Once you introduce a flaw into an encryption system, it's impossible to stop others finding it, especially since you are mandating it is there by law and the prize is free access to all US data traffic, as evidenced in the Juniper case.
Of course, Congress doesn't care that this is impossible, as long as they have a fig leaf ("protect the privacy of United States persons") to cover that ugly decrypt-anything-we-tell-you-to thing.  It tastes great and it's less filling.  And it makes you lose weight, too!

And protections against abuse have been stripped:
As we have mentioned, there are also now no restrictions on what kind of court order can be used to force companies to hand over data to the police. As we've seen with the Patriot Act in the US and RIPA in the UK, once you give police these powers, they will use them for everything because they cut down on the workload required. 
The original draft did include caveats to which types of court orders could be used, but those requirements are now gone.
And this is bi-partisan.  Forgive be for being unimpressed with the Republican Party's commitment to liberty.

Lottery machines hacked

It was an inside job by IT:
The number generator had apparently been hacked to produce predictable numbers on three days of the year, after the machine had gone through a security audit.
Note that last bit. The software would only produce the non-random results after the software security audit was completed.

Wednesday, April 13, 2016

Russia hacks Sweden's air traffic control?

Maybe:
Sweden suspects a hacker group linked to Russian intelligence was responsible for an attack on its air traffic control systems last November, we're told. 
Air traffic control systems across much of Sweden were unavailable on November 4. Computer problems meant air traffic controllers were unable to use their displays, an issue that prompted the cancellation of multiple domestic and international flights. Arlanda, Landvetter and Bromma airports were particularly affected. 
The Swedish Civil Aviation Administration publicly blamed a solar storm. However, behind the scenes the Swedes were notifying NATO about a serious, ongoing cyber attack, Norwegian news outlet aldrimer.no reports.
It's not often that you hear outages were caused by Cosmic Rays ...

In other news, Airbus says it gets hacked a dozen times a year.

It seems that I don't live in a bubble

Alas, I'm pretty average:

You got 47 points.

The higher your score, the thinner your bubble. The lower, the more insulated you might be from mainstream American culture.
42–100: A first-generation middle-class person with working-class parents and average television and movie going habits. Typical: 66. 
 Do you live in a political bubble?

(via)

Neighbors get WWII Veteran burial at Arlington

Bravo Zulu:
The 89-year-old pensioner died in December with no will, no instructions and no next of kin. He lay in a cold room at the D.C. medical examiner’s office, where the unclaimed dead are usually destined for a nameless pauper’s grave.
Instead, on Friday, Moore was given a hero’s sendoff at Arlington National Cemetery. A uniformed honor guard escorted Moore’s flag-covered remains. In place of a silent goodbye, a bugler played taps and three volleys of rifle fire marked his passing.
How was a lonely man diverted from the oblivion of a potter’s field for the glory of his country’s most hallowed resting place? It was the work of a family Moore may not have known he had: the residents of State House, a post-WWII apartment building at the edge of Washington’s Embassy Row.
No family, no friends, but neighbors who wouldn't let his body go unclaimed.

Hat tip: Chris Lynch

Tuesday, April 12, 2016

Sharing

The Queen Of The World was feeling pretty bad when I left for Europe - cough, fever, that sort of thing.  Now I'm over here and what do I find?

Cough.  Fever.  Sinus pressure.  Bah.

We'll see how the rest of the week goes.

Easy with that clutch, Scooter


So Global Warming will cause women to stop having sex?

Yawn.  Add it to the list.

Actually the list hasn't been maintained for years.  The guy who put it together explains:
Footnote (September 2015) Why the list stopped growing.
The time it takes to process a new entry increases approximately with the square of the list length, after checking for duplications, spoofs etc. Starting it was based on the naïve assumption that the rate of appearances would decline as opposing evidence accumulated, but the reverse happened. That’s the difference between science and religion. It was taking over my life, which I did not want to end as a garbage collector. There have since been hundreds more claims of an increasingly ludicrous nature.
About right, there.

Monday, April 11, 2016

Trump, Sanders, and The Electoral College

The election is not firmly in the hands of the mainstream parties for the first time in my lifetime. The recent decision to eliminate Republican voter input in Colorado was only surprising because it was done in the open.

Both the Democrats and Republicans are trying to ensure that the primary outcomes allow the candidates of choice win the nominations. But Trump and Sanders, both with a lot of popularity, have nothing invested in the traditional structure, no support from the parties, and are still in the game. Both of them also have nothing to lose by pressing on no matter the outcome of the conventions. Game theory would suggest that they both will do that.

If they both make that decision, leaving the Democrat/Republican nominations to Clinton/Cruz, with Trump and Sanders running as independents, it makes it almost certain that the popular vote will be rendered meaningless and the election decided by that anachronism of control, the Electoral College.

There's never been a modern election decided by the Electoral College, they are in some theoretical ways sent as representatives of the States, but they could do as they please. Deals made, ballots counted, and ta-da! Here's a president. The Electoral College exists because the Founders really did not trust the people to decide Presidential elections. It's there as a doomsday fallback for situations just like the one we are working our way into.

It is not possible to predict what they would do with some manner of a four way split in the popular vote. What is easily possible to predict is the aftermath. Pick any one of the four as the winner. What is the response of the other three? Do they fold their tents, roll up their banners and get behind the declared winner as the Constitutionally elected President? Would Hillary do that for Donald? Would Donald do it for Hillary?

What if the Electoral College elects someone other than the one that won the plurality of the popular vote? What if the Electoral College elects someone other than the one that won the plurality of the Electoral College?

And all this plays out in front of a 24/7 media.

Apart from all that, here's my pick for November. It looks like a joke, but they got together the day after they get shut out at the conventions, I think they could win.


Book Recommendation

I am reading a book I would like to recommend to you. It is The Thing You Think You Cannot Do: Thirty Truths about Fear and Courage.

It's by Gordon Livingston. He's a psychiatrist and author. He graduated from West Point, served in Vietnam, and although I did not know it when I started reading the book, he lost an adult son to suicide and a child to leukemia in the same year.

It is about living a life with courage and what that means. I don't agree with everything he says, but I agree wholeheartedly with his main premise:
 "The best psychological antidote turns out to be some combination of hope and courage. How these virtues are acquired, manifested, and taught are at the core of this book. It is not easy to live a courageous life, and no one is brave all the time or in every circumstance."

 

Ah, Dusseldorf

Mustard and Altbier. They're REALLY good.


Strangest hotel room I've ever had

The Marriott in Dusseldorf upgraded me to a suite. "Cool," I said to myself. And then found this:




Huh. The rest of the suite is normal (maybe even a little large for a European hotel room). Still, in the hundreds of hotel rooms I've stayed in, I've never had a confrence table and a white board before.

But my suitcase was waiting for me.  Sehr gut!

Sunday, April 10, 2016

Great

Last row.


In which I channel my own internal Uncle Jay

I'm off to Frankfurt and United has me in Group 5, meaning the overheads are full. And the flight from Dulles to Newark was delayed. We'll see if my suitcase gets to Deutschland with me.

Then on to Dusseldorf which I haven't been to since 1999. And then on to Bonn. We will see how blogging goes. Maybe unshaven and in dirty clothes ...

Creation


A rock pile ceases to be a rock pile the moment a single man contemplates it, bearing within him the image of a cathedral.
- Antoine de Saint-Exupery

Via the Astronomy Picture of the Day which has a marvelous explanation about what is going on in the image.

Heh


It's funny because it's true.  Still, I probably need to get one, just because.

(via)

Michel Corrette - Six Organ Concertos

Six baroque organ concertos from the french composer and music teacher Michel Corrette, born on this day in 1707.

Friday, April 8, 2016

Bruce Springsteen Cancels a Concert on Short Notice

Two days before we were going to see Bruce Springsteen in Greensboro, he decided to cancel the concert to protest the North Carolina Legislature and Governor and legislation they passed.

Except that his actions didn't hurt the Governor or the Legislature. They hurt us.

We lost a son to suicide in November. His birthday is next week. This was going to be a small gathering of the family, to go see a concert, to remember Mike, be together, and make what we could out of it. I haven't looked forward to much, but I was looking forward to this.

Now it's canceled. We're not even going to all get together this weekend.

He's promising everyone will get their tickets refunded. If Bruce or anyone that works for his organization is surfing the web and reads this, don't kid yourselves. The money does not make this right. This was a one time chance for a lot of us and you canceled two days before the event.

You could have done the concert and donated the money to LGBT political causes. You could have refused to schedule any future events in North Carolina and honored the commitment you had already made. You could have handled this in a way that didn't just screw your fans.

Just to add to the loss, I don't think I will ever enjoy your music again.

Update from the comments for the win: It's a shame that Springsteen doesn't sell cakes or you could sue him for refusing you service.

The Next Rembrandt

It's a computer:
NG, Microsoft, Delft University of Technology, the Mauritshuis in the Hague, and Museum Het Rembrandthuis assembled a team of art historians,  software developers, scientists, engineers, and data analysts. The team built a software system that was capable of understanding and generating new features based on Rembrandt’s unique style.
They began by taking 3D scans of the 346 paintings by the artist and analyzing them to determine common elements shared amongst the pieces. Based on what the team saw, they felt that in order to best capture Rembrandt’s style the software should create a painting similar to his works. The computer was told to paint a portrait of a caucasian male with facial hair, 30-40 years old, wearing dark clothing with a hat and collar, and that he be facing to the right.
Rembrandt printingWhen the software was told to finally use all of the data the team had collected, it created ‘The Next Rembrandt’. The painting consists of over 148 million pixels, based on more than 160,000 fragments of the artist’s’ works. Most importantly, this is not merely a computer image, but was actually 3D printed so that the texture of Rembrandt’s brush strokes could also be captured. The final result is a painting that looks exactly like an original Rembrandt.
No doubt this is in violation of some secret clause of the Trans Pacific Partnership treaty ...

Still, this is pretty cool.  Here's how they did it.



Bootnote: In 1997 I had to take the one year old #2 Son out of the Rembrandt hall in Amsterdam's Rijksmuseum because he started screaming his head off.  He did not like Rembrandt, at all it seems.  Still haven't been back to see them.

Helpful advice


Well, that cleared things up.

FBI Director: "I really don't understand computer security"

Well, he used different words to day it:
FBI Director James Comey says the tool his agents bought and used to unlock the San Bernardino killer's iPhone will only work on a "narrow slice" of phones. 
On Wednesday, Comey gave a lecture at Ohio's Kenyon College's Center for the Study of American Democracy in which he said the exploit only works on iOS 9 iPhone 5Cs. Apple only sold 24 million of them. That narrow. The FBI boss wouldn't say where the tool came from. 
"The FBI is very good at keeping secrets," he said. "The people we bought this from – I know a fair amount about them and I have a high degree of confidence that they are very good at protecting it and that their motivations align with ours."
Orilly?  Glad to see you on the case with OPM, Scooter.
The 5C is the last of Apple's 32-bit smartphones (64-bit address spaces have stronger ASLR) and it doesn't have the Secure Enclave cryptographic coprocessor [PDF], which adds extra layers of protection mechanisms in hardware. Without 64-bit and the Secure Enclave, the 5C is theoretically easier to crack than other recent Apple models. 
Computer forensics expert Jonathan Ździarski told The Register that is was highly unlikely that only the 5C was affected by the crack – older models are almost certainly vulnerable too, using the same technique, and newer iPhones could also be at risk. 
While Ździarski said it was unlikely that the FBI had a working exploit for iPhone 5S and 6s, that still left around 24 million 5Cs and millions more older models crackable. Porting exploits to a 64-bit operating system isn't necessarily all that hard, Ździarski said, and simply admitting there was an exploit would galvanize security researchers to look for bugs.
And so what do we know about Director Comey's understanding of computer security?  He thinks that you can keep something a secret once everyone knows that it can be done.

And this is precisely why Apple refused to break their software for him.

Thursday, April 7, 2016

Good friends

This guy needs some.


Question authority


Security for car computers

New company aims to provide it:
Car security startup Karamba Security has emerged from stealth with $2.5m in funding and a plan to revamp in-car security. 
Karamba has developed a technology that hardens the externally-facing electronic control unit (ECU) of cars in order to defend against hack attacks. The software is designed to protect a car's externally connected components, identifying attack attempts and blocking exploits from infiltrating the vehicle's network via the internet, Wi-Fi, Bluetooth or other connections. 
Externally facing controllers manage the telematics (sensors, instrumentation, navigation, etc), infotainment (radio, head unit, etc) and on-board diagnostics (OBD) of the vehicle. Karamba's tech is designed to block attacks from ever infiltrating the car's controller area network (CAN Bus). The technology ensures that only explicitly allowed code and applications can be loaded and run on the controller
This seems entirely sensible.  When I replace the Jeep, I may look into one of these.

R.I.P., Merle

Thanks for all the great music.

Wednesday, April 6, 2016

Great overview on Global Warming science

I haven't posted much on this topic for a while, since I've more or less come to the conclusion that this is religion, not science and most people who want to believe it do NOT want to know any science that contradicts their views.  And so it's shouting into a hurricane, and I've gotten pretty tired of it.

Byt Coyote Blog has a good series that discusses the theory and the data, and the mismatch between the claims and the observations.  And he is using the IPCC's predictions and data.

Recommended, especially if you still like to shout into hurricanes.

Editors and fact checkers



Layers of editors and fact checkers ...

If you're not paying for the service you're the product, not the customer

The dating site Tinder exposes a lot of information about people who sign up.  Lots of data:
Tinder isn’t as private as many of its users think, and a new website which aims to exploit that is causing concern among users of the dating app. 
Swipebuster promises to let Tinder users find out whether people they know have an account on the dating app, and even stalk them down to their last known location.
No hacking involved - Swipebuster uses Tinder's published API to get the data.  And this is interesting:
Although the site seems targeted at those who want to catch cheating partners on the app, its developer says he had a different motivation in mind, telling Vanity Fair that he wanted to highlight oversharing online. 
“There is too much data about people that people themselves don’t know is available,” the anonymous developer said. “Not only are people oversharing and putting out a lot of information about themselves, but companies are also not doing enough to let people know they’re doing it.”
Yup.


Tuesday, April 5, 2016

Good advice


I want one.

The 1908 California Rifle Team


From Shorpy's historic photo archive, here is the 1908 California Rifle Team at Camp Perry. Click on this link for the full size image and a close up of some 1903 Springfield rifles.

Muzzle and trigger discipline was something for the future. On the other hand, I'll be they traveled by train and no one thought twice about them bringing the rifles and ammunition with them.

Good thing that NSA is collecting all that metadata

ISIS has figured out how to make that irrelevant:
ISIS figured out that if you give a leader resources, a target, and a time to get it done, then tell him to get it done however he can, you will get big, nasty and above all successful terrorist attacks in western nations, because such methods do not require detectable electronic communications.
But at least it's good for identifying the Administration's potential enemies, amirite?

Karma is Unavoidable

Crony Capitalism - not just for Wall Street

It looks like Google owns the White House.

I wonder what  they give in return that makes them so valuable.

Monday, April 4, 2016

International Square Root Day


But remember: pi are not square, pi are round ...

The Internet interprets censorship as damage and routes around it

Some of you may have heard about the brouhaha over the weekend from Lamdbaconf, a conference on technical computing (a lot on LISP, for those who care).  A talk on the Orbit computer language came under attack from a bunch of Internet Fascists (commonly called "Social Justice Warriors" or "SJWs") because while they don't care about Orbit or Lambdaconf or even computer programming, they know who they hate and will walk a mile to see that anything from those they don't like is silenced.

"I did not read Pasternak, but I condemn him."

They got some of Lambdaconf's sponsors to pull out of the conference.  But then the tech community rallied to defend, well, what makes the tech community great:
So far, so wearily familiar – Marxist thugs versus free expression, with free expression’s chances not looking so hot. But there’s where the story gets good. Meredith Patterson and her friends at the blog Status 451 organized a counterpunch. They launched an IndieGoGo campaign Save LambdaConf …and an open society.
I got wind of this a bit less than two days ago and posted to G+ asking all 20K of my followers to chip in, something I’ve never done before. Because, like Merry, I understand that this wasn’t actually about Mencius Moldbug at all – it was about opposing a power play by the political-correctness police. The IndieGoGo campaign was our chance to strike back for liberty.
A day later it was fully funded. ClarkHat’s victory lap makes great reading.
The Internet interprets censorship as damage and routes around it.

Bootnote: Urbit is pretty strange, but very interesting and very subversive.  The fact that the SJWs don't understand that it's much more subversive than anything they advocate tells you haw smart they are.  Or how dishonest they are - some likely are smart enough to understand and don't like the idea of tools that would let someone sidestep their grotesque fascist thought control.

Bootnote 2: Yarvin (who used to post under the nom de blog Mencius Moldbug) is also pretty strange and (intellectually) pretty subversive.  My suspicion is that the SJWs don't want subversive ideas floating around now that they think they're in control and want to impost their grotesque fascist thought control on everyone.

Cats and dogs, living together

Microsoft is drinking the Linux kool aid, big time:
So the latest news is that you can run Ubuntu and bash on Windows 10. In other words, from the bash command-line, you execute apt-get to get/run any Ubuntu binary -- the same binary that runs on Linux. How do it work?

I don't know yet, but browsing around on the Internet suggests that it's a kernel driver in Windows that emulates Linux system calls.
Native Linux commands to install and run Linux commands - on Windows.

[blink] [blink]

I do believe that this is one of the signs of the apocalypse ..

Sunday, April 3, 2016

Back to the Range

Took the Blackhawk and more ammo, among other things, and got out to the range this afternoon. My first observation is that it was a beautiful day to be outside and I had one of the more pleasant days I've had in a while.

The chronograph clearly showed I was at the low end of the speed/pressure spectrum with the .45 Colt. I had two loads with me. One was running 850 to 890 fps. The other, the same load as my last range report here, was running 990 to 1060fps.

Here's youngest son trying it stronghand.






We also had rifles of various sorts. Range Buddy brought out an old German Mauser that had been rebarreled in .257 Roberts and a new Remington in 25.06. They were both a joy to shoot, accurate, good triggers, and mild recoil due the lighter bullets in the full sized guns. It is best not to think about that too much as it leads to new guns in new calibers which is followed by new ammo, new dies, new bullet sizes, load development, new powders, etc. Better to just enjoy them when the opportunity comes around.

A fine afternoon.

Scattered, covered, and smothered

Because that's how the Queen Of The World rolls..




Wolfgang and I drove to the ATL yesterday. I get time with friends and Wolfie gets puppy play.

Saturday, April 2, 2016

A love letter to Baseball

The Smithsonan Channel is running a show called Major League Legends.  It is outstanding - in fact, it earns the coveted adjective "Borepatchian".

Really.  It's all there: Ted Williams and "The Gods do not answer fan mail."  Lou Gehrig - perhaps experiencing a premonition of the fate awaiting him - breaking into tears during this opera.  Joseph Campbell and the Hero's Journey.  If you like Baseball (as I do), I cannot recommend this show more highly.

And so let me close, filled with hope.  It's springtime, the season of renewal.  The season when you hear clearly the eight most beautiful words in the English language.

... and the home of the Brave.  Play ball!



Yeah, I know that I already posted a Saturday Redneck song today.  It's Opening Day tomorrow.  And I love this song.

And the Queen Of The World called me an "Intellectual Redneck".  She spoils me rotten.

Suzy Bogguss - Drive South

The Queen of the World has been back in the ATL on business, and so Wolfgang and I are loading up the Jeep and pointing the tires south.  There's a Country music song for that, one that captures the whole sublime gestalt of "absence makes the heart fonder".

Suzy Bogguss took John Hiatt's song and drove it to number 2 on the charts.  It was her biggest hit, back in 1992.



Drive South (Songwriter: John Hiatt):
I didn't say we wouldn't hurt anymore
That's how you learn, you just get burned
But we don't have to feel like dirt anymore
Though love's not earned, Baby it's our turn
We were always looking for true north
With our heads in the clouds, just a little off course
I left the motor running, now if you're feeling down and out

Come on Baby drive south, with the one you love
Come on Baby drive south, with the one you love

I'm not talkin' 'bout retreatin' little girl
Gonna take our stand, in this Chevy van
Windows open on the rest of the world
Holdin' hands, all the way to Dixieland
We've been tryin' to turn our lives around
Since we were little kids, it's been wearin' us down
Don't turn away now Darlin' lets fire it up and wind it out

Come on Baby drive south, with the one you love
Come on Baby drive south, with the one you love

I heard your mama callin', I think she was just stallin'

Don't know who she was talkin' to, baby me and you
We could go down with a smile on, don't bother to pack your nylons
Just keep them pretty legs showin', it gets hot down where we're goin'
We were always looking for true north
With our heads in the clouds, just a little off course
I left the motor running, now if you're feeling down and outCome on baby drive, come on baby drive south, come on baby drive south

Come on Baby drive south, with the one you love
Come on Baby drive south, with the one you love