Ennio Morricone - Soundtrack from The Mission

This is about as far from his better known spaghetti western scores as you can get.  

Missing software update caused Australia helicopter crash

People traditionally have been reluctant to install software updates because sometimes the update causes desired functionality to break.  This time, the entire helicopter broke because the patch wasn't installed:

Military figures claim a software upgrade for the European-designed Taipan helicopter was not installed on Australia's entire fleet despite warnings it could be needed to prevent possible engine failures.

...

Defence is refusing to comment on the "ongoing" investigation into the March 28 incident, but several figures familiar with the Taipan fleet say a simple IT patch could prevent the potentially devastating "hot starting" of the aircraft.

A "hot start" occurs when a pilot restarts the engine during a mission, shortly after powering down, instead of simply leaving the engine to idle before taking off again.

Former Taipan pilots and mechanics say the helicopter's turboshaft engines are not meant to be switched on and off repeatedly during an operation and are instead supposed to be powered up at the start, then shut down at the end.

...

Within three months, the MRH-90's prime contractor Airbus Helicopters, along with the engine manufacturer parent company Safran, had developed a software fix that would make it impossible for a pilot to unsafely perform a "hot start".

Several ADF sources, who declined to be identified so they could speak candidly, have told the ABC that the software upgrade was only ever installed on a handful of Australia's now 47-strong Taipan fleet.

This is pretty interesting in that the motivation to not install the patch seems backwards from what we usually see in the security world.

This week has been living in the Valley of the Shadow of Death

Monday was Mom's funeral, delayed by Covid and family illnesses.  She's now with Dad for Eternety.

Yesterday and the day before it was cleaning out younger brother's (formerly Mom's) house.  He was a complicated guy, and the drugs were a part of that.  It seems that he was a fan of nitrous oxide.m  We disposed of all of that, so the house is straighter and cleaner than it's been for years.  But for both those days I was surrounded by ghosts.

Now I'm flying home, on the one-month anniversary of the day we had to put Wolfgang down.  It sure would be nice to have one of his greetings when I get there but the best I can hope for is his ghost.

I've had quite enough of death this week, thank you very much.  Would not recommend.

Endorsed

Peter thinks that short format social media makes people nastier:

I question whether most "short format" social media outlets are worthwhile any more.  Most seem to be overrun with people who talk their hind ends off, but don't listen very much - or very well.

Yup.

ANZAC Day

Good on ya, Cobbers. 

Making Battleship Ice Cream

Specifically, World War II Navy ice cream.  It looks pretty good, and the powdered milk and powdered eggs don't look like they are inferior substitutes for the fresh ingredients.  Plus a discussion of just how important ice cream was to morale.  Pretty cool. 

At Mom's funeral

It's been 2 years and 8 months since she passed on, but Covid threw a monkey wrench into having the ceremony.  But now the clan has gathered and she will finally join Dad today.

Blogging has been light since travel is a pain in the keister. 

Purveyors of used data

This is not surprising at all:

You know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. After all, there's a lot of valuable personal data on there that should stay in your control. Businesses and other institutions need to take the same approach, deleting their information from PCs, servers, and network equipment so it doesn't fall into the wrong hands. At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. And the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to.

The researchers bought 18 used routers in different models made by three mainstream vendors: Cisco, Fortinet, and Juniper Networks. Of those, nine were just as their owners had left them and fully accessible, while only five had been properly wiped. Two were encrypted, one was dead, and one was a mirror copy of another device.

Like I said, not particularly surprising.  If you get rid of a device, you really should at the minimum do a factory reset.

Passwords and Password Managers

Divemedic has a very good post up about password managers - applications that remember all the various passwords for the different apps and web sites you use.  A good password manager will let you basically have non-guessable/crackable passwords that would be too hard to remember on your own.

(He also has a good post on using Pass-phrases instead of passwords.  I've recommended this for like forever.)

The downside of password managers is that all your eggs are in the same basket.  The key is that you have to put a lot of trust in the reliability and trustworthiness of the password manager.  Divemedic's first post linked to above is a great analysis on when to bail on an insufficiently trustworthy password manager.

Dad Joke CCLIIII

Today's Dad Joke is visual.  It's also about Florida, and motorcycles.  Win-win-win!

 

Critical security patch for Chrome browser

If you visit a malicious web page the Bad Guy can execute code in your browser.  There is exploit code in the wild, so update your Chrome browser.

The vulnerability, tracked as CVE-2023-2033, can be exploited by a malicious webpage to run arbitrary code in the browser. Thus, surfing to a bad website with a vulnerable browser could lead to your device being hijacked. Exploit code for this hole is said to be circulating, and may well be in use already by miscreants.

This high-severity type-confusion bug is present in at least Chrome for desktop versions prior to 112.0.5615.121. Google released that version on April 14 for Windows, Mac, and Linux to close the security hole, which lies in the V8 JavaScript engine.

That new version should be installed as soon as possible, either automatically or manually.

 

Clint Black and Roy Rogers - Hold On Partner

This is a delightful blast from the past won a Grammy in 1991.  It's striking just how much Clint Black looked like Roy Rogers.

Joe Bonamassa - Drive

It's been a while since I've posted Joe B.  This is an interesting, sort of acoustic offering.

Ransomware shuts down Super Yacht shipyard

Interesting:

German shipbuilder Lürssen, known for making super yachts for the exorbitantly wealthy, experienced a ransomware attack over Easter weekend that has incapacitated operations.

With a high revenue — it has an expected annual revenue of nearly $2.2 billion this year — it's likely that the shipbuilding company has a running roster of exclusive clients, making it a quality candidate for threat actors. And while Lürssen makes luxury yachts, it also builds sea vessels for the German navy, making the current standstill in production and operations due to the attack all the more unfavorable.

Extortion attempts similar to this one have targeted other luxury brands, such as Moncler and Ferrari, where, in the former's case, employee and customer data was stolen and leaked onto the Dark Web. It is currently unknown whether or not sensitive or personally identifiable information (PII) has been stolen from the shipping company; however, a Lürssen spokesperson has stated that they "immediately initiated all necessary protective measures and informed the responsible authorities."

 I expect that anyone who can afford a $100M boat would not be happy having their personal information leaked.

UPDATE 14 APRIL 2023 18:23: Youtube channel eSysman (who seems to cover all things Superyacht) gives his take (from a "Below Decks"/crew perspective).  It's interesting how he plays the "Spot The Yacht" game.  While it's kind of hard to feel too sorry for billionaires, I can't imagine that Lurssen's clients are happy at all.

Dad Joke CCLIII

When does a joke turn into a Dad Joke?

When it becomes apparent. 

Feeding the Roman Army

This is a pretty cool video about how the Roman Army in Britannia kept its soldiers fed.  There's even a recipe for Roman pork with apples that looks pretty yummy. 

If you click "Watch on Youtube" then the recipe is listed in the notes along with links for where to buy obscure ingredients like garum.

Update your Windows OS

This month's update fixes a ton of security bugs, including at least one that is being exploited by Ransomware:

Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.

Redmond deemed seven of the now-patched vulnerabilities "critical" and the rest merely "important."

...

As Microsoft warned: "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges." 

For non-technical folks, that translates as Game-Set-Match.  Run Windows Update - it will tell you if it ran automatically which would be great but you want this update.

Dad Joke CCLII

Why can't so many kids these days drive a stick shift? 

Because they can't find a manual.

Update your iPhone

Also your iPad and your Mac.  The new update fixes two security bugs that are being actively exploited in the wild.  This is a bad one, so get updating.

Really interesting Twitter security bug

People have complained for years that Twitter would "Shadow Ban" people - silently remove visibility of their tweets. The complaints alleged that it was conservatives who were targeted.  These complaints were denied for years until Elon Musk took over Twitter when (what do you know) it was shown that it was all true.  The US Government seems to have used a Twitter API to exercise this against their opponents.

Well, one of the things that Elon did was to Open Source some of the Twitter code.  Open Source is where the source code is released so that anyone can look at (or use) it.  Obviously, Open Source gives a great deal of transparency - which may be why the "New" Twitter did this.  But transparency gives people the chance to look for security bugs, and lookee here:

The chunk of internal source code Twitter released the other week contains a "shadow ban" vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone's account of sight "without recourse."

The issue was discovered by Federico Andres Lois while reviewing the tweet recommendation engine that's said to power Twitter's For You timeline. This system was made public by Twitter on March 31, adding to the libraries of open source software it already released over years, long before Elon Musk took over.

...

According to Lois's study of the engine bug he found, coordinated efforts to unfollow, mute, block and/or report a targeted user applies global reputation penalties to the account that are practically impossible to overcome based on how Twitter's recommendation algorithm treats negative actions. 

As a result, Lois said, Twitter's current recommendation algorithm "allows for coordinated hurting of account reputation without recourse." Mitre has assigned CVE-2023-23218 to the issue.

Because this bug is in Twitter's recommendation algorithm, it means that accounts that have been subject to mass blocking are essentially "shadow-banned," and won't show up in recommendations despite the user being unaware they've been penalized. There seems to be no way to correct that kind of action, and it ideally shouldn't be possible to game the system in this way, but it is.

I find this interesting because it seems that the Twitter programmers who wrote this didn't have any idea that someone could exploit this in ways that they hadn't anticipated.  Actually, that applies to almost all security bugs.  Most security bugs are not broken functionality (this would almost always be found during the test cycle) but rather correctly functioning functionality that can be used in unintended ways.

This is one of the most interesting security bugs I've seen in quite a while, because it's in such a high visibility social media platform.

Thinking about Grace

I have posted special Easter posts for most of this blog's history, despite the fact that I've never really studied theology.  I've done my poor best, but have leaned repeatedly on someone who was a theologian.  Frederick Buechner was a ThD and an ordained Presbyterian minister, as well as a best selling author and Pulitzer Prize winner (back when that meant something).  I found him exceptionally insightful and thought provoking.

Rev. Beuchner passed away last summer at the ripe old age of 96.  As a tribute to him - as well as a meditation on Grace, and Easter, and the human condition - here are his quotes that I've used in the past.

A crucial eccentricity of the Christian faith is the assertion that people are saved by grace. There's nothing you have to do. There's nothing you have to do. There's nothing you have to do ... There's only one catch. Like any other gift, the gift of grace can only be yours if you'll reach out and take it.

- Frederick Buechner, Beyond Words: Daily Readings in the ABC's of Faith

To be commanded to love God at all, let alone in the wilderness, is like being commanded to be well when we are sick, to sing for joy when we are dying of thirst, to run when our legs are broken. But this is the first and great commandment nonetheless. Even in the wilderness - especially in the wilderness - you shall love Him.

  - Frederick Buechner, A Room Called Remember: Uncollected Pieces

Of the Seven Deadly Sins, anger is…the most fun. To lick your wounds, to smack your lips over grievances long past, to roll over your tongue the prospect of bitter confrontations still to come, to savor to the last toothsome morsel both the pain you are given and the pain you are giving back – in many ways it is a feast fit for a king. The chief drawback is that what you are wolfing down is yourself. The skeleton at the feast is you.

-Frederick Buechner, Wishful Thinking

But there is another truth, the sister of this one, and it is that every man is an island. It is a truth that often the tolling of a silence reveals even more than the tolling of a bell. We sit in silence with one another, each of us more or less reluctant to speak, for fear that if he does, he may sound like a fool. And beneath that there is of course the deeper fear, which is really a fear of the self rather than of the other, that maybe the truth of it is that indeed he is a fool. The fear that the self that he reveals by speaking may be a self that the others will reject just as in a way he has himself rejected it. So either we do not speak, or we speak not to reveal who we are but to conceal who we are, because words can be used either way of course. Instead of showing ourselves as we truly are, we show ourselves as we believe others want us to be. We wear masks, and with practice we do it better and better, and they serve us well –except that it gets very lonely inside the mask, because inside the mask that each of us wears there is a person who both longs to be known and fears to be known. In this sense every man is an island separated from every other man by fathoms of distrust and duplicity.

- Frederick Beuchner, The Hungering Dark

Stop trying to protect, to rescue, to judge, to manage the lives around you . . . remember that the lives of others are not your business. They are their business. They are God’s business . . . even your own life is not your business. It also is God’s business. Leave it to God. It is an astonishing thought. It can become a life-transforming thought . . . unclench the fists of your spirit and take it easy . . . What deadens us most to God’s presence within us, I think, is the inner dialogue that we are continuously engaged in with ourselves, the endless chatter of human thought. I suspect that there is nothing more crucial to true spiritual comfort . . . than being able from time to time to stop that chatter . . .

- Frederick Buechner, Telling Secrets

Here are Beuchner quotes that I don't know the source.

The love for equals is a human thing--of friend for friend, brother for brother. It is to love what is loving and lovely. The world smiles. The love for the less fortunate is a beautiful thing--the love for those who suffer, for those who are poor, the sick, the failures, the unlovely. This is compassion, and it touches the heart of the world. The love for the more fortunate is a rare thing--to love those who succeed where we fail, to rejoice without envy with those who rejoice, the love of the poor for the rich, of the black man for the white man. The world is always bewildered by its saints.  And then there is the love for the enemy--love for the one who does not love you but mocks, threatens, and inflicts pain. The tortured's love for the torturer. This is God's love. It conquers the world.

Listen to your life. See it for the fathomless mystery it is. In the boredom and pain of it, no less than in the excitement and gladness: touch, taste, smell your way to the holy and hidden heart of it, because in the last analysis all moments are key moments, and life itself is grace.

The grace of God means something like: Here is your life. You might never have been, but you are because the party wouldn't have been complete without you. Here is the world. Beautiful and terrible things will happen. Don't be afraid. I am with you. Nothing can ever separate us. It's for you I created the universe. I love you. There's only one catch. Like any other gift, the gift of grace can be yours only if you'll reach out and take it. Maybe being able to reach out and take it is a gift too.

If the world is sane, then Jesus is mad as a hatter and the Last Supper is the Mad Tea Party. The world says, Mind your own business, and Jesus says, There is no such thing as your own business. The world says, Follow the wisest course and be a success, and Jesus says, Follow me and be crucified. The world says, Drive carefully — the life you save may be your own — and Jesus says, Whoever would save his life will lose it, and whoever loses his life for my sake will find it. The world says, Law and order, and Jesus says, Love. The world says, Get and Jesus says, Give. In terms of the world's sanity, Jesus is crazy as a coot, and anybody who thinks he can follow him without being a little crazy too is laboring less under a cross than under a delusion.

Rest in Peace, Rev. Beuchner, and may flights of Angels sing thee to thy rest.  I expect that you went to Heav'n a'shouting love for the Father and the Son.

Eric Church - Like Jesus Does

The Kingdom of the Father is spread upon the Earth and men do not see it.

- The (non-canonical and possibly heretical) Gospel of Thomas

We are surrounded by Grace, in ways sometimes large but mostly small, and (mostly) we do not see it.  This song reminds us that the Lord's ever present gospel Grace is not only here for us on Easter.  He has given us signs if we have eyes to see.  The Queen Of The World shows this Grace to me on the regular - remember, Grace is forgiveness that is undeserved but granted anyway.

Wolfgang showed this unconditional love to me, too.  It wasn't exactly Grace, but he loved me like Jesus does.  We see ourselves reflected in our dog's eyes, not as we are but as we would like to be.  This song reminds us that this is how the Lord looks at us, too.

She Loves Me Like Jesus Does (Songwriters: Casey Beathard, Monty Criswell)

I'm a long gone Waylon song on vinyl, 
I'm a backroad sinner at a tent revival, 
She believes in me like she believes her bible, 
And loves me like Jesus does.

I'm a lead foot leaning on a suped up Chevy, 
I'm a good ol' boy, drinking whiskey and rye on the levee, 
But she carries me, when my sins make me heavy, 
And she loves me like Jesus does.

All the crazy in my dreams, 
Both my broken wings, 
Every single piece of everything I am, 
Yeah, she knows the man I ain't, 
She forgives me when I can't, 
That devil man, he don't stand a chance, 
Cause she loves me like Jesus does.

Always thought she'd give up on me one day, 
Wash her hands of me, leave me staring down some runway, 
But, I thank God each night, and twice on Sunday, 
That she loves me like Jesus does.

All the crazy in my dreams, 
And both my broken wings, 
Every single piece of who I am, 
Yeah, she knows the man I ain't, 
She forgives me when I can't, 
And the devil man, no, he don't have a prayer. 
Cause she loves me like Jesus does

Yeah, she knows the man I ain't, 
She forgives me when I can't, 
That devil man, he don't stand a chance, 
Cause she loves me like Jesus does.

I'm a long gone Waylon song on vinyl

The Kingdom of the Father is spread upon the Earth and men do not see it.

See it. 

Grace is something that you can never get but only be given.  There's no way to earn it or deserve it or bring it about anymore than you can deserve the taste of raspberries and cream or earn good looks.  A good night's sleep is grace and so are good dreams. Most tears are grace.  The smell of rain is grace.  Somebody loving you is grace.

- Frederick Buechner 

Critical vulnerabilities in Nexx smart home devices

Nexx makes a series of smart home devices that do things like garage door openers and security alarms.  It turns out that they have multiple security flaws that could be exploited to, well, open your garage door and turn off your security alarms. 

Even worse, they ignored the security researcher that discovered these flaws.  He notified the US Government Cybersecurity and Infrastructure Security Agency (CISA), who also told them.  

** crickets **

So they went public with a "these devices are well and truly screwed" announcement.  Oops.  If you have any of these things, the recommendation is to unplug them tout suite.

Yes, security is hard.  But it's even harder when you won't listen to folks who are trying to help you fix your security.

Every Law

 “Government is not reason, it is not eloquence,—it is force! Like fire, it is a dangerous servant, and a fearful master; never for a moment should it be left to irresponsible action.” --George Washington

Every law is enforced by violence. If you break a law and the authorities decide to enforce it, they will arrive with the threat of violence. If you resist, they will use the violence and use enough of it to gain compliance. 

Every law. From speeding and jaywalking to capital crimes. Men with weapons will come and if you resist, they will use all the force at their disposal. It is the only tool government has. 

A 9 year old girl in California learned this lesson in an indelible way a couple of days ago. She had raised a goat and brought it to a livestock auction at the Shasta fair. It sold for $900.00. Afterwards she regretted the sale and wanted to keep the goat as it really had become a pet. 

The winning bidder was willing to let the child keep the goat. The livestock manager for the fair was not and demanded the goat. He filed a criminal complaint. Two investigators drove ten hours to execute a search warrant and seize the goat. 

The goat was delivered to the Shasta fairgrounds where it was promptly slaughtered.

There's a lawsuit filed by the family.

Three cool Roman engineering projects

This is pretty cool.

Finally some better medical device cyber security

I've been posting about problems in the security of medical devices for a long time (example post here).  New standards are now emerging that may improve things:

Effective immediately, medical device manufacturers are advised to submit "a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities, and exploits."

Manufacturers are also asked to "design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure." This includes making patches available "on a reasonably justified regular cycle," and for newfound critical vulnerabilities, "as soon as possible out of cycle."

In other words, medical device security needs to enter the Twenty Teens.  Small steps, but small steps forward.

Dad Joke CCLI - Special Wolfgang edition

One phrase that's been heard repeatedly around here in the last week is that Wolfgang would not have wanted us to be sad.  And so it's time to move forward.  So this bit of humor is dedicated to a life well spent with Wolfgang.

Why can't dogs watch movies at home?

Because they always hit the "paws" button. 

Fumio Hayasaka - Themes to The Seven Samurai

The Seven Samurai tops most people's list of "Greatest Foreign Film of All Time", and it was the crown jewel of the long collaboration between Director Akira Kurosawa and composer Fumio Hayasaka.  Hayasaka would die from tuberculosis the following year (1955) at the age of 41.  You really have to wonder what music he would have composed had he lived.  In particular, it's easy to speculate on a Hayasaka score to Kurosawa's Ran.

It was at the time the most expensive film ever made in Japan but was very financially successful in Japan, out grossing Godzilla.  It was 207 minutes long (with a 5 minute intermission - also part of the musical score).  50 minutes were edited out to better fit American's attention span.  It was released in America with the title The Magnificent Seven - the title was changed back in 1960 with the release of the American version of that film.

Mo Pitney - Just a Dog

It seems that Wolfgang made his first appearance in these saturday country music posts on September 1, 2012.  The song was Burl Ives, I found my best friend in the Dog Pound.  It had this photo which made me smile and also brought a tear to my eye.

He sure loved lying on the grass, from when he was a little pup.  Here in Florida, he and I would sit out on the grass at the end of the day, watching the world go by.  The Queen Of The World and I called it "Sit Time", and he always got excited when I said those words.

This week has been a whole lot of him not being there.  This song is all about that.

Just A Dog (Songwriter: Mo Pitney)

Ten years ago I was on my way home,

saw her walking on the side of the highway alone.
It was raining like hell and I kept telling myself
"not my problem, keep on driving, just like everybody else."
Why should I be the one pulling over on the shoulder at night?

It's just a dog, right?

From the cab of my truck, to the foot of my bed,
to a new pair of boots that she chewed in shreds.

Digging holes in the yard, chasing cars down the street
to one gutter and when I found her, I thought it hit me.
Took half of my savings to save her, and I didn't think twice.

It's just a dog, right?

Just an old mutt riding shotgun, getting my seats all muddy.
Just the one who I come home to, just my best fishin' buddy.
We were walking that spring in the sand on the beach.
You know she was the reason, Amy walked up to me.
She lost her place on the couch, but she kept her cool.
She was crazy about Amy and she knew I was too.
And the night that girl left me, she kept me from losing my mind.

But it's just a dog, right?

It's 83° today and man I can hardly wait to get this truck down to the lake,
I bet the bass' are hittin'.
Boats in my rear view mirror, got my... tackle box and all my gear,
the wind is right, the sky is clear, there's only one thing missin'.
Just an old mutt riding shotgun in my seats on my knees.
It just hit me she's not with me like she was this past Sunday.
Why am I pulling over on the shoulder with tears in my eyes?

It's just a dog, right?
She was just a dog, right?