You have to listen for a while to appreciate Lady Gaga - well, I did, but came around to her as a credible singer of one of the all time great Big Band songs.
Wednesday, May 31, 2023
Tuesday, May 30, 2023
An endorsement (sort of from Wolfgang) for Chewy.com
We have used Chewy as our preferred supplier for Wolfgang's food and meds for like, forever. They've shipped regularly and on time and we've been quite happy with that.
But that's not why we're recommending them. Here's why:
When we first set up an account there was an option to upload a picture of your pet. The Queen Of The World uploaded a pic of Wolfgang. She expected that a little pic of him would be on their website when we ordered stuff for him. Instead, we got a US Postal mailing that had a hand painted picture of Wolfgang, painted by one of their staff.
But that's not why we're recommending them. Here's why:
When Wolfgang died, I went to their web site to shut down any auto-ship orders and that sort of thing. They had a "Delete this pet" option which seemed to be appropriate, which I chose. The next day I got an email from their support staff that expressed their heartfelt sorrow for what we were going through. It wasn't an auto-generated email "So sorry for your loss" but a personal email that brought a tear to my eyes.
But that's not why we're recommending them. Here's why:
Today the doorbell rang. It was sumd00d dropping off a bouquet of flowers with a card saying that the team at Chewy was so sorry that we had lost Wolfgang.
They didn't have to do any of this (other than ship my orders on time). My take is that Chewy hires people who love pets, and empowers them to treat their customers like, well, pet lovers.
The Queen Of The World and I were fans before this, but now we're HUGE Chewy fans. They've treated us, and Wolfgang, above and beyond the call of current e-commerce. They've treated us like family - better than some of our actual family in fact.
If you have a pet, Chewy.com comes highly, highly recommended from us (yeah, and Wolfgang - he liked the stuff we got there, from his daily food to his medications). And no, we have no relationship with them other than very, very satisfied customers.
Monday, May 29, 2023
Your reads for today
Divemedic reminds us that not all service deaths were combat deaths. Juvat reminds us that not all service deaths were service members.
Enjoy your day but spare a thought for these heroes.
UPDATE 29 MAY 2023 13:23: Dwight takes a day off from his regular fare of obits and which sports coach got fired, to remind us of combat casualties as well. Remember their stories.Sunday, May 28, 2023
Cleopatra's handwriting discovered?
Now this is interesting:
A single Greek word, ginesthoi, or "make it so," written at the bottom of a Ptolemaic papyrus may have been written by the Egyptian queen Cleopatra VII herself, says Dutch papyrologist Peter van Minnen of the University of Groningen. ... the papyrus text, recycled for use in the construction of a cartonnage mummy case found by a German expedition at Abusir in 1904, appears to be a royal ordinance granting tax exemption to one Publius Canidius, an associate of Mark Antony's who would command his land army during the Battle of Actium in 31 B.C. The text reads as follows:
We have granted to Publius Canidius and his heirs the annual exportation of 10,000 artabas [300 tons] of wheat and the annual importation of 5,000 Coan amphoras [ca. 34,500 gallons] of wine without anyone exacting anything in taxes from him or any other expense whatsoever. ... Let it be written to those to whom it may concern, so that knowing it they can act accordingly.
Make it so!"Written in an upright hand by a court scribe, the document was meant to be an internal note from Cleopatra to a high official charged with notifying other high officials in Alexandria," says van Minnen. "The personal nature of the communication is evident in the lack of any formal introduction of Cleopatra herself (she is not even mentioned by name) and the absence of a title after the name of the official to whom it was addressed (the name cannot be read)." The manuscript is not one of the copies received by the other officials, as there is no forwarding note attached to it and because it was executed in multiple hands. The text of the ordinance was written first, Cleopatra's written approval second, and the date of the document's receipt in Alexandria third.
If this was actually signed by her, this may be the first royal ancient handwriting ever discovered.
John Williams - Hymn for the Fallen
Tomorrow is Memorial Day, a day for reflection on those who gave everything they had and everything they would ever be for something larger than them. That something is us, and the world is filled with the graves of the fallen, and will likely see new ones until the World is remade.
Nowadays it's the long weekend that starts the summer season. Trips to the lake, grilling out, and cold beer push the original meaning aside. Few take flowers to the graves anymore, which is a damn shame. The Fallen deserve a day of remembrance.
This weekend, we are called to reflect on these fallen. Art at its best is there to help lead the way. Classical music used to offer many selections for solemn days like this before it was degraded like all modern art. Fortunately, Classical music has found a niche where it yet thrives, with talented composers writing new music for the cinema. Perhaps the greatest of these in our age is John Williams. He wrote this for the film Saving Private Ryan, where it played during the final credits. This is a tour of those graves. Sadly, many Americans have not been to any of these places.
The Fallen remain forever 20 years old. Remember them tomorrow as you fire up your grill. I don't think they - or the boys from Gettysburg or Fredericksburg or Cold Harbor or Pearl Harbor or Normandy or a thousand other hallowed grounds - would begrudge you your family enjoyment. But remember them.
That's what Memorial Day is about.
* It is vulgarly called the "Civil War". It wasn't. The South didn't want to take over the North, it wanted to leave it.
Saturday, May 27, 2023
Night 1 of my Grand Daughter's beauty pageant
Earlier this month I posted that #1 Grand Daughter was in the Miss USA Teen Rhode Island pageant. Well tonight was the first night.
Wowzer. She gets her good looks from her Mom, who gets them from The Queen Of The World. No mystery there.
Dang, my son-in-law the Chief really needs a shotgun. Longtime reader LindaG suggested that this song might be appropriate:
So help me out, Rhode Island readers - where's a good gun store up there? I'd ask for a local gun store but c'mon - everything is local in Rhody. OldAFSarge, I expect you're my go-to guy up there.
(Help us, Obi-Wan OldAFSarge. You're our only hope!)
The Statler Brothers - More Than a Name on a Wall
This is Memorial Day weekend. It's not "have a nice barbecue" weekend, although that would be a fine thing to do and nobody would blame you for it. It's also not "thank a veteran" weekend, although nobody would blame you for that, either. But that day is in November, not May.
This weekend is to remember those who never made it home from war. So raise a cold one in toast to them at your barbecue. As the Statler Brothers put it so well, they're not just names on a wall.
More Than A Name On A Wall (Songwriters: Jimmy Fortune, John Rimel)
I saw her from a distance, as she walked up to the wall
In her hand she held some flowers, as her tears began to fall
She took out pen and paper as to trace her mem'ries
She looked up to heaven, and the words she said were these
She said, "Lord my boy was special, and he meant so much to me
And Oh, I'd love to see him just one more time you see
All I have are the mem'ries and the moments to recall
So Lord could you tell him he's more than a name on the wall"
She said, "He really missed the family, being home on Christmas day
And he died for God and country in a place so far away
I remember just a little boy, playing war since he was three
And Lord this time I know, he's not coming home to me"
She said, "Lord my boy was special, and he meant so much to me
And Oh, I'd love to see him but I know it just can't be
So I thank you for my mem'ries and the moments to recall
But Lord could you tell him he's more than a name on the wall
Lord could you tell him he's more than a name on the wall"
Friday, May 26, 2023
Dining on the Titanic
I do like this guy's vlogs. These recipes sound yummy - even the one from 3rd class. I'd eat that.
Huh. So a steel helmet gives better protection than a kevlar one?
Lots of good helmet info at that link.
Thursday, May 25, 2023
Rest in Peace, Sled Driver
Major Brian Shul, combat pilot and SR-71 driver dead at 75. As always, Dwight is your go-to guy for obits. Rest in peace, Major.
We've seen him here before - actually 13 years back. Reposting for his sendoff.
(Originally posted 9 April 2010)
Aspen 20, I show you at 1,982 knots on the ground.
One day, high above Arizona , we were monitoring the radio traffic of all the mortal airplanes below us. First, a Cessna pilot asked the air traffic controllers to check his ground speed. 'Ninety knots,' ATC replied. A twin Bonanza soon made the same request. 'One-twenty on the ground,' was the reply. To our surprise, a navy F-18 came over the radio with a ground speed check. I knew exactly what he was doing. Of course, he had a ground speed indicator in his cockpit, but he wanted to let all the bug-smashers in the valley know what real speed was 'Dusty 52, we show you at 620 on the ground,' ATC responded. The situation was too ripe. I heard the click of Walter's mike button in the rear seat. In his most innocent voice, Walter startled the controller by asking for a ground speed check from 81,000 feet, clearly above controlled airspace. In a cool, professional voice, the controller replied, ' Aspen 20, I show you at 1,982 knots on the ground.' We did not hear another transmission on that frequency all the way to the coast.The SR-71 Blackbird, designed by the same Kelly Johnson who designed the P-38 and U-2, was shot at 4000 times. It outran the missile each time. When the final aircraft was decommissioned by the Air Force, and was given to the Smithsonian Institution, they flew it from Los Angeles to Washington D.C. In an hour.
Man, that's one cool bird.
Wednesday, May 24, 2023
Oh bother
It seems that people have been trying to use ChatGPT to translate Linear-A, but there are just too few texts to allow translation.
Oh, well. I've thought for some time that they would just be ancient Minoan shopping lists, anyway.
Tuesday, May 23, 2023
Harry James - Beyond The Sea
Charles Tennant's song La Mer is tied with Edith Piaf's La Vie En Rose for the (worldwide) best selling popular song in french history. Some of this is due to the English translation and Harry James' wildly popular version here. Marion Morgan's voice is liquid gold.
Deepfake penmanship
People have been talking about "Deepfake" pictures and video for years now - artificially created media based on publicly available source media that shows something entirely made up. ChatGPT adds the ability for AI to write documents on arbitrary subjects.
The problem for people passing these off is that the fonts used to print them don't look handwritten. They're too perfect, to regular. Real people have subtle variations in their handwriting so you can catch this sort of thing out.
Like other machines, this starts with asking ChatGPT to write an essay based on the assignment prompt. That generates a chunk of text, which would normally be stylized with a script-style font and then output as g-code for a pen plotter. But instead, Devadeth created custom software that records examples of the user's own handwriting. The software then uses that as a font, with small random variations, to create a document image that looks like it was actually handwritten.
It uses a pen plotter to write the document, so it could be written in a spiral notebook. The future is stupid, and entirely untrustworthy.
(via)
Monday, May 22, 2023
Russian hacker cyber attacks Kremlin and lands in the Gulag
Quite frankly, I'm not sure what he was thinking:
A Russian IT worker accused of participating in pro-Ukraine denial of service attacks against Russian government websites has been sentenced to three years in a penal colony and ordered to pay 800,000 rubles (about $10,000).
According to the state-owned TASS news agency, a Russian regional court handed down the sentence against Yevgeny Kotikov, who is said to have supported Kyiv during Russia's invasion of Ukraine. To this end he and others DDoSed government websites including those belonging to the Russian president and the country's Ministry of Defense, we're told.
[blink] [blink]
Solid plan, tovarich.
Sunday, May 21, 2023
Chaos has descended
Unexpectedly we have two grand kids and two grand dogs for the day. Blogging will be sparse.
UPDATE 21 MAY 2023 14:38: How do you stop a 13 year old from fighting with his 10 year old sister? Ask the Romans: divicis et imperio. Divide and conquer. He and I took the dogs for a walk and things are quiet now.
Saturday, May 20, 2023
What does the actual science say about climate change?
Chris Lynch points out that NOAA (the US Government's weather bureau) says that April 2023 was colder than 1895. He has data and everything.
It's been a while since I've posted much about climate because I've pretty much said everything I have to say on the matter. But I'm reposting this from 2017 because it adds some depth to Chris' post. About the only thing I didn't put into this post is the way that data is adjusted to change it.
(originally posted March 20, 2017)
A layman's guide to the science of global warming
The Starting Point: Climate over the last 1000 years
Probably the most famous image from this whole debate is the "Hockey Stick" graph, showing what was said to be the climate over the last 1000 years:
This was from a 1999 paper by Michael Mann (and co authors Raymond Bradley and Malcolm Hughes; this paper is often referred to as MBH99 after the author's initials and publication date). When I first saw this, I was pretty skeptical. It showed a stable climate (notice how flat the blue line is over most of the time?) until very recently followed by a sudden spike in temperature - a long flat line with a sudden right-hand hook looks like a hockey stick (hence the name of the graph).
We didn't hear much about an impending heat death of the globe until fairly recently. Before the late 1990s, the current scientific consensus was that climate fluctuated, sometimes hotter and sometimes cooler. The current climate was not seen as being particularly warm - certainly less warm that the Medieval period (called the "Medieval Warm Period", or MWP) or the Roman era (called the "Roman Climate Optimum"). This was all written up in the first Assessment Report from the UN Intergovernmental Panel on Climate Change (IPCC) which periodically published the latest and best scientific understanding on the issue. Page 202 of that report showed the scientific consensus of climate history over the last thousand years.
You can see the MWP of the left, the "Little Ice Age" where famine ruled Europe in the middle, and then a temperature recovery to the current era on the right. No hockey stick to be seen anywhere. Remember, this was the scientific establishment view in 1990.
As it turns out, there's plenty of history to support this establishment view, and which disputes the MBH99 hockey stick. The Domesday Book was a tax survey compiled by William the Conquerer after he invaded England in 1066. It detailed everything in his kingdom that was worth taxing, and so it was assembled with care. It documented wine vineyards in the north of England, far to the north of where wine is produced today, implying that the climate was warmer in 1066 than it is in 2017. There is excellent documentary history that the MWP was followed by a catastrophic cooling - the Little Ice Age: as todays's glaciers retreat, archaeologists have discovered the remains of alpine villages that were overrun by glaciers. And recently, the Vatican announced changes to centuries-old prayers to stop the advance of the glaciers.
The important point here is that there is quite a lot of recorded history from the period that does not square with the climate reconstruction from the Hockey Stick paper. As it turns out, the MBH99 paper has been conclusively debunked: the data sets used were inappropriate and the statistical algorithms were "novel" (the produced hockey stick shaped output even on completely random data; for example, if you ran the numbers from the telephone directory through the algorithm it would give you a hockey stick).
How do we know what the temperature was 1000 years ago?
The thermometer was invented in the early 1600s. The oldest regularly maintained series of readings are from the Central England Temperature (CET) series that dates to 1659. So how do we know what the temperature was before that? Proxies.
A proxy is a measurement that isn't directly a temperature measurement but which maps to what we think the temperature was. The most famous of these are tree ring widths: rings will be wider in warmer years when growth is faster, and narrower in cold years when growth is slower. There are a lot of other types of proxies: rings showing growth in coral reefs, layers of sediment from ponds, and most interestingly, layers of ice deposited on glaciers. Drilling into the glacier results in ice cores which have annual accretions - colder years will have thicker layers and warmer years will have thinner ones.
Proxies reflect temperature and some of these records go back a very, very long time. The Greenland Ice Core Project (GRIP) ice cores date back thousands of years:
The Vostok ice cores from Antarctica go much further back, hundreds of thousands of years:
OK, so we know that climate has been up and down for pretty much as long as we can piece together records. Rather than history, what's going on right now?
We now need to shift from history to Chemistry. We've heard of the "Greenhouse Effect", where sunlight passes through the atmosphere to the ground, the energy is absorbed and re-emitted as heat, and the heat is trapped by the atmosphere. In more precise scientific terms, certain gases are transparent to visible light, but obaque (blocking) to heat (infrared) radiation.
Carbon Dioxide (CO2 is one of a set of greenhouse gases, including methane and water vapor. One justification for the Hockey Stick that proponents of AGW theory used was that the Industrial Revolution began to produce large amounts of CO2 around 1850, which is when we saw the spike in temperature. There are a couple problems with this:
1. Correlation does not imply causation. Just because something happens at the same time as something else, doesn't mean that it's caused by it. If we see a big increase in, say, the number of lemons imported from Mexico, and simultaneously see a big reduction in the number of traffic fatalities, we shouldn't jump to the conclusion that Mexican lemons reduce traffic deaths. This seems obvious, but is really at the heart of the proposed policy mitigations like Kyoto, Cap and Trade, and Copenhagen.
2. More importantly, CO2 is a very - even surprisingly - weak greenhouse gas. (chart from ICPP AR 1)
What this means is that as you put more CO2 into the atmosphere, it has less and less of a greenhouse effect. This isn't really surprising, because this sort of "exponential decay curve" is the norm in nature - things tend to rapidly achieve equilibrium because this "negative feedback" keeps things from running away out of control. Chemistry (actually spectroscopy) tells us that CO2 is not really opaque to infrared except at a very narrow frequency band, and therefore "leaks" heat back into outer space at the edges of the bands.
The scientific consensus is that doubling the amount of carbon dioxide in the atmosphere results in warming of around 1°C. We've gone from around 280 parts per million (ppm) atmospheric CO2 to around 400 ppm an increase of about 50% over the last 100 years or so, so there should have been an increase of around half a degree. So why do we hear all of this about how we are destroying the planet? I mean, half a degree doesn't sound like much.
Shaky scientific grounds: "Positive Forcings"
Proponents of catastrophic warming know this, and have proposed a theory of "Positive feedback", where CO2's greenhouse power is multiplied, or "forced", sort of like Popeye after he opens a can of spinach. This forcing is reached after a particular CO2 concentration, and causes a "runaway greenhouse effect". There is a fatal problem with this: we simply don't see this much in nature. In fact, the universe is stable because of negative feedback, where an increase in one thing results in a decrease in others.
There is, of course, a theoretical justification for positive feedback from the AGW proponents - the details are complex, and I don't particularly want to get into them. Instead, is there a way that we can test the theory? There is indeed. We have measurements of both temperature levels as well as CO2 concentrations for at least the 20th Century. How do they match?
Poorly:
Rather than lots of science and math and stuff, he looks at what the proponents of AGW say and he finds a lot to be desired:What I would add is that we don't just get temperature proxy data from ice cores, we also get CO2 levels from gas bubbles that were trapped in each layer. CO2 maps very neatly to temperature, so the question is why we didn't see positive forcing during, say, the Roman Climate Optimum?5. The claimed “proof” of positive feedback is a model prediction of a hot spot in the tropics at mid troposphere levels. However all the experimental evidence from many, many measurements has failed to find any evidence of such a hot spot. In science, a clear prediction that is falsified experimentally means the underlying hypothesis on which the prediction is based is wrong....8. If I adopt this 10:1 ratio by looking at the last 100 years worth of data I find 1910-1940 temperatures rising while CO2 was not. 1940 to 1975 temperatures falling while CO2 rising, 1975 to 1998 temperatures rising while CO2 rising and 1998 to 2009 temperatures falling while CO2 rising. Three quarters of the period shows no correlation or negative correlation with CO2 and only one quarter shows positive correlation. I do not understand how one can claim a hypothesis proven when ¾ of the data set disagrees with it. To me it is the clearest proof that the hypothesis is wrong.
This is the biggest problem that climate scientists have today, and is actually the center of the whole debate: are there positive forcings, if so how big are they, and how are they measured? There's actually no consensus at all here among climate scientists. You can get a good overview of this issue here.
Climate Models seem hopelessly broken
Prediction is hard, especially about the future.The history is decently clear from proxy evidence, so where do scientists think that the climate is going? There are a bunch of computer models (enormous, complicated computer programs) that predict what climate will be like in the future. A lot of the most dire predictions that you hear - that temperatures will rise 4 or 5 degrees, devastating the planet - come from these models.- Yogi Bera
The problem is that models are not climate - they are programs that contain a bunch of algorithms that produce a set of numbers. Whether these algorithms are valid predictors is the real question. As we all know, the proof of the pudding is in the eating of it. So how accurate have the models been?
Not very:
The latest IPCC report (as of 2017) is Assessment Report 5 (AR5) which includes 102 climate model predictions from CMIP-5. All but a couple of the models run "hot", meaning that the predicted temperatures are higher than what is observed. The blue and green data points are from measured temperatures from weather balloons and satellites, but we could as easily add in the surface temperature data set used in AR5 (the CRUTEM series) which would show the same divergence between measured temperature and predicted temperature. You can get more details on models vs. measured temperature at this post.
Something seems very fishy in Climate Science
This is where we stand regarding the historical record, the theory, the chemistry, and the predictive models. There is really quite a lot of evidence that climate science as currently practiced doesn't have as solid a grasp on the climate as they say. Indeed, at each stage we see quite a lot of hard evidence that contradicts what the so called "consensus view" of science is. If the theory were as strong as claimed, you'd expect to see the opposite - data everywhere confirming the theory.
For example, the highest temperature ever recorded in the United States was in 1913. After a century of positive forcing and year after year reported as "the hottest year ever", we find that the hottest day on record was over a century ago. Does this prove that the climate isn't warming? Of course not. However, if the science were as incontrovertible as we are told, you would expect a more recent record.
But let's look at what's going on in the "consensus climate establishment", because there are some very odd things that you see when you turn over some rocks. We will talk about some of these now.
ClimateGate and "Hide the Decline"
The University of East Anglia (UK) hosts the Hadley Centre for Climate Prediction and Research, one of the three most influential climate research organizations in the UK. The Hadley Centre is part of the UK Met (Meteorological) Office, the UK's national weather office. Hadley develops computer climate models and provides one of the most influential temperature data sets (CRUTEM3). In 2009, the Hadley Centre controversially refused a Freedom Of Information Act (FOIA) request for the CRUTEM3 raw (uncorrected) data.
Phil Jones is the current director of the Hadley Centre.
In November 2009, someone posted 61 MB of emails, computer program code, and climate data from Hadley servers to an FTP server on the Internet. One of the most notorious of the emails in this release was from Dr. Jones, and contained the following:
I've just completed Mike's Nature trick of adding in the real tempsLet's unpack this so you understand each piece. "Mike" refers to Dr. Michael Mann (of the Hockey Stick graph fame). "Nature" refers to Nature Magazine, one of (perhaps the) most prestigious scientific journals. More specifically, it refers to an article that they published, written by Dr. Mann in which he had a temperature reconstruction. There is a huge amount of dispute over what "trick" means - skeptics allege sleight of hand while Mann said it just referred to a mathematical technique. So what was the trick?
to each series for the last 20 years (ie from 1981 onwards) amd [sic] from
1961 for Keith's to hide the decline.
Dr. Mann's data sets contained many different proxy series. This is actually a good thing, because you want confirmation of results from different places and types of proxies (say, including ice cores, tree rings, and corals will probably be more reliable than just using tree rings). Mann's "trick" (call it a mathematical technique if you want) was to remove all proxy data later than 1960 and replace it with measured temperature data. The result was a hockey stick shaped temperature graph. This is what Dr. Jones did in the paper referred to in his email.
The $100,000 question is: why go to the trouble to do this if you have proxy data from 1960 up to the present? Why replace 50 years of perfectly good data?
Hide the decline.
This is a great, detailed video about ClimateGate and hide the decline by Dr. Richard Muller, head of climate science at the University of California at Berkeley. He is a high profile climate scientist and he has quite pungent things to say about Dr. Jones and company. The relevant part about Dr. Jones and the CRU starts around 29 minutes into the lecture.
There's more that I won't go into here (particularly the repeated modification of previously recorded temperature data with little or no justification) but this post is plenty long enough as it is and you have a solid grounding in the key points (with links to original sources so you can check my work).
Thursday, May 18, 2023
Where is Glen Filthie?
The Thunderbox is gone, along with the bad jokes, the Har-har-hars, and some nice photography of the northlands. I suspect the Glen ran afoul of the Google censors and has had his Blogger privileges revoked.
But who knows? Maybe he threw up his hands, tired of hollering down the well just to hear his own echo, and deleted the blog himself.
So, Glen, if you're still reading blogs and you see this note, we noticed you were gone and hope you are doing okay. Leave us a reply if you can.
Update: Glen has been located at https://gab.com/Glenfilthie. His link has been updated, too. You were signed up at Gab anyway, right? You might as well, a lot of the Blogger voices are going silent.
The P-47 that lost a wing and still made it home
Well, it lost most of a wing. Damn, that was one tough bird.
Bravo, Apple
Yes, the iPhone is a "Walled Garden" controlled by Apple. But this is a benefit that you'd expect from a walled garden:
The Apple App Store supports more than 36 million registered Apple developers, but not all of those coding partners are benign. In a report on App Store safety this week, the computing giant noted that last year it booted nearly a half-million (428,000) developer accounts from the platform for carrying out fraud and abuse.
Apple said that in all, it prevented more than $2 billion in potentially fraudulent transactions in 2022, rejecting nearly 1.7 million app submissions for privacy violations, spammy or misleading features, or containing hidden or undocumented capabilities.
It also dismantled 282 million customer accounts for fraud and blocked nearly 105,000 Apple Developer Program enrollments for suspected malicious activities before they could submit apps to the App Store. And it detected and blocked more than 147 million fraudulent ratings and reviews.
This costs them money, but it keeps the App Store in better shape than the equivalent for Android which is stuffed to the gills with malware. Well done, Apple. Credit where credit is due.
Tuesday, May 16, 2023
No, we're not going to get another dog
A bunch of you have left comments about Wolfgang - thanks to everyone, it means a lot. One comment that comes up repeatedly is whether we are going to get another dog. The short answer is no.
Wolfgang was quite an unusual dog. He was literally the best socialized and friendliest dog that I have ever seen. He was super friendly with both other dogs and people - particularly children, who he always thought would want to play with him. He was almost always right.
But he also lived to do what we wanted him to. I've never had a dog that was so well trained, and I give all the credit to Wolfgang. We've had a couple times since he died that we dog sat, and while we liked the dogs they were conspicuous in how they were not well trained like he was. And this includes two German Shepherds. Not at all as well behaved and eager to please.
I was surprised at how annoyed I was by this. Make no mistake, they were all good dogs, but I was spoiled by Wolfgang. Spoiled rotten, in fact.
And so, to bastardize Paul Newman's phrase, I don't want to have hamburger after having a steady diet of steak. Maybe we'll change our mind, but not any time soon.
If you run Windows, get patching
Today's Patch Tuesday fixes a critical vulnerability that is being exploited in the wild:
Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.
Secure Boot is a security feature that blocks bootloaders untrusted by the OEM on computers with Unified Extensible Firmware Interface (UEFI) firmware and a Trusted Platform Module (TPM) chip to prevent rootkits from loading during the startup process.
Unfortunately, the patch process is complicated here. Click through to the article and follow the instructions. Microsoft is working on a simpler method but doesn't expect to have this for two months - and remember there is malware exploiting this today.
Note: in the instructions you will see something about updating the factory media (sometimes called the "Restore disk"). This came with your computer. I wouldn't worry about that today; the big thing is to get the Secure Boot State fix.
Monday, May 15, 2023
Happy birthday, Wolfgang
I sure wish you were here to celebrate it with us.
This was one year ago.
See you again someday, buddy.
Communications for preppers
Secure comms are an issue for any emergency/disaster/Zombie-apocalypse scenario. This looks like a pretty nifty solution for that problem.
Sunday, May 14, 2023
Frank Churchill and Oliver Wallace - "Baby Mine" from Dumbo
Dumbo is perhaps the ultimate Mother's Day film, about a Mom trying to protect her child, about separation and then reunion. Churchill (music) and Wallace (lyrics) won the 1941 Oscar for best original score, and this song was nominated for Best Original Song.
Happy Mother's Day, everybody.
Saturday, May 13, 2023
Morgan Wallen - Thought You Should Know
Tomorrow is Mother's Day, a holiday that demands sentimentality. No genre does sentimental like Country, and this song is a perfect tribute to mothers everywhere. Unsurprisingly, Morgan Wallen wrote this for his mom.
The Queen Of The World suggested this song for today.
What’s goin’ on, mama?
Something just dawned on me
I ain’t been home in some months
Been chasin’ songs and women
Makin’ some bad decisions
God knows I’m drinkin’ too much
Yeah, I know you’ve been worrying ’bout me
You’ve been losin’ sleep since ’93I thought you should know
That all those prayers you thought you wasted on me
Must’ve finally made their way on through
I thought you should know
I got me a new girl down in Jefferson City, and
She lets me fish whenever I want to
Yeah, I’m still proud of where I came from
Still your only damn son
Can you believe I’m on the radio?
Just thought you should know, thought you should know, thought you should knowOh, by the way, mama, didn’t mean to ramble on ya
How’s everything back at home?
Yeah, how’s that garden comin’?
Is dad still doing dumb s—?
And how’d he keep you this long?
Yeah, I’m sorry that I called you so late
I just miss you but anywaysI thought you should know
That all those prayers you thought you wasted on me
Must’ve finally made their way on through
I thought you should know
I got me a new girl down in Jefferson City, and
She lets me fish whenever I want to
Yeah, I’m still proud of where I came from
Still your only damn son
Can you believe I’m on the radio?
Just thought you should know, thought you should know, thought you should know
Yeah, I know you’ve been worrying ’bout me
You’ve been losing sleep since ’93
I thought you should know
That all those prayers you thought you wasted on me
Must’ve finally made their way on throughI thought you should know
That I really like this girl down in Jefferson City, and
Turns out she’s a lot like you
Yeah, I’m still proud of where I came from
Still your only damn son
The bus is leavin’ so I gotta roll
Just thought you should know, thought you should know, thought you should know
I thought you should know, thought you should know
I thought you should know, thought you should know, thought you should know
Friday, May 12, 2023
Big Country will be off the air for a couple weeks
He asked me to tell everyone that his blog will be down for a couple weeks. More when we know more.
Dad Joke CCLX
We are dog sitting our grand-dogs, so here's a dog themed Dad Joke:
Where should dogs never go shopping?
At a flea market.
Good security costs money
There's a reason that you might want to think twice about buying super cheap electronics:
Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia.
This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it.
Anything with a microphone is something that you don't want in your house if it has malware. Supply Chains can be (relatively) secured, but this takes money and effort. A $99 TV simply won't have the revenue stream to support that.
Caveat emptor.
Thursday, May 11, 2023
Vote for my granddaughter
#1 Granddaughter has entered the Miss Teen Rhode Island contest. If she wins, she will move on to the Miss Teen USA contest. The pageant is running a voting contest as a fund raiser for mental health awareness and education, and the winners will move on to the semi finals.
Obviously, The Queen Of The World and I are pretty proud and excited about this. We're asking for your help (and small donation) to help her along. Voting is here.
Next, I'll be running a fund raiser to get her Dad (the Chief) a shotgun. For obvious reasons.
Wednesday, May 10, 2023
Beware old software
Eventually all software is sent out to pasture, after which you won't get security updates. Case in point: Cisco will not release security update for end-of-life telephone adapters:
Cisco Systems is warning a critical flaw impacting its IP phone ports allow unauthenticated attackers to execute code remotely on targeted devices and gain full admin privileges. It is urging customers still using the impacted model, SPA 112 2-Port Phone Adapters, to upgrade to its Cisco ATA 190 Series Analog Telephone Adapter to mitigate the flaw.
"Cisco has not released and will not release firmware updates to address the vulnerability that is described in this advisory," the company wrote in a security bulletin on Wednesday.
...
Cisco it was retiring the SPA 112 2-Port Phone Adapters December 2019 and said end-of-life security support for the product would be June 2020. It's unclear how many impacted models might still be in use today.
This is not a slam on Cisco. They have an excellent security reputation, because they take the issue seriously and invest in it. However, once one of their devices reaches end-of-life, they are quite clear that they stop maintaining it. Heck, that's really the definition of end-of-life, isn't it?
The takeaway for us is that the devices that we buy and use are increasingly software reliant, and need regular updates. When even large, successful companies reach the point that the device is obsolete, we need to recognize that we've gotten all the use out of it that we safely can. For smaller and less financially stable companies, that day likely will come much sooner.
This specific Cisco problem almost certainly doesn't effect any of the readers here, but the lesson is important. From a security perspective we need to remember that all things come to an end one day. Sometimes the best security tool is a forklift ripping out old devices so you can move forward.
Tuesday, May 9, 2023
Hackers vs. AI
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.
The collaborative event, which AI Village organizers describe as "the largest red teaming exercise ever for any group of AI models," will host "thousands" of people, including "hundreds of students from overlooked institutions and communities," all of whom will be tasked with finding flaws in LLMs that power today's chat bots and generative AI.
Think: traditional bugs in code, but also problems more specific to machine learning, such as bias, hallucinations, and jailbreaks — all of which ethical and security professionals are now having to grapple with as these technologies scale.
DEF CON is set to run from August 10 to 13 this year in Las Vegas, USA.
My guess is this will be a target rich environment.
Sunday, May 7, 2023
Bobby Darin - Theme From 'Come September'
The Queen Of The World and I watched this film last night. Two thumbs way, way up for this 1961 Rock Hudson/Gina Lollobrigida comedy. It has a witty screenplay, solid performances from supporting actors (including Bobby Darin in his film debut, where he met and fell in love with his co-star; they married later that year), and is a trip back in time to Old America. It was utterly delightful. Highly recommended.
Bobby Darin wrote and performed the theme to the film. The rest of the score was written by Hans J. Salter, one of the many Austrian/German Jewish composers who fled the Third Reich and ended up on the shores of Hollywood. Salter's score is workmanlike, but it's Darin's songs that stand out. It's not the typical Sunday Classical offering - more reminiscent of an early Bond Theme - but it's still fun.
As is the film. You should be able to find it on Turner Classic Films.
Saturday, May 6, 2023
Gordon Lightfoot - Sweet Guinevere
Gordon Lightfoot is dead (for you Canadian Quebecois hosers, that's "Gordon Lightfoot est mort"). There have been tributes pretty much everywhere, featuring his biggest hits: Wreck of the Edmund Fitzgerald, Sundown, If You Could Read My Mind.
What I haven't seen anywhere is a mention that his 1978 album Endless Wire peaked at #14 on the Country Music chart. Really. The man had a considerable range. Rest in peace.
Sweet Guinevere you're off to the coal town tonight
And your young brother Ernie's up in Pittsburgh PA
You know mother loves you, and dad's in the mine
So don't go to the coal town, Guinevere, if you're kind
She loves a young man and he lives in the town
And he leaves the house early for he works underground
He makes a good wage for a coal miner's son
And she's a bit pretty, just turned twenty-one
Sweet Guinevere you're off to the coal town tonight
And your young brother Ernie's up in Pittsburgh PA
You know mother loves you, and dad's in the mine
So don't go to the coal town, Guinevere, shut the blind
She knows her good mother's not feelin' no pain
She remembers an explosion and the black falling rain
She paints her thin lips in her dewy-eyed way
Then she says to the daughter, dear daughter I pray
Sweet Guinevere you're off to the coal town tonight
And your young brother Ernie's up in Pittsburgh PA
You know mother loves you, and dad's in the mine
So don't go to the coal town, Guinevere, if you're kind
Friday, May 5, 2023
Smoking' Joe Kubek & Bnois King - Armadillo Blues
Smokin' Joe died far too young (as did my younger brother). You wonder what other music he would have recorded had he had his full three score and ten.
Security behind the scenes
If you're not a tech nerd like me you might want to skip this post, but there's a significant move being made to make the base operating system more secure by rewriting it in the Rust programming language. Unlike most other languages, Rust is memory-safe. What this means is that we don't think that buffer overflow attacks will work against key OS components like sudo and su.
Buffer overflow attacks have been around for 30 years - Smashing The Stack For Fun And Profit goes all the way back to Phrack 49 in 1996. Buffer overflow attacks allow a Bad Guy to execute arbitrary code under the privilege of the attacked program - for OS binaries and drivers, this is root or System or something that you really, really don't want to happen.
Also, Microsoft is also implementing this for some of their OS drivers.
In layman's terms, this is replacing a 50 year old rusty road bridge with a brand new one that is up to modern safety standards. This kind of work isn't sexy but it's very important to the industry. Well done, everybody!
Thursday, May 4, 2023
I don't trust RFK, Jr., but ...
... he sure make a lot of sense here:
Let’s be honest: it’s a US war against Russia... to essentially sacrifice the flower of Ukrainian youth in an abattoir of death and destruction for the geopolitical ambition of the neocons, oft-stated, of regime change for Vladimir Putin and exhausting the Russian military so that they can’t fight anywhere else in the world. President Biden has said that was his intention — to get rid of Vladimir Putin. His Secretary of Defense, Lloyd Austin, in April 2022, said that our purpose here is to exhaust the Russian army. What does that mean, 'exhaust'? It means throwing Ukrainians at them. My son fought over there, side-by-side with the Ukrainians and we’ve sacrificed 300,000 Ukrainians.
It's a long interview but I find very little to argue with him about. Which means that the Deep State will prevent him from ever becoming President.
(via)
Supply chain attacks
There has been a lot more focus over the past decade on "Supply Chain attacks" - attacks that go after one of your vendors/suppliers so that they can exploit the trust relationship you have with the vendor against you. Lately there was a high visibility example of this in action:
Just a month after the North Korea-linked APT hacker group known as Lazarus targeted 3CX in a supply chain attack, Symantec's researchers have found that two infrastructure organizations as well as two businesses involved in financial trading were affected in the same attack.
The initial compromise that affected 3CX — also known as the X-Trader software supply chain attack and first discovered by Mandiant researchers — was a supply chain compromise that "spread malware via a Trojanized version of 3CX's legitimate software that was available to download from their website." This breach caused customers to download malicious versions of the company's video-calling software.
As the investigation unfolds with new information, the names of the two critical infrastructure organizations affected have not been revealed, but they are in the power and energy sector, in the US and Europe, respectively. The attack seems to be financially motivated; while North Korea-sponsored threat actors engage in cyber espionage, they also go after funds for the regime.
Why do they rob banks? Because that's where the money is.
What people are doing is requiring agreements with their vendors. While an agreement is just a piece of paper, failing to keep an agreement with one of your customers seems like bad business.