What did one Math Book say to the other?
Man, I sure have a lot of problems.
Actually it was a couple days ago. Seems like kind of a long time.
Thanks to co-blogger and Brother-From-Another-Mother ASM826 who also started his blog around the same time but who has been writing here for years and years.
Also, I'm trying to convince The Queen Of The World to write here sometimes. Leave a comment on what you think of that idea.
Security patches for vulnerabilities being exploited in the wild:
It is an interesting article there - the Russian security services (FSB) claim that NSA has been using this against Russian targets for the last four years.
There are only two things I have to add to the discussion of the Titan/Titanic disaster:
1. OceanGate seems not to have considered that their target customer had enough cash to sue them into oblivion if things went Tango Uniform.
2. OceanGate's investors did not consider what their liability would be if things went Tango Uniform.
The legal proceedings promise to be epic. And yeah, I don't care that the release that their customers signed mentioned the word "death" three times. Doesn't release them from liability for reckless endangerment and misrepresentation.
UPDATE 23 JUNE 2023 19:42: Big Country gets an honorable mention with this one:
He has more, so get over there. He's of a similar mind of the legal predicament that OceanGate is in.
UPDATE 23 JUNE2024 20:04: Miguel has an important pro-tip.
I've seen Full Metal Jacket several times over the years. I don't know about the combat in the second half, I have no personal experience to use to form an opinion, but the boot camp scenes are as realistic as anything I ever seen. Lee Ermey as GySgt Hartmann is what every Drill Instructor on the field in 1977 wanted to be.
Here a classic scene, where Hartmann is doing a hygiene inspection, and finds his problem child, known only as Gomer Pyle, with an unlocked footlocker and some contraband.
I was on a forum discussing the movie recently and I pointed out that the doughnut was unrealistic. Primarily because, in three months on Parris Island, I never had dessert of any type. No cake, pie, cookies, and definitely no jelly doughnuts. Secondarily, the doughnut is pristine. It's not squished, it has a good shape, and it still is covered with powdered sugar. If Pyle had somehow landed the doughnut from who knows where, he still had to get the doughnut to the barracks and into his footlocker. It would not have been carefully carried in a box, it would have been tucked inside his uniform.
I got called out for taking the movie too seriously by one person, supported by others, and in the ensuing discussion I realized what Stanley Kubrick and Lee Ermey had done, right in front of us, and I had never heard it mentioned or thought of it before.
The only explanation for the doughnut in Pyle's footlocker is that Gunny Hartmann put it there. He would have had a list of combinations for all the recruit locks. He bought the doughnut, put it in the locker, and left the lock open so he could "discover" it, and then punish the rest of the platoon while having Pyle eat the doughnut. This leads to the blanket party scene where the platoon extracts revenge on Pyle.
And Pyle knows. He didn't put it there. None of them had seen a doughnut since they got on the bus. The injustice is what fuels his anger. It is the end of his attempts to conform, to grow into a Marine like the rest of the platoon.
In March of 2020, as the world was getting ready to close the doors and everyone was wondering how many people were going to die of the new virus, a friend of mine that works in a research lab told me that every single person that worked in his department believed the virus had originated in the Wuhan lab. That there was ongoing research in Wuhan on gain of function using coronaviruses taken from bats. That political leaning had nothing to do with their opinions, it was just an obvious conclusion.
He never wavered from his opinion on this. Said everything that made him a scientist pointed to it.
"Ben Hu is essentially the next Shi Zhengli," Alina Chan, a molecular biologist at the Broad Institute of MIT and Harvard, was quoted as saying. Shi is popularly known as "the bat woman of China" and led the gain-of-function research at the WIV.
"Hu was her star pupil. He had been making chimeric SARS-like viruses and testing these in humanised mice. If I had to guess who would be doing this risky virus research and most at risk of getting accidentally infected, it would be him," Chan added.
I suppose you could say, like Hillary Clinton, "What difference at this point does it make?" But I think it matters because this kind of research continues and that makes another outbreak inevitable.
I've been posting recently about the Barracuda Networks compromise of their email security gateway. It seems like it might have been the Chinese:
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.
Barracuda discovered a critical bug, tracked as CVE-2023-2868, in these appliances on May 19, we're told, and pushed a patch to all affected products the following day....
Meanwhile, Mandiant, who has been working with Barracuda to investigate the exploit used and the malware subsequently deployed, today identified a China-based threat group it tracks as UNC4841, and said the snoops targeted a "subset" of Barracuda ESG appliances across several regions and sectors.
"Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," the Google-owned threat intel team said today.
Why do you rob banks? Because that's where the money is. If instead of money, you're after user data then email servers/gateways are a pretty rich target.
You will remember the header at the cop of the comment box: Remember your manners when you post.
You didn't. Boy, howdy.
Your comment didn't make it through moderation because of your very disrespectful and profane attack on me. This is my place, not yours. I don't care that you feel really really strongly about Donald Trump. Cathedra mea, regulae meae.
I've only banned one person in the 15 year run of this blog (my abusive ex-wife). Congratulations - you're number two.
Go away and don't come back. All comments from you will be nuked without being read.
Today would have been my younger brother's 60th birthday, had he not died 100 days ago. He was a complicated man, endearing and infuriating in equal measures. You don't expect the younger to die before you.
Rest in peace.
Most people have heard of Antonio Salieri (if they have heard of him at all) as the sort-of villain in the film Mozart. That sells him somewhat short. His Requiem was performed for the first time at his funeral.
I'm struggling to think of another example of a security device that had to be junked after an incident. I imagine that this isn't actually the first such incident, but no others come to mind.
Usually this sort of thing happens when a very old device reaches end-of-support/end-of-life. At that point you've gotten your investment from the device and it's time to upgrade to something modern - but this cycle is often ten years.
To Barracuda's credit, they are shipping new devices to effected customers.
Edward Snowden released his bombshell revelations ten years ago. These showed that there was mass government spying on US citizens by US intelligence agencies; it also showed without a doubt that General Clapper perjured himself before the US Senate when he denied that this was the case.
Ten years later, Snowden is a refugee from the US Government, and Gen. Clapper is free as a bird (and guilty as sin). This tells you much about how much trust to put in the US Government.
There are two excellent retrospective articles about this: The Register walks us through much of the narrative about the who, what, and when of the last ten years. Highly recommended. Here's the TL;DR:
"Ten years have gone by," since the first Snowden disclosures, "and we don't know what other kinds of rights-violating activities have been taking place in secret, and I don't trust our traditional oversight systems, courts and the Congress, to ferret those out," Wizner said. "When you're dealing with secret programs in a democracy, it almost always requires insiders who are willing to risk their livelihoods and their freedom to bring the information to the public."
Bruce Schneier has a fascinating piece from the perspective of someone who was involved with the disclosures. Also highly, highly recommended. Schneier is a security big wig, and so there's a fair amount of security industry inside baseball. For example:
And this prediction from your humble host has stood the test of a decade:
The two highlighted items really get to the heart of why the security industry is so angry about what the NSA has been doing. They spent years establishing a relationship of trust with the industry and researchers. Then they exploited that trust for personal gain at the expense of everyone else.
While I don't at all want to minimize the horrific crime of child abuse, that will give you a bit of the flavor of how the security industry looks at Ft. Meade now. It was a rape, a rape of those who had trusted them as teacher and protector.
This is going to cause enormous problems for NSA. I simply don't see how anyone will ever want to cooperate with them outside a public forum. Nobody who values their reputation will be willing to be accused of slipping an NSA mickey into a crypto library.
And nobody on a standards body will ever again listen to NSA recommendations for changes to algorithms. As a matter of fact, those recommendations will make the hair on the back of people's necks stand up, and lots of people will start to reverse engineer the NSA's math to see what games they're playing.
The last ten years have sure been a wild ride.
They have been found in hot springs. They've been found in the deep ocean. They've been found living under ice sheets. They can go without food or water for 30 years, during which they enter a sort of suspended animation state where their metabolism drops by 99.99%.
They can survive temperatures approaching absolute zero, and in 2007 they were sent into orbit and once returned to Earth were reanimated. There's currently talk that they could live on Mars if there were anything for them to eat.
There's quite a discussion in the comments over at Peter's place about whether Lindbergh was right (probably) and by implication whether we should have sat WWII out.
Once the Japanese attacked us at Pearl Harbor and then Adolf Hitler declared war on us the following day, that ship had sailed. These men fought because we had been attacked, and because Hitler had thrown his hat into the ring with Tojo.
As Big Country likes to say, period, dot.
Having stood at the top of that ridge at Omaha beach, and having walked the grounds of that cemetery, remember the men of that day.
Barracuda Networks is a long-established security vendor (you've likely seen their billboards in airports). As it turns out, their email security gateway has a vulnerability that the Bad Guys have been exploiting for months:
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants – for at least the past seven months.
In a security alert posted on Tuesday, however, the vendor disclosed that the vulnerability was under active exploit long before the patch arrived. The flaw, which affects versions 5.1.3.001 to 9.2.0.006 of the ESG appliance, can and has been abused to run remote commands on targeted equipment, hijack them, and deploy data-stealing spyware on the boxes.
Clearly this is a major embarrassment for the company but it highlights just how hard security is to do correctly, year in and year out. Consider:
But it still happened. It's happened to other security vendors before, and will happen to security vendors in the future because doing security properly is really, really hard. The Bad Guys don't have to be perfect every single time - not by a long shot, but anyone playing defense against them sure does.
This isn't quite the 21st Century I was promised, but this sounds like a very interesting idea:
Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1212 EDT (1612 UTC) on Sunday, hitching a ride on a SpaceX rocket before being releasing into Earth's orbit.
And in roughly two months, five teams of DEF CON hackers will do their best to successfully remotely infiltrate and hijack the satellite while it's in space. The idea being to try out offensive and defensive techniques and methods on actual in-orbit hardware and software, which we imagine could help improve our space systems.
Each year there is a security conference held in Las Vegas. The Black Hat Briefings are pretty corporate and button-down, but it's pretty much the high point of the security year. Black Hat's red headed stepchild is held immediately afterwards: DEFCON is where security folks let down their hair and let their freak flag fly. In may ways, it's more interesting than Black Hat.
For example, they set up a network where people play "capture the flag", computer security style. The attendees are also notoriously skeptical of the government, and have a "Spot The Fed" contest each year.
This is a very interesting approach taken by the Fed.Gov in that the visibility and coolness factor of hacking a satellite in orbit will totally overwhelm the natural tendency of the attendees to avoid all things Fed.
Interestingly, Dwight (your go-to guy for obituaries and which coaches have been fired) is also your go-to guy on DEFCON reporting.
Who knew that Captain Jack Sparrow played the axe? He's the one in the blue hat.
Full line up:
Doyle Bramhall II
Gary Clark Jr
Kirk Hammett (with Greeny)
This music has appeared in many, many films from "Somewhere In Time" to "Groundhog Day" to "The Walking Dead". It should be familiar to most of you. This is Arthur Rubinstein on the piano.
America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy – and made the cost of those actions, as alleged, a mere $30.8 million.
The regulator on Wednesday charged, via the US Dept of Justice, two Amazon outfits with various privacy snafus.
The e-tail giant’s Ring home security cam subsidiary was accused of “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”
This report is absolutely damning. Ring employees accessed thousands of videos - the report goes into detail about one employee looking at "Master Bedroom" camera videos of dozens of "pretty girls".
If you have any hesitation at all about unplugging (especially) internal house cameras, read the whole link. You'll want to take a shower afterwards.
And Ring cameras in your bedroom?
[blink] [blink] [blink]
The report discusses how Amazon employees listened in on customers' children and retained the recordings in violation of the law. Good grief.
My recommendation is to ditch all this spyware ASAP. Ugh.
If it is not right do not do it; if it is not true do not say it.
― Marcus Aurelius, Meditations
I have been at least a luke-warm supporter of Donald Trump for years. Heck, there are over 200 posts there, mostly talking up his virtues. Go, read, if you don't believe me.
But I am no longer comfortable posting about how Donald Trump would make a good President, because I do not any longer think that he would.
The Donald has come out against Ron DeSantis, not that this is surprising - after all, they are opponents for the Republican nomination. I don't have a problem with that. What I do have a problem with is the dishonest way that this opposition has come out:
Donald Trump's people attacked Ron DeSantis for (a) not slavishly following The Donald's massively damaging lockdown recommendations and then for (b) being entirely correct in doing so.
Let me be clear: Ron DeSantis saved Florida's economy by ignoring advice from Donald Trump's administration. I was here. I saw this. I had just moved here from The Democratic People's Socialist Republic of Maryland and know people whose lives were destroyed by the Covid lockdowns imposed by a Republican Governor there. So where are the "Trump War Room" objections to the Covid-19 lockdowns from (Republican) Governor Larry Hogan?
Go ahead. Amaze me.
Yeah, that's what I thought. Someone who was all up The Donald's butt is a-OK, but someone who did something positive for his State (even though it went against your flunky's advice) is the Worst Thing Ever. Quite frankly, I'd have more respect for this if (a) their advice was worth a plug nickel and (b) if your flunkies weren't trying to undermine you at ever step and if (c) you had had a damn clue about (b).
You didn't, and still don't seem to. Quite frankly, this is the biggest knock against you - you brought your enemies into your inner circle, and you won't recognize allies if they don't kiss your butt.
To The Donald (as if he'd pay attention); We thought you were on our side. We trusted you. Like Bluto in Annimal House, wef**ked up. And now we see that someone who actually earned that trust is in your cross-hairs.
And so while I think you accomplished a lot in your first term, I don't think you are earning a second one. Your ego is too big to allow someone actually accomplished to join you in the Oval Office. And so, adieu. Good luck, because you're going to need it.
You are in an election. You are facing adversity. Remember that Adversity does not build character, it reveals it. You are revealing more than you should like. Stop doing that, or keep losing supporters.
Sorry, you've lost a supporter here. Don't come calling after the nomination. You're not Presidential material.
Whenever you are about to find fault with someone, ask yourself the following question: What fault of mine most nearly resembles the one I am about to criticize?― Marcus Aurelius, Meditations