For Sale: NASA Security Van

Low mileage.  Serious inquiries only.

Extra bonus points if you install a WiFi router and set the SSID to "NSA Surveillance Van 117" ...

(via)

Storm update

The Hurricane stayed to the west out in the gulf and blew past us.  Lots of rain and wind but nothing more.  A neighbor threw a hurricane party and everyone danced in the rain.

But there's not a generator to be had within 100 miles.

It's the most wonderful time of the year

Ah, Florida.  It's been a quiet hurricane season so far but September is traditionally the biggest month.  But now we're getting the first real storm of the season and the media is losing their minds.

I guess you gotta hype the fear porn if you're the TV weatherman.

It looks like it's going to be a wet firecracker (see what I did there?):

I guess we'll see but there won't be bread, milf, or toilet paper in the stores.  I'll bet there won't be a generator for sale nearby by tomorrow night, but hey, it's good to have a generator in Florida, amirite?

UPDATE 28 AUGUST 2023 08:51:  Oh, dear, that should be "milk". 

Elmer Bernstein - Theme to The Magnificent Seven

This film is iconic in so many ways - derived from Kurosawa's Seven Samurai, sporting perhaps the greatest cast of any western (without John Wayne or Gary Cooper, even!), and with a music score that the America Film Institute included in its list of Top 25 Film Scores.

And the theme was later used in Marlboro cigarette ads back when they were still allow on TV (yes, kids, go ask your parents).  If you are of a certain age, you will hum right along to this.

Elmer Bernstein is perhaps less famous, although that's quite unfair.  His record of one Oscar and five Grammys belies all the music he wrote, including The Ten Commandments, To Kill A Mocking Bird, and True Grit.  Oh, and he also contributed to Animal House, The Blues Brothers, and Ghostbusters.

Live by the Cloud

Die by the cloud:

CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider's servers and "paralyzed CloudNordic completely," according to the IT outfit's online confession.

The intrusion happened in the early-morning hours of August 18 during which miscreants shut down all of CloudNordic's systems, wiping both company and customers' websites and email systems. Since then, the IT team and third-party responders have been working to restore punters' data — but as of Tuesday, it's not looking great.

"Not looking great" means that it was wiped clean.  This is a good time to remind everyone about the importance of backing up your data.  It sounds like a pain, but you only need to back up the data you don't want to lose ...

Dad Joke CCLXXXII

What did one DNA strand say to the other DNA strand?  Do these genes make my butt look big?

CMP update

The CMP is still doing good work.  Here is some news, some of which comes with deadlines.

1911 sales are about to close - they need postmarks by 8/25.  But if you want a real piece of American handgun history, a CMP 1911 can't be beat.  FYI, while sales will close, they are working on the next round (Round 4) but when this will start is anyone's guess.

CMP has .30-06 mil-surp in stock.  If you need The Lord's own rifle caliber (Old Testament version), go check it out.

CMP has Field Grade M1 Garands in stock.  When they're gone, they're gone.  If you have a Jones for what Gen. Patton called "the greatest battle implement of all time" then you know what to do.  I love my Garand, and every time I take it to the range to stretch its legs I always get a bunch of guys coming around to ooh and aah over it.

 

Our institutions are being run by the insane

The Catholic Church has more compassion for suicide victims than Science Fiction fandom does.  Guess why this is. 

Really, there is Church doctrine that backs this up.  The Asperger's types running modern intellectual organizations have yet to progress to this same level of enlightenment.

And it didn't use to be this way.  The Left was a powerful force in intellectual circles; so powerful, in fact, that they would kick intellectual sand in the faces of today's intellectual left.

You have to wonder how these people became so emotionally impoverished to do this.  You also have to wonder if they are proud of what they did.  Clearly, they do not listen to the great, old time Country Music. 

Go read both of the top links.  We are being ruled by intellectual and moral midgets.

Dad Joke CCLXXXI

Why couldn't the string quartet find their conductor? 

He was Haydn.

Oliver Anthony - Rich Men North Of Richmond

It's said that a song only needs three chords and the truth to be great.    Oliver Anthony has exactly that - along with multiple million dollar record offers which he has turned down.  Interesting guy.

AI: not very good at writing new malware

At least so far:

Despite the hype around criminals using ChatGPT and various other large language models to ease the chore of writing malware, it seems this generative AI technology isn't terribly good at helping with that kind of work.

That's our view having seen research this week that indicates while some crooks are interested in using source-suggesting ML models, the technology isn't actually being widely used to create malicious code. Presumably that's because these generative systems are not up to the job, or have sufficient guardrails to make the process tedious enough that cybercriminals give up.

Well, good.

 

 

Zoom reserves the right to spy on your calls

Their new Terms Of Service say that they have the right to listen in on your calls and use them to train their AI.  Their execs say that they'd never do that, honest you guys.

Allrightee, then.

(source)

Dad Joke CCLXXX

Where do you learn to make ice cream? 

At Sundae School.

(I actually wonder how many kids would understand this joke today)

Ya know, I like most dogs better than I like most people

The Queen Of The World found this on Facebook.  Posted without comment.

 

Turnpike Troubadours - Brought Me

The Queen Of The World heard this on the radio and liked it.  It's not Country-Pop or Bro-Country of the other nonsense that mostly fills the airwaves.  It's more like something that The Band would have played.  I like it.

The latest news from the DEFCON security conference

Dwight is in Las Vegas for the conference and has the scoop.  I've posted about a couple of these (the Tesla hack and hacking police radios), but there's so much more.  DEFCON is an interesting shindig - a mix of government, corporate, and freak-flag hackers.  I think it does a real service to the industry getting all of these folks together.  Dwight's post is highly recommended for all readers.

And can it really be the 31st DEFCON?  I think that the last ones I went to were 13 and 15.  I must be an old fart.

UPDATE 10 AUGUST 2023 10:46:  Dwight emails to say that he's not in Vegas, but covering things remotely.  You still should click through to his post and follow the next few days.

Dad Joke CCLXXVIIII

Why can't you use "fortnight" as a password?

It's two week. 

(It's also in every password cracking dictionary ever used, so it's as weak a password as "password")

Security vulnerability on Canon wifi printers

First a digression: Divemedic has a good post up about how a vulnerability in Tesla cars lets users turn on for-pay features that they haven't purchased. 

And so to vulnerable printers:

Canon warned users that sensitive information on the Wi-Fi connection settings stored in the memories of home, office and large format inkjet printers may not be deleted by the usual initialization process.

The large printer vendor posted in an advisory Monday that when a third-party takes control of a printer, such as when repairing, lending, selling or disposing the device, a user’s information may get exposed and potentially vulnerable to a wide range of malicious activities.

Canon provided the following instructions to mitigate the issue by wiping Wi-FI settings:

1. Reset all settings (Reset settings ‐> Reset all).
2. Enable the wireless LAN.
3. Reset all settings one more time.

It's important to do a factory reset (sometimes called "Factory Restore") on any electronic device you dispose of.

Decoding ancient scrolls from Pompeii

This sums up the problem:

The reason is that there were no printing presses in ancient and medieval times, so books had to be copied by hand.  If they weren't copied, the material would decay and the book would be lost.  Books were very expensive, which is why so few survived.

However, the volcanic eruption that buried Pompeii buried an ancient library.  The scrolls blackened from the heat but are intact.  People have been using cat scanning technology to image the insides, and are now trying to apply machine learning to decode what is ink and what is not.  While we can't yet read the scrolls, it seems that some real advancement in technique is being made:

This character is harder to make out, until the reader realizes that it is curved. It is first visible when looking for the dark narrow cracks in the “cracked mud” texture. It is a handwritten lunate sigma, which looks like a ‘c’.  The field of view is 3.35 mm high. The character is aligned directly to the right of the iota and pi characters, consistent in size, orthography, line width, alignment, ink texture, ink position relative to the papyrus, etc. Like the Pi, slight stroke width variations are recognizably derived from the motion of hand writing. 

With three characters (pi, iota, sigma) we can check if this is part of a word – of course it could be two words since ancient writing generally did not include spaces between words. Using this handy list (https://kyle-p-johnson.com/assets/most-common-greek-words.txt) we find 69 instances of πισ, and none of πγσ or πτσ.

This is a long and technical post but it is a really interesting approach to unlocking actual ancient mysteries. 

 

Alan Silvestri - Suite from Grumpy Old Men

Tomorrow is my 65th birthday.  This is somewhat surprising, even if not unexpected - I like to say that 30 was the best 30 years of my life.  But I'm officially an Old Fart now.  At least I'm not (usually) grumpy.

And so to today's film music.  Alan Silvestri wrote what could have been a mid-19th Century overture for the 1993 film.  He was director Robert Zemeckis' go-to composer, writing the music for (among others) Back To The Future, Who Framed Roger Rabbit, Forrest Gump (for which he scored an Oscar), Night At The Museum, and The Avengers.  Pretty good for a guy who showed up in Hollywood with $50 in his pocket, and who when he was offered to compose the music for his first film (some long-forgotten B-list flick) went out to the bookstore and got a book on how to compose.

I'd say he learned pretty darn well.

Cowboy Junkies - Blue Moon Revisited

Ambisinistral at YARGB has a regular Friday feature, showcasing off-beat and unusual (well, to me at least) music groups.  It's a delight, and you should check it out.  Today it's Heidi Feek with her unbelievably sultry contralto version of Elvis' hit Blue Moon.  I'd never heard of her before, and it is a great intro to her.

But it made me think of The Cowboy Junkies, back in the day of Big Hair.  To my taste, this was their greatest song.

I only want to say That if there is a way I want my baby back with me 'cause he's my true love My only one don't you see? And on that fateful day Perhaps in the new sun of May My baby walks back into my arms I'll keep him beside me Forever from harm You see I was afraid To let my baby stray I kept him too tightly by my side And then one sad day He went away and he died Blue Moon, you saw me standing alone Without a dream in my heart Without a love of my own Blue Moon, you knew just what I was there for You heard me saying a prayer for Someone I really could care for I only want to say That if there is a way I want my baby back with me 'cause he's my true love My only one don't you see

Ambisinistral, thanks for this musical waltz down memory lane.  The Queen Of The World will think I'm being too nostalgic, but you know how sentimental I can be.  Especially when Big Hair is involved.  Did you know that The Queen Of The World had great Big Hair?  Very grrrr, Baby!

Things I did not know, vol MCDXVI

I knew that a sailboat under sail has right of way over powered vessels (technically the sailboat is the "Stand On" vessel and the power boat is the "Give Way" vessel.  The basic Coast Guard Auxiliary course goes over this in decent detail.

What I did not know was that an aircraft carrier launching and recovering aircraft has right of way over a sailboat under sail (i.e. the Carrier now is the Stand On vessel).

This was important a year ago when the French carrier Charles DeGaul collided with a sailboat under sail (another thing I had not known).  Nobody was injured (although I'd think that some egos were damaged).  This video breaks down what happened and what the COLREGS say.

And one last thing I didn't know - don't the French have any escort ships for their Aircraft Carrier?  I'd think a corvette would be excellent for shooing away nearby civilian ships.

How to pick a more secure Android device

The problem with many Android devices is that when there's a security update in the Android OS, it typically doesn't go directly from Google (who makes Android) to you.  Instead, it goes from Google to the device manufacturer who then releases it to you.  This is different from Apple, where your iDevice gets automated updates directly from the Apple Mother Ship.

This lag opens the door to the Bad Guys.  I've posted before about "Zero Day" vulnerabilities, where there is a known vulnerability without a released update.  Android devices suffer from this (as do all devices), but the Google-Manufacturer-You release chain brings a new concept: the "N-Day" vulnerability:

A zero-day vulnerability is a software flaw known before a vendor becomes aware or fixes it, allowing it to be exploited in attacks before a patch is available. However, an n-day vulnerability is one that is publicly known with or without a patch.

For example, if a bug is known in Android before Google, it is called a zero-day. However, once Google learns about it, it becomes an n-day, with the n reflecting the number of days since it became publicly known.

Google warns that attackers can use n-days to attack unpatched devices for months, using known exploitation methods or devising their own, despite a patch already being made available by Google or another vendor.

So the key issue when choosing a more secure Android phone is how to minimize the value of N.  The faster the turnaround at the device manufacturer, the less your risk.

There are two strategies you can choose here:

1. Buy a Google branded Android device.  I don't know if N=0 in this case but it's hard to see how any manufacturer could turn a patch around faster than the company that created the patch.
2. Buy a device from a manufacturer that participates in the "Android One" program.  N will not be zero here but the program tries to streamline the patching/update process.
   

Or you could buy an iDevice, but now the discussion has lurched into the theological.

SNEAKERS - The Best Movie You Never Saw

As a followup to my post about the film Sneakers, this is a very good overview if you haven't seen it.

As the comments have pointed out, this is a very quotable film.  Great screenplay and great cast.