LOLOL

Well played, Chris.

The Queen Of The World and I are huge fans of that movie.

Dad Joke CCCXX

Tuna sends in another:

Why did the Mexican guy take anxiety meds?  For Hispanic attacks.

Port of Baltimore has limited reopening

Lots and lots of restrictions, but ships 60,000 tons or less and 30' draft will be able to pass through a new restricted channel into and out of the harbor.

Dad Joke CCCXIX

I just burned 2000 calories!

Next time I won't take a nap while the brownies are in the oven.

Efron Zimbalist, Sr. - Carmen Fantasie

Many of our readers are of an age to remember the actor Efron Zimbalist, Jr, who starred in "The F.B.I." among other TV shows (I particularly like 77 Sunset Strip), or his daughter Stephanie (star of "Remington Steele).  Few have ever heard of his father Efron Zimbalist, Sr. - who like Louis XIII was famous only for Louis XIV.  But he was a famous violinist in the early years of the 20th century and a prolific composer.

This recording is far from HiFi, but gives a flavor of his work.  I found it quite enjoyable.

Dad Joke CCCXVIII

Ice hockey is the coolest sport.

The scaffolding is coming down on Notre Dame de Paris

This is pretty cool.  I think this is the first time I've linmked to something from the "Today" show, but it is cool.

Remember the FISA renewal vote?

You know, the one today?  Guess what?

It's actually got new stuff in it - and you are now required to spy for Uncle Sam.

Yes, you. But fear not, Citizen: NSA no doubt will be responsible in how they use this.

Great

Just great:

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang – report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw.

"To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper.

"When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)."

A "Day Zero" vulnerability is a security bug for which there is no patch available.  "Day One" vulnerabilities are those where a patch is available but where it hasn't been applied yet.  It is considered industry best practice to patch high risk and critical security bugs within 30 days.  This may blow that out of the water.

This is pretty bad news.

 

Light posting

We have family visiting, so I've been busy taking grand kids to the beach.

Posting will be light for a couple more days.  Go check out the folks on the sidebar.

How do you find "Global Warming" when there's no actual warming?

You change the data.  The world's oldest continuous temperature database is the Central England Temperature record which dates to 1659 (!).  The CET has been recently updated to version 2.  And along the way, something really interesting happened:

This is the year-by-year change that was introduced in V2.  You can see kind of random up/down adjustments for hundreds of years right up until 1970.  Then you see massive adjustments.  The upward warming trend from 1970 to the present day is not due to the data as read, but rather to the (made up) adjustments to the data.

Conclusion: Man-made Global Warming is confirmed!*  But it's not observable in real life, but only in computer print outs ...

I'm well past the point of giving the benefit of the doubt to the "Scientists" who do this (and have done this for ages, all over the world).  Now the only explanation that makes sense is that Government wants to scare everyone with "Climate Change" and Scientists are giving governments what they paid for.

Back in the real world, we're still not seeing new high temperature records being set, even with each year as "one of the 10 hottest in the last 1000 years".  The highest temperature ever recorded in these United States was in 1913, 111 years ago.  That's some righteous warming that we're seeing right here.

Go read the very first link at the top of this post, which also delves into just how dodgy the data inputs are (poorly sited weather stations recording heat from RAF jets).  Just like the US Surface Stations Project, he shows that the weather stations in Blighty are not fit for purpose.  So bad in fact that the stations are trying to detect a warming signal of 0.1 degree/decade when the margin of error of the station is 4 or 5 degrees.

There's a reason that I have a post tag here called Climate Bullshit.  And there's a reason that I don't post much anymore about Climate "Science" - it makes me grumpy.

Hat tip to Perry de Havilland at Samizdata.

* The chart there from the US Government weather bureau NOAA is essentially identical to the one shown above for CET.  This game is being played everywhere.

Security is hard, vol CCLVI

Act the first: Web Security organization suffers data breach:

A misconfigured MediaWiki web server allowed digital snoops to access members' resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.

...

"If you were an OWASP member from 2006 to around 2014 and provided your resume as part of joining OWASP, we advise assuming your resume was part of this breach," OWASP said in a Good Friday notification posted on its website.


"We recognize the significance of this breach, especially considering the OWASP Foundation's emphasis on cybersecurity," it added.

Yup.  This shows just how hard security is - OWASP is full to the brim with folks who (a) understand the importance of security, (b) know how to implement security (well, most of the time), and (c) have a lot of reputation at stake.  That reputation took a hit here.

Act the second: OPSEC is a bitch, even for secret squirrels:

Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.

The spy is named Yossi Sariel allegedly heads Israel's Unit 8200 – a team of crack infosec experts comparable to the USA’s National Security Agency or the UK’s Government Communications Headquarters. Now he's been confirmed as the author of a 2021 book titled "The Human Machine Team" about the intelligence benefits of pairing human agents with advanced AI.

Sariel – who wrote the book under the oh-so-anonymous pen name “Brigadier General YS” – made a crucial mistake after an investigation by The Guardian which found an electronic copy of Sariel's book available on Amazon "included an anonymous email that can easily be traced to Sariel's name and Google account.”
...

Being outed after more than 20 years of anonymity isn't optimal for someone who's supposed to be a top spy

Yup.  And while it's tempting to roll your eyes and chorus Top. Men., remember that this is how they nabbed Ross Ulricht, a.k.a. The Dread Pirate Roberts from The Silk Road.

Yeah, OPSEC is a stone cold bitch of a problem.  You have to be right 100% of the time, and dropping that to 99.99% means that you lose.

The last Korean War Medal of Honor recipient reports to the final muster

Rangers lead.  Wow.

Obligatory music for the eclipse

Because of course it is.

Dad Joke CCCXVII - Special Solar Eclipse edition

How does the Moon cut his hair?  Eclipse it.

Dad Joke CCCXVI

I asked a Frenchman if he played video games.   

He said Wii.

Last survivor from USS Arizona weighs anchor for the final voyage

As you'd expect, Dwight has the skinny.  Moving from battleships to naval aviation, he flew 200 combat missions and was awarded the Distinguished Flying Cross.  Then he came back for Korea.

Go read his story.  Giants strode the face of the earth back then.

Fair winds and following seas, Lieutenant Commander.

Early Ejection Seat Development

 Working out the early development issues for ejection during a failed takeoff.

Dad Joke CCCXV

I broke up with my console.  Now it's my Ex-Box.  It wasn't anything personal, I just felt like it was time for a switch.

Georg Frederick Handel - Worthy Is The Lamb and Amen from The Messiah

Yes, we usually hear this at Christmas.  Remember, though, that Handel wrote this for an Easter performance.  I can think of no greater - more emotionally stirring - music for the Lord's rising than this.  The kettle drum at the end of the Amen never fails to thrill.  As a matter of fact, the opening bars of Worthy Is The Lamb never fail to thrill, either.  If you can read music, you have my permission to do a bit of a singalong to the score shown here.

The Lord is risen, alleluia, alleluia.

If Bach (or other composers) wrote the Cantina song from Star Wars

These guys are really good.  This is great fun.  I particularly like the Oscar Peterson version, and the Pete Townsend (Teenage Wasteland) one is a hoot.

Army Corps of Engineers on way to Baltimore

1100 of them, to remove the bridge wreckage and clear the Baltimore harbor channel.

A reconstruction of the Baltimore bridge crash from someone with a nautical background

There are a lot of people talking about this who don't know what they're talking about because they've never set foot on a boat, let alone captained one.  Here's a very interesting breakdown of the incident from a professional captain.  The ship broadcast a Mayday call before the crash and AIS data seem to imply that they ran the engines in reverse as the ship drifted off course.  It looks a lot like a failure in the steering system which is all fly-by-wire computer controlled these days.

He also describes the equipment on board - for example, a black box data recorder like airlines have.  I hadn't known that commercial ships have those, but do now. 

The video does not discuss what I am hearing other places, that there was a power outage on the ship, lasting around a minute.  Power came back on, but then failed again.  The ship is Singapore flagged, and Singapore has a reputation for strict enforcement of nautical regulations.

My suspicion is that this was a single point of failure, or a situation where redundant systems both failed at the same time.

UPDATE 26 MARCH 2024 16:50: It's confirmed, the MV Dali lost power for a considerable time before impact, and when power was restored both ran the engine in full reverse as well as dropped the port side anchor.

UPDATE 26 MARCH 2024 17:03: There is a lot of buzz supposedly from Port of Baltimore personnel that the Dali had repeated power outages at dock during the two says before setting sail.  This is unconfirmed, but interesting.

For sure the ship lost power, as you can see in the second video.  When power came back on and the engine ran hard reverse, the "prop walk" kicked the stern to port, taking the ship's heading starboard towards the bridge.  Dali is single screw, so prop walk is a real thing here.

Youtube Shadowbans Climate: The Movie

The Feral Irishman emails to saw that my post about the climate movie looked weird from his Windows computer.  He could watch the movie but there was nothing displayed about Youtube.  Everything looked normal from Safari on his iPhone.

Well, it turns out that Youtube has shadowbanned the film.  This almost certainly made the post look wonky.  If they disappear it I will update the embed to Rumble or something.

You know that you're over the target when you're taking flak.

Air Warfare has fundamentally changed

This is really interesting:

The biggest problem facing the Air Force is that masses of uncrewed drones have now wrested command of the air away from manned aircraft in the skies above the modern battlefield. The drone revolution means that it will be very difficult, if not impossible, for the service to achieve air superiority in future conflicts — which has been the centerpiece of its mission for decades. Drones, not manned airplanes, now dominate the skies above ground forces fighting in Ukraine. The contested air littoral has emerged as a critical new subdomain of warfare. It stretches from the earth’s surface to several thousand feet, below the altitudes where most manned aircraft typically fly, and is now dominated by masses of drones. This is a paradigm shift of epic proportions, which will require the Air Force to fundamentally transform itself in a very short period of time. 

It boils down to dollars and cents:

The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070. These jets, which are wholly unsuited for countering proliferated low-cost enemy drones in the air littoral, present enormous opportunity costs for the service as a whole. In a set of comments posted on LinkedIn last month, defense analyst T.X. Hammes estimated the following. The delivered cost of a single F-35A is around $130 million, but buying and operating that plane throughout its lifecycle will cost at least $460 million. He estimated that a single Chinese Sunflower suicide drone costs about $30,000 — so you could purchase 16,000 Sunflowers for the cost of one F-35A. And since the full mission capable rate of the F-35A has hovered around 50 percent in recent years, you need two to ensure that all missions can be completed — for an opportunity cost of 32,000 Sunflowers. As Hammes concluded, “Which do you think creates more problems for air defense?”

I have heard that we are building out a fleet of around 1000 F-35s.  For the same cost we could have 32 million drones.  Sure, there's a question of mission flexibility but when you have millions of units to mess around with, that's a whole level of flexibility that you didn't have before.  Quantity has a quality of its own, so to say.  

This is a paradigm shift.

I'd be really interested in analysis from former military Fly Boys like OldAF Sarge or OldNFO.

(via)

WATCH. THIS. NOW!

Yeah, I'm shouting.  This is a fabulous film about the whole Global Warming scam.  It's all there - all the stuff I've been blathering on about for 15 years is in it.  Without all the Borepatchian prose overload, of course.

Well, my ClimateGate Clippy isn't there:

Go watch it.  This is great stuff.

Oww!

 He certainly believes in his product.

Bad security news

This is really bad - the National Vulnerability Database is jacked up:

Vital data used to protect against cyberattacks is missing from more than 2,000 of the latest entries in the world’s most widely used vulnerability database.

A significant number of new CVEs (common vulnerabilities and exposures) added to the National Vulnerability Database (NVD) in recent weeks have lacked enrichment data — details necessary for researchers and security teams to understand the bugs.

The NVD was established in 2005 by the U.S. National Institute of Standards and Technology (NIST) and last year alone, information on more than 29,000 discovered flaws was added to the database.

It is hard to overstate just how important the NVD is to the security industry and to organizations in general. The issue really comes from the explosion of reported vulnerabilities: from around 1,000/year in the 1990s to over 20,000/year today. That's a lot of analysis that is needed.

I hear rumors that NIST has had a budget cut, but quite frankly this doesn't get to the heart of the issue which is that the software industry is not covering the cost of the vulnerabilities that they release. This is an interesting potential solution:

John Pescatore, SANS Technology Institute director of emerging security trends, drew a comparison between cybersecurity and road safety.

“For automotive ‘vulnerabilities’ (recalls) that have to be fixed, vehicle manufacturers are required to notify the National Highway Traffic Safety Administration, who has maintained an easy to use database. Those manufacturers also have to pay for the vehicles to be fixed! The NHTSA had a 40-year head start over NIST/NVD, but it really is time for legislation to treat software more like we treat vehicles.”

Right now there is no cost to a company that releases bug-filled software - the cost is born by NIST. I'm not sure that a "Software recall" is the right way to approach this, but a (say) $10,000 charge for each vulnerability doesn't seem unreasonable. Non-commercial software could be for no charge, but the bulk of the CVEs are against software that is sold.

Likely there are other funding solutions, but like I said at the beginning it's hard to overstate just how important the NVD is to companies IT Security programs. Something needs to change. 

 

 

 

 

Dad Joke CCCXIIII

Which is faster, heat or cold?

Heat is faster.  You can catch cold.

Forgotten Weapons on "Assault Rifles"

Lawrence has a good post up where Ian McCollum from Forgotten Weapons delves into the topic of just what an "Assault Rifle" is.   Everyone thinks they know all this (I sure did), but they - and I - don't.  For example: Assault Shotguns and Assault Pistols?  Defined by statute.  I did not know that.

Recommended.

Dad Joke CCCXIII

When March saw all the madness around it, it asked "What's all that Bracket?"

St Patrick's Day music

Chris Lynch has some more modern songs that I posted, but still a good list.  I love me some Dropkick Murphys. 

Oh, and when you're there you might leave him a comment congratulating him for blogging for twenty years (!).

Turlough O'Carolan - various Irish tunes

Top o' the morning to you, and happy St. Patrick's Day.  This is my traditional Paddy's Day post, mostly because I love the music here.

What is the "Classical Music" of Ireland? It's not (Italian) Opera, or (German) symphonies, or even an (English) homage to Ralph Vaughan Williams (who studied under an Irish music professor) "countryside music" in the concert hall. Instead, we find something ancient. 

We find something that easily might not have been.  Turlough O'Carolan (1670 – 25 March 1738) was the son of a blacksmith.  His father took a job for the MacDermot Roe family; Mrs. MacDermot Roe gave the young lad some basic schooling and saw in him a talent for poetry; when a few years later the 18 year old Turlough went blind after a bout of smallpox, she had him apprenticed to a harpist.  He soon was travelling the land, composing and singing.

This tradition was already ancient by the early 1700s.  it was undeniably Celtic, dating back through the Middle Ages, through the Dark Ages, through Roman times to a barbarous Gaul.  There bards travelled the lands playing for their supper on the harp.

This was O'Carolan's stock in trade.  He rapidly became the most famous singer in the Emerald Isle.  It is said that weddings and funerals were delayed until he was in the vicinity.  One of his most famous compositions - if you have spent any time at all listening to Irish music, you know this tune - was considered too "new fangled" by the other harpists of his day.  Fortunately, he didn't listen to their criticisms.



He married very late, at 50, and had many children.  But his first love was Brigid, daughter of the Schoolmaster at a school for the blind.  He always seemed to have carried a torch for her.



So why is this post in the normal slot reserved for Classical Music?  Listen to this composition of his, and you see the bridge from the archaic Celts to Baroque harpsichord.



And keep in mind how this brilliance might never have blazed, had Mrs. MacDermot Roe not seen the talent in a blind Irish boy and set him upon a path trod by many equally unexpected geniuses, all the way back to St. Patrick.  It is truly said that we never know what our own path will be until we set our foot down on it.

But his was an ancient path and he inherited much from those who trod it before him.  His "Farewell to Music" is said to be more in the traditional mold, and might have been appreciated at a feast held by Vercingetorix before the battle of Alesia.



This music is a bridge between modern and the ancient that disappears into the mists of legend.  Perhaps more importantly, it is a music that is still alive today, after a run of perhaps two and a half millennia.  

And it is a music where you still hear the yearning of a young blind man for his muse, Brigid.  That is a vitality that should not be exiled to a single day of celebration, even if it is for as illustrious a Saint as Patrick.  On this Feast Day, remember just how deep the roots of our civilization run.

(Originally posted March 16, 2014)

 

Jeffery Epstein Could Not Be Reached For Comment

Burglars using Wi-Fi jammers to disable security cameras

Well, of course:

Authorities with the Los Angeles Police Department are warning residents in Los Angeles’ Wilshire-area neighborhoods of a series of burglaries involving wifi-jamming technology that can disarm surveillance cameras and alarms using a wireless signal.

According to police, the burglaries typically involve three to four suspects who enter homes through a second story balcony.  

Once inside, the thieves target primary bedrooms in search of high-end jewelry, purses, U.S. currency and other valuables. 

Cat 5 is a pain to run but is hard to jam.

(via)

 

 

Costco wines tasted by professional Sommelier

I ran across this because the Youtube algorithm tossed it up in my feed (Lord knows why).  But Andre Mack seems to have some chops as a sommelier, and he has a really interesting tasting of Costco (Kirkland Signature) wines.  These range from $4 to $30 a bottle, mostly in the $8 - $12 range.  Bottom line: some dogs but surprisingly few.

My impression: can confirm on the Kirkland Pinot Grigio.  It's not something you'll find at a Michelin Star restaurant, but it's really good vino locale (or in French, le bon vin de table).  And it comes in the 3 liter box for $13.  Endorsed.

So I watched this and thought that Mr. Mack seems legit.  As a follow up, I watched this tasting of the same wine from different vintages, 1978 to 2016.  I believe that Mr. Mack is indeed legit.  There's good stuff here.

I like how he describes himself as a wine "nerd" - guilty as charged, although my days of real wine nerdism are a third of a century in the rear view mirror.  I even built a wine cellar under the basement stairs.  What Mack says here about how wine ages is exactly what I saw with a case of Bordeaux (1986 Gruaud Larose).  Over the span of six years the wine definitely and obviously changed each year.

Ya know, if I had kept that untouched, the $30/bottle (1990 dollars) would be now worth ~ $300/bottle (2024 dollars*).  But you need to not move every 5 years, so that won't work.

But watch the first video for sure, and go get you some legit cheap wine at Costco.  I hadn't known that they're the top wine merchant in the US.

*About 30 cents/bottle in 1990 dollars, given how inflation is running.

S.S. United States to be evicted from its pier?

The Queen Of The World sent me this sad story:

The ship's remarkable speed earned it the coveted Blue Riband award from Great Britain upon its maiden voyage in 1952. Partially sponsored by the U.S. government during the Cold War era, it was designed as a potential rapid troop carrier if geopolitical tensions escalated, according to the website for the SS United States Conservancy, the nonprofit organization that has overseen the vessel since 2011.

Despite its high level of regard and rich history, the ship faces an uncertain future as it languishes at Pier 82 in south Philadelphia. Its retirement has been fraught with challenges, including the recent threat of eviction due to a lawsuit from Pier 82's landlord, Penn Warehousing, according to an NPR report on Monday, March 11.

The lawsuit alleges the SS United States Conservancy owes between $700,000 and $800,000 in back rent, Warren Jones, one of the conservancy's board members, told the radio station. He said the organization entered into the agreement more than a decade ago, and during the pandemic, the rent was unjustly doubled.

This story is of interest to TQOTW, since she actually was a passenger on that ship.  Her dad was in the Air Force and posted to the UK in the early 1960s; they returned from PCS on this.  It's sad to see what the ship has become from what it used to be.  TQOTW watched this with me and remembered all sorts of things, like the signal flags at the swimming pool.

That was a different world, and people would rather spend 8 hours on a plane than 5 days on a ship, even one as grand as the United States.

 

Dad Joke CCCXII

Tuna writes in with yet another Dad Joke.  The Queen Of The World rolled her eyes and pinched her nose at this one.  High praise, indeed.

My wife was eating a store bought salad but I noticed that it was past the "sell by" date and so I took it away from her.

I guess you could say I had to Caesar salad.

The Day Is Mine, Trebek

Borepatch 2, Air impact wrench Cletus 1.

I soaked it good with PB Blaster including underneath the housing that the bolt went into.  Let it soak overnight.  Got my strongest ratchet and c-a-r-e-f-u-l-l-y used the cheat bar.

Out it came.  Yay, me!

Thanks to everyone who left comments yesterday.  Still not happy that a one hour job turned into a whole day, but onward!

Air Impact Wrench 1, Borepatch 0

Working on the Jeep, spinning wrenches.  Except the last guy who came near a couple of bolts torqued them down. I even got a cheat bar to get some extended leverage on the ratchet wrench.

Broke the danged wrench.  Those bolts don't want to spin.

I have them liberally soaked with penetrating oil, and will see how they are tomorrow morning.  I'd hate to have to take it to a garage to get bolts loosened.  Sheesh.

Since I have a compressor, maybe I'll just head out to Lowe's and get a danged pneumatic impact wrench.  Fight fire with fire.  But this is really annoying, turning a one hour job into an all day one, just because Cletus was in a hurry to clock out and drove the bolt down.

What a man!

Dwight posts the obituary of Gen. John C. Bahnsen Jr. (USA - ret).  So who was Gen. Bahnsen?  Just a guy who was awarded the Distinguished Service Cross, five Silver Stars, four Legions of Merit, three Distinguished Flying Crosses, four Bronze Stars (three with the V device), two Purple Hearts, and the Army Commendation Medal (with V device).

Holy cow.  Rest in peace, General.

CMP Sales Update

People seem to like these posts so maybe I'll make them a regular feature.  CMP has limited quantities of two interesting rifles:

Enfield 1917.  This was essentially a rechambering of the WWI British Army Enfield rifle in .30-06 for the US Army.  Both Winchester and Remington produced these in quantity for the US Expeditionary Force.  Prices are high, but not bad for Enfields these days, starting at $1000.

Expert Grade M1 Garand in both .30-06 and 308 NATO.  This rifle needs no introduction other than Gen. Patton's statement that it was the finest battle implement ever devised.  The prices are better than I expected starting at $1150.

Man, I love my Garand, and am glad I got it before inflation goosed the price points.  I also love my Enfield, although it is a No. 4, rather than a 1917.

Quote of the Day

Comrade Misfit looks at Dodge's plans to equip the new Challenger with a 3L six and brings a perfect analogy:

Only those CPAs and MBAs running things could take a six-cylinder car and. by having the engineers slap on turbochargers, claim to make it a muscle car. It's about as legit a muscle car as Mark McGwire and Barry Bonds were legitimate home-run kings. 

Yup.

 

Dad Joke CCCXI

Tuna writes in with a Dad Joke:

My buddy couldn't work full time after getting hit by a tractor-trailer.  I guess he's semi retired.

Battleship U.S.S. Texas afloat today

And back at dock after an extensive repair and refit.  Don't mess with Texas' battleships.

This is a very long video of this morning's short voyage.

Cisco Webex call recording released by Russia

Wow:

The German Ministry of Defense (Bundeswehr) has confirmed that a recording of a call between high-ranking officials discussing war efforts in Ukraine, leaked by Russian media, is legitimate.

Senior government officials have also confirmed Russian reports that the call was hosted on and tapped via Cisco's WebEx video conferencing platform rather than any kind of secure, military-grade comms.

Roderich Kiesewetter, deputy chairman of the German parliament's oversight committee, said the Bundeswehr leak was possibly caused by a Russian agent inside the WebEx call or the Bundeswehr's implementation of it, but the country is still working on discovering how the intrusion took place.

As someone who worked at Cisco (in both their security and Webex business units) I can say that Cisco takes security very, very seriously.  Not knowing more than this article, it very well may be a mole.

Dad Joke CCCX

Thomas emails a Dad Joke:

A colonoscopy isn't the worst thing in the world, but it's up there.

Thanks, Thomas!

Judge issues restraining order keeping DOE from tracking bitcoin miners

Interesting:

Earlier this month, the US Department of Energy (DOE) announced its intention to gather basic information about the energy consumed by bitcoin mining. In making the decision, the DOE noted that the share of bitcoin mining happening in the US has shot up by a factor of over 10 just within the last three years, leaving the activity consuming as much electricity as a fairly populous state....

Albright's decision to issue the injunction is based largely on the fact that the DOE's decision to delay going forward with the survey was voluntary and could be rescinded at any time.

But he went beyond that by saying that the mining companies were likely to succeed on the merits of their case. In general terms, he noted that the DOE relied on its ability to enact emergency measures, and those are only applicable if there's a risk of public harm. The DOE will likely try to make the case that elevated carbon emissions and electricity costs both count as public harms, so Albright is suggesting that he's unlikely to find those compelling.

Ah, Climate Change.  Is there anything it can't do?  Except in west Texas, where the Judge doesn't buy the whole "Climate Emergency means more Government" thing.

 

Recommended reading (and listening)

Isegoria (he is a daily read, right posts a review of an article about the science fiction classic Dune.  The excerpt is pretty interesting but also includes a link to an episode of historian Tom Holland's podcast The Rest Is History, in which Holland talks about just how much of both science fiction and Hollywood is about Rome.

Star Wars, The Hunger Games, Dune, and all sorts of less likely films explicitly (or sneakily) include all sorts of Roman motifs.  It's a fascinating listen.  Highly recommended.

Quote of the Day - AI edition

HMS Defiant brings a terrific suggestion:

In a somewhat saner world, I wonder what would happen to any given nascent AI after exposing it to the canon of English. It could start with every volume of The Harvard Classics, swallow the complete Encyclopedia Britannica and for an encore, learn French, Japanese, Spanish and Chinese and swallow the entire compendium of their literature for the last 1000 years. Then it gets everything written by Shakespeare for dessert. I wonder what that model would come up with. I bet it would be profoundly different from any model that got 100% of the ravings of twitter and reddit which seems to be what google was striving for with its useless clunker.

Endorsed.

The preserved wooden artifacts from Herculaneum

It's not just carbonized scrolls, there is a whole set of wooden items that have been uncovered at Herculaneum, the Roman city which, with Pompeii, was buried by an eruption of Mt. Vesuvius in 79 AD.  It's incredibly rare to have wooden items preserved for 2000 years, but there are a bunch.

When you consider that only a quarter of Herculaneum has been excavated, you have to wonder what else is waiting discovery.

Endorsed

RFK Jr. backs Rand Paul for Senate GOP Majority Leader.  Of course it will never happen, but interesting.

(via)

Dad Joke CCCVIIII

Where do chimpanzees go to grab a beer?  The monkey bars.

On Google's untrustworthiness

Lots of folks are posting about the Google AI fiasco, and how it shows that you can't trust Google's search results. 

Um, we've known this for over a decade.  Their political ideology has been on display, right out in the open for a very long time.

More bad security news

This sounds pretty bad:

Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity. However, not much is known about the offensive capabilities of LLM agents.

In this work, we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand.

Highlighting is mine.  That bit is really, really bad.

This may be an inflection point, where Black Hat AI will fight it out with White Hat AI that companies use to find problems before the Black Hat ones do.  What a mess.

(via)

Wolfgang's girfriend crosses the Rainbow Bridge

We've seen Sophie here before.  He took a shine to her she to him.  She had a couple sleepovers when her people were gone on trips, and she fit right in with his routine: walks, sit time, and good night cookies.  Plus she liked to play tug of war with him, which he loved.

Sophie has crossed the Rainbow Bridge.  Probably playing tug of war with Wolfgang again, or roughhousing with Sully.

That's Sophie on the left, and Wolfgang on the right. 

Law Enforcement takes down major ransomware site

This operation is pretty impressive:

Notorious ransomware gang LockBit's website has been taken over by law enforcement authorities, who claim they have disrupted the group's operations and will soon reveal the extent of an operation against the group.

...

But Europol has reportedly taken credit for shutting down LockBit, so perhaps Operation Cronos really has disrupted the gang’s operations.

If that's the case, this action will be welcome. LockBit is prolific and vicious: we've reported it attacking a children's hospital, Infosys, sandwich chain Subway, and many other attacks.

Reportedly there have been multiple arrests, data has been found that is expected to lead to more arrests, and multiple crypto currency accounts have been seized.  Eleven countries worked together on this which is also impressive.

We will see how much impact this has but Lockbit is one of the biggest ransomware schemes out there.  

And this isn't the only one of these takedowns in the last couple of months.  Well done.

 

Security is hard

This is bad.  Really bad: 

A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.

That would make it trivial to take down a DNSSEC-validating DNS resolver that has yet to be patched, upsetting all the clients relying on that service and make it seem as though websites and apps were offline.

The academics who found this flaw – associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt – claimed DNS server software makers briefed about the vulnerability described it as "the worst attack on DNS ever discovered."

What's bad is that you don't get more mission critical than DNS - Domain Name Service, the service that translates names (like borepatch.blogspot.com) into Internet addresses (like 192.1.7.200).  No DNS, no Internet.

If you run a DNS or DNSSEC server look at this ASAP.

President's Day - Best and Worst Presidents

It's not a real President's birthday (Lincoln's was the 12th, Washington's is the 22nd), but everyone wants a day off, so sorry Abe and George, but we're taking it today.  But in the spirit intended for the holiday, let me offer up Borepatch's annual bestest and worstest lists for Presidents.

Top Five:

#5: Calvin Coolidge

Nothing To Report is a fine epitaph for a President, in this day of unbridled expansion of Leviathan.

#4. Thomas Jefferson.

Jefferson is perhaps the last (and first) President who exercised extra-Constitutional power in a manner that was unambiguously beneficial for the Republic (the Louisiana Purchase).  He repealed Adam's noxious Alien and Sedition Acts and pardoned those convicted under them.

#3. Grover Cleveland. 

He didn't like the pomp and circumstance of the office, and he hated the payoffs so common then and now.  He continually vetoed pork spending (including for veterans of the War Between the States), so much so that he was defeated for re-election, but unusually won a second term later.  This quote is priceless (would that Latter Day Presidents rise so high), on vetoing a farm relief bill: "Federal aid in such cases encourages the expectation of paternal care on the part of the Government and weakens the sturdiness of our national character."

#2. Ronald Reagan

He at least tried to slow down the growth of Leviathan, the first President to do so in over half a century (see entry #5, above).  He would have reduced it further, except that his opposition to the Soviet fascist state and determination to end it cost boatloads of cash.  It also caused outrage among the home grown fascists in the Media and Universities, but was wildly popular among the general population which was (and hopefully still remains) sane.

#1. George Washington

Could have been King.  Wasn't.  Q.E.D.

Bottom Five:

#5. John Adams.

There's no way to read the Alien and Sedition Acts as anything other than a blatant violation of the First Amendment.  It's a sad statement that the first violation of a Presidential Oath of Office was with President #2.

#4. Woodrow Wilson.

Not only did he revive the spirit of Adams' Sedition Acts, he caused a Presidential opponent to be imprisoned under the terms of his grotesque Sedition Act of 1918.  He was Progressivism incarnate: he lied us into war, he jailed the anti-war opposition, he instituted a draft, and he was entirely soft-headed when it came to foreign policy.  The fact that Progressives love him (and hate George W. Bush) says all you need to know about them.

#3 Lyndon Johnson.

An able legislator who was able to get bills passed without having any real idea what they would do once enacted, he is responsible for more Americans living in poverty and despair than any occupant of the White House, and that says a lot.

#2. Franklin Roosevelt.

America's Mussolini - ruling extra-Constitutionally fixing wages and prices, packing the Supreme Court, and transforming the country into a bunch of takers who would sell their votes for a trifle.  At least Mussolini met an honorable end.


#1. Abraham Lincoln.

There's no doubt that the Constitution never would have been ratified if the States hadn't thought they could leave if they needed to.  Lincoln saw to it that 10% of the military-age male population was killed or wounded preventing that in an extra-Constitutional debacle unequaled in the Republic's history.  Along the way, he suspended Habeas Corpus, instituted the first ever draft on these shores, and jailed political opponents as he saw fit.  Needless to say, Progressives adore him.

So happy President's Day.  Thankfully, the recent occupants of 1600 Pennsylvania Avenue haven't gotten this bad.  Yet.