Tuesday, June 27, 2006

The Tyranny of the Executive

Atheist Ethicist

My concern is that the Bush Administration may be spying only on suspected terrorists the way that it invades only countries supporting those who attacked the United States on 9/11. My concern is with the possibility that Bush Administration officials might have an agenda, with an ulterior motive, that would involve invading a country so they rationalize a way of thinking about this country that makes it seem to them to be worthy of attack.

Emphasis added. This is a perfect description of why these programs are so troubling. The whole article, in fact, is a look through a crystal ball of where this country is heading if we allow unfettered power in the hands of the Executive branch.

The American democratic "experiment" needs some adjustment to rebalance power. Congress as watchdog is more like a lapdog. They don't wield their power over the purse strings: they hand out blank checks and don't oversee what we are getting for that money.

Sunday, June 25, 2006

Warren Buffett & Bill Gates: Serious Philanthropers

FORTUNE Magazine: Warren Buffett gives away his fortune - Jun. 25, 2006

I heard this on the radio this afternoon. It is really, really cool. I wonder how the world will look decades from now after these billions have done their good around the world? Hopefully, there won't simply be more campus buildings and computer labs!

What's the catch?

Executive Order: Protecting the Property Rights of the American People

I think this is a very cool move. Too bad Congress couldn't do something like this and too bad the courts had to side too much with corporations. This may restore some balance for the little guy against the Wal-Marts of the world...while it lasts.

But, what is the catch? Bush has been so pro-business I'm not seeing where this fits in...

Identity Theft -- Still the Victim's Problem

NPR 12-5-2002, All things considered 4pm.

"businesses are so interested in extending credit..." they just write off the losses. ID theft has not hit businesses economically yet, since that cost is borne by the victims, so they don't have incentive to do anything to fix these problems. And yet, the disclosure laws have given incentive to fix these problems but they seem to instead be incenting companies to water down the proposed federal legislation to neuter the positive effects they are having at creating a market economic incentive to fix the problems (though from the myriad reports still coming out every week about more data lost, you wonder what the heck some CISOs are doing).

Also, this story discusses a report that most ID theft is done by insiders. You do include insider attacks in your threat models, don't you? Kill the fortress mentality!

The Iraq hoax that just won't die

SecurityFocus HOME Columnists: Iraqi Cyberwar: an Ageless Joke

This is an OLD story so I hope that it is dead by now. But perfect example of the lack of fact-checking that goes on so much in the media.

"If you are not doing anything wrong, why should you worry about big brother?"

Schneier on Security: Police Cameras in Your Home

Great rationale for how the "fully trust the government" crowd does not understand the legitimate purpose of limits on governmental intrusion and power. I've seen several pundits cry that the end (catching terrorists) justifies the means even still.

Man Stuck on Sticking to Toilet Seat

CNN.com - Man glued to toilet may have history - Nov 8, 2005

Artists and Consumers get screwed by the music industry

Passionate condemnation of the music industry:

[IP] MUST READ Courtney Love does the math The controversial singertak

[IP] last on this topic -- Does File Trading Fund Terrorism? Successful artists not seeing any profit.

http://www.marketplace.org/play/audio.php?media=/2003/03/12_mpp&start=00:00: 20:00.0&end=00:00:27:30.0

[IP] 2 more on Does File Trading Fund Terrorism?

And to round this out, a great interview with John Perry Barlow on the evils of Digital Restriction Management Wrapped up in Crypto Bottles

And to draw in a security angle to all of this:

Security Blog

Sony rootkit debacle highlights the failure of the security technology industry: The real story, as Bruce Schneier points out - why the hell didn't any Antivirus software (or IDS for that matter), detect this software sooner? Is corporate malware going to continue to be default allow by these products? We are collectively paying these companies billions of dollars for what?

Juxtaposition: Einstein Approved

This is so cool.

Einstein's task list generator


Visa prohibits display of card numbers on receipts

[IP] I will start using my Visa card more

Wow this blog entry is old. But remember when every receipt had the full card number on it? And remember when Starbucks would mask out everything _except_ the last four digits so that you could get the full card number with just two receipts?

I still find that the business' copy of the receipts often has the full card number on it, with only my copy being masked out. But, I don't much care, except when it comes to my Debit card receipts since the US laws do not cover Debit cards as fully as credit cards.

National Missile Defense System = Lame

National Missile Defense System Test Fails Again This story is over a year old but there hasn't been much better news about this boondoggle since then.

Oh, we can only hope that we are attacked by drones and not real missles... Those have been the only things that have even partially been stopped by this technology (after much rigging). Very apropos since just on the McLaughlin group today there were those that actually thought we could possibly rely on this to knock a North Korean ICBM out of the sky before it hits the US west coast.

Real-life Gremlin dies?

CNN.com - 'Ugly dog' Sam dies at 14 - Nov 22, 2005


Was Ugly Dog a real-life Gremlin?


Tales from the RFID Hacking Underground

Wired 14.05: The RFID Hacking Underground

Follow-along to the article on building your own RFID skimmer

Man swallowed by house dies.

CANOE -- CNEWS - Weird News: Man dies after plummeting into large hole that opened beneath his home

This is bizarre!

AIRBORNE Airheads: The sellers or the buyers?

Who Has Time For This?: CREATED BY A SCHOOL TEACHER!!!!!

Perfect real-life case of a company using deceit and faulty arguments to convince the public.  Too bad the FDA doesn't take a more active role in investigating these kinds of products and claims.  The placebo effect also makes people more apt to believe these products work.

Verizon's hostile attitude toward its customers

Nuclear Elephant: The Motorola v710: Verizon's New Crippled Phone

I have to say that I was really annoyed to find that my Motorola E815 couldn't even share vCards between phones using Bluetooth, let alone that they disabled the advertised ability to use mp3s for ringtones, to get photos you snap onto your PC, to play mp3s, to play videos, etc.

More black marks for DHS

Think Progress: Homeland Insecurity.

Have you taken your security pills?

The other day, I made what I think is a very apt analogy comparing the security product industry to the diet and herbal supplement industry.

  • Both operate with little to no oversight or regulation (though security at least has bloggers and scientists willing to call out some of the more egregious offenders)
  • Products often have little to no academic, scientific or factual basis for their designs or claims
  • Products tend toward the panacea/"silver bullet" realm and claim to solve all your ills

I'm sure that I am missing some more...

Incompetent Design Theory

Daily Kos: "Incompetent Design" theory

Take that and this Creationists and foes of science:

Evolution of 'irreducible complexity' explained

Iraq withdrawl timetable is what America wants

David Brooks: Completely out of touch

Look at the statistics from three separate polls on how many Americans want a timetable and a withdrawl/draw down soon from Iraq. It's at least half if not a majority of Americans. Yet pundits like Brooks are misrepresenting them.

I also just heard on Air America this weekend in passing that 72% of US military wants a drawdown/timetable defined. So the Democrats have been on the right side of the issue as viewed by the American people. Oh, and even "Iraq's national security advisor, Mowaffak Rubaie, has publicly embraced a similar timetable." See http://www.latimes.com/news/printedition/asection/la-fg-withdrawal25jun25,1,4367170.story?coll=la-news-a_section

I can only hope that this comes back to hurt Republicans in the 2006 election.

"Values" votes in the 2004 election

Editor's Cut: Stand and Fight

Catching up on ancient blog entries. This article was talking about the 2004 election upset and brought up the issues of why Republicans and the so-called religious right think that their divisive issues are the only "moral" issues at stake.

What about fighting poverty and affordable health care?
What about the issues of quality of life instead of "life at any cost" (well, at least after overlooking the pro death penalty thing)?
What about enjoying sexuality instead of repressing it as sinful? Why shouldn't the FCC be regulating Violence on the airwaves instead of nipples? More nipples should be a core value! Spin the anti-nipple crowd as pro-violence on TV!
What about honesty over deceit and lies?
What about the character to admit you are wrong?
What about a fair working wage for every American?
What about not breaking the law to uphold the law?
What about love and tolerance instead of hatred and intolerance?

Whose values will win out in 2006 and 2008 elections? I vote for mine.

Bush considered bombing Al Jazeera HQ

NPR : Report: Bush Considered Bombing Al Jazeera

I never would have thought I would say, "Thank heavens for Tony Blair".

Making port forwarded connections accessible from the intranet LAN

# Enabling many:one IP masquerading from the LAN to the Internet (i.e. out the $WAN interface)
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# port forwarding $WAN_IP:25 to $SMTP_SVR_IP:25
iptables -t nat -A POSTROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT --to $SMTP_SVR_IP
iptables -A FORWARD -i $WAN -p tcp --dport 25 -d $SMTP_SVR_IP -j ACCEPT

# Making this cruft work from the intranet
# i.e. DESK_IP -> WAN_IP:25

# Bad rule:
iptables -t nat -A POSTROUTING -o $LAN -j SNAT --to-source $WAN_IP

# Good rule:
iptables -t nat -A POSTROUTING -o $LAN -s -j SNAT --to-source $WAN_IP

Cracking Java byte-code encryption

Cracking Java byte-code encryption

Why Java obfuscation schemes based on byte-code encryption won't work.

Tech Tip Roundup

DIY external portable USB Hard drive: Just bought the Bytecc HD-201u2 enclosure. It is completely USB powered. Stick any laptop harddrive you want in there and go. Comes with a cable and a nice carry case (although the zipper is crap).

Preloading images on a page using only CSS

Grab a PDF copy of the Scriptaculous Cheat Sheet #1: Javascript effects Side note: someone really has the last name Fuchs? How cool is that?!

Windows, has a limit: a single PC can be controlled by a single “local” user (the “real” person on place), OR a single “remote” user. If someone logs into the computer from remote, the local user is disconnected. The following procedure deactivates this block and allows multiple persons to connect and to use a single computer from remote.

Ricky’s Web Review Blog Archive Windows XP Multiuser Remote Desktop Enabling up to 3 simultaneous remote desktops on Windows XP

Presentation Zen

Presentation Zen: What is good PowerPoint design?

A nice article showing several different ways of communicating the same message without overcomplicating your slides.

The blog also offers excellent insight into visual design appropriate for powerpoints or any visual marketing.

Knife Maintenance and Sharpening

eG Forums -> Knife Maintenance and Sharpening

A very helpful guide on how to properly sharpen knives. I seem to dull the crap out of them unless I use the method of holding the steel sharpener vertical. The hardest part is maintaining the 15 degree angle while following the curve of the blade. The article also lists some gadgets that actually do help with this process and some devices to avoid.

Help for your penis anxiety

Entrez PubMed: Treatment of men complaining of short penis.

Men complaining of short penis could be treated using basic principles of sex education with objective methods of penile size evaluation. This combination can correct any previous sexual misconceptions...

I say they save their money and just call Loveline for some ridicule-therapy.

NSA Surveillance -- only the tip of the iceberg

A gaggle of links about the illegal NSA domestic spying program. More apropos in light of even more spying by the Bush Administration -- this time on international wire transfers

Think Progress: NSA Whistleblower To Expose More Unlawful Activity: ‘People…Are Going To Be Shocked’

Media Matters - Myths and falsehoods on the NSA domestic call-tracking program

Illegal NSA Data Mining Highlights Need for Congressional Oversight CDT legal analysis (Center for Democracy and Technology) of the NSA spying program

And some analysis of how this kind of program is ineffective (My favorite description is that finding a needle in a haystack is not made easier by increasing the size of the haystack)

Daily Kos: The NSA, the Database and YOU

Daily Kos: An Illusion of Privacy and Security

Fewest number of coins to make any exact change

Boing Boing: Exact change wallet card

The answer is very cool (only 10 coins):

  • 3 Quarters
  • 1 dime
  • 2 nickels
  • 4 pennies

Saturday, June 24, 2006

Good end-user information on Phishing from PayPal

PayPal - Identity Protection Resources

It was a very good touch that PayPal even uses HTTPS (SSL) for their pages providing this security information so that end users can authenticate the pages originate from PayPal and get used to ensuring that their interactions with PayPal are SSL-secured.

Fake Journalism Trumps "Real" Journalists again

Boing Boing: Colbert White House video on DVD at CSPAN

This was the most scathing satirical commentary on the lapdog media and the president himself -- and right in front of both subjects!

If you have not seen this, it is worth it. It's about an hour into the correspondent's dinner. I downloaded the whole show via bittorrent. I would be willing to reseed the 300+ meg show, or follow the links and you can get the segment with just Colbert's piece from many sources.

Friday, June 23, 2006

Rumoured huge AMD price drop July 24

DailyTech - Update: AMD Plans Major CPU Price Drops Day After "Conroe"

Guess I'll have to wait to buy my new system! I'm thinking an AMD AM2 motherboard will have the best socket longevity and that is the socket platform that AMD is putting its lower power consumption options on. Comparable CPUs run 89W or less in the AM2 version versus the Socket 939 equivalents. And even lower power consumption models are on the way.

If the prices do drop this dramatically, I'm not sure if I would buy a better proc or take advantage of the cheap price/performance option. We'll see.

Thursday, June 22, 2006

Move over chroot, AppArmor is here

Plugging my own product, but what the hell, it is open source :)

AppArmor http://opensuse.org/Apparmor is an application security container technology for Linux. It lets you create application profiles
(policies) that define the files that the application can read, write, and execute. It lets you do this per-application, so you actually could allow users to upload arbitrary C/binary programs and expect them to behave as you specified. It provides an inheritance model so that you can't escape from this jail by exec'ing something fun: the child is controlled by policy too.

And for confining PHP (and PERL code run by mod_perl, and any other language interpreted in-place by Apache) AppArmor provides a change_hat API call and a mod_apparmor module for Apache, so that you can have AppArmor-style profiles wrapped around individual PHP pages and mod_perl scripts, even though they never appear in the process table.

If you find yourself between the rock of having to run some PHP or PERL code and a hard place of not trusting that code, try confining it with AppArmor, so that if/when the code screws up, it can only screw itself.


Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com

Wednesday, June 21, 2006

Tuesday, June 20, 2006

Build your own RFID Skimmer

How to Build a Low-Cost, Extended-Range RFID Skimmer

Oh, I'm definitely going to have to build one of these!!

Open debate on DRM

WSJ.com - 'DRM' Protects Downloads, But Does It Stifle Innovation?

Remember, DRM = Digital Restriction Management.

This is an awesome debate getting to the heart of the matter. Courtesy of BoingBoing

More proof for danger of allowing arbitrary redirect

ZDNetAsia : Printer Friendly - Paypal fixes phishing hole

ING data loss

(19 June 2006)
Letters are being sent to 13,000 individuals whose personal data are held in a laptop computer stolen from the home of an ING US Financial Services agent. ING is instating a new security policy for laptop computers that includes encryption and password protection; the stolen computer had neither. The people affected by the data security breach are all District workers and retirees.
(please note: this site requires free registration) http://www.washingtonpost.com/wp-dyn/content/article/2006/06/18/AR2006061800716_pf.html
[Editor's Note ( Northcutt): ING's slogan is Your Future. Made Easier.
Try telling that to the 13,000 impacted individuals. This wave of data losses is starting to remind me of counties that don't put traffic lights up until there is a motorist fatality.
(Grefer): Invest around 30-40 dollars into a cable lock for your laptop computers and spare yourselves this embarrassment as well as lots of headaches for your customers. Further, even if you don't want to spend the money for encryption software, at least use the EFS (Encrypted File
System) functionality provided within Windows XP Professional to add a bit more security to the mix.]

Monday, June 19, 2006

Creating a 3-column layout in Movable Type

Learning Movable Type: Creating a 3-Column Layout in MT3.2

I used the information in this tutorial as a guide for creating my 3-column stylesheet that I recently implemented across all pages on juxtaposition. Also, the Web Developer firefox plugin was invaluable for tweaking the CSS with live-preview of the results.

Cleaning .deb package house

Ubuntu Blog: Better Management of Packages while Uninstalling

HOWTO: Using debfoster in practice

The Unbalanced Mainsteam Media

Poynter Online - Forums: Coulter and Moore aren't the same

Coulter is simply a brash, bigoted, bullheaded, insane, insensitive liar wack-job. There is no comparison to Moore.

Converting text from Unicode to ASCII

Just had to convert some text files from Unicode to ASCII and used Vim to do it:

Open each file and notice that vim says [converted] at the bottom, indicating that it has transparently opened the unicode file to let you edit that file.

On each file, change the file encoding setting to latin1 (basic ASCII):

Then save the file and it will be converted:

FYI, The vim docs note that changing the "encoding" setting does not affect existing text so that won't work.

Saturday, June 17, 2006

A fallacy by any other name...

But this here herring is so obviously red at Pandagon

I love the way they cut through the bullshit in this argument and reveal the naked fallacy underpinning it. It is a shame when proponents use the fact that society (wrongly) denigrates some activity (prostitution, homosexuality, gay marriage, being single, being a nontheist, etc.) that in itself has nothing to do with them and on its face is not "immoral" and has nothing to do with those who denigrate it and then writes off the fact that those engaging in the activity get victimized (wrongly) by saying that they knew the consequences ahead of time, so what's the big deal? Really irritating tactics.

Bizarre Notepad bug

27B Stroke 6

Bizarre notepad bug that really exists. If you type a phrase consisting of a 4 letter word, then two three letter words, then a 5 letter word, save it, then reopen it, the text will be corrupted and unreadable. There is a claim that not all words cause this to occur. See the linked story for examples of what does work.

There was a great quote:

If Microsoft can't keep strange bugs out of Windows' simplest application, we'd better get used to the monthly security patch cycle.

Thursday, June 8, 2006

US Senate Bigot Roll-Call

U.S. Senate: Legislation & Records Home > Votes > Roll Call Vote

From the results of the Gay Marriage Ban cloture vote (read: write discrimination into the constitution), we get a nice list of the bigots in the US Senate that should be defeated, especially the two Democrats who joined the 47 Republicans.

Alexander (R-TN)
Allard (R-CO)
Allen (R-VA)
Bennett (R-UT)
Bond (R-MO)
Brownback (R-KS)
Bunning (R-KY)
Burns (R-MT)
Burr (R-NC)
Byrd (D-WV)
Chambliss (R-GA)
Coburn (R-OK)
Cochran (R-MS)
Coleman (R-MN)
Cornyn (R-TX)
Craig (R-ID)
Crapo (R-ID)
DeMint (R-SC)
DeWine (R-OH)
Dole (R-NC)
Domenici (R-NM)
Ensign (R-NV)
Enzi (R-WY)
Frist (R-TN)
Graham (R-SC)
Grassley (R-IA)
Hatch (R-UT)
Hutchison (R-TX)
Inhofe (R-OK)
Isakson (R-GA)
Kyl (R-AZ)
Lott (R-MS)
Lugar (R-IN)
Martinez (R-FL)
McConnell (R-KY)
Murkowski (R-AK)
Nelson (D-NE)
Roberts (R-KS)
Santorum (R-PA)
Sessions (R-AL)
Shelby (R-AL)
Smith (R-OR)
Stevens (R-AK)
Talent (R-MO)
Thomas (R-WY)
Thune (R-SD)
Vitter (R-LA)
Voinovich (R-OH)
Warner (R-VA)

Death tax: Dead

U.S. Senate blocks permanent estate tax repeal|Reuters.com

This was a stunning setback: 57-41 against. Awesome. I'm not happy about the additional tax cuts but at least our federal coffers won't be further depleted and the super-super rich won't get another out, causing the lower classes to pick up the tax burden.

Olbermann rips Coulter a new one

Olbermann slams Coulter: Shameless

Coulter's hate and hypocrisy are f*ing sickening. Olbermann uses her own words and positions to destroy her and adds some choice ones of his own.