| Why I push encryption and security so hard |
[2008-06-21T01:33:00] |
| [ | Current Mood |
| |  frustrated | ] |
| [ | Current Music |
| | Emergency Broadcast Network - Electronic Behavior Control System | ] |
I have been pushing the use of encryption and other proper security techniques, such as the use of PGP, for over... lets see... 13 years now? In all that time, I have gotten a grand total of zero* people to convert. I may have gotten a few people to at least use https:// instead of http:// when possible, but nobody has ever taken me up on actually using full encryption and Web Of Trust. Not even other computer geeks. The response is always a variant of either "But it's confusing/annoying!" or "I just don't see the point, I'm not a target!"
I have tried to explain that most security tools become really easy to use after the initial setup, and that you are a target - if not today, then in the future. Waiting for a bugler to raid your house before you bother putting a lock on your door most people would agree is idiocy, yet that attitude is carried over to computers all the time. Maybe it's because people don't realize that all their emails are going over the net in the electronic equivalent of a postcard with neon ink. Maybe it's because people don't realize that the "bad guys" can intercept millions of communications at the same time with simple software, so the problem is amplified much larger than someone trying to sneak a peak at the postcards in your physical mailbox.
Except... I have tried to explain those things. Those arguments don't help, and are dismissed. The problem is just not seen as "real".
Well, now it is. There have been a lot of little things over recent years... a few first-steps, but as of this week we have hit a new level of brazen disregard for privacy and deliberate breaking of security.
http://arstechnica.com/news.ars/post/20080619-report-nebuad-ads-inserted-via-man-in-the-middle-attack.html
The short version: Charter cable is in bed with some company called "NebuAd" to install co-location boxes at Charter that not only eavesdrop on all HTTP traffic, but they also run TCP Sequence Number Prediction attacks to rewrite the HTTP stream in realtime. It launches what is called a Man In The Middle attack, so it can talk to both sides of the conversation at the same time and insert ads, of course. Well... we think that all they are doing is inserting ads. If they have the ability to modify any web page you fetch, it could be changing anything.
They don't even try to hide the fact that they are running these attacks:The report calls out NebuAd, which recently began a high-profile partnership with cable operator Charter, and it doesn't mince words. The NebuAd system "commandeers users' Web browsers," makes use of a "browser exploit," and operates "by using what is effectively a classic man-in-the-middle attack."
...
NebuAd works its targeted advertising magic by partnering with ISPs and installing a box in their network. The box examines inbound and outbound traffic from all users, and it builds a highly-targeted profile for each Internet user by taking a look at the sites that people visit and the keywords displayed there. These profiles are then used by NebuAd to insert relevant advertising into web pages that have elected to use to the NebuAd network
Even if this is just being used for some annoying ads right now, that can easily break more complex web-apps that assume pages won't change (say, various fancy google apps?), and you know that if the ads work, it will be used for other things in the future. The fact that we heard about this one in such frank terms is amazing - most of the time, I'd expect them to try and stay quite about what they are doing.
Now, this particular issue is probably a direct violation of copyright (there is case-law to show that modifications like this count as "derivative works" in terms of copyright), so they will probably sued or embarrassed out of business for now. But that's only this time. It should serve as a reminder that unless you personally take your communication security seriously, it's not that people MAY eavesdrop and tamper with it, it's that they ARE eavesdropping and tampering with it!
So yet again, I'd be happy to help anybody that wants to lean about proper encryption, security, and related topics. How email can be sent securely, how Instant Messaging can be encrypted... all of these are important topics.
I somehow expect there to be a big response of "zero" yet again, though...
* I have gotten a few people to use OTR encryption under AIM, which is better than nothing, but is really a drop in the bucket compared to how many people should be using encryption full time. |
|
|
| adventures with drug dealers |
[2008-06-18T23:45:00] |
| [ | Current Mood |
| | anxious | ] |
| [ | Current Music |
| | Sheep On Drugs - Waiting for the Man | ] |
So tomorrow I have the regular monthly ritual of going to visit my drug dealer, the local psych. Except this time is probably going to be different:- They are changing the funding for all of Valley Medical Center, so the department I've been going to is being gutted.
- I believe they are putting us all on a "every few months" drug-refill clinic instead, which seems kind of impossible for me given that I take a C2 drug that can only be given out in 30-day supplies.
- As this is the last time I'm probably going to see this particular psych (no big loss), I need to beat it into her head that I need to be put on stronger doses of several of these things now, or I have to start that explanation over from the beginning with a new psych.
- After the last month of fanime, social activities, and concerts... I'm really fscking stressed. Trying to ask for drugs like adderall while fighting off a panic attack is not a recipe for success.
So this "conversation" is going to be... special. I see a non-zero chance that I could have a total panic attack there, as I've been fighting them all week, and end up in EPS again or something. That wouldn't help my quest for better pharmaceuticals in any case.
And regardless of how that turns out, there's the fact that the entire free-drug-insurance thing is being gutted too, so I may have to pay full-retail for some of these. Adderall is $5/pill. I have no idea how that is going to work, though, and probably won't now until I go to the pharmacy and try and get things filled. So there's always the chance that I'll get prescribed useful drugs, but not be able to afford them. That would make friday really fun; sudden withdrawals is not a sane idea.
But... really, the summary of all of this is "crazy stress about the unknown". Someone feed me a sedative or something... |
|
|
| Thank you Mr. Spock |
[2008-06-16T12:43:00] |
| [ | Current Mood |
| |  amused | ] |
| [ | Current Music |
| | The Firm - Star Trekkin' | ] |
Regarding the new gay marriage ruling by the CA supreme court, George Takei and Brad Altman just used this phrase on CNN:Our marriage will live long and prosper! I never expected such a geeky joke on CNN. |
|
|
| clusterfuck |
[2008-05-23T11:40:00] |
| [ | Current Location |
| | fanime, sjcc | ] |
| [ | Current Mood |
| | stressed | ] |
| [ | Current Music |
| | The theme from Kid Icarus over the P.A. here | ] |
This thing we call a convention is better termed "total clusterfuck" right now... at lest here in registration. 2,500 people so far, and it's not even noon on Friday.
Amazingly, I can blame Bill Gates for this. DYMO makes amazingly bad printers, and the black box that is windows CIFS network printer sharing is a black hole that eats our print jobs. When you are sending out several thousand from a central print server, this is pretty serious... especially when you have crazed anime fans staring at you, in a huge mob around the printer/badge tables.
It's only friday, and I'm running on, I believe, 7 hours of sleep total in the last 72 hours. It's amazing I have been able to patch the database and Ruby code live, without issuing an erroneous UPDATE TABLE statement without a WHERE clause or something. Sleep dep hallucinations and database work cannot be a good sign.
Someone bring me some absinth or something. I probably need it... |
|
|
| ouch ouch ouch ouch |
[2008-05-22T00:01:00] |
| [ | Current Mood |
| |  worried | ] |
| [ | Current Music |
| | New Order - Bizarre Love Triange | ] |
I don't know which hurts worse. The horrible pain in my feet form running around in my boots all day, or the strange burning in my finger
tips from putting RJ-45 connectors on cables all evening.
At least we had my amp there, so we had decent music on while running all that cable...
And I just learned of some important differences in the assumptions between the (non-normalized, non-consistent) data in the database dumps I just got, and what my registration software is expecting to use. I now have to make some non-trivial changes to said software, I believe, in the next... 17 hours, maximum. And I'm going to go sleep away a bit under half of that time right now.
I need several miracles to happen in the next day or so...
Oh, and apparently I have 40" angel wings showing up tomorrow or something. I am confused on this point. @.@ |
|
|
| Amazing times in Fandom - FROM SPACE!!!!1!1!one!!! |
[2008-05-20T00:58:00] |
| [ | Current Mood |
| |  rejuvenated | ] |
| [ | Current Music |
| | Ramones - Crummy Stuff | ] |
Ok, now I'm ready for fanime. The rum and Pernod has been consumed, and B.A.D. has been watched. The con can commence now.
Sponsord by the word "Fuck",
the letter "U" and
the numeral "2". |
|
|
| "It Starts" |
[2008-05-19T22:25:00] |
| [ | Current Mood |
| | stressed | ] |
| [ | Current Music |
| | Presets - My People | ] |
Or, to be precise, it started yesterday, with the last Fanime staff meeting. There were only about 150 of the 540 supposed staff there, at the final "mandatory" meeting, which I'd take as a bad omen, except that I know from experience that anime geeks are total flakes, so the (lack of) attendance is not surprising. The real bad omen is that this is the first year I'm working Fanime without the ritual drunken evening of B.A.D. before the con. I always watch that, to get into the proper fanboy mood, and lack of that ritual cannot be good.
Wait. In finding that link, they seem to have put the videos up on their website! I guess I know what I'm doing for the rest of the evening...
In any case, the inanity of the next week is this:
- TUE: Finish all the changes I keep getting told about for this registration software I'm writing, including the rest of the charts that finance wants, if that's even possible. Somewhere in there, find time to go to my psych appointment and deal with the hassle the pharmacy will give me when trying to get a prescription for amphetamines filled quickly.
- WED: Early morning (relatively speaking) hauling of all the computers and other equipment to the registration. Then spending most of the day measuring, cutting, and putting 100+ RJ-45 connectors on all the CAT-5 we are using. Oh, and gaffing down as much of it as I can.
- THU: Finishing up yet more bugs/features that are lacking, and testing all 40+ computers. Giving out accounts to all 80+ registration staff by hand. Oh, and hoping this entire fscking miracle is pulled off for when the fanboys start pouting in when we open reg at ~5pm
- FRI: First day of Early Mornings. Getting up at 6AM to shower and be at the convention center to turn setup and turn on all 40 computers/etc, so we can open to the real hoards of fans at 8AM. Try and stay sane until 8pm, and sleep early.
- SAT: The real Early Morning. Another 6am start. There's probably 1000 fans waiting to get in by 8am, with another 5k ready to show up in the next 6 hours, so my amphetamines and anti-anxiety pills better hold out.
- SUN: 3rd day of 8am->8pm reg. Probably a slower day, as if there was a problem, it probably fucked us all in earlier days.
- MON: Extra problems. We start selling next-year's badges here, so new problems are sure to crop up. Finance will probably be hounding me for those charts I didn't do, too.
- TUE: Spend most of the day tearing all the equipment down, and packing it back into our storage units. I probably have to give some final reports and database dump here, but I am SO not thinking that far ahead right now...
- WED: If I survive all that, pass out for several days.
How I agreed to take on this responsibility, I'll never know. If this software I'm writing fucks up, there's going to be a LOT of pissed off staff and guests. It wouldn't be the first multi-million dollar mistake I've made if things fuck up hard...
Everything should work... as I am using pretty good programming practices, and ruby makes problems easy to fix... but that's not going to help my paranoia about it all.
So come keep me company in reg, and help fix my sanity. I'll probably need it... |
|
|
| Fanime has taken overy my brain |
[2008-04-22T22:42:00] |
| [ | Current Mood |
| | stressed | ] |
| [ | Current Music |
| | Velvet Acid Christ - BSAT2 (Polymorphix a theme to a visual epic) | ] |
Even though I knew - with all the logic, experience, and intuition that I can manage - that this would happen, I still took on the Fanime job. Why, oh why did I do that. It's gotten to the point that I'm writing huge numbers of emails a day, and about the equivalent to a 5-10 page essay every day in terms of Ruby code, documentation, and technical manuals.
Thank you happy stimulants that get me through this...
The psych better up my dosage across the board before the convention, though, or I'm going to go pass out from the crazyness of it all about half way through... |
|
|
| FINALLY!!!!1!!1!one!11 |
[2008-04-10T19:44:00] |
| [ | Current Mood |
| |  accomplished | ] |
| [ | Current Music |
| | The Outlaws - Green Grass and High Tides | ] |
After approximately 50-70 tries, I have finally beaten the last fucking song on Rockband for guitar/expert. I even finished it with 4 stars. So I am now completely done with the insanity that is Green Grass and High Tides.
That also means that I now have at least 4 stars on every song on expert, and about 1/3 of them with gold-stars. I guess I should stick to drums for a while now, but some of those are giving me a problem... I need to find my double-bass pedal and vdrum pad, which would help a lot of those harder drum-levels a lot. |
|
|
| Reality is the only word in the language that should always be used in quotes |
[2008-04-02T22:51:00] |
| [ | Current Mood |
| | excited | ] |
| [ | Current Music |
| | MLWTTKK - A Girl Doesn't Get Killed By A Make Believe ...Cuz It's Hot | ] |
TKK is playing again!
This time it's a 20th Anniversary show at the DNA, at which they are claiming:...this show will be reminiscent of the infamous "1989 Inferno Xpress Tour". It will feature many songs from the Wax Trax years: including hits like "Kooler Than Jesus", "A Daisy Chain 4 Satan", "The Days Of Swine & Roses", "The Devil Does Drugs", and, of course "Cuz It's Hot"!
Where's the blotter when you need it... |
|
|
| "We love you Nick!" |
[2008-04-01T14:27:00] |
| [ | Current Mood |
| |  annoyed | ] |
| [ | Current Music |
| | Laura Barrett - Smells Like Nirvana | ] |
So, in preparation for the upcoming Fanime, I have been trying to find a copy of Bad American Dubbing. This is proving surprisingly difficult. I found the new C.C.C.C. release on the net easier than this. Obscure Japanese noise music shouldn't be easier to find than American fan-dubs.
After extensive google use, apparently myspleen.net had the only reference to a torrent of the movie that I could find, but that's an invite-only tracker. So I had to go bug people on IRC to get an invite, which was another huge issue.
I finally get on the site... and apparently the torrent was posted in 2005. It hasn't had a seed in years. I'm bugging the original poster through that site, but I doubt much will come of it.
Now, theoretically I have a (bad, high-generation) VHS copy of it somewhere. The copy I traditionally have always watched before Fanime to get in the proper "crazed anime fanboy" mood. Except it's in some storage shed right now, almost certainly lost, if not destroyed from the events in my life a bit over a year ago. I happen to know it was out and near one of my VCRs when all that happened, as I had just shown it to ![[info]](http://p-stat.livejournal.com/img/userinfo.gif) ubermensch.
So the search continues. I suppose I can bug people at the convention for a copy, which should almost certainly work, but really, the whole point is to watch it before the convention, so that doesn't really help. Sigh...
How else will be protected from the Mysterious Alien Saboteurs... From Space! |
|
|
| More proof of my lack of sanity |
[2008-03-25T01:46:00] |
| [ | Current Mood |
| |  determined | ] |
| [ | Current Music |
| | Sakiko Tamagawa - A.I. Sentai Tachikomas | ] |
Somehow I have not only gotten involved with Fanime again this year, but have decided to fix the problems I saw in their computer system by offering to, well, basically take over the registration IT needs. And write the registration webapp.
I must be insane.
I have sent and received more email in the last 24 hours than in the last two months.
I must be insane.
I have written up pages and pages of documentation, plans for deploying the registration databases and software, and about the first 10% of the webapp already, and it's only been like 36 hours.
I must be insane.
...
Either that, or all the amphetamines I'm finally getting from the psych are working and I have actually achieved some form of "productivity" that was lacking for a long time.
...
Nah, I must be insane. |
|
|
| [ ] |
[2008-03-18T01:36:00] |
| [ | Current Mood |
| |  mischievous | ] |
| [ | Current Music |
| | My Life With The Thrill Kill Kult - Dirty Little Secrets | ] |
echo "72.36.180.126 hoodwink.d" >> /etc/hosts
echo "72.36.180.125 ___._" >> /etc/hosts |
|
|
| "The pirate radio of technical manuals" |
[2008-03-03T21:31:00] |
| [ | Current Mood |
| | enthralled | ] |
| [ | Current Music |
| | PTV3 - Hooka Chalice | ] |
So I've told a lot of people that they should learn the programming language Ruby over the years. It is a language that embraces lambda in a good and proper way like LISP does, with all the syntactic sugar of a more approachable and traditional language like Perl or Java.
This evangelism has not had a huge impact, though, as all LISP-like languages are not that approachable. Having a code/data duality, large amounts of metaprogramming, and other features requiring the lambda calculus is very strange to people that have yet to experience the enlightenment of such concepts.
Recently, I found a very good tutorial that explained LISP in terms of Java and XML that many programmers are familiar with. It did a good job, but it still required a large programming background to understand. If you are familiar with programming, especially Java and ANT, I still highly recommend that tutorial.
...
...but then I found Why's (Poignant) Guide to Ruby.
You should read this. I'm not sure if it was amphetamine induced sleep deprivation, large amounts of hallucinogens, insanity brought on by extreme isolation, or a combination of the above, but this is a great read. Sure, it's a simple tutorial on the basics of Ruby, but it's also so much more than that. It primarily focuses on the ideas and philosophies of the language, sprinkled among cartoons and stream-of-consciousness humor that would fit right in on Space Ghost Coast to Coast.
How many other technical manuals are written in the form of historical-fiction anecdotes, beat-culture style prose, and crazy cartoon foxes talking about chunky bacon?
So go read it. It will give enlightenment about better ways to program and talk to computers in general, and is a complete head-trip at the same time.
Oh, and don't forget that it has a soundtrack as well! |
|
|
| Lots of music... |
[2008-02-28T01:42:00] |
| [ | Current Mood |
| |  geeky | ] |
| [ | Current Music |
| | Morphine - Slow Numbers | ] |
I have a lot of music, it seems:
mysql> select count(*) from bands;
+----------+
| count(*) |
+----------+
| 146 |
+----------+
1 row in set (0.00 sec)
mysql> select count(*) from albums;
+----------+
| count(*) |
+----------+
| 395 |
+----------+
1 row in set (0.00 sec)
mysql> select count(*) from songs;
+----------+
| count(*) |
+----------+
| 4538 |
+----------+
1 row in set (0.01 sec)
I know this is still missing at least 1/4 of my CDs that I have yet to rip into my computer, and another GB of DJ sets and other live recordings.
Hmm... lets try some more math:>> total = 0
=> 0
>> Band.find(:all).each { |band|
band.albums.each { |album|
album.songs.each { |song|
total += song.length_in_seconds.to_i
}
}
}
...
>> total
=> 2059085
>> total / 60.0
=> 34318.0833333333
>> _/60.0
=> 571.968055555556
>> _/24.0
=> 23.8320023148148So It's ~572 hours or 23.8 days of music. Wow.[pdkl95@switchblade:/mp3/albums]> du -hs .
36G . eating up a full 36GB of space on my RAID array.
The thougth that I could let my computer play music for almost a month and never repeat anything is rather disturbing. |
|
|
| Your friend, 1-phenylpropan-2-amine |
[2008-02-26T19:06:00] |
| [ | Current Mood |
| |  okay | ] |
| [ | Current Music |
| | Velvet Acid Christ - Speedball O.D. | ] |
Yesturday was strange. I didn't get much sleep the night before, for no apparent reason, so instead I stayed up chatting with chise until like... 6:30AM or something. At least that was productive. I may be able to direct some help her way for her current sciatica problems, which would be great.
Anyway, realizing I had a mid-day appointment with the psych, I was able to get about two hours of sleep. I think. It wasn't much in any case.
So I wake up and try to get a bit saner and not strung-out looking before the psych appointment, and Google decides to ban me. I'm so used to being able to look little things up with a few keystrokes that the sudden absence of a large chunk of my memory was highly disturbing. This probably has some significant implications in a cyberpunk-style manner - we are relying on technology traps more and more, for even basic cognition now, not just physical goods and services.
Back to the psych appointment. I get there, and the normal doctor is supposed to be gone on vacation. So I ask for this temporary replacement doctor, and the secretary at the front desk gets all confused. Apparently the normal doctor was indeed there. Highly rush, and about a quarter-hour late for the appointment, she seemed in a strange mood. Maybe the vacation did her some good or something? Regardless of the cause, she actually deferred to my knowledge and opinion on the subject of my own mental health, and prescribed me some amphetamine.
Finally.
Ok, she started with the 5mg "smallest pediatric dose" (yes, amphetamine is approved by the FDA down to age 3), but at least it's something. I suspect arguing for dose changes at a later date would be much easier than getting it prescribed at all.
A strange observation, though. She commented as I was leaving that I seemed notably better than usual. Which is normally fine, except that I had just spent the night before not sleeping. Apparently "me sleep deprived" approximates "normal for typical people" or something. This I do not understand.
So... it was one strange day. And it's continuing into today a bit, as now I am on amphetamines. The surreal quality has yet to end.
Maybe I can find some cash to got to MEAT and Bones this thursday and I can use that big of "normality" to reset my perception of reality back to something more typical. Or not.
I guess I should use this surreal state to go try and play some psytrance or something. Maybe I can effectively recored some of it. It could be interesting to try regardless of the outcome, though...
*** runs off to turn on the Virus and set up the sequencers and drum machines *** |
|
|
| Google laid down the ban-hammer on me |
[2008-02-25T11:42:00] |
| [ | Current Mood |
| | frustrated | ] |
| [ | Current Music |
| | XORCIST - Governet | ] |
What the fuck. Googled just banned me. All searches on any google service send me to this page:
Using a unix box, their "suggestions" are hilarious.
I'm wondering now if someone behind the same NAT (my family, that is) has some stupid windows virus and has tainted this IP.
This is bad. I need google. Too much of my memory is stored there. |
|
|
| Cuff-links? Here? |
[2008-02-14T21:38:00] |
| [ | Current Location |
| | DNA | ] |
| [ | Current Mood |
| |  confused | ] |
| [ | Current Music |
| | whatever the DJs are playing | ] |
So I'm at the DNA, with a surprising amount of goths here for this early in the night, and there's someone here who looks exactly like cuff-links/drunk-matt. Even to the same long hair in a pony-tail and everything.
Except that there's no way he'd be at a futurepop show. So what the hell? |
|
|
| contradictions |
[2008-01-31T04:04:00] |
| [ | Current Mood |
| |  tired | ] |
| [ | Current Music |
| | Mario Galaxy Soundtrack | ] |
Yet again it's after 4AM, and I'm still awake.
This is extra strange as all day I had the normal amphetamine-substitutes that knocked me out, and only a few hours ago I ate the clonazepam and beta-blockers that should be putting me to sleep, yet are keeping me up. This is reversed from the standard sane and rational interpretation of their effects, and I still have yet to come up with a convincing theory as to why.
So, seeing as I finally finished playing through System Shock 2* again, I am yet again typing random strangeness into midi sequencers. I think the patterns produced and my sense of harmony is getting more and more abstract the later it gets. This is probably not a good thing.
Maybe I should do something straight forward like a SMB-theme cover, where the melody/harmony is already a known constant or something...
For now, though, the lack of sleep and therefor lack of sanity is getting to be more and more annoying. Where's my real stimulants... x.x
Maybe I should go try yet again to go to sleep, before I pull out Neverwinter Nights and play D&D for another 6 hours.
I know! I should go yell at people in #insurgency or #xenu, as this sleep-dep should put me in the proper insane frame of mind to deal with 4chan type insanity...
* SS2 is, yet again, an amazing game. If you haven't played it, you should. |
|
|
| Finally... a working MIDI UART |
[2008-01-26T13:29:00] |
| [ | Current Mood |
| | geeky | ] |
| [ | Current Music |
| | Orchestral Manoeuvres in the Dark - ABC Auto-Industry | ] |
After much annoyance with my existing audio hardware (fuck Creative Labs), and some annoying problems finding the proper firmware to load, I finally have a working MIDI IN/OUT for my computer.
Also, after applying an overlay to the Gentoo install that I run that pulled in recent versions of a lot of audio software, I finally have seq24 (loop sequencer) and hydrogen (drum machine) working and synced together through the jackd.
Silly techno music, here I come!
Actually, in all seriousness, this seems to be working great for a few of the more "noise" things I've been trying to do as well. I guess I'll see how things turn out... |
|
|