From William Shakespeare’s Henry VI, part 1 (I: 4):
Enter, on the walls, a Master Gunner and his Boy
Master-Gunner:
Sirrah, thou know’st how Orleans is besieged,
And how the English have the suburbs won.sirrah: a contemptuous term of address to an inferior man or boy; often used in anger
1 Henry VI: sirrah Read More »
From William Shakespeare’s Henry VI, part 1 (I: 3):
Mayor:
Fie, lords! that you, being supreme magistrates,
Thus contumeliously should break the peace!contumeliously : Exhibiting contumely; rudely contemptuous; insolent; disdainful.
1 Henry VI: contumeliously Read More »
From William Shakespeare’s Henry VI, part 1 (I:2):
JOAN LA PUCELLE:
Glory is like a circle in the water,
Which never ceaseth to enlarge itself
Till by broad spreading it disperse to nought.
1 Henry VI: Joan of Arc on glory Read More »
Froschmäusekrieg: Literally, “war between the frogs and the mice”, a poem attributed to Homer (Batrachomyomachia), a satire about the pointlessness of war or feuding.
Word of the day: Froschmäusekrieg Read More »
From Avi Rubin’s “Voting: Low-Tech Is the Answer” (Business Week: 30 October 2006):
Unfortunately, there are three problems with electronic voting that have nothing to do with whether or not the system works as intended. They are transparency, recovery, and audit. …
Electronic voting is not transparent – it is not even translucent. There is no way to observe the counting of the votes publicly, and you can’t even tell if the votes are being recorded correctly. …
Now, what do we do if something goes very wrong during the election? What happens if the equipment fails or there is a power outage?
Let’s compare electronic voting machines to paper ballots. If an e-voting machine crashes, it is possible that the memory cards containing the votes could be corrupted. Something as unexpected as someone spilling coffee on the machine could cause it to fail.
There are dozens of ways one could imagine that an electronic voting machine could be rendered a paperweight. Imagine, for example, a widespread power outage on Election Day. How do you continue the election? What can you do to recover votes already cast? …
I don’t feel very good about the only copies of all of the votes in a precinct existing in electronic form on flash memory cards. … If we have paper ballots and the power goes out, we can get some flashlights and continue voting.
Electronic voting is vulnerable to all sorts of problems, many of which cannot be anticipated. For example, in Maryland’s September primary, voting systems were delivered to the precincts in Montgomery County without the smart cards needed to activate the votes. As a result, the polls opened hours late, and thousands of voters were affected.
There was no quick and easy recovery mechanism. It is true that the problem was due to human error, but that does not change the fact that there was no way to recover. Paper ballot systems are much less fragile and can withstand many of the unexpected problems that might arise on Election Day. …
Finally, and I believe most seriously, there is no way to independently audit a fully electronic voting system. While it is true that many of the machines keep multiple copies of the votes, these copies are not independent. If the machines are rigged, or if they suffer from unknown software bugs …, the election results might not reflect the votes that were cast, despite all of the copies of the votes being identical.
On the other hand, electronic counting of paper ballots can be audited by manually counting the paper and comparing the results to the electronic tally. It is imperative, in fact, that every software-based system be audited in a manner that is independent from the data that are the subject of the audit.
3 problems with electronic voting Read More »
From Stephen Ornes’s “Map: What Does the Internet Look Like?” (Discover: October 2006):
The United States owns 74 percent of the 4 billion available Internet protocol (IP) addresses. China’s stake amounts to little more than that of an American university. Not surprisingly, China is championing the next wave of the Internet, which would accommodate 340 trillion trillion trillion IP addresses.
USA owns 74% of IPv4 addresses Read More »
From Scott M. Fulton, III’s “Allchin Suggests Vista Won’t Need Antivirus” (BetaNews: 9 November 2006):
During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system’s new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.
Microsoft executive sets self up for hubristic fall Read More »
From Northrop Frye’s “The Mythos of Autumn: Tragedy” (128):
The moment of discovery or ‘anagnorisis’, which comes at the end of the tragic plot, is not simply the knowledge by the hero of what has happened to him … but the recognition of the determined shape of the life he has created for himself, with an implicit comparison with the uncreated potential life he has forsaken.
The final moment of tragedy Read More »
I upgraded my Ubuntu Linux desktop today from Dapper to Edgy. It appears that in /etc/fstab, LABEL= no longer works, and you must now use UUID=.
http://ubuntuforums.org/showthread.php?t=278652
So my fstab now looks like this, for instance (these are all external drives):
UUID=a3d8a126-a7fc-4994-9675-748ed62c3109 /media/music xfs rw,user,noauto 0 0 UUID=e6e83a83-7487-4f22-a7ac-42cb100dfe24 /media/music-copy reiserfs rw,user,noauto 0 0 UUID=99198c52-3f9e-4255-9326-7891a90223ac /media/temp reiserfs rw,user,noauto 0 0 UUID=e0e73b81-f432-4b9e-918c-595fbfb1ac93 /media/data ext3 rw,user,noauto 0 0 UUID=2296551a-1d7d-4aff-9aea-873121464c9a /media/data-copy ext3 rw,user,noauto 0 0 UUID=e04e7b7a-b429-4a0f-a458-6af0c120bb9b /media/music-rock xfs rw,user,noauto 0 0 UUID=af39f5e1-1554-4dac-be5c-1f5028ee9503 /media/music-rock-copy xfs rw,user,noauto 0 0
Edgy also converts any old fstab entries for /dev/hda1 and so on to the new UUID method as well.
For more on labels & uuid in fstab, see: http://ubuntuforums.org/showthread.php?t=283131
Ubuntu Edgy changes to fstab Read More »
So a bunch of us are talking at the Central West End Linux User Group meeting. Somehow the topic of surgery during World War I comes up.
Robert: What was really bad was that those guys were operated on without any anaesthetic.
Me: Huh? Doctors had anaesthetic then.
Robert: They did? What?
Me: Ether.
Robert: Huh. How’d they deliver it?
Me: Ether bunnies!
Conversation with Robert Read More »
From Bruce Schneier’s “Hacking Computers Over USB” (Crypto-Gram: 15 June 2005):
From CSO Magazine:
“Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB’s internal storage, and hide them as “deleted” files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that’s likely to be with us for many years to come.” …
Recently I’ve been seeing more and more written about this attack. The Spring 2006 issue of 2600 Magazine, for example, contains a short article called “iPod Sneakiness” (unfortunately, not online). The author suggests that you can innocently ask someone at an Internet cafe if you can plug your iPod into his computer to power it up — and then steal his passwords and critical files.
And about someone used this trick in a penetration test:
“We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.
“The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.
“Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.
“I immediately called my guy that wrote the Trojan and asked if anything was received at his end. Slowly but surely info was being mailed back to him. I would have loved to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, then unknowingly running our piece of software.”
Take over a computer network with an iPod or USB stick Read More »
From Bruce Sterling’s “Viridian Note 00459: Emerging Technology 2006” (The Viridian Design Movement: March 2006):
When it comes to remote technical eventualities, you don’t want to freeze the language too early. Instead, you need some empirical evidence on the ground, some working prototypes, something commercial, governmental, academic or military…. Otherwise you are trying to freeze an emergent technology into the shape of today’s verbal descriptions. This prejudices people. It is bad attention economics. It limits their ability to find and understand the intrinsic advantages of the technology. …
If you look at today’s potent, influential computer technologies, say, Google, you’ve got something that looks Artificially Intelligent by the visionary standards of the 1960s. Google seems to “know” most everything about you and me, big brother: Google is like Colossus the Forbin Project. But Google is not designed or presented as a thinking machine. Google is not like Ask Jeeves or Microsoft Bob, which horribly pretend to think, and wouldn’t fool a five-year-old child. Google is a search engine. It’s a linking, ranking and sorting machine. …
Even if there’s like, Boolean logic going on here, this machine has got nothing to do with any actual thinking. This machine is clearly a big card shuffler. It’s a linker, a stacker and a sorter. …
In the past, they just didn’t get certain things. For instance:
1. the digital devices people carry around with them, such as laptops, media players, camera phones, PDAs.
2. wireless and wired local and global networks that serve people in various locations as they and their objects and possessions move about the world.
3. the global Internet and its socially-generated knowledge and Web-based, on-demand social applications.This is a new technosocial substrate. It’s not about intelligence, yet it can change our relationship with physical objects in the three-dimensional physical world. Not because it’s inside some box trying to be smart, but because it’s right out in the world with us, in our hands and pockets and laps, linking and tracking and ranking and sorting.
Doing this work, in, I think, six important ways:
1. with interactive chips, objects can be labelled with unique identity – electronic barcoding or arphids, a tag that you can mark, sort, rank and shuffle.
2. with local and precise positioning systems – geolocative systems, sorting out where you are and where things are.
3. with powerful search engines – auto-googling objects, more sorting and shuffling.
4. with cradle to cradle recycling – sustainability, transparent production, sorting and shuffling the garbage.Then there are two other new factors in the mix.
5. 3d virtual models of objects – virtual design – cad-cam, having things present as virtual objects in the network before they become physical objects.
6. rapid prototyping of objects – fabjects, blobjects, the ability to digitally manufacture real-world objects directly or almost directly from the digital plans.If objects had these six qualities, then people would interact with objects in an unprecedented way, a way so strange and different that we’d think about it better if this class of object had its own name. I call an object like this a “spime,” because an object like this is trackable in space and time. …
“Spimes are manufactured objects whose informational support is so overwhelmingly extensive and rich that they are regarded as material instantiations of an immaterial system. Spimes begin and end as data. They’re virtual objects first and actual objects second.” …
“The primary advantage of an Internet of Things is that I no longer inventory my possessions inside my own head. They’re inventoried through an automagical inventory voodoo, work done far beneath my notice by a host of machines. So I no longer to bother to remember where I put things. Or where I found them. Or how much they cost. And so forth. I just ask. Then I am told with instant real-time accuracy. …
It’s [spimes] turning into what Julian Bleecker calls a “Theory Object,” which is an idea which is not just a mental idea or a word, but a cloud of associated commentary and data, that can be passed around from mouse to mouse, and linked-to. Every time I go to an event like this, the word “spime” grows as a Theory Object. A Theory Object is a concept that’s accreting attention, and generating visible, searchable, rankable, trackable trails of attention. …
Spimes, objects trackable in space and time Read More »
From Ryan Naraine’s “‘Pump-and-Dump’ Spam Surge Linked to Russian Bot Herders” (eWeek: 16 November 2006):
The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.
Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan. …
For starters, the Trojan comes with its own anti-virus scanner – a pirated copy of Kaspersky’s security software – that removes competing malware files from the hijacked machine. Once a Windows machine is infected, it becomes a peer in a peer-to-peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server.
The bots are segmented into different server ports, determined by the variant of the Trojan installed, and further segmented into peer groups of no more than 512 bots. This allows the hackers to keep the overhead involved in exchanging information about other peers to a minimum, Stewart explained.
… the attackers are meticulous about keeping statistics on bot infections around the world.
For example, the SpamThru controller keeps statistics on the country of origin of all bots in the botnet. In all, computers in 166 countries are part of the botnet, with the United States accounting for more than half of the infections.
The botnet stats tracker even logs the version of Windows the infected client is running, down to the service pack level. One chart commandeered by Stewart showed that Windows XP SP2 … machines dominate the makeup of the botnet, a clear sign that the latest version of Microsoft’s operating system is falling prey to attacks.
Another sign of the complexity of the operation, Stewart found, was a database hacking component that signaled the ability of the spammers to target its pump-and-dump scams to victims most likely to be associated with stock trading.
Stewart said about 20 small investment and financial news sites have been breached for the express purpose of downloading user databases with e-mail addresses matched to names and other site registration data. On the bot herder’s control server, Stewart found a MySQL database dump of e-mail addresses associated with an online shop. …
The SpamThru spammer also controls lists of millions of e-mail addresses harvested from the hard drives of computers already in the botnet. …
“It’s a very enterprising operation and it’s interesting that they’re only doing pump-and-dump and penis enlargement spam. That’s probably because those are the most lucrative,” he added.
Even the spam messages come with a unique component. The messages are both text- and image-based and a lot of effort has been put into evading spam filters. For example, each SpamThru client works as its own spam engine, downloading a template containing the spam and random phrases to use as hash-busters, random “from” names, and a list of several hundred e-mail addresses to send to.
Stewart discovered that the image files in the templates are modified with every e-mail message sent, allowing the spammer to change the width and height. The image-based spam also includes random pixels at the bottom, specifically to defeat anti-spam technologies that reject mail based on a static image.
All SpamThru bots – the botnet controls about 73,000 infected clients – are also capable of using a list of proxy servers maintained by the controller to evade blacklisting of the bot IP addresses by anti-spam services. Stewart said this allows the Trojan to act as a “massive distributed engine for sending spam,” without the cost of maintaining static servers.
With a botnet of this size, the group is theoretically capable of sending a billion spam e-mails in a single day.
Russian bot herders behind massive increase in spam Read More »
From Timothy Noah’s “Bush’s Fart-Joke Legacy” (Slate: 2 October 2006):
Legend has it that Edward de Vere, the 17th Earl of Oxford, once farted in the presence of Queen Elizabeth I, whereupon he went into exile for seven years. On his return, the queen reputedly greeted, “My lord, we had quite forgot the fart.”
Somehow I don’t think she had Read More »
From Christian Seifert’s “Analyzing malicious SSH login attempts” (SecurityFocus: 11 September 2006):
First, we analyzed the login names that were used on the login attempts. During the sample period, there were 2741 unique account names ranging from common first names, system account names, and common accounts to short alphabetical strings captured by the system logger. Of those, the 15 account names used most often are shown in Table 1. This table shows accounts that usually exist on a system (root, mysql), accounts that are likely to exist on a system (guest, test), as well as common first names (paul). Then Figure 1 shows the distribution of valid and invalid account names that were used.
Account Name Number of login attempts root 1049 admin 97 test 87 guest 40 mysql 31 info 30 oracle 27 postgres 27 testing 27 webmaster 27 paul 25 web 24 user 23 tester 22 pgsql 21 Table 1. Top 15 account names among 2741 attempts.
Next, we looked at the passwords used in the login attempts. The attackers tried a range of passwords with most of the account names. In total during our analysis, they attempted to access 2741 different accounts and used 3649 different passwords. Not all passwords were used with all accounts. The passwords ranged from account names, account names with number sequences, number sequences, and keyboard sequences (like ‘qwerty’). There were a few more complex passwords used with seemingly random letter and number sequences or common substitution passwords (like r00t or c@t@lin).
Table 2 shows the top 15 passwords used in malicious login attempts.
Password Number of login attempts 123456 331 Password 106 Admin 47 Test 46 111111 36 12345 34 administrator 28 Linux 23 Root 22 test123 22 1234 21 123 20 Mysql 19 Apache 18 Master 18 Table 2. Top 15 passwords attempted.
Bad passwords for SSH Read More »
From D. Ghirlandaio’s “Comment to Stephen Griffin’s ‘Torture and the Ticking Time Bomb'” (10 October 2006):
The Syrians had a technique for the ticking bomb scenario. Give the man who knows where the bomb is a cell phone. “Call your mother.” At the mother’s house, a man picks up the phone.
Syrian-style torture via family connections Read More »
From Mary A. Dempsey’s “Fordlandia” (Michigan History: July/August 1994):
Screens were just one of the Yankee customs transported to Fordlandia and Belterra. Detroit physician L. S. Fallis, Sr., the first doctor sent from Henry Ford Hospital to run the Fordlandia medical center, attempted to eradicate malaria and hookworm among Brazilian seringueiros (rubber gatherers) by distributing quinine and shoes. The quinine was accepted but shoes were an unwelcome novelty. It is an exceptional photo that shows the shirtless seringueiros, machetes in hand, shod only with floppy rubber-soled sandals; their children went shoeless. The jungle dwellers also found Fordlandia’s two-family homes hopelessly hot and ugly and the idea of bathrooms repulsive. Even today, plumbing is a rarity in the jungle.
At the same time, Ford’s 6:00 A.M. to 3:00 P.M. work schedule was unpopular with plantation employees accustomed to slashing trees several hours before dawn, then resuming the work at sunset for piecemeal pay. But the promise of free housing and food, top-notch health care for the workers and their families, and a salary of thirty-seven cents a dayâ€â€double the regular wageâ€â€kept the seringueiros on the job. …
Generally, the company-imposed routine met hit-and-miss compliance. Children wore uniforms to school and workers responded favorably to suggestions they grow their own vegetables. But most ignored Ford’s no liquor rule and, on paydays, boats filled with potent cachacaâ€â€the local sugar-can brewâ€â€pulled up at the dock. Poetry readings, weekend dances and English sing-alongs were among the disputed cultural activities. …
Former Kalamazoo sheriff Curtis Pringle, a manager at Belterra, boosted labor relations when he eased off the Dearborn-style routine and deferred to local customs, especially when it came to meals and entertainment. Under Pringle, Belterra buildings did not contain the glass that made the powerhouse at Fordlandia unbearably hot, and weekend square dancing was optional. Alexander said Henry Ford balked at building a Catholic church at Fordlandiaâ€â€even though Catholicism was the predominant Christian religion in Brazil. The Catholic chapel was erected right away at Belterra. …
Alexander said of the long-closed but impeccably maintained facility that once boasted separate wards for men and women, thirty nurses, a dentist, three physicians and a pharmacist, who also administered anesthesia during surgery.
More on Fordlandia Read More »
From Alan Bellows’s “The Ruins of Fordlândia” (Damn Interesting: 3 August 2006):
On Villares’ advice, [Henry] Ford purchased a 25,000 square kilometer tract of land along the Amazon river, and immediately began to develop the area. …
Scores of Ford employees were relocated to the site, and over the first few months an American-as-apple-pie community sprung up from what was once a jungle wilderness. It included a power plant, a modern hospital, a library, a golf course, a hotel, and rows of white clapboard houses with wicker patio furniture. As the town’s population grew, all manner of businesses followed, including tailors, shops, bakeries, butcher shops, restaurants, and shoemakers. It grew into a thriving community with Model T Fords frequenting the neatly paved streets. …
But Ford’s effort to transplant America– what he called “the healthy lifestyle”– was not limited to American buildings, but also included mandatory “American” lifestyle and values. The plantation’s cafeterias were self-serve, which was not the local custom, and they provided only American fare such as hamburgers. Workers had to live in American-style houses, and they were each assigned a number which they had to wear on a badge– the cost of which was deducted from their first paycheck. Brazilian laborers were also required to attend squeaky-clean American festivities on weekends, such as poetry readings, square-dancing, and English-language sing-alongs.
One of the more jarring cultural differences was Henry Ford’s mini-prohibition. Alcohol was strictly forbidden inside Fordlândia, even within the workers’ homes, on pain of immediate termination. This led some industrious locals to establish businesses-of-ill-repute beyond the outskirts of town, allowing workers to exchange their generous pay for the comforts of rum and women. …
Workers’ discontent grew as the unproductive months passed. Brazilian workers – accustomed to working before sunrise and after sunset to avoid the heat of the day – were forced to work proper “American” nine-to-five shifts under the hot Amazon sun, using Ford’s assembly-line philosophies. And malaria became a serious problem due to the hilly terrain’s tendency to pool water, providing the perfect breeding ground for mosquitoes.
In December of 1930, after about a year of working in a harsh environment with a strict and disagreeable “healthy lifestyle”, the laborers’ agitation reached a critical mass in the workers’ cafeteria. Having suffered one too many episodes of indigestion and degradation, a Brazilian man stood and shouted that he would no longer tolerate the conditions. A chorus of voices joined his, and the cacophony was soon joined by an orchestra of banging cups and shattering dishes. Members of Fordlândia’s American management fled swiftly to their homes or into the woods, some of them chased by machete-wielding workers. A group of managers scrambled to the docks and boarded the boats there, which they moved to the center of the river and out of reach of the escalating riots.
By the time the Brazilian military arrived three days later, the rioters had spent most of their anger. Windows were broken and trucks were overturned, but Fordlândia survived. …
In 1933, after three years with no appreciable quantity of rubber to show for the investment, Henry Ford finally hired a botanist to assess the situation. The botanist tried to coax some fertile rubber trees from the pitiful soil, but he was ultimately forced to conclude that the land was simply unequal to the task. The damp, hilly terrain was terrible for the trees, but excellent for the blight. Unfortunately no one had paid attention to the fact that the land’s previous owner was a man named Villares– the same man Henry Ford had hired to choose the plantation’s site. Henry Ford had been sold a lame portion of land, and Fordlândia was an unadulterated failure. …
Be that as it may, Ford’s perseverance might have eventually paid off if it were not for the fact that scientists developed economical synthetic rubber just as Belterra was establishing itself. In 1945, Ford retired from the rubbering trade, having lost over $20 million in Brazil without ever having set foot there.
Henry Ford’s debacle in the jungle Read More »
From Wikipedia’s “Clarke’s three laws” (2 November 2006):
Arthur C. Clarke formulated the following three “laws” of prediction:
1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
2. The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
3. Any sufficiently advanced technology is indistinguishable from magic.
Clarke’s three laws of prediction Read More »
On Saturday 17 April 2004, I received the following email from someone I didn’t know:
> Hello,
>
> I am not sure who you are but our security detected a Netsky virus in an
> email that you sent. Whether a personal message or a spam, please make
> attention to the fact that you are spreading viruses and have your systems
> checked. Also, when a virus is detected the message does not get through so
> we have no idea who you are or the nature of your message.
My reply
I really wouldn’t bother sending these messages out, or you will find yourself with a full-time job.
Virtually every modern virus spoofs the sender of the email address of the sender. In other words, the virus scans the infected computer for email addresses, and then picks one for the TO field and one for the FROM field. Someone that has both of our email addresses on their computer is infected, and the virus chose your email address for TO and my email address for FROM. That is the extent of it. Unfortunately, we have no way to knowing who really is infected, so emailing the person who appears to have sent the email is a complete waste of your time.
Finally, I could not be infected, as I do not use Windows. I use Linux, which is impervious to the glut of viruses and worms that infect Microsoft’s poorly-coded operating system.
My reply to those “You sent a virus to me!” emails Read More »