Saturday, January 31, 2009

Myron's Terrible Towel Lives On

Growing up a Steelers fan in the 1970s, in the mountains of central Pennsylvania, I witnessed the genesis of Myron Cope's brilliant marketing prop, the Terrible Towel.

The New York Times clues in the rest of the planet about the towel and the legacy Myron left behind in an article appropriately titled For Terrible Towel's, a Wonderful Legacy.

Born in 1975 from the recesses of Cope's brain (um-HA!) as a marketing ploy to generate excitement for the playoffs, the towel had a humble, Steel-town beginning - Myron beseeched fans to bring towels of either black or gold to the Colts playoff game. A simple towel might pass blue-collar muster in Pittsburgh, as they were functional and utilitarian in a manner that pom-poms or pennants could never be. Can you imagine a season ticket holder with a pom-pom in one hand and a cup of Ahrn Shitty in the other? I didn't think so.

Yoy! The concept caught on, the Steelers won their second straight Super Bowl, and soon the towel was both trademarked and mass produced. Yea, verily.

It was an interesting story for a teenager of the 70s, but it wasn't until I lived as an adult in Pittsburgh from 1985-1993 that I learned the other part of the story.

Myron held the trademark for the Terrible Towel, okel dokel, but also had a son who was diagnosed with severe mental retardation at age 2. Danny Cope would require 24 hour supervision, so loving father Myron worked with the Allegheny Valley School to provide the care and attention Danny needed.

In 1996, after four Steelers Super Bowl victories and the sale of hundreds of thousands of Terrible Towels, Cope handed off the Towel trademark to the school in an act of love and kindness that speaks volumes about Myron as a man. The school has received more than $2.5 million in funds from the trademark since 1996.

Nearly 1 million of those dollars came from sales around the Steelers 2005 Super Bowl win over dem Sea-hawks, and it's conceivable that similar sales will be posted should the Black & Gold come out of the Arizona Cardinal game with their sixth trophy.

Help Myron's legacy live on through providing Danny and others with the care and services they need. Pick up a Terrible Towel or three this weekend, and display them proudly. It will be good for America.

Thursday, January 29, 2009

Republican Success Depends on America's Failure

Republicans sure have been saying "No" a lot in the first few days of the Obama administration. "Nay" to the fiscal stimulus package. "Nein" to an extension of the analog television signal. "Ummm, no" to various and select Cabinet positions, either via vote or through intentional delaying tactics.

President "Consensus" H. Obama even rankled some Democrats by meeting with key GOP leaders to discuss his fiscal stimulus package, and aggravated others by including additional tax cuts, a Republican stalwart idea, at the expense of infrastructure spending, in an attempt to gain minority support for his initiative. In the end, not one Republican House member voted for the fiscal stimulus. Zero. Nada.

Some Dems are squawking that since they are the party in power, controlling the Congress and White House, Obama should not have given away key Democratic stimulus items while including GOP tax giveaways that would have a marginal effect (at best) at stimulating the economy. Instead, the Dems parrot, they should push through their agenda and the heck with the Republicans. They lost.

That approach is wrongheaded in several ways, and serves to point out some key differences between the Democrat's governing model of the past, and the Obama model of the present.

While unsuccessful on the stimulus package, Obama's effort to reach out to the GOP accomplished several important items. First, it demonstrated that he was serious about bipartisanship and listening to all sides, exactly as he said during his campaign that he would govern. This builds credibility that's two-fold; the American public is witness to a politician doing what he said he would do, even if it means angering some in his own party, and for those Republicans who might be considering bipartisanship (if there are any left - I'll cover that in a minute), it demonstrates a willingness to listen and incorporate ideas from across the political spectrum.

Secondly, Obama's approach seems honest and reasoned. He put together a plan, shopped it to both sides, took (and included) feedback, then let the final vote tell the story. Obama doesn't need to hold a presser to point his finger and accuse the House GOP members of not working and playing well with others - the big fat zero in their vote column speaks volumes. Republicans seldom agree on anything, even if raised by their side, so having absolutely no "yea" votes shows there's more at work here than Republicans representing the views of their constituents. Americans are already seeing the GOP vote as unreasonable, more like how things were done in the past than a vision for the future.

Certainly, having Malkin, Hannity, and Limbaugh frothing at the mouth while using the distasteful metaphor "bending over and grabbing your ankles" only serves to remind us that the party voting "no" is the one that spent the last eight years rogering us royally, and when we kicked them out of bed, they've decided to pay us back by throwing down obstacles to hinder our ability to get back on our feet.
It reminds me a little of Jason Alexander's attorney character in Pretty Woman, Phillip Stuckey, who, upon discovering that Vivian is a street walker, tries to make her feel cheap while pointing out that she doesn't really belong, all the while suggesting that perhaps they could also get together for some tawdry extracurricular activity, because while she may be a whore, Edward seems to like her, wink wink.

I'm beginning to think those kind of Republicans are all that's left. Some of the more moderate GOP members of the House and Senate have retired or been tossed out, leaving behind this core group of conservative idealogical kamikaze pilots who would rather crash their planes on the deck rather than compromising. They are digging in for a protracted battle, the resultant voting metrics to be used in campaign strategy and attack ads to demonstrate their conservative chops. 

Problem is, that doesn't solve our current problems, but I don't think the GOP has really ever been concerned with fixing what ails everyday America. And this is where Obama's approach is a classic boxing strategy. Make the effort, reach across party lines, and be inclusive, while pushing through the agenda as promised, letting the chips fall where they may. If Obama's plan works, people will know who was responsible, and who wasn't. 

That means the only hope Republicans have is if the economy stays sour and they can point to their "nay" votes. GOP success is predicated on America failing, and I'm kicking myself for underestimating the depths of evil to which these twits will delve in order to advance their narrow views.

I hope President Obama continues to push and prod everyone to work together, because this country could do some amazing things if everyone was working toward a common goal. Don't let the naysayers dictate direction, but don't shut them out, either. In the end, the political career they save may be their own.

Sex in the Dark

My lovely wife and I just got back from our three-night getaway in a luxury cabin nestled in the picturesque Hocking Hills region of southern Ohio. We try to do this every year, in the dark ages of January, as part of our ongoing commitment to revisit what we like about each other as a couple, so when we're empty-nesters in a few years, we won't have to waste valuable time rediscovering what it was that made this improbable pairing work in the first place.

That didn't sound nearly as romantic typed out as it did in my head.

Anyway, our excellent adventure in a secluded, snow-covered lodge consisted of long, wine-accompanied talks by the fireplace, cooking fine dinners like pasta with pancetta and peppers, and devouring bowls of my famously-delicious popcorn while cuddled together on the big leather sofa, working our way through our newly-acquired Netflix queue. There was plenty of quality canoodling.

We also spent hours reading, together but separate, on adjoining couches, warmed by the fireplace, the room lit mainly by sunlight reflected off of the newly fallen snow. On occasion, when bravery allowed, we'd dart out to the deck in the 20 degree chill, drag the cover off of the hot tub, and slide in up to our necks in the toasty water, semi-weightless as we observed deer stroll past down below and watched squirrels maneuver in a nut frenzy.

It snowed the Sunday we drove down, making the journey along the twisting, angled country roads all the more harrowing, but the trusty Jeep delivered us safely to our temporary paradise. After our first night there, the weather gods were no longer our friends - we were hit with a mixture of snow, freezing rain, and sleet that coated everything in an inch of glistening ice. Simple acts like walking became either medical threats or fodder for America's Funniest Home Videos, depending on your level of health insurance.

Wednesday, our last morning before heading back to the city, started ingloriously, as the power went out. Not surprising, since it's a very rural area with an awful lot of very tall, ice-coated trees, and we were grateful that we made it almost to the end of our stay before the lights went out. The propane fireplace still worked, but none of the electric appliances, obviously, and as we soon learned, the well water was transported via electrical pump, so showers were out and toilet flushing soon became a warm, comforting memory. I think it was nature's way of telling us to go home.

Our main concern was the twisty, turning gravel path that led from the top of the hill where our cabin sat down to the main house and out through the property to the blacktop road. The property owner had plowed the snow on Monday, but the ice mixture had turned our exit route into a backwoods bobsled track, completely smooth and slippery. If we were lucky, we'd smash into one of the tree lines on either side as we gained momentum on our downward slide before plunging into the frozen lake waiting with open arms at the bottom.

We decided to trudge down to the main house and ask for a little extra time before vacating, since it was snowing again, and we thought a couple of inches of the white stuff on top of our slalom course would give us a little traction. We managed to ice-walk down the hill, with me looking curiously like I did the first (and second) time I attempted to rollerblade. Good times.
Granted a temporary stay of eviction, we read using the light from outside, ate salad comprised of our remaining provisions, and watched the snow quietly fall, interrupted by crackling explosions as trees succumbed to the weight of the ice and the forces of gravity, splintering and falling in the calmness with the staccato boom of cannon fire.

Around 2 PM we decided it was time to load up and head out, so I piloted the Liberty (trail rated!) down the hill in four-wheel lo, two wheels in the snow piled on the side and two on the slippery path, creeping around fallen trees, under crystallized, sagging branches, pulling my Army field driving experiences from the dark recesses of my memory until we made it to the bottom, unscathed but a little cotton-mouthed. Whew.

The asphalt roads weren't much better, and we needed to take several detours due to large tree trunks laying across both powerlines and the road, with helpful locals directing us this way and that, past semi-trucks resting in ditches and cars that went straight when the road turned right. Eventually, we made it out to US 33 and headed west to Columbus, and made it home in three hours versus the customary 1 1/2.

Another hillbilly honeymoon accomplished, each treasured for different reasons. Sex in the dark, even when mandated by Mother Nature, is over-rated. I prefer to witness the woman who makes me look forward to this trip every year.

Wednesday, January 28, 2009

Kitchen Roomba

Being a well-known foodie, I've eaten in some pretty swank restaurants. I'm not trying to be elitist in saying that - it simply sets the stage for one of my post-entrée gripes, the crumb-sweeper.

It's not that I necessarily disdain the removal of food particles from the white linen tablecloth. On the contrary - the flotsam and jetsam of dinner on the table is my fault. If I was a little better at hitting my pie hole, there wouldn't be anything there in need of sweeping.

No, my complaint is the little show that accompanies using the implement - wrist snaps, zooming motions, masterful sweeping gestures reminiscent of a worldly flamenco dancer- just to collect my crumbs. C'mon, man.

I'd much prefer this kitchen roomba. Looking a bit like an updated version of the robot from Lost in Space, the Mini Robot Vacuum could zip here and there, sucking up the small morsels that falls from our trembling forks in mid-foodgasm.

Do you need it? Probably not. Do you WANT it? Yes, you do!

I Am Here

This is a little...shall we say...creepy.

To test whether I was being paranoid, I ran a little experiment. On a sunny Saturday, I spotted a woman in Golden Gate Park taking a photo with a 3G iPhone. Because iPhones embed geodata into photos that users upload to Flickr or Picasa, iPhone shots can be automatically placed on a map. At home I searched the Flickr map, and score—a shot from today. I clicked through to the user's photostream and determined it was the woman I had seen earlier. After adjusting the settings so that only her shots appeared on the map, I saw a cluster of images in one location. Clicking on them revealed photos of an apartment interior—a bedroom, a kitchen, a filthy living room. Now I know where she lives.

You can read the full Wired column at I Am Here: One Man's Experiment With the Location Aware Lifestyle.

Flying Spaghetti Monster Sighted

Road Kill Carpet

You don't need to hail from Appalachia (like me) to appreciate both the realism and the art of the Road Kill Carpet.

This would be perfect for an entry way, even better in a kids playroom. See fox. See fox squashed. Life is like that, so play while you can.

Available this spring from OOOMS.

Saturday, January 24, 2009

Putting Republicans in Their Place

Jon Stewart once said that the views of extremists on the left and the right tend to dominate the airwaves because "moderates have shit to do!" Are we seeing President Obama take on the fringes with a drive up the middle?

During a Friday morning meeting with House and Senate leadership, Obama listened to GOP gripes and complaints about his proposals for the economic stimulus package, as Republicans trotted out their time-worn (and completely discredited) views on tax cuts as the holy grail. When asked to justify his proposal, Obama replied, matter-of-factly, "I won."

Coming from another politician at a different time (I earned political capital, and I intend to spend it), such a blunt response might elicit a sharp rebuke, especially coming from a President not even a week into his new gig. But these are not ordinary times, and Obama has a clear mandate from the people - lead.

Obama has been clear about the need for bipartisanship since he was Democrat candidate Obama, tromping through the corn fields of Iowa and crunching along icy sidewalks in New Hampshire, providing a different viewpoint than H. Clinton on what sort of leadership would be required to pull the nation from the dark abyss created by GOP rule.

His quick jab on Friday was a wake-up call, not only for those assembled for the meeting, but also as part of a broader discussion that officially began with his inauguration speech: the best ideas are welcome, regardless of party origination, and I'll reject your weak-ass efforts the same way I stuff a lame jump shot from the top of the key on the basketball court. This is a serious time, with critical consequence. Bring your "A" game.

In case Obama's poke didn't get the attention of those on the right, there were other observations to further emphasize his solution-based view of governing. "You can't just listen to Rush Limbaugh and get things done," Obama intoned, clearly drawing a line in the sand with Republicans. Ditch the anger, fear, and calculated outrage coming from the EIB, FOX News, Sean Hannity, Glenn Beck, and other mouthpieces who have permanently stained conservatism by co-opting the label of conservative in an attempt to paint their wackadoodle views with the brush of legitimacy.

Wasting valuable time and resources on manufactured issues while the US is in crisis mode is over. Hear that, punditry? Don't attempt to react and justify Obama's decisions by getting manipulated into these exchanges. The last thing Limbaugh, Hannity, Beck, and crew want is to find a fix for the problems. There's no drama in that. They live for conflict and outrage, real or imagined. Raise the level of discourse and have strong debates on ideas. Avoid slugging it out over beliefs. You can change ideas - you can't change beliefs. No one who watches Hannity or listens to Limbaugh is going to be swayed by intellectual thrust and parry, so don't bother.

Ideas are in. Conflict is out. What part of "change" do you not understand?

It's vs. Its

From GraphJam

Friday, January 23, 2009

Fox News: Fear Imbalance

Make a Left at Titty Ho?

Understanding that the weather and the food tend to be bland and banal, the British need some manner in which to express their dry, apologetic brand of humor.

Did they really need to slap sophomoric monikers on towns to accomplish their goal? Penistone? Titty Ho? Wetwang?

That is a bit of a sticky wicket. The full story can be found here.

Thursday, January 22, 2009

We're Back

Obama's Cyber Security Plan

The website has President Obama's cyber security strategy outlined as part of a broader homeland security policy approach. It's refreshing to see attention paid to this matter in the early days of his administration. What's under the hood?

For one thing, it appears that his administration has taken some of the key recommendations from a bipartisan commission of computer security experts set up last year, charged with putting their heads together in hopes of envisioning some cyber-wonkery to help get us from where we are (in a sorry state) to where we need to be (let's call it "

Some of the main objectives noted are ones you typically see in any sort of initiative - like strong leadership. Have you ever seen a mission launched with weak leadership? Of course you have - we all have. It's not pretty. Whether the cyber security leadership starts strong and stays strong remains to be seen, but it's nice of them to articulate this point up front.
The two areas that I find most promising, if executed correctly, are these:
  • Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches
Let's start with hardening our cyber infrastructure. As anyone who has worked on a computer network understands, infrastructure security begins with identifying all of your doors and windows, making sure they are closed and locked, and shoring up the most likely avenues of ingress and egress.

From a cyber infrastructure perspective, this means products and services hardened out of the box instead of having this continued need to layer security on top of the hardware and software components that come gift-wrapped insecurely with a nice ribbon on top.

Investing in the R&D needed to build secure computing and networking components is a great start, and having a sensible plan for implementing these hardened modules, beginning with our critical cyber infrastructure, is a great way to demonstrate that "strong leadership" that I snarked about earlier.

Securing personal data is the second objective that gives me a warm, fuzzy feeling. I'm especially fond of establishing a common standard across industries for securing personal data, which should level the playing field and help those of us who live this stuff day to day work with a known set of boundaries, instead of the mish-mash of federal and state mandates coupled with the rulesets thrown in by various regulators, associations, and other assorted groups.

This will also help in guiding organizations in areas like breach and incident response, for many of the same reasons. Rather than having assorted notification timelines, thresholds, and requirements from state to state, a single framework that is applicable nationally will allow for better resource allocation, process development and improvement, and incident metrics that can be applied across the board, since everyone is operating under the same framework. It will be much easier to demonstrate which organizations are compliant, and which are not.

There are other sections dedicated to cyber crime, cyber espionage (isn't espionage still a crime?), and understanding the economic value of protecting our computing infrastructure. I'm hoping that includes revisiting SCADA and similar control systems, since huge segments of our utility and telecommunication networks are sitting ducks due to how brittle SCADA tends to be.

Given the enormous financial pressures that currently exist, it will be interesting to witness how these efforts will be funded and what the timelines will be for implementation. In any event, I'm impressed that the approach was ready on Day 1.

Air Guitar Strings

Ok, I know that quite a few of we Americans are gullible and have a habit of wasting our money on questionable products, from Enzyte to weight-loss remedies. This, however, sets a new standard for dumb.

You heard me correctly. Air. Guitar. Strings.

For those of not quite content to rock out with your invisible Stratocaster while sporting the white man overbite (you know you do it), you can become a charter member of the Tool Hall of Fame by purchasing your very own supply of air guitar strings.

In case you were curious, the package is completely empty. Nothing. Nada. Sin cuerdas. Pas de cordes de guitare. Keine Gitarre Saiten.
Worth $3 plus shipping? If you have that kind of money to waste, I'd like to talk to you about this little TARP fund that needs some help.

Wednesday, January 21, 2009

Apple Security Updates

Hey, all you QuickTime users. Apple has a little present for you. For QuickTime 7.6, Apple brings you APPLE-SA-2009-01-21 QuickTime 7.6 that closes many, many vulnerabilities that reference "arbitrary code execution". Yikes.

Make sure you upgrade to the latest version of QT, because patching the older versions just doesn't seem to buy you much benefit anymore.

Don't waste much time rolling out this new update. Since users typically have feet of clay when upgrading or patching some software peripherals like QuickTime, Flash, Adobe Reader, and so on, evildoers have taken to using them as fertile attack vectors. Just viewing a specially-crafted streaming video or movie file. And we all know how tempted you are to see that free video of Paris Hilton or Megan Fox that gets delivered to your inbox.

If I haven't convinced you yet, let me try again: Secunia PSI is a good, free offering that keeps track of all your software that needs updating or is end of life, meaning no support is available. If you're running a Windows laptop or desktop, PSI is a good investment, if for no other reason than it streamlines notification of problems you need to fix.

Tuesday, January 20, 2009

Heartland Data Breach

In what may eventually become a staggering data breach that surpasses TJX in the volume of customers and accounts impacted, payment processor Heartland has announced that its systems were infected by malware sometime last year and that the firm has been leaking customer data ever since.

Heartland reported that, while determining that the infection occurred sometime last year, they only found evidence of the intrusion last week, and they immediately notified law enforcement and credit card companies. Thanks for that.

How can a payment processing firm that counts more the 250,000 businesses as clients, a company that handles more than 100 million transactions a month, go for any significant time with compromised systems and not know? 

When (and if) they performed internal security assessments to determine their high risk data and the controls that were in place to mitigate or eliminate the risks associated with it, did the audit and control teams simply fail to identify malicious code as a threat? Or did they appropriately call out malware and chart their detective and preventative controls, at which point they were either hugely mistaken about the effectiveness of those controls, or there were gaps identified that were never remediated?

One of the recent trends noted in the malware front is targeted exploit code that's tailored to attack certain systems types, or designed to detect, collect, and transport high-value data types, such as Social Security numbers, EINs, credit card and account numbers, and so on.

Unlike the good old days, when hackers and crackers, script kiddies mostly, would break into a system, it was only a matter of time before that fact became public, generally because the attackers wanted the notoriety. There was a lot of noise when something like this happened.

The modern day data thieves have a much different approach - think cat burglar as opposed to someone who throws a trash can through a window to gain entry. 
The glass smasher might get inside, but the crashing glass itself sounds an alarm and leaves evidence of the break-in, effectively limiting the amount of time for the valuables to be collected.

A cat burgler, by definition, sneaks in quietly, prowls the premises until discovering the items of worth that were the targets of the crime, and removes them, leaving everything else undisturbed - often times leaving few tracks and little evidence behind.
The longer an attacker can keep a compromised system hidden from discovery, the more data he (or she - equal opportunity crooks welcome) can acquire for nefarious purposes. Similarly, more information squired offsite means a much richer payoff when the data is sold to third parties or used by fraudsters to perform transactions using unsuspecting customer accounts.

One question that so far remains unanswered is how the malware was introduced into Heartland's systems. Was there a propogating worm introduced via email or through a compromised website? Did someone plug an infected USB drive into a machine? Was it an inside job?

I'd be interested in the code analysis to determine whether it's something that the existing antivirus software should have alerted on - and I understand I'm assuming here that AV protection was both active and updated. Along the same lines, were the infected systems completely patched for known security vulnerabilities and was their baseline security configuration hardened, with state monitoring enabled? What about vulnerability assessment and management?

Did Heartland employ network anomoly detection - how did this captured data leave the firm? If it was going out over the network, how did the HIDS and NIDS not fire, if deployed?

Much has been written over the past several years about security being a "defense in depth" approach, where your security and control environment is multi-tiered to hopefully prevent and certainly detect malicious events. It would appear that there were multiple failures in the Heartland case, and judging by the penalties assessed in the wake of the TJX breach (45.7 million credit & debit card numbers exposed), coupled with the cost of notifiying what could be several hundred million customers, and providing them credit monitoring services, this will prove to be a very expensive lesson for Heartland.

As written in my posting SANS 2009 Security Predictions, and my security crystal ball article excerpted at, data breach legislation is a trailing indicator of security and control effectiveness. When breaches don't happen, legislators tend to focus on other things. When big breaches are in the news, there are more drum beats about the need for standardized federal laws and regulations around data protection and breach notification. 

This could be the incident that tips to scale to kick off a federal response, depending on the details that emerge as Heartland's systems undergo forensic examination. Stay tuned.

Sunday, January 18, 2009


Inauguration - Kennedy to Obama Racial Progress

As John F. Kennedy stood on his inauguration podium, watching the parade march past, he gestured to an aide and pointed out an interesting fact - there were no black faces in the military honor guard.

Kennedy soon ordered the integration of his honor guard, and South Carolina native David Addison, an enlisted Marine who was a grandchild of slaves who had worked on a plantation on the Gullah Island of St. John, became the first African American member of the honor guard, as Kennedy closed the loop from symbol to solution.

Sometimes blatant symbolism is the right kindling to turn smoldering discontent into the flicker of change. According to Roxanne Roberts and Krissah Thompson of The Washington Post, there may be a bit of that at work as President-elect Barack Obama's inauguration looms large on the horizon.

The city's high-level social scene -- dinners, black-tie fundraisers, receptions, ubiquitous book parties -- is the place where money and experience are subtly traded for access and influence.
Except for the first time, the face of ultimate power is African American. With a black first family in the White House and a diverse group of appointees and Cabinet nominees, the all-white dinner party feels all wrong. Certain hosts are suddenly grappling with a new reality: They need some black friends. Overnight, black politicians, lawyers and journalists are hot properties, receiving engraved invitations from people they never got invitations from before.

Imagine that - they need some black friends. There's nothing like a little reality to change the way Washington works.

Obama's message of inclusion, which has caused great celebration (kudos for the diverse Cabinet) and howls of derision (Rev. Rick Warren), should serve as more than a campaign pinata, there for the swatting in hopes that something sweet will fall out. It's clear that like Kennedy, Obama intends to implement the concepts he posited during his long road to the White House, and there will be some very powerful beltway denizens assisting him in the name of their own preservation of relevance.

Those who have heretofore been excluded from the social venues where influence and access often lead to sway on policy matters and job opportunities suddenly find themselves on the receiving end of high-level attention. In a city where black and white work together during the day, often nightly social events were exactly the opposite.

Given how many African Americans there are in the Senate (any guesses?), it's easy to see how they might be overlooked for dinner party invitations. The odds are slightly better in the House, but barely. Suddenly, we're seeing a change in social dynamics that will eventually lead to subtle (or not so subtle) implementation of Obama's mantra of inclusion.

I don't foresee those with money and influence deciding to wait for four years to see how things turn out with the Obama administration. In the arc of politics, a year can seem like a lifetime, and it's unlikely that the gatekeepers will hole up with their remaining Caucasian caucus while plotting the downfall of the new power structure. Quite the opposite - they will follow the time-honored tradition of getting cozy with the new folks in hopes that their points of view will be whispered into the ears of movers and shakers, if for no other reason than to attempt to temper an articulated agenda that is more about being your neighbor's keeper than continued hoarding of wealth and power among a smallish constituency.

Those who opposed the Kennedy ideals of parity and morality when they found voice in speeches and prose watched as he chipped away at unequal treatment from the inside, demonstrating by concrete example that the time for the politics of the past had come to an end. Those examples became the foundation that paved the way for the Civil Rights Act of 1964.

Many battles were fought from January 20, 1961, when Kennedy's honor guard observation was made, through January 20, 2009, when Obama will take the oath of office. The 60s were turbulent and violent, as the nation struggled to wrap its collective arms around a new manifestation of liberty, and the racial skirmishes of the 70s, 80s, and 90s are well documented.

The election of 2008 is a different story. Obama's electoral and popular vote margins, along with the states he was able to flip from Republican to Democrat, clearly demonstrate that the bar has been set high with the full support and participation of the American people. A new day has dawned.

African Americans have now been invited to the party. Literally.

Saturday, January 17, 2009

Screw the Poor

As more bleak economic news streams from the faucet like toxic waste (Circuit City's 30,000 now unemployed workers adding to the millions of job losses in the past year), you can always count on some wealthy jackholes with more money than sense to give us a sign that they're above it all.

In my December 2008 post Shopping Cowards, I detailed some of the absurd measures some rich folks were taking in order to support their addictions to consumerism.

Special salons or boutiques have sprung up that allow guests to splurge in anonymity, because no one wants to be branded as insensitive when the peons in the unemployment line see you strutting past with bags from Gucci, Prada, or Tiffany & Co. to load into the back of your limo.

This time the signal comes in the form of a "I'm still rich" tshirt. Classy.
If the message alone isn't enough to make you want to employ the nuclear option in class warfare, then the price tag might push you over the edge - a stunning $2695.00, more if you want it in trendy, soul-numbing black. is the outlet for this nonsense, and I'm certain that this offering will drive traffic their way, even if they don't sell a lot of shirts. Since it would be un-American to suggest tracking down everyone who purchases a shirt, let's see if we can make the free market work again by telling as many people as possible to never visit until they do the right thing and remove this abhorrent merchandise from the site while taking every penny they've taken in heretofore and donating it a food pantry to help feed those for whom the current recession is no fucking joke.

Things I Worry About

Via GraphJam

Friday, January 16, 2009

Can I Wrap A Fish In The Internet?

The nation's 15th largest newspaper, The Star Tribune of Minneapolis, filed for bankruptcy protection this week, another ink-stained victim of a dying business model and a more sane approach to credit terms.

Exactly how a city paper can rack up a $661.1 million debt before being wrestled like a suckling pig from the financing teat would itself be an interesting story, one that I would pay to read, although I'd prefer to get it for free online.

I'm especially fond of stories that include plot twists such as how the Star Tribune ended 2008 with $26.9 million but now has to sell its plasma to keep limping along. Hopefully, the daily will find a benefactor, as no one wants to see it become a crack whore, even if it became poor and needed the money.

"The Strib" joins a host of other old-school gazettes drowning in a deep pool of red ink after a storied history built on oceans of indigo. The Chicago Tribune, Los Angeles Times and The Sun of Baltimore have all sought the shelter of bankruptcy protection. Several others could go tits up if they can't find buyers, like Denver's Rocky Mountain News, and the Seattle Post-Intelligencer.

How did these giants of media end up holding out tin cups, begging for change? A good number of them borrowed huge sums of money when times were good and profits were high, and they are now experiencing difficulties repaying these loans as the economy has soured and revenue sources such as auto dealer advertising and classifieds have faltered.

With the sudden tightening of the credit markets resulting from the financial meltdown, there are few deep pockets available for the daily rags to dip into, and it's unlikely that anyone outside of Rupert Murdoch has the inclination to pump cash into a ship that's clearly listing to port, preparing for a final belly roll. It really is the perfect storm.

Subscribers are abandoning ship at a record pace as other information delivery options become available. Being able to read about breaking events on Google News moments after it happens instead of waiting for the morning paper to skid across my front porch reminds me of what it must have been like when folks in 1837 could first send a telegraph message across the country, thanks to Samuel Morse, instead of waiting for the stage coach to bring the mail sack.

Advertisers, witnessing the reader-rats deserting the boat, have significantly pared back both the amount of advertising space they want and the rates they are willing to pay, hitting newspapers where it hurts the most. Some estimates show a decrease of 23.4% in revenues since the industry had a record $49.4 billion in sales in 2005. Experts were anticipating a drop of $7.5 billion in 2008 alone.

Rather than some slow-motion, Sam Peckinpah gunfight ending, print journalism finds itself dying off quickly, like a dinosaur whose food supply and luxury condo were obliterated while he was out chasing a caveman down the street, past the Creationism Museum.

Will I miss newspapers? Probably, a little, mainly at breakfast in the morning, when I sit with the Columbus Dispatch and spend ten minutes on the headlines as I munch my faux sausage sandwich and Activia yogurt. Who knew that being able to easily poop soy products would be the highlight of my late 40s?

It's been interesting to watch the business react to the general lack of concern over their demise outside of the industry itself. There's been a lot of "you'll miss us when we're gone" talk, which doesn't seem like a value-add to me, and a good portion of what I do find valuable in my information addiction is already fed in binary fashion whenever I want. I don't want to see anyone lose their job or livelyhood, but I'm on my second career already and no one cried for me, Argentina.

So what will go away? Lots of paper, and machines, and supporting infrastructure, primarily. Will the research and analysis remain? I would hope so, because that's the real meat and potatoes of good journalism in the first place. If the news business doesn't have this immense aircraft carrier floating around that needs to be funded and supported, just so it can shoot little news jets off the catapaults once a day, good business sense dictates that they can marshal their thinned resources and dedicate them to developing robust content that can be delivered better, faster, and cheaper.

Will there be money for that? The future is unknown, but in other endeavors it's been shown that people are willing to pay for a quality product and lose interest when the offering is shoddy. Ask GM. The revenue stream may not be entirely funded by consumers any longer, but that doesn't mean there will be no funds. Seth Godin has some ideas in his blog:

Punchline: if we really care about the investigation and the analysis, we'll pay for it one way or another. Maybe it's a public good, a non profit function. Maybe a philanthropist puts up money for prizes. Maybe the Woodward and Bernstein of 2017 make so much money from breaking a story that it leads to a whole new generation of journalists.

Slap a nice HP touchscreen PC on the kitchen island and let me have the same morning routine, except instead of wire reports I'm perusing my RSS aggregator, and I won't miss a step. Not having to drag the stack of newsprint out with the recycling every week has a certain appeal, and being a computer engineer, I'm not worried that I'll be starved for news if my touchscreen breaks down. I have redundancy!

I won't be able to wrap a fish in the Internet, or line a bird cage, but my yellowfin tuna comes from the monger pre-wrapped, and I hate birds. Impermanence is everywhere. It's print journalism's turn.

Nailing "Joe the Plumber", War Reporter

Will Ferrell - George W's Farewell

Thursday, January 15, 2009

Is He Gone Yet?

Tonight, finally...mercifully...George W. Bush makes his farewell address to the nation and begins his move back to Texas, a state so large that presumably he'll be able to stomp around without mucking things up.

It's difficult to remember ATBG - A Time Before George. If I concentrate, I can vaguely recall a time of government budget surplus, economic prosperity, and military restraint. Good times, good times.

Watching the TV box, reading the newspaper, or surfing the Internets over the past few weeks, George's last goodbye has seemingly lasted longer than one of those interminable (and completely unbelievable) action sequences that marked the final arc of all Arnold
Schwarzenegger movies. Just when you thought it was over, surprise!

Let's assume for a moment that his media tour is simply rote behavior drilled into his head from his years of alcohol addiction. George had one finger touching his nose as he staggered through the 12 Steps of his presidency.

Step 1 - he admitted that he was powerless over alcohol, therefore he decided to have powerful friends get him started in the oil business, buy him a baseball team, become governor, and then president. I fear for Laura as George leaves the White House - where will his power come from now?

Step 2 - came to believe that only a power greater than himself could restore his sanity. God, and Cheney? Check.

Step 3 - turned control of his life over to God. After all, he noted before that he thinks it was God's plan for him to be president.

Step 4 - took a searching moral inventory of himself and discovered his moral cupboard was bare. How else do you balance executing prisoners at a record pace in Texas while staunchly defending embryos and stem cells? Launching military operations in Iraq while denying funds for women's health in Africa? It all fits.

Step 5 - admitted to God, himself, and others the extent of his wrongs. He was a uniter, not a divider. So George came to Washington, pulled a Moses, and divided the Red and the Blue states.

Step 6 - asked God to remove his defects of character. He had earned political capital, and he was determined to spend it.

Step 7 - asked God to remove his shortcomings. So long, Colin Powell, John Snow, Don Rumsfeld, Alberto Gonzalez, John Ashcroft, Gale Norton, Donald Evans, Tommy Thompson, Mel Martinez, Alphonso Jackson, Norm Mineta, Tom Ridge, George Tenet, et al.

Step 8 - made a list of all people he had harmed and became willing to make amends. Hmmm...mistakes were made. Heckuva job, Brownie.

Step 9 - made direct amends to such people. Presidential Medals of Freedom awarded to Tony Blair, Tommy Franks, Paul Bremer, and George Tenet. Heckuva job, y'all.

Step 10 - took personal inventory and admitted when he was wrong. Putting up the "Mission Accomplished" banner was a mistake, and not fixing that whole Social Security thing. Daggone it.

Step 11 - used prayer and meditation to improve contact with God. I believe they share the same pair of trousers now.

Step 12 - use his awakening to carry the message to others. Sometimes it's really hard to find a coalition of the willing, y'know?

Goodbye, George. It's going to be hard to forget you, because wherever we look, the carnage that remains will serve as an eternal reminder of your service.

3.5 Million Computers Infected by Conficker Worm

Updated 1/21/09

A worm originally designed to target a vulnerability closed by Microsoft's MS08-067 is spreading so rapidly that some security researchers are calling the spread "an epidemic."

Conficker, also known as Kido and Downadup, is spreading via network shares, removable media devices, and weak administrator passwords. Some of the newer variants are finding improved ways to hop onto networks worldwide. ZDNet is reporting that up to 3.5 million computers may be infected.

MS08-067 was released in October 2008, and there's absolutely no good reason for the patch not having been deployed three months later. At the very least, firms should have implemented one of the workarounds recommended by Microsoft if there was concern that applying the patch would cause production outages.

The root vulnerability is in Microsoft's Server service, where the service does not properly handle specially crafted RPC requests. An attacker who successfully exploits the vulnerability can take complete control of the attacked system.

McAfee reports that the latest samples they’ve analyzed are exploiting only English language OS versions, due to an OS fingerprinting feature within a Metasploit exploit designed by creators of the worm.

If you're part of the bunch who has not yet rolled out MS08-067, or if you have not yet validated that the patched systems have been rebooted to ensure the patching process has completed properly, my recommendation is that you get on it immediately.

You can also reference the bulletin for information on how to validate your systems have either the updated file version or registry key to indicate successful patch installation.

Most antivirus products have signatures for the known variants, but as this continues to morph and grow, there may be periods where AV protection is not available. Play it safe and install the patch.

UPDATE 1/21/09 - well, this certainly has been a virulent little rascal. Estimates now place the number of compromised machines at 8.9 million and growing. The scary part is that we haven't even seen the payload delivered yet, so we don't know what will occur when the time comes to leverage the compromised computers.

There are a couple of ways to protect yourself.
  1. Apply the MS08-067 patch ASAP.
  2. Disable autorun capabilities so an infected CD or USB drive won't attack you when it is loaded. You can Google "disable autorun" to find out how to do that on your OS - sorry, but I won't assist you in corrupting your registry in the name of security.
  3. Don't use weak or common passwords, especially for administrator passwords, and change your passwords occasionally. Passphrases remain better than passwords - it's harder to break ILikeStinkyCheese that it is nimda (admin spelled backward). Conficker has a dictionary of frequently used passwords that it uses to brute force attack in an attempt to guess the password. You may want to consider enabling account lockout thresholds after a certain number of unsuccessful attempts, but consider the fact that you may cause a denial of service condition on yourself if you do get attacked.
  4. If infected, download the F-Secure removal tool.

Wednesday, January 14, 2009

Stupid Security

I've been preaching for a long time about the benefits of encrypting removable USB flash drives, since they are easily lost and it's a breeze to suck your data off of them.

So if you're encrypting your USB keys, you're smart. Very smart. If you attach your encryption key to the device, you're dumb. Very dumb.

Such was the case with prisoner health information from Preston Prison in Lancashire, UK. More than 6300 prisoner's data was on the USB stick.

Workers from NHS Central Lancashire involved in the incident have been suspended while the investigation takes place.

It is believed a member of NHS Central Lancashire staff had uploaded the information using the memory stick then returned to the administration office and lost the device somewhere on route.

There's that data-in-transit and human error thing again, as I pointed out in my posting yesterday on the rise of data breaches. How many of these incidents need to occur before people dummy up and start doing the right thing?

Pee - Unlimited Yellow Energy

I know it's all the rage to go "green" these days, but what if going "yellow" works too?
Such is the case with Nopopo battery.
Nopopo (NoPolutionPower) batteries are whiz-activated! The batteries use a combination of magnesium and carbon that, when mixed with certain fluids (including urine, y'all), produce a charge. Sha-zam!
The Nopopo doesn't produce a lot of juice out of your pee - less than a normal AA alkaline battery. The upside is in the recycling, I guess.

I'm an idiot