Monday, August 31, 2009

First Day of School Anxiety

Today was our 9-year old's first day of school. 4th grade seems like such a huge leap at that age, and tends to cause much anxiety on elementary students everywhere.
I wonder why the start of the school year leads to so much consternation and dread for such a large population of students? It seems to be the same, year after year. I had worries, my friends had worries. What the heck?

How many of you had the obligatory dream sometime in August where you were late for the first day of school?

Or got lost somewhere in the school building?

Or couldn't get your locker open?

Or forgot your lunch, missed the bus, ended up sitting without pants in the classroom (library, homeroom, bus stop, etc.)?

Let me know which of these sounds familiar, and what you think caused your own measure of dread.

Image by laffy4k via flickr

New Microsoft IIS Zero Day Flaw

Microsoft's concept of secure computing is a lot different than mine. Not that anyone asked, but, c'mon man!

The latest flaw happens to be in the FTP module in various versions of IIS, including 5 and 6, as noted in the Full Disclosure mailing list report. The vulnerability could allow attackers to obtain system-level privileges, not ideal on a web instance.

Of course, there's no patch. Will this be another incident where we later find out that Microsoft has known of the flaw for a year and sat on their hands? I sure hope not.

Based on the snippets of exploit code floating around, at the very least I would make sure that you don't allow anonymous access via FTP - configure your setup to grant access only to trusted users.

You can read all about it at milw0rm, or at US-CERT, although the latter doesn't have a lot of info. Stay tuned.

Image via

Updated 9/3/09 9:30 PM - Microsoft has released Security Advisory 975191 for the vulnerability in the FTP service when running IIS 5.0, 5.1, 6.0, and connected to the Internet. That last part is a wake-up call.

Of course, Redmond needs to do a quick tap dance and point out that the vulnerability was "not responsibly disclosed to Microsoft and may put customers at risk."

I don't have enough fingers and toes to count the number of times security researchers have notified Microsoft before going public, only to see months (or years) go by before a fix was issued. Usually, it's the availability of exploit code that finally drives Microsoft's response.

So thanks for the lecture, guys. Now go fix the damn problem.

Sunday, August 30, 2009

We Already Ration Health Care

Ezra Klein makes the point that those claiming that health care reform might lead to rationing of care and waiting lists like exist in Canada or Great Britain are missing the point. Currently in the United States, we ration, we ration, we ration.

This is not an arguable proposition. It is not a difference of opinion, or a conversation about semantics. We ration. We ration without discussion, remorse or concern. We ration health care the way we ration other goods: We make it too expensive for everyone to afford.

The Terrible Towel Changes Lives

The Pittsburgh Post-Gazette has an in-depth look at the history of Myron Cope's Terrible Towel.

I've written briefly about the backstory of the Terrible Towel here, but if you're looking for something a lot more detailed, the PG article is a must-read.

Image by Daveynon via flickr

Mario Kart: The Movie

It's a shame this is satire and not a real movie, because it looks ten times better than G.I. Joe.

Via Geekologie

Friday, August 28, 2009

Middle School Class Sings "Pictures of You"

Via The Daily Dish

Cash for Clunkers and Foreign Car Models

As the Cash for Clunkers program rolled on, there were some complaints that foreign auto models were selling at a much quicker pace than American-made cars. This led to a typical line of comments, particularly by folks who oppose any manner of government stimulus program, about how Cash for Clunkers wasn't doing much to help Detroit automobile manufacturers.

Nate Silver over at has done his usual bang-up job of crunching the numbers and comes up with the graph below.

Notice, if you will, that the three major US auto makers - Ford, Chrysler, and GM - have significantly fewer of their available models that qualify to be purchased under Cash for Clunkers. So caught up in the massive profits of SUVs and trucks that they failed to hop on the fuel efficiency bandwagon, American manufacturers produced few vehicles that met the Cash for Clunkers required minimum of 22 miles per gallon.

Let's hope that this serves as yet another wake-up call for Detroit, and that they begin to crank out quality, high-mileage cars and SUVs. I'm ready for a new car - my Jeep was paid off in January - and if I want to buy American, I still don't have a lot of choices.


Monster Mario Kart

This real life monster Mario Kart is scary as hell.

Ted Kennedy, At His Best

Professor Hitlerballs

Thursday, August 27, 2009

Kate Spayed Dog Toy

It's funny, because it's true.


Passive-Aggressive Color Coded Coffee Cup Cleaning Chart

It's hard to pin down who is the most dickish in this scenario - the chick who whines about cleaning out the coffee cups, or the dudes who keep sanctimoniously snarking at her.

Shannon, can I swap my rostered coffee cup cleaning duty this afternoon for Thursday? I have been busy all day working, not looking at pictures of Johnny Depp on the internet, and not had time to familiarise myself with correct coffee cup cleaning requirements. I am happy to reschedule my meetings tomorrow to undertake a training session on dish washing detergent location and washcloth procedures with you if you have the time. I feel it would be quite helpful if prior to the training session you prepared some kind of Powerpoint presentation. Possibly with graphs. Will I need to bring my own rubber gloves or will these be provided?


Star Trek Dog Costume - Live Long and Paws-per

Dammit, Jim! I'm a dog. Not a starship!

Link via Geekologie

Rock the Cradle with the Linux Penguin

Sculptures in Motion

I've always appreciated art forms that don't require a lot of heavy lifting on my part to understand what the artist was trying to say.

Does that make me art lazy?

Peter Jensen does some fascinating sculptures that appear to capture a split second in time. This appeals to me not only from a visual perspective, but also because I enjoy the concept of time and various ways to interpret and use it. In college, I wrote a three-page paper that detailed a single event that encompassed 9.8 seconds.

I'm guessing that's why I'm blogging and not writing for some famous publication now.

Link via Neatorama

Ex-girlfriend? There's an app for that

Via The Daily Dish

Wednesday, August 26, 2009

R.I.P. Security on GSM Phones

A security researcher is launching an open-source project to crack GSM cellular phone encryption that will allow attackers to decode phone calls and any data that happens to be in transit via the device.

If you're on T-Mobile or AT&T in the US, you only have a couple of months until you need to begin worrying.

Cell phone security has been woefully lacking for at least twenty years, mainly due to what I describe as a Microsoft-like approach of delivering cool features first and security second, if at all.

Karsten Nohl claims that he's looking to exploit a vulnerability that's been known for 15 years and affects 3 billion phones as a way to prod cellular phone manufacturers and carriers to get serious about security.

Cracking GSM encryption is nothing new, but previously the tools have been very complex, highly technical, and pretty darned expensive. Nohl hopes to change that via his open-source project. Ah, the joys of distributed computing.

Link via CNET

Image via Silicon Valley Sleuth

Successfully Attack WPA in a Minute or Less

When I took the SANS Network Security course on wireless security in 2006, we essentially learned how to attack and compromise various wireless security protocols and devices so that we would be able to protect our own infrastructure from similar weaknesses through better architecture and more robust hardening.

Back then, by capturing wireless packets of sufficient quantity, we were able to run various tools to crack WEP, WPA, WPA with TKIP, WIDS, & EAP, LEAP, PEAP, and so on.

For WPA specifically, it took a little time to capture an adequate amount of packets on which to run the cracking tools, so a successful compromise might take 15-20 minutes, depending on your processing power.

Now comes word out of the 2009 Joint Workshop on Information Security that WPA can quickly be defeated through a combination of man-in-the-middle (MITM) and the 2008 Becks-Tews attack.

This is not good news.

By overcoming the obstacle of time in capturing the packets, during which the victim might discover that something is amiss, this new attack scenario can be executed in as little as one minute as a best case, according to the paper's authors.

Now, the TKIP aspect of this is interesting, and experts have been saying for some time that WPA1 isn't secure enough for the enterprise, so I'm not certain this paper breaks fantastically new ground. The time factor for cracks of all kinds has been shrinking exponentially as better tools and increased computing power combine to give the advantage to the attacker.

Wireless security is a dynamic field and it's like a box of chocolates. From month to month, you never know what you're gonna get.

Buttcam Provides Proof Your Ass Looks Big In Those Jeans

For some reason, most women aren't seeking an honest answer when they are trying on pants and ask, "Do these make my ass look big?"

The first time my girlfriend (now wife of more than ten years) asked me that question, I answered truthfully: "Honey, your ass IS big." Once she got over the shock, she laughed and we both knew ours was a match of destiny.

There are no blokes in Australia willing to be so forthright, so the Buttcam has been launched to much fanfare. It provides visual evidence to let the sheilas know where their rump stands in the size spectrum.

Lest you think I'm being sexist by focusing on women, might I point out that there are no men visible in the promotional pictures.

Link via Dvice

Tuesday, August 25, 2009

Poo Trap: I'm Intrigued - My Dog, Not So Much

Normally a contraption like this wouldn't even warrant consideration by a dog lover. The other pups would ridicule Rover and forever damage his self-esteem.

Bringing home a rescue dog that continues to squeeze out biscuits on the dining room floor months later has led me to look for alternate solutions.

Like the Poo Trap.

Now if someone will just tell me how to make this work with Doggie Depends.

Via Neatorama

Monday, August 24, 2009

Don't Ride Mascot Bears

Via Buzzfeed

Media Impotence In An Age of Liars

If the death panel fiasco portion of this relentlessly dishonest campaign to kill health care reform teaches us anything, it's that traditional media needs some journalistic Viagra, because about half of the citizens polled believe that Obama's plan actually includes death panels.

Even now.

Columbia Journalism Review weighs in on the current state of mainstream media and posits that stenography isn't the same thing as reporting. It's a well-worn phrase that has been kicked around by progressive web sites and bloggers for at least ten years, kindled by the hot coals of the media's collapse in the run up to the 2nd Iraq war.

Welcome to the dance, CJR.

There's been much discussion in these parts about media coverage of topics like the death panels, and several points keep being hammered by those with skin in the game - primarily, that he-said/she-said journalism isn't really reporting. Anyone cogent enough to transcribe words from a recording to paper (or its electronic equivalent) can play that silly game. But when one side of the arguement is blatantly, knowingly false, the media does a great disservice by treating it as fact, rather than demanding proof while refusing to advance the position without documentation.

CJR calls this out as follows:

So what’s a journalist to do? We can start by not by making a more concerted effort not to disseminate false or dubious claims in the first place. That’s obviously not a foolproof response; the “death panel” claim, for example, was given a boost when Sarah Palin advanced it on her Facebook page. But just because the mainstream media is no longer the ultimate gatekeeper doesn’t mean that it should fling the gates it does control open wide, allowing half-truths, misleading interpretations and outright lies through just because they’re advanced by people in positions of power.

Right-wing doctrine is amazingly effective in this regard:
  1. Tell a lie
  2. Claim you were misunderstood
  3. React with feigned outrage
  4. Rinse and repeat
Each time the lie is repeated, it is reinforced in the minds of those who hear it, and traditional methods to blunt false messages are woefully ineffective. Going on television or responding in print to refute the lie simply keeps it in the air, like a beach ball at a summer picnic.

Stephen Colbert might joke that he doesn't trust facts, that he prefers to go with his gut, but there's something to his approach. It's called confirmation bias, where we tend to seek out information that supports previously held beliefs while avoiding anything that challenges what we know to be true.

Segments of the population who are convinced that Obama isn't a US citizen, or is a practicing Muslim, or a closet socialist, have absolutely no problem making the leap to death panels. It confirms what their gut is telling them - there's something shady about this guy.

Perhaps journalists should converge and create a scribe's version of the Hippocratic Oath.

First, do no harm.

Image by Lawrence OP via flickr

Tech Support Expert - XKCD

Click here to become a tech support expert like me!

Sunday, August 23, 2009

Avoiding Dirty Web Sites - Here's How

I spent some time earlier today helping a friend rid her home computer of a malicious application that kept popping up notices warning that her machine was infected by a virus while advising that if the user purchased their anti-virus program, a portion of the cost would be donated to environmental causes. Green AV is the name of this pernicious app.

So how do people end up with viruses, Trojan horses, malicious code, and other unwanted pieces of software installed and functioning on their machines? Typically by browsing particular types of web sites, accessed directly, via a shortened link (TinyUrl,, etc.), or by following a hyper-link embedded in an email, instant message, Twitter post, ad naseum.

Anti-virus and security vendor Symantec has written up a handy survey of the 100 Dirtiest Web Sites with information gleaned by visiting the sites. And here's something that might surprise you - while the average number of threats per site was 23, a number of the offending locations had between 18,000 and 20,000 threats apiece.

It used to be that adult sites made up the vast majority of the threat class, but according to Symantec, only half of their survey sites were comprised of adult content. More innocuous sites are now pressed into service to host malicious content.

The best advice? Use a browser that has a smaller risk footprint, like Opera or Firefox. Microsoft's Internet Explorer is notorious for vulnerability, and its tight integration into both the Windows platform and applications like Microsoft Office means the chance of damage increases.

If you move to Firefox, installing add-ons like NoScript, Ad Blocker, WOT, and others can keep you from ending up on malicious locations or having scripts install software without your knowledge or permission.

Of course, having an updated version of an anti-virus program that gets its signature database updated at least daily is a must, as is using a free program like Secunia PSI to make sure that end-of-life software is identified, and that ancillary programs like JavaScript, Flash, Adobe Reader, and iTunes are maintained with security patches and version upgrades, since many vendors often upgrade to new program versions to fix serious vulnerabilities, leaving prior versions wide open to exploit.

Since even mainstream sites are being compromised by SQL injection attacks or via advertisements piped in from compromised ad servers, simply avoiding particular kinds of web sites no longer offers a measure of protection. Disabling active scripting and taking other defensive measures is now a requirement for safe web browsing.

Questions? Email me at

Image by

Crass Local FOX News Reporter

On tonight's FOX 28 local news, a reporter dutifully relayed the details of a man found dead in the front seat of his parked vehicle.

I don't know the reporter's name, and he's not listed on the station's website, but here's some actual words that came out of his mouth:

"The dead guy was found behind this house..."

The dead guy? How about the "victim", or "casualty", or any other professional way to refer to a man found with a fatal chest wound?

FOX News - our dishonesty is matched only by our offensiveness.

8-Bit Trip: A Lego Homage to Video Games of Yore

I love Legos. Always have. Always will.

Swedish band Rymdreglage spent 1500 hours putting together this stop-action video tribute to some of the old 8-bit video games that many of us grew to enjoy.

Via BoingBoing

Going to Movies Really Stinks

It's a rare occurrence that we paint the town with dinner & a movie on a Saturday night, but feeling cheeky, we took in the new Tarantino movie, Inglourious Basterds, rather than executing our regular waiting-for-home-video operandi.

What made it spectacularly plucky was the second venture into the local cinemaplex in the same week, which almost never happens. Perhaps we were seeking to expunge the earlier funk of GI Joe from our brains by attempting another foray into corporate moviedom, or maybe our subconscious has sufficiently buried the horrors of General Hawk, Snake Eyes, Duke, and Ripcord and we were ready to love again. We also weren't taking a 9 year old to his choice of films, which helps.

Seeing two theater movies a week calls attention to everything that's wrong with going out to see movies these days. It used to be an occasion. Now it's an ordeal.

Taking the route to purchase tickets seemed the intelligent option. Who wants to stand in line on a Saturday night, especially for a new release? Unfortunately, AMC Theatres did everything possible to thwart enjoyment of the pre-movie experience.

AMC Easton in Columbus has four - count 'em - four ticketing kiosks, each with four automated-teller gizmos to either purchase tickets via credit card, or to pick up tickets purchase online - from, for example, rather than snaking through the maze to hand your cash to a live person. It's an excellent concept, poorly executed.

For the second time in a week, nearly all of the ticketing kiosks were out of paper, rendering them as impotent showtime viewing screens and nothing more. One out of sixteen was operational, so we stood in line, for the second time in a week, to pick up tix we had pre-purchased online. Sort of defeats the entire advance-ticketing process, me thinks.

Riding the escalator to the upper level lobby, the spectacle of the newly-designed concession area unfolded. Gone is the wide expanse of counter, with patrons queued up for crates of popcorn and barrels of beverage, replaced with a smaller area to order your regular popcorn offering to free up space for the shelves upon shelves of pre-wrapped, high-margin gourmet popcorn, fancy boxes of candy, and machines that jizz out fake butter, nacho cheese sauce, pickle relish, and gosh knows what else.

So rather than twelve semi-orderly (but slow) lines of folks gathering their grub, it was a hundred-person free-for-all of self-service remisicent of an old-time demolition derby. What's slower than 15 concession workers getting your popcorn, drinks, and Milk Duds? 100 untrained consumers with nacho cheese on their shoes, schlepping toward the multitude of registers prepared to take your debit card, providing you can extract it from your wallet with fake-butter-coated fingers crusty with fine salt granules spilled by the snacking hordes.

Once seated, we endured an endless loop of the very same advertising that assaulted us four days previously. Do you know what would prevent me from ever following in the footsteps of Microsoft and SMC and hosting a meeting at an AMC Theatre? Being repeatedly forced to watch (and listen) to how wonderful it is to host your corporate gig at an AMC Theatre. Oh, and ABC? The shows I might have watched on your network will never be viewed in my house. The more clips I saw while waiting for the movie to begin, the more lousy your new offerings seem to be. Blame exposure therapy.

Minutes past scheduled showtime, the lights dimmed, and we were assailed by more advertising, even before being subjected to the very same coming attraction trailers seen earlier in the week. I didn't pull out my iPhone to check the time - being a courteous movie-goer - but I estimate Inglourious Basterds commenced nearly 20 minutes after the time printed on my stub.

I get it. I'm a captive audience. In order to get a decent seat that won't result in some freaky neck injury from staring straight up at the massive screen, I need to arrive 10-15 minutes prior to the posted showtime, or be satisfied with the leftovers. But can we cut a deal?

Can you publish the actual time the movie will start? Not when the ads start, or the coming attractions begin, or the dancing popcorn box busts a move. And enough with the cutesy reminder messages of how annoying crying babies and ringing cell phones can be. Anyone who has been alive since 2002 understands.

Make it easy for me to get my tickets. Streamline the process that allows me to spend way too much money on overpriced, highly-profitable snacks that are terrible for my health. And when I finally park my ass in the butter-slimed chair and plant my feet on the Coke-drenched floor, spare me the revenue-generating visual annoyances on the big screen.

I paid too much for the tickets, and too much for the snacks. Stop trying to squeeze the last cent of potential gain out of me.

Just show me the damned movie.

I'm Doomed - Study Shows People Don't Understand Sarcasm

People who know me would readily admit that my porn star name would be along the lines of "Snarky O'Smart-ass", so this study, brought to you via The Daily Dish, leads me to believe I might be wasting my talent:

But it was Rockwell’s (2006) survey of sarcasm that I think produced the most interesting, recent findings in this area. Out of 218 respondents to her survey, 25 percent didn’t complete the question asking for an example of a sarcastic comment they remember making (perhaps 25 percent of us don’t use sarcasm?). Of the remaining 75 percent who did complete the question, only 45 percent of the people actually came up with a sarcastic remark.

An astounding 55 percent - 55 percent - of the people responding to the survey mistakenly thought they were giving an example of a sarcastic remark, when they really weren't. That's heartbreaking.

The study posits:

Sarcasm represents a difficult verbal behavior, and many speakers who attempt to use it, fail to accomplish their task.

So leave the sarcasm to we professionals. Mmm-kay?

Image via

McDonald's Website for Black People

Niche marketing being what it is, I shouldn't be surprised that McDonald's has a complete web presence dedicated to African-American culture. 365Black is obviously their attempt to make inroads on several levels with an important demographic for their business.

I'm interested in hearing from readers about what they think of the concept as articulated by McDonald's:
At McDonald's®, we believe that African-American culture and achievement should be celebrated 365 days a year — not just during Black History Month. That's the idea behind It's a place where you can learn more about education, employment, career advancement and entrepreneurship opportunities, and meet real people whose lives have been touched by McDonald's.
Image via

Friday, August 21, 2009

Death By Fat and Sodium, KFC-style

At first, I thought the KFC Double Down sammich was a joke. I mean, until we have universal health care, who would take the risk of putting this inside their body?

The joke's on me.

Double Down with KFC

Microsoft's New Smart Phone