Wednesday, July 29, 2009

Baltimore: Voyeurism and Privacy Violations Can Lower Crime

After the kerfuffle about the warrantless spying by agencies under the Bush administration, coupled with the numerous stories concerning the FBI overreaching their authority and other law enforcement officials trampling on the privacy rights of individuals all in the name of safety and security, one would surmise that any new initiatives that had privacy implications would be greeted with a skeptical, if not hostile, response.

So why does Baltimore Transit want to install microphones to record all conversations on their buses and trains?

Set aside for a moment the cinema-concept that criminals have migrated to city public transportation to meet with Lex Luthor to plan how to bring Metropolis to its' knees. What are the odds that someone will be listening at the exact moment some criminal act is mentioned, and that they will be able to action it in a sufficient timeframe as to prevent the crime in the first place? Sounds a bit like a recent Tom Cruise movie. And not a good one, either.

What about the privacy aspects? Do I give up all expectations to privacy while on a city bus? How about the person on the other end of my cell phone call - do I need to warn them that my half of the call is being recorded and archived for an unknown amount of time? And how usable will the recordings be, especially if twenty people are talking at the same time, mixed with the usual sounds that accompany mass transit?

This is a stupid idea that wastes precious financial resources in a time of crushing fiscal circumstances. It will neither reduce crime nor will it accomplish anything except lining the coffers of those vendors who will sell, install, and maintain the recording systems.

I'd lose my job if I spent money this way without showing significant results. Baltimore should be held to the same standard.

Baltimore transit wants to use microphones to record all conversations on trains and buses, via BoingBoing

Image by mab via flickr

Tuesday, July 28, 2009

Snappy Electric Bike

So I want to putter on down to the local coffee shop to Twitter and Facebook and write witty, insightful blog postings, but I don't want to kill my as-yet unborn grandchildren by contributing to global warming. What's an oldster to do?

The Amur Leopard would allow me to motor around via electricity, and even has a bit of storage that would permit me to cart my laptop around. Who wants to use a netbook or sling a messenger bag around their torso? That's sooo 2009!

While still a prototype, I'd be interested in test driving one. I wonder how much it would cost to mail a Leopard from China?

Electric bike adds storage, nav, and email for rolling good times, via Dvice

Casting Couch: Super Mario Villains

Monday, July 27, 2009

Opportunistic Flu Virus

In light of the swine flu pandemic, many agencies have taken a fresh look at how the population is typically affected by flu outbreaks, and whether there are any specific factors that put someone at a higher risk of having a negative outcome should they be infected.

Chronic conditions, not surprisingly, significantly increase the risk when it comes to severity. This chart demonstrates a breakdown of chronic conditions by type among those aged 18-29.

We expect the elderly to struggle with viruses and illnesses that the younger population typically fights off without much difficulty, but what swine flu showed us is that when something new comes along, for which resistance has not yet been developed in the population at large, these chronic conditions can play a major factor.

The Opportunistic Flu Virus, via Effect Measure


I'm a bit surprised that Michael Jackson didn't move to these when he finished with his white glove phase. There were rumors that he occasionally had his hands in someone's underpants.

This would have helped cut out the middle-man, if you know what I mean.

Handerpants - The Underwear for your Hands, via Neatorama

Sunday, July 26, 2009

Singapore's Health Care System

One of the more forceful arguments being put forth by those opposed to reforming the American health care system is that the United States has the best health care in the world. Anyone who raises the question of whether this is true or not is quickly shot down as unpatriotic or an American-hater.

But numbers mean things, even when we don't like what they say. Do we really have a better system, which leads to us living longer, in better health, with top rankings in most of the key performance indicators that other countries also use to measure how they're doing?

No so much.

Via The League of Ordinary Gentlemen, a look at how we compare to Singapore:
Here are some comparisons: Life expectancy at birth in the United States is 78 years; in Singapore, 82 years. The U.S. infant mortality rate is 6.4 deaths per 1,000 live births; in Singapore, just 2.3 deaths per 1,000. But the United States has far more caregivers: 2.6 physicians per 1,000 people, compared with 1.4 physicians in Singapore. The United States has 9.4 nurses per 1,000 people; Singapore, 4.2. And it has six times as many dentists as Singapore and three times as many pharmacists.

Perhaps the answer lays within the concept that Singapore doesn't view people's medical care as a profit-at-all-cost model and actually focuses on doctors and patients.

Image by Christopher Chan via flickr

Adobe to Fix Flash Flaw This Week

CNET Security is reporting that Adobe is planning to release fixes this week to close some of the critical flaws in their Flash player that are currently being exploited in the wild.

July 30 is the target date for Flash Player v9 and v10 on Windows, Mac, and Linux. No date for a Solaris fix has been set.

Reader and Acrobat v9.1.2 for Windows, Mac, and UNIX are scheduled for July 31, since both shared some common flawed code with Flash.

Keep in mind that there are still exploits in the wild, so either disable Flash, or use the NoScript add-on if you're a Firefox browser user.

Firefox Updates to 3.0.12

Firefox has released a version update that closes five critical security issues and also addresses some minor bugs and flaws. If you haven't moved up to the latest release, now would be an excellent time.

Smarter yet would be to move to the 3.5 version, which improves JavaScript performance and adds some privacy tweaks. If you have to stay on the 3.0.x releases, make sure you move to 3.0.12 to lower your risk.

As always, running some of the security-related extensions and add-ons helps even more.

Saturday, July 25, 2009

Racist Doctors Oppose Obama Health Care Plan?

There have been all sorts of sad sacks and looney-tunes who have been out there protesting via tea parties, tea bagging, and all sorts of other tea-related venues, typically against government intervention into their tortured, miserable lives.

It's tough being a white man in America these days. I've never had it tougher. Just Tuesday, I couldn't take advantage of the free pastry offer at Starbucks because the man wouldn't let me out of a meeting because protecting the firm's technology assets is apparently more important than a gratis bear claw.

As I watched the 2008 presidential campaign, and later some of the tea-protests, there was often a distinct racist overtone to them - whether expressed by signs being carried, hatred spewed in the direction of video cameras, or handouts and literature being distributed. The moment a protest goes all hate-ish like that, I lose all interest in the cause and focus my attention on making fun of the protesters.

There's been some of that in the health care debate, too, some of it from surprising sources. For example, there's Dr. David McKalip, a Florida neurosurgeon who has apparently been scratching his own brain with sharp instruments.

Dr. Dave is a conservative activist affiliated with the tea-bagger movement, so there's strike one against him. He's a member of the American Medical Association's Board of Delegates, which while not a strike down the middle, certainly hugs the edge of the plate. The call could go either way there, depending on the ump.

He also founded an anti-reform group, Doctors for Patient Freedom, which sounds less like being about his patients than it does being about Dr. Dave getting his way in spite of patients. But I digress.

The hard fastball that sends Dr. Dave back to the dugout is a racist picture he's alleged to have forwarded, showing our president mocked up in what Dr. Dave calls "an African witch doctor," ostensibly to cement the image that Obama's reform strategy involves an eye of newt. Swing and a miss, Dr. Dave.

When questioned, Dr. Dave didn't want to spend much time explaining why he thinks perpetuating racial stereotypes is the best way as a physician to advance his thoughts on how the proposed changes to our health care system would adversely effect the very people he's sworn an oath to heal. Perhaps the explanation is as simple as this - Dr. Dave is a racist douchebag.

I wonder what my friends at the A.M.A. think? Will they disavow Dr. Dave's comments, kick him off the board, or tell him to be more careful next time?

Conservative Activist Forwards Racist Pic Showing Obama as Witch Doctor, via TPMMuckraker

America's Waterloo?

Via a Talking Points Memo reader:

Just to mention something that is obvious, but hopefully not overlooked, i.e., if this country cannot pass a bill which insures that every citizen has access to medical care, which every developed country has managed to do (and got done many many years ago), there is something very fundamentally and structurally wrong with this country.

How the Health Care Sausage is Made

Via Andrew Sullivan's The Daily Dish, an interesting take on where the health care debate sits presently. With Republicans dug in as the Party of No Deliver, and most Democrats supporting Obama's goals, once again it's the Independents that matter.
[T]he Democrats are still much more trusted as a party to fix health care (in the generic sense) than Republicans are. The public buys in to the urgency of the problem, even as they're not officially sold on any solution. What's now known in liberal circles as the "DeMint/Kristol" strategy is an instinctual Republican strategy derived from the gut; it misreads the public's ambivalence about Obama and the health care debate as a sign that the public has soured on health care reform in general (nope) or Democratic principles in particular (not really). It may well have the perverse effect of generating sympathy among independents for Obama. Independents want to get health care done; they respect Obama for trying, even as they've begun to sour on his leadership skills.

Perfect John Hodgman Roles

BoingBoing has the details on seven acting roles that noted droll intellectual John Hodgman fits perfectly.

I'm not sure I agree with them all, but Higgins from Magnum, PI has intriguing possibilities.

Friday, July 24, 2009

iPhone Encryption Easily Defeated

One of the digs against the use of an iPhone in a corporate environment is the lack of enterprise-level security on the device. With sensitive business and personal information contained within email and documents stored on the phone, it's imperative that there are effective, robust controls in place to keep the data from being breached.

Apple has been touting the encryption solution that's part of the new 3GS model as their answer to those who doubted an iPhone in the enterprise was ready for prime time. It's reported that Apple uses the 448-bit Blowfish encryption algorithm, which provides a measure of cryptographic protection. But does it really keep the bad guys out of your data?

Sadly, it doesn't appear to be very successful. Wired has a report that indicates data can be siphoned off of an encrypted iPhone in minutes using readily-available software, and a complete disk image can be created in less than an hour.

There seems to be a minor issue with the iPhone in that once data starts being extracted, the phone begins decrypting the data on its own. Wow.

This is particularly troubling in light of some recent legislation in Massachusetts and Nevada that requires personal information of state residents be encrypted on any device that is not within the confines of the corporate network. This includes Blackberry devices, smart phones, removable USB drives, and so on. Since it's difficult to discern the legal residence of the customer's data as it gets mixed and mashed with everyone else's data, corporations generally choose to protect all personal information in the same manner, regardless of the domicile.

As a security professional, I would never recommend using the iPhone on a corporate level until Apple matures their security configuration and control environment. It's up to each business to evaluate the level of risk they are willing to accept, and for some, use of the iPhone will fall within acceptable risk parameters. Sooner or later, however, a breach will occur - someone's information will be stolen or use inappropriately - and there will be statutory penalties in addition to the inevitable civil suit.

Apple has an uphill trek to achieve the same security posture as RIM with their series of Blackberry devices. Don't expect Cupertino to reach the peak anytime soon.

Thursday, July 23, 2009

No Health Care Bill from GOP

Remember when congressional Republicans heaped scorn on the Democratic concept of a health care bill and promised to offer an alternate plan?

Yeah, the Party of No is also the Party of No Deliver.

GOP Rep. Roy Blunt, chair of a confusingly-named "House GOP Health Care Solutions Group" has announced that Republicans will not be offering the previously-promised alternate plan, because it would confuse things.

I'm guessing that it's less about confusion than the fact that the GOP has not been able to articulate a coherent plan that meets even half of the stated goals. That should come as no surprise. I would have been taken aback if the GOP had come forward for some fresh ideas to solve this problem, because solutions outside of cutting taxes have never been the strength of the right wing.

Wonder how long it will be until they take down this video in which they promise to deliver a plan?

Letterman on Twitter

Jon Stewart on the Obama Birther Crazies

The Daily Show With Jon StewartMon - Thurs 11p / 10c
The Born Identity
Daily Show
Full Episodes
Political HumorJoke of the Day

Wednesday, July 22, 2009

Bobblespeak Translation of Obama Press Conference 7/22/09

AP: How do you plan to pay for this and what’s your dealbreaker?

Obama: hey dude right now we’re all paying for it - at this rate we won’t be able to afford to iPhones, cable tv, or to invade every tiny little country that pisses off

AP: oh no

Obama: yeah! so that’s 2/3 of the cost right there

AP: and the rest?

Obama: remove tax deductions but I don’t foreclose other options

AP: oh no don’t say foreclose

Obama: hey we could raise taxes on millionaires

White House Press corps: oh shit

Obama: or eliminate waste

White House Press corps: oh yeah much better

President Barack Obama Press Conference - July 22, 2009

"The Dude" Gets a Key to the Universe

I didn't even know there was a real dude behind the character portrayed by Jeff Bridges in the 1998 film The Big Lebowski. But there is.

His name is Jeff "The Dude" Dowd, and he just received the Key to the Universe at the Lebowski Fest.

Click here if you want more info, if you're not into the whole brevity thing, man.

Image by Sleeper Cell via flickr

Rollerblading on a Roller Coaster

This guy has a death wish.

Via Dvice

Lou Dobbs Takes A Health Care Beating

Sure hope that Lou Dobbs and Sally Pipes have some good coverage after the thrashing they took at the hands of Igor Volsky from Think Progress.

I'm keeping my fingers crossed that Dobbs' insurance includes a hefty mental health provision, because I think he's now clinically nuts.

Thanks to Think Progress.

Teaching Verizon a Security Lesson

Verizon has a checkered history surrounding security of their customer's personal information, but being a huge telecommunications entity, what's a citizen to do?

If you're like the guy in this video, you find out the home address of the Verizon CEO, then go stand in front of his house with a bullhorn and demand his company do a better job.

h/t to BoingBoing

Another Day, Another Adobe Zero-Day Exploit

It's really beginning to look like Adobe will never, ever get their act together when it comes to security.

The latest zero-day exploit originally looked like it only impacted PDF files, so naturally it was assumed that it was an Adobe Reader issue. Further forensics revealed that it was actually a Flash vulnerability, the code of which is shared between Adobe's Flash Player and Reader products.

This is bad news on a couple of levels, the primary one being that it increases the number of attack vectors to leverage PDF files embedded with malicious Flash, or the bad guys can simply try to exploit the Flash Player itself. Right now the exploit is dropping a trojan onto the victim's machine.

Having Javascript disabled in Reader doesn't even help, since it's Flash being exploited. Not only have malicious sites sprung up hosting the zero-day, but reports are coming in that drive-by attacks are also in progress, executed via injecting malicious links into otherwise legitimate web sites.

The flaw has been known since late in 2008, but it appears to have only recently been crafted for exploit via a heap spray technique. Since Flash is operating system independant and incorporated into nearly every web browser, there's really no safety net for anyone out there yet.

Adobe has limited information available on their Product Security Incident Response Team blog.

US-CERT is recommending the following workarounds:

• Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".
• Disable Flash Player or selectively enable Flash content as described in the "Securing Your Web Browser" document.

Update 10:29 PM - Not a single antivirus product is triggering on the malicious .swf files

Image by GoGap via flickr

Tuesday, July 21, 2009

Not Fooling Anybody - New Uses for Old Buildings

Neatorama has the skinny on an interesting website named Not Fooling Anybody that's chock-full on new businesses that have taken up residence in buildings formerly used for other purposes. Various levels of hilarity ensue.

Like this example - a former Planet Hollywood that found new life as a Gino's East pizza parlor.

They should have kept the tyrannosaurus. Who doesn't like deep dish dino?

Big Boobed Anti-Gay Marriage Beauty Queen Gets Book Deal

Mark Sanford has flamed out South America style. John Ensign boinked one of his staff. Sarah Palin quit. Newt Gingrich is nuts.

Who is able to carry forward the conservative message? What figure has a solid background of deep study, accumulating years and years of experience and reams of data with which to intelligently frame logical, well-reasoned right-wing principles?

How about the beauty queen who had fake boobs installed and co-hosted Fox & Friends?

No kidding.

Wonkette has the details on Carrie Prejean, the former pageant loser who made the mistake of answering a Perez Hilton question on the gays, which became a rallying cry among the conservative base but caused howls of outrage among the other 90% of people in this country who are...well...humans who believe in fairness.

So cram some silicone sacks in your chest, pose for some soft-core porn photos early in your modeling career, be all fake and superficial while holding unpopular beliefs, and spend some mornings repeatedly touching the male hosts of Fox & Friends like you have a case of wingnut TV obsessive-compulsive disorder, and perhaps you too can get a book deal.

Do you know how to read and write? Oh, never mind - doesn't really matter.

Imabe by cattias. photos via flickr

How Are The Rich Doing?

In his Mother Jones blog, Kevin Drum checks in to see how the rich are doing in these tough times. Turns out that things are going pretty well.

Drum pulls some data from a Wall Street Journal article that shows exactly how wealth continues to be socked away by an increasingly smaller group of people.

Executives and other highly compensated employees now receive more than one-third of all pay in the U.S.....In the five years ending in 2007, earnings for American workers rose 24%, half the 48% gain for the top-paid. The result: The top-paid represent 33% of the total, up from 28% in 2002.

Think about that - 33% of the total of all pay in the U.S. That doesn't leave much for everyone else, does it?

Keep in mind that Americans only owe payroll taxes on income up to $106,000, so while the rest of us are paying our fair share, the top-paid max out early on and contribute no payroll taxes on their extra accumulated income.

Tell me again what a socialist Obama is for wanting the top 1 1/2% to help fund health care reform with some additional taxation, and try to do it without using the term "robber-barons" to describe those raking in 1/3 of all pay in this country.

Image by jvstin via flickr

Idiot Republicans Quoting Reagan On Health Care

Since Ronald Reagan speaks to Republicans from the grave, you'd think that now that he's in heaven surrounded by nothing but good, honest souls, he'd have come to terms with some of the dumbass stuff he said that turned out not to be true, and would now be sharing the wisdom with his legacy of looney-toons back on Earth.

Unless he's not in heaven. Hmmm.....

In this particular case, let's revisit his 1961 infomercial lambasting Medicare on behalf of corporate giant GE. Steve Benen points out some examples in this Washington Monthly article where he takes Jonah Goldberg to task for using the Gipper as an example.

Benen writes:

According to Reagan, Medicare would lead federal officials to dictate where physicians could practice medicine, and open the door to government control over where Americans were allowed to live. In fact, Reagan warned that if Medicare became law, there was a real possibility that the federal government would control where Americans go and what they do for a living.

Wow. Really? That's bizarre.

Jonathan Chait also weighs in:

You'd think conservatives would be embarrassed about this sort of talk. After all, can there be anybody who doesn't live in a militia compound who believes the passage of Medicare represented the death knell of that freedom in America? Does anybody think this business about the government dictating what city doctors live in has come true? Yet conservatives continue to trumpet it.

Why? Reagan's diatribe is "still fresh" because it's exactly the same sort of rhetoric conservatives employ against health care reform today. I imagine his readers are supposed to consider it "fresh" because they're supposed to substitute "Obamacare" in their head every time Reagan refers to Medicare. This allows them to sustain a mental condition wherein hysterical conservative predictions about the last social reform are forgotten in the specific, but remembered in the general and applied to the next social reform.

Everything old is new again. And it's obvious that in the absence of ideas, Republicans can always fall back on discredited rhetoric from the past.

Monday, July 20, 2009

GOP Politics of Delay and Defeat

It's nice to see President Obama take off the gloves and slap around Republicans who, true to form, are more concerned with re-election and drowning government in a bathtub than they are with making the lives of their constituents even a little bit easier.

Here are Obama's exact words today:

Now there are some in this town who are content to perpetuate the status quo, who are in fact fighting reform on behalf of special interests. There are others who recognize the problem but believe — or perhaps hope — that we can put off the hard work of insurance reform for another day, another year, another decade.

Just the other day, one Republican Senator said — and I’m quoting him now — "If we’re able to stop Obama on this, it will be his Waterloo. It will break him."

Think about that.

This isn’t about me. This isn’t about politics. This is about a health care system that is breaking America’s families, breaking America’s businesses, and breaking American’s economy.

We can’t afford the politics of delay and defeat when it comes to health care. Not this time, not now.

Barbie Makeup for Adults

When I heard that Tony Romo had broken up with Jessica Simpson on the day before her birthday, my first thought was that he was a bit of a cad. Who picks the day before a birthday to drop the hammer?

Then I heard that J-Simp was planning a Barbie-themed party, and that sealed the deal for me. No self-respecting NFL player could ever survive in the locker room once he attended such an event, regardless of whether he was asked to portray Ken.

At some point, it's time to grow up and leave the toys of youth behind. At least that's what I thought. Mattel seems to be of a different mindset, driven by profit, no doubt.

The toy congolmerate is launching a line of makeup, targeting adults aged 25-40, called "All Dolled Up," because what grown women doesn't want to come off as a plastic, superficial object enjoyed by tots and tweens, face eternally frozen into an age of indeterminate youth?

One of the first sentences my young son learned was, "Barbie is sexist crap!" Perhaps now that he's nine, we should have him give Mattel a call.

Mattel Launches Barbie Makeup Line -- For Adults, via 5 Blogs Before Lunch

Image by Gallerygal via Wikimedia Commons


Anyone who has ever sat there watching Windows animate that stupid folder icon can relate.

New Linux Zero-Day Flaw

For all you Linux users who thumb your noses at Microsoft's history of vulnerability and large attack surface, prepare to fend off some attackers of your own.

Brad Spengler released the Linux exploit's source code last week, indicating that it exploits a vulnerability in at least two Linux versions - 2.6.30 and 2.6.18, both 32-bit and 64-bit.

The scary part of this flaw is that it gets around a null pointer protection in the mainline Linux kernel, so if successfully exploited, the attacker could gain root access. Game over.

Red Hat Enterprise Linux 5 uses on of the vulnerable versions - 2.6.18.

According to Spengler, the workaround would be for Linux admins to compile the kernel with fno-delete-null-pointer-checks.

SANS has more.

256 GB USB Drive

When I got my Packard Bell 386 computer than ran Windows 3.1, I was amazed at the hard drive space. It was 40 MB, as I recall, and when it started to fill up, I used disk compression software to double it to a spectacular 80 MB.

For most of you, that probably sounds like some oldster retelling a boring tale of walking six miles through the snow to get to school each day, carrying a hot baked potato in his pocket for warmth on the journey, then eating the potato at lunch to have enough energy for the walk home.

Kingston has released a USB drive that weighs in at a staggering 256 GB, more storage than existed on most home computers until the last several years. In the days of my PB 386, you would need the GDP of France to purchase 256 GB of memory. Merde!

This just begs the question - what the heck are we carrying around with us data-wise, and why is it imperative that we're able to lug around such massive amounts of 1s and 0s without giving any thought to securing that data and keeping it out of the wrong hands?

Via Dvice

Evidence Shows Health Care Reform Not In Trouble

It seems like most of the major media outlets are reporting that the Obama administration's push for health care reform is struggling mightily, even though the evidence points to the contrary:

  • A plan was approved and exited a House committee
  • A plan was approved and exited a Senate committee 
  • The American Medical Association endorsed the plan that came out of the US House
  • Various nursing associations, unions, and other organizations endorsed the plan
  •  Obama reiterated that he would veto any plan that grew the deficit
  • Obama said that any plan coming across his desk must contain a public option
It sounds remarkably like the primary goals articulated by candidate Obama, and later by President Obama, are coming to fruition. Is there pushback and objection? Of course - the same dynamic as any other major piece of legislation.

There are powerful interests at work pushing the meme that reform is on the rocks and all hope is lost. Don't believe it. If anything, every such claim looks more silly when contrasted with the evidence.

Reform has been stymied since 1993, and every one of the special interests has wasted more than 15 years without executing anything to make things better. In fact, they've made things worse.

It's coming, ladies and gentlemen. As President Obama said recently, don't bet against them on this.