Thursday, March 31, 2005
A Value-Subtracted Post
Administrivia continues to consume the day, however, it hasn't turned out to be as odious as I predicted. The true stress comes back on Monday, full force...
Since I have three relatively urgent things to do in addition to the administrivia, I shall be somewhat loquacious tomorrow instead of today. Depending on my mood, I might even try to be funny - I did manage to be somewhat believable in one April Fool's prank some years ago, but it would be incredibly tasteless now to repeat same (don't even ask why).
Wednesday, March 30, 2005
Another Great Day By Day
Once again, Chris Muir hits one out of the park. Check out more at Day By Day.
Some interesting talk on Broadband Reports yesterday of the UN trying position the ITU to take over some of ICANN's role, you know, for a more global approach to things. Of course, if the ITU weren't part of the UN, there probably would be more support for them getting involved, as they've done much good over the years (and they long predate that cesspool on Turtle Bay, one should remember), however, the very fact that the UN has administrative authority over the ITU nixes the idea as far as we're concerned. I mean, look at how well they've done in Darfur and with Oil For Food, for crying out loud? (Then again, most of the General Assembly is populated with rattle shakers who believe in evil spirits, for whom anything more abstract than voice mail is an indication of a conspiracy against them, so what do you expect?). Reminds me of one of the more delicious jokes out there about New York City's bid for the Olympics. The next time they tell you how easy it will be to get to the new stadium by the new extension of the number 7 line on the IRT, ask the MTA how it's doing with the Second Avenue Subway (for the non-cognoscenti, the Second Avenue Subway has been planned for something like sixty-five years, and actually has all of about eight blocks' worth dug. The MTA has decided in its infinite wisdom to reroute the trains proceeding downtown over to the Lexington Avenue IRT somewhere in the vicinity of 59th Street, rendering the line completely useless).
Administriva consumes the next two days, so I shall be a touch less loquacious than usual.
Tuesday, March 29, 2005
In the folding like a cheap camera department....
Never one of my favorite companies to deal with, Computer Associates has dropped the ball in the spyware wars:
CA's Vendor Appeals page carries the news, which indicates that all Claria products - including Dashbar, Date Manager, Gator/GAIN, GotSmiley, and Precision Time, have been temporarily removed from their detection database pending further analysis
While Pest Patrol is on Claria hiatus, they've failed to offer users any sort of removal tool, instead - as Eric Howes notes - offer a dead link to removal instructions (now fixed). This of course is assuming Pest Patrol users make the product's Vendor Appeals page part of their daily reading in the first place.
Links courtesy of Broadband Reports.
It Ain't Me Babe
Monday, March 28, 2005
Most Inept Phisher Award Du Semaine
A quote from the e-mail:
Dear PayPal user!
At 28.01.2005 our company has lost a number of accounts in the system during the database maintenance
Notice the exclamation point and the lack of personalization for starters. The date format is European, and notice how they say "At", not "On". Likely of Eastern European origin, notice the unnecessary "the" before "database maintenance", very characteristic of Russian and other Eastern European speech patterns.
But take a look at this whopper of a domain registration!
Domain Name.......... securessl-paypal.com
Creation Date........ 2005-02-07
Registration Date.... 2005-02-07
Expiry Date.......... 2006-02-07
Organisation Name.... Don Corleone
Organisation Address. 3357 E. Covenanter Dr. Apt. 7
Organisation Address. Bloomington
Organisation Address. 47401
Organisation Address. IN
Organisation Address. UNITED STATES
Admin Name........... Don Corleone
Admin Address........ 3357 E. Covenanter Dr. Apt. 7
Admin Address........ Bloomington
Admin Address........ 47401
Admin Address........ IN
Admin Address........ UNITED STATES
Admin Email.......... email@example.com
Admin Phone.......... +1.219680399425
Tech Name............ MSN NOC
Tech Address......... One Microsoft Way
Tech Address......... Redmond
Tech Address......... 98052
Tech Address......... WA
Tech Address......... UNITED STATES
Tech Email........... MSN-PA-TECH@msn.com
Tech Phone........... +1.4258828080
Name Server.......... pdomns1.msn.com
Name Server.......... pdomns2.msn.com
The registrar for this outfit is Melbourne IT, Ltd. DBA Internet Names Worldwide. You mean to tell me that no one in that company recognizes "Don Corleone"? Puhleeeeze.
LSP-Fix Added To Security Links
Reality, n. The dream of a mad philosopher
Album du jour is Skip Regan's "Welcome To My Head", a cool little home-brewed album with lots of Hendrix-flavored licks. Especially recommended are the title track, "Into A Dream", "Spontaneous Combustion" and "Pain". It's got all your favorite out-of-phase Strat tones, univibe, wah, reverse effects and fuzz to give you an acid flashback.
Sunday, March 27, 2005
Short Shrift Sunday
Interesting link of the day is from Carter Steel Guitars, with a 20 minute video on pedal steel guitar for 6-string players. Both Windows Media and Real formats (anyone still actually using Real Media for anything?), so pick your favorite format from the URL. While it isn't as in-depth as Bruce Bouton's instructional tape, I rather liked it as it put things into terms I understand as a standard guitar player.
Oddball note du jour is that I decided to check my startup entries with msconfig, and found a completely blank entry, yet the HijackThis log looked 100% OK, nothing I didn't recognize or couldn't find with Google. I wonder what could've caused it (alternate data stream in NTFS? The very thought scares me; you'd think someone would've come up with a tool that quickly points something like that out)? I know, switch the box to Linux and run Windoze in VMWare...... (actually, might make an interesting exercise to test out Acronis' bare metal restore, which I still haven't gotten around to. I must at least give it a try to a VMWare image....)
Saturday, March 26, 2005
Quote With Some Comment Department
Many of the problems that have tarnished the U.N.'s reputation in recent years have been self-inflicted, including the scandalous maladministration of the oil-for-food program and the sexual assaults committed by U.N. peacekeepers in Congo.
Pas des merde, Sherlock.
But the overriding problem has been Washington's virtually unremitting hostility. The United Nations simply cannot function effectively when it is being cold-shouldered by its most powerful member and largest financial contributor.
Uh, if they were being cold-shouldered, Con Edison would've turned off the lights and heat by now (not that there's anything wrong with that). Rather than pontificate, as the Times seems to think that actually works, we simply call it as we see it. The place is a cesspool inhabited by a bunch of third-world toadies who only want to settle their tribal grievances with weapons that produce fallout.
Not all of Mr. Annan's specific suggestions will be popular in Washington. But by helping to negotiate a strong international consensus behind a meaningful set of reform proposals, President Bush can give substance to his repeated vows to work more cooperatively with other nations in his second term.
You mean like la belle France?
For all of the Times' bashing of the US, they never seemed to read an article I saw in one of the other NY tabloids a couple of years ago. Since everybody seems to be wanting to come to the US to work and make their fortune, a couple of reporters started calling consulates of various third world cesspools to see what it would take to immigrate to their worthy paradises. Needless to say, the reactions were on the order of "you want to move to our country?????". Very few of them even had procedures in place for such a thing. And if you want to see just how generous and civilized the rest of the world is, try being a regular solid citizen and asking about immigration - you'll be very low priority. Put a keffiyah on, and you move to the top of the list.
As far as the French go, just consider the reason the Champs Elysees has trees planted on both sides of the street. The Germans can always march in the shade.....
Friday, March 25, 2005
Marxian Manifesto Madness
First and foremost is identity. Any adware producer should clearly identify themselves, not only in any installation attempt, but there should be updated contact information in any adware control panel that will enable anyone to contact the adware provider, either in the business or technical domain. This must be complimented by strong controls on code-signing (are you listening Verisign and other CAs?) that verify the company is who they say they are, that any digital certificates issued to the company are short-lived and that there is an ongoing recertification process by the CA to continue to verify that the holder of any certificate is indeed reachable. This could of course be a win-win proposition, in that it would allow for increased fees to the CA or such other agency that would vouch for the adware provider's identity (perhaps Choicepoint?) , and that any truly legitimate provider of adware would be glad to pay for to establish that it's being constantly vetted. As to the overall economics of the situation, somebody will end up paying those fees (the advertisers of course) and as to whether it would remain economically viable is a matter of conjecture. The stick of course is that whoever issues any identity documents to an adware provider is on the hook for the adware provider's actions, and if they go rogue, the affiant will get hung for any damages incurred.
The matter of identity can't be overstated enough, as any adware component must be clearly indicated with a positive indication to the customer that they are installing adware from XYZ Company, and that they are going to receive adware as part of the bargain in getting whatever else they've been promised. There's been some legal talk here and there that clicking an OK button is indeed an electronic signature indicating affirmative consent, but of course given the penchant for the installers to put phrases such as "Required Update" and the like in bold on the installers, the average PEBKAC will merely click and not think about the consequences. I would think that something requiring an affirmative response would be much more appropriate, for example the technique used by some web sites of presenting a distorted set of letters and numbers that must be keyed in by the user in order to proceed or access content, or for that matter requiring the user to respond to an e-mail, where they would need to click an URL and again affirm their desire to install the adware. Again, win-win situation. The adware guys are protected as they have a record of affirmative actions taken by someone to actually get the thing installed on their PC, the end users have multiple chances to stop any installation, and even just doing nothing will abort it.
Adware should have a control panel visible to the user, be it in the system tray, some application, or even an applet in Control Panel (pardon me for sticking to the Windows paradigm for purposes of this discussion). This control panel should have the ability to turn ads on and off at the user's discretion. Of course, if there's a program such as a P2P client or other such nonsense that depends on that adware running, it of course should have the option of refusing to start or shutting down if the ad generator isn't running. Fair is fair, after all. If the PEBKAC desires the use of that program, he/she puts up with the ads. Said control panel should also provide for the complete uninstallation of the adware. That means everything, DLLs, config files, data caches, registry entries, you name it. The program should also be uninstallable through the standard mechanisms (Add/Remove Programs) and in addition, there should be instructions for manual removal if all else fails (the vast majority of people won't be able to use regsvr32 but if they have a friendly techie nearby there will at least be a step-by-step checklist available on how to get rid of the thing). Absolutely nothing must be done in a stealth manner, everything must be done through the highest-level APIs possible.
The concept of an independent code review for adware is appealing, but probably wouldn't fly just on the basis of trade secrets, but the thought of putting someone on the hook for the code analogously to Underwriters Labs for electrical equipment is appealing. The question is who would best be capable of doing such reviews, and what would such reviews entail. The purveyors of certifications such as TRUSTe, BetterWeb and WebTrust would probably be logical places to look first, but their own risk management rules would probably prohibit them from engaging in this "do no harm" certification, which of course would entail lots of integration testing in various configuration permutations. In essence, this would involve creating a new insurance product, but the carrot and stick would be carefully defined in such a way that any failures demonstrably linked to an adware product will have consequences for both the adware producer as well as its certifier/insurer/assurer. Needless to say I can easily envision no-fault laws quickly being drafted if such measures were taken.
The behavior of adware would need to be carefully defined. The Hippocratic paradigm of first doing no harm would be essential, so at least the following characteristics would have to be required of any adware program approved for general use:
- Not to obscure or interfere with any other open programs on the desktop environment. Simply put, no windows for GM products obscuring your attempt to view the Ford site. Something along the lines of a small sticky note sized window (in a corner or a user-defined location), possibly flashing to get your attention (in the same manner as a program with an open dialog box might flash the taskbar) might be acceptable if unobtrusive enough
- Not to transmit any identifiable URLs to a central database. I know it'll seriously undermine the data mining that they want to ahem, add value to their ahem service, but there may be session IDs, CGI parameters and the like that aren't stripped out when reporting. I would imagine that aggregated domain information would probably prove acceptable (I don't think that anyone would much care if adware said Joe Shlabotnik checked CNN eight times today, but a deep-dive into the URLs is bordering on unacceptable. Imagine checking your portfolio and having the URL reported to a central database and suddenly getting targeted investing spam.....
- Not to hook the keyboard interrupt. Goes without saying, as you're dangerously close to a keylogger here, and not everything is for data mining purposes.
- Limit the amount of ads served up. Even though they're getting increasingly longer on commercial TV, there should be a finite number of ads served up in any given time period. I would suggest that a maximum of one ad in ten minutes would probably be the absolute upper limit. Anything more will degenerate into annoyance or confusion for the user who might actually be trying to do something useful. Once an ad is dismissed, it should stay dismissed.
- Allow types of ads and individual advertisers to be banned by the end user. Goes without saying, as ads for porno shouldn't be popping up when the kiddies want to see Mickey Mouse. Bans should be pervasive and cannot be lifted remotely by the adware provider.
- No undocumented APIs should be used in the software or in its installation process. In other words, no rootkit installations.
- There should be no obfuscation of the adware's location, filenames and registry keys. Filenames should not be randomly generated for purposes of frustrating removal or disabling the software. All GUIDs associated with the software shall be published so as to facilitate troubleshooting systems impacted by installation of the software.
- There should be no changes or impairment to system function by the adware. Specific no-nos would include installation of hosts file entries designed to redirect legitimate traffic to affiliated adware sites, changes to the IP protocol stack, installation of any Browser Helper Objects, installation of dialers, installation of any toolset designed to limit the functionality of the system with respect to its status prior to the adware's installation, no attempts to "phone home" other than to pass non-identifiable aggregated data (an unlikely scenario, as the source IP addy will be quite visible on the receiving end, therefore it will still be somewhat identifiable), no attempts to download and install updates or upgrades to the adware without the express consent of a privileged system user, and no attempts to download or install any other adware or similar software
A quote unquote legitimate adware provider should be required to be an active participant in computer security efforts, as their systems do provide a new infection vector for various net nasties, and increasingly often, virus writers deliver adware as a payload in addition to their other nasties, so the onus should be placed on adware firms to cooperate with CERT and the like to provide uninstallers and other toolsets to facilitate any unintended installation of their software. Then again, those virus writers who are doing this sort of thing are delivering payloads from companies that are definitely operating on the shadier side of the curtain (iDownload, anyone?), so it leaves open the possibility of a "joe job" being done against an adware company that might indeed be playing by the rules.
I would imagine that some adware companies might actually approve of some of these suggestions, particularly the more visible ones such as Claria and Cydoor in order to legitimize their perception, and there have been some steps taken such as joining COAST (an anti-spyware consortium), but given the track records, there's a perception amongst the user community that this is a window-dressing tactic. The bottom feeders will of course operate on the outskirts of any legal framework imposed, and the marketing lobbyists will fight any such attempts to impose sanity on these cowboys with all of their considerable resources.I'm shagged out from ranting so much.
And since the title of this prolonged squawk demands it, the one, the only....
Thursday, March 24, 2005
Slightly Diluted Venom
I wanted to stay out of the Terri Schiavo maelstrom for the simple reason that a lot of people far more eloquent than I have expressed their opinions so adding to the noise level is unnecessary, however, it's bothered me to the point that I have to say something. Put simply, Jewish law and custom recognizes the concept of medical futility, however, the tradition is that all life, even one lived in pain, has intrinsic value. These are my values, and frankly, I haven't heard any convincing evidence that Terri is anything more than cognitively disabled, therefore I don't see a case of medical futility here. I might be wrong, and since all I'm getting is from every media source with its own agenda, I don't have enough information to make any judgment call other than a life is in danger, and that innocent life has an intrinsic value.
In the mild amusement factor department, Enterainment Weekly has enumerated their opinion of the 20 best Monty Python sketches. To be brutally honest, are these people on drugs, I mean, come on, Spanish Inquisition as #1? And Ministry of Silly Walks better than Dead Parrot? And what about The Bishop, or The North Minehead By-Election?
Finally, RIP Rod Price of Foghat.
Wednesday, March 23, 2005
New Shelby Cobra Mustang. 450 HP. Yep, Carroll Shelby's back where he belongs.
Drool.... (Torque, accept no substitute)
Now returning to our regularly scheduled curmudgeonliness.
Imbecility, n. A kind of divine inspiration, or sacred fire affecting censorious critics of this work
Reminds me of a friend who sent out an e-mail the other day that he was dropping AOL, and not two days later said he was back on the service. I inquired quizzically, and he said "Everything's negotiable". Customer retention at its finest.
For purposes of comparison, as well as a brief sanity check, I decided to try Webroot's online spyware scanner to see if it picked up anything missed by the AdAware/Spybot/MSFT AntiSpyware combination in force at the moment on the High Altar. It picked up about 60 cookies that had been missed by the previous three (nothing horrendous, but I was a bit suprised that the combination in place didn't pick them up). I've got SpySubtract running on two other machines here at Schloss Scheisse, but haven't tried it on the High Altar as I haven't seen a particular need for it - yet. I'll probably try it just to validate the observations from Webroot. I'm getting a bit paranoid about rootkits, and I've just tried RootkitRevealer from Sysinternals. The good thing was that MSFT AntiSpyware immediately picked up on RootkitRevealer's attempt to install a service (actually a good thing, as the spyware types have picked up on the executable name, so RootkitRevealer's service generates a random executable name). RootkitRevealer did a full scan of the running High Altar and came out clean, but the paranoid (read as "careful user") would do well to be vigilant. This lovely article at rootkit.com shows a fairly reasonable methodology for avoiding detection by RootkitRevealer. A Knoppix distro with this functionality would make me a lot more comfortable, but I guess that Strider GhostBuster will provide the equivalent, assuming it ever sees public distribution...
Tuesday, March 22, 2005
That Wall Street is a den of thieves is a belief that serves every unsuccessful thief in place of a hope in Heaven
Looks like DirectRevenue are the latest foistware vendors to threaten SLAPP suits. Please support Eric Howes if you can....
I'll repost the following Blogcritics article I penned yesterday on the late, great Roy Buchanan.
I had just come home from a dreary day in junior high school in 1971 and flipped on the television for a quick look when I happened upon something completely unexpected on Channel 13. Our local public broadcasting station, as staid and frankly boring an outfit as one could imagine, having all of the hipness of an appendectomy, had some live rock gracing its airways. School books forgotten, I was fascinated by the taciturn guitarist playing a beat-up Fender Telecaster, coaxing some astonishing sounds out of it in ways that seemed even beyond what Page and Beck were doing. The show of course, was the now legendary "Introducing Roy Buchanan", commonly (and very incorrectly) known as "The World's Greatest Unknown Guitarist".
"Introducing" was a bit of a holy grail for me to find, as it was seemingly nowhere to be found. I frequented various record shows and conventions and came up with bootlegged copies of various items of interest from the sands of time but my mention of "Introducing" only induced blank stares from most of the purveyors in the dealers rooms at these shows. I began to doubt my memory, and let the matter fall by the wayside as other priorities took over. About two years ago, when perusing eBay for various items, on a whim, I searched for Roy Buchanan video, and I was delighted to find a VHS copy for sale. No Buy It Now, so I had to sit there and snipe for it, but less than a week later the tape popped up in my mailbox, and I was once again hooked.
The show had several distinct parts intercut, a rare visit home to Roy's parents in Pixley, California, which (somewhat disingenuously) tried to show his roots, a series of jams with influences and favorites, including Merle Haggard, Johnny Otis and Mundell Lowe (the latter playing an unbelievable duet with Roy on "Misty"), and a live concert staged at WNET's Manhattan studios that showcased Roy and his band at the time, the Snakestretchers. Future E-Streeter Nils Lofgren even joined Roy and the band for an extended jam on the show. The Snakestretchers were a bar band, first and foremost, a bit sloppy here and there, and a bit goofy as well (percussionist Marc Fisher's exaggerated movements make Ray Cooper's shtick seem sedate).
The music is what wows you in this show. Aside from the aforementioned "Misty", Roy shows off his gentler side on his parents' back porch with his Telecaster plugged into a small amp with an astonishing display of circle picking, pedal steel-inspired licks when playing along with Merle Haggard, "chicken pickin" while backing up a church service, plus his concert tours de force, "Sweet Dreams" and "The Messiah Will Come Again". "Sweet Dreams" takes the old Patsy Cline song to another plane, with its exquisite slow bends and volume swells, and "Messiah" runs from anguished country blues to Page-like excess, again with Roy's lightning neck runs, pinched harmonics and his uncanny ability to make the guitar seem like it was crying and talking. Timing concerns caused WNET to fade out "Messiah" on the broadcast, but every time it aired, the performance generated a lot of phone calls asking about this awesome guitarist.
Buchanan's career was very checkered, and other than his very first album, his records didn't really capture Buchanan's smoldering passion for playing. Most of his records were disjointed jams, and frankly, his singing was better left unheard. The recordings were corporate affairs, trying to capitalize on the "guitar hero" aspect of the times, but looking for something commercial, which truth be told, Buchanan wasn't. He was a player's player. I saw him on several occasions at places such as The Bottom Line and My Father's Place, with bands that were looser and sloppier than the Snakestretchers (if such a thing were possible). Roy could be a bit infuriating to watch if you were looking to hear only "Sweet Dreams" or "The Messiah Will Come Again", as he played whatever came into his head that evening, and maybe, if we were lucky we'd get one or the other (on one rare occasion we did get both pieces in the set), but as a guitarist sitting in the front row eagerly absorbing every note, you know you'd be challenged, frustrated and ultimately awed by seeing Roy in concert.
Roy's death is still the subject of conjecture, and to some extent his recorded legacy needs to be managed better. I would imagine that releasing this and perhaps some of the other extant footage of him would go a long way to acknowledging this legendary player's talents.
Finally, RIP Bobby Short. I never cared for the cabaret scene, it was always a bit stuffy and the old Tin Pan Alley stuff can grate upon occasion, but when you acquire an appreciation for a crooner in that vein, be it Sinatra, Tony Bennett or Bobby Short, some of that stuff can be incredibly relaxing and uplifting to listen to.
Monday, March 21, 2005
Maximum Short Shrift
Sunday, March 20, 2005
Machination, n. The method employed by one's opponents in baffling one's open and honorable efforts to do the right thing.
A blinding glimpse of the obvious here -
Catch Some Bad Guys
Time and again, security types bemoan the light sentences hackers get. If the penalties were harsher, perhaps people wouldn't be so fast to spread their mmalicious code.
But penalty is not a deterrent; arrest is. Right now, the bad guys know the risk equation is favorable—that it's extremely unlikely they will be caught. A higher capture rate would dissuade them.
Creating higher capture rates has a lot to do with anonymity on the network—or, more specifically, removing it. Many of the Big Ideas in this space propose less anonymity—licensure, for example. Microsoft's Charney wonders what effect automatic traceback packets— knowing quickly and reliably where data came from—would have. "It's an astounding thought," he says.
And then, he immediately comes up with the problems it presents. Traceback tells you where, not who. And privacy issues get thorny quickly. "Can you use the highway anonymously?" Charney asks. "No. But you also can't be stopped for no reason. More complicated than that, the Supreme Court has already ruled that you can't force someone to attach their name to political speech if they don't want to. So do you create an anonymous part of the Internet to ensure free speech? And if so, what stops bad guys from just using that?"
Still, if privacy issues could be worked out, and capture rates went up, attempted attacks would go down.
Pas de merde, Sherlock. Although we're dealing with a higher order of intelligence here than your average criminal, like most criminals they believe they are immune to any legal retribution, and that if indeed they are caught, they will get a slap on the wrist. Mitnick of course was the exception to the rule, but even Mitnick's sentence wasn't terribly odious in the hierarchy of things (unless you're in a blue state, where you usually get a slap on the wrist for homicide, but kill a snail darter or some other minor component of the food chain, and the liberals will be googling for the proper way to tie a hangman's knot). The problem of course is that a successful prosecution entails presenting evidence to a jury, and the vast majority of jury pools are too stupid (let's be blunt about it) to deal with a case involving technology (although, rather interestingly, the last time I was summoned for jury duty I found myself in a small kaffeeklatsch with a couple of other tired looking types who turned out to be IT consulting types as well; needless to say we would probably be proffered to jury pools involving auto accidents). I'm not arguing that there should be professional juries (as apparently there are in some places in Europe), far from it, but any prosecution of this type should require a highly literate presentation of the facts to a jury such that they can make a fair assessment of the events in question, and if indeed a person happens to be somewhat literate in the discipline, that person should not be excludable through challenge for cause (nothing we can do about preemptory challenges, though....). As I noted before, the only thing that's going to stop spammers is the threat of sure, severe punishment, and it likewise goes for cybercriminals.
Another glimpse of the obvious here -
Dictate What Software Shouldn't Do
Specs rule the development process. They dictate what a new software application should do, yet they rarely include what an application shouldn't do—like run code by itself or allow anonymous access or allow the destruction of data because of bugs. What if, from now on, all specs documents were required to include antirequirements, such as a laundry list of common features, potential unintended consequences and bugs that the application must actively eliminate from occurring before the product ships?
Absolute truth that specs rule the development process, however, detailing every single "do no harm" scenario in an app dev context is thoroughly impractical, unless the application is sandboxed. Most real-world stuff isn't going to be sandboxed. It's the job of the specification writers and reviewers to make sure the spec is detailed down to the nth level, and if they miss something, woe betide them. It's an organizational thing also - the people who will test and verify the application have to be involved from the get-go in order to determine what behaviors are quantifiable. The business which funds development and project management will often impose unreasonable timelines on these projects, leading to incomplete specs (or burnt-out teams drawing them up) and the ensuing project trainwrecks.
There are a couple of calls in the article for initiatives along the lines of the "Big Dig" and the Manhattan Project. Using the Big Dig is a pretty poor example in that there are still lingering project issues that need to be resolved, and the internal controls established by the project were notoriously faulty. The Manhattan Project (and for that matter the Apollo project as well) were vast projects designed to get to a well-defined deliverable (a big boom, or landing a man on the moon and getting him home in one piece). Internet security is not a well-defined deliverable, it is a concept, and has many components, some of which might (and I emphasize might) be achievable through projects of this sort, but as an overall goal, it's a touch amorphous, and unless there are those quantifiable business benefits that result ultimately in a positive cash flow, no one in the private sector is going to fund it.
(Yup, all excerpts from the article are quoted verbatim only for fair use purposes, and are the property of the copyright holders. I gratefully acknowledge their courtesy in providing the material for public examination and comment).
Saturday, March 19, 2005
Spyware: Follow The Money
What circumstances could bring pornography, Air France, Apple Computers, Vonage, Netflix, and J.P. Morgan Chase together? The installation of adware on your computer....Ben Edelman documents this behavior in articles entitled Advertisers Supporting eXact Advertising and Documentation of Gator Advertisements and Targeting. Mr. Edelman specifically notes that in the case of eXact, a file is downloaded to your computer which has detection rules for URLs, and matches them with the "appropriate advertiser". If you read The Motley Fool, that URL is paired with an ad served up from a URL that starts at Real Media entitled "BullsEye Network Offer"....
Out of 818 ads, approximately 281 ads (just over 34%) served up were for adult-oriented (pornographic, gambling and sexual health) advertisers. The consequences of ads of this sort showing up on a PC used by the entire family are not difficult to imagine....
Mr. Edelman's pages provide a valuable service, in telling us which advertisers think so little of us, their ultimate customers, that they would support adware to get their message across. Conversely, some of the good guys, such as Verizon and Wells Fargo, who eschew adware are identified.......
Theosophy, n. An ancient faith having all the certitude of religion and all the mystery of science
Here's a lulu.....
Pry PCs from Their Cold, Dead Hands
Guns are dangerous; therefore, we license them. We give them unique serial numbers and control their distribution. James Whittaker says programmable PCs are dangerous, so why not treat them like guns?
"Let's make all end user devices nonprogrammable," he says. "No one can connect to the Internet on a machine that creates code. If you want a computer to do programming, you would have to be licensed. We could license software companies to purchase programmable machines, which would be completely traceable along with the code created on them."
That would blunt the information security problem—suddenly all that intelligence at the edge of the network that Amoroso wants to pull back in isn't just gone; it's physically stripped. On the other side, new levels of accountability and liability are created through licensing developers and eliminating anonymity from coding.
In many ways, I regard the greatest heroes of the computing revolution to be those who provided essential tools to grow personal computing to critical mass. Think of Phillippe Kahn of Borland. Fifty bucks for a compiler that not only produced damn good code but also immediately generated a user community dedicated to supporting and extending the language. Digital Research's compilers brought computing within the reach of a lot of small developers and businesses who desperately needed solutions. Even MSFT got into the act (although the first incarnations of Visual C were a disaster) - BASIC did its job quite nicely, thank you, and for all of its runtime piggishness, VB provides an excellent environment for quick prototyping and even proprietary solutions. McNealy did a real public service making Java readily available. A lot of customized solutions for corner case business problems are solved by having these tools available for people who think outside of the box.
I could cite many other examples, but think how well gun control works. It's next to impossible for a law-abiding citizen in many jurisdictions to get a pistol license, and even getting a long arms license in places is a severe PITA. However, criminals have absolutely no trouble obtaining firearms, and the populace has no means to defend itself. You're going to threaten a goblin with the cops when he's holding a gun on you? Spare me. Goblins don't get guns through gun stores the way citizens do. It's a feel-good farce perpetrated by the Democrats because their fucking Kennedy icons got blown away by a couple of goblins. Oswald would've gotten the chair, and Sirhan would've been dragged off to the "green room" had justice taken its course, but the glorious Democratic party is so committed to its quote unquote principles of patronizing the public while taking away what it has earned that they would easily hang the good folk of this country out to dry to further their own nefarious agendas (any time the subject of Kennedys comes up I get pissed off). However, I digress.....
The idea of traceable code isn't all that horrendous, however, it requires a code signing function to be built into untamperable hardware, and that raises the question of how PCs are upgraded or for that matter replaced. Think of XP's voting mechanism for example. When an XP machine is booted, several code functions "vote" on the changes that the machine has seen since the last boot (i.e. new hardware or software) and if there are too many changes as per Microsoft's definition, the XP license needs to be reactivated. The problem right there is that we have no idea as to what the quantitative and qualitative criteria are for the voting, and we are dependent upon Microsoft's gatekeepers to tell us whether or not our previously legally paid for license is still in force despite the fact we hooked something up to the USB bus on the box. We also know that computer hardware has a finite lifespan, and that if there's a catastrophic failure, how do we recover from a backup to get a new developer-capable machine up and running while maintaining the audit trail (presumably the untamperable hardware would not be transferrable between machines).
This bears even more dissection. To be continued tomorrow.....
And again, all excerpts from the article are the property of the copyright holder, and are excerpted for fair use purposes....
Friday, March 18, 2005
A Modest Proposal, Redux
While there are some elements of sense in the article, others are merely hysterical, to wit -
Hire a Czar
A surgeon general-like figure for security is not only a Big Idea; it's a popular one. Several folks suggest creating some kind of "government leader" or "public CIO for security," none more vocally than Paul Kurtz, the executive director of the Cyber Security Industry Alliance. "We need more leadership at a higher level of government," he says. At the Department of Homeland Security, he says, cybersecurity has been buried, and he believes DHS should have an assistant secretary-level person for cybersecurity.
At press time, that proposal had been floated but didn't make it into the intelligence reform bill. Meanwhile, a succession of notable leaders for cybersecurity resigned from their DHS posts—some suggest because of frustration over the low status of the role within the agency. Congress even explored the possibility of moving government oversight of cybersecurity from DHS to the Office of Management and Budget.
"Somehow, the surgeon general has this special place with us," says Scott Charney, chief security strategist of Microsoft. "We don't have the focal point in security that health care gets with the surgeon general."
One of the surgeon general's best-known successes is found on the side of cigarette packages. The smoking analogy cropped up repeatedly with big thinkers. Once upon a time, society believed that if you chose to inflict harm on yourself by smoking, you were free to do so. The concept of secondhand smoke changed that equation and now smoking is anathema in many public places.
Networks are no different than smoking in the sense that your bad security habits can adversely affect innocent bystanders. Online, in fact, it may be worse since the secondhand smoke of cyberspace doesn't dissipate with time or space. It debilitates every machine it touches equally, as if everyone was forced to take a drag.
We propose a high-profile surgeon general for information security, who reports to the secretary of DHS. Imagine labels on software like those on cigarettes—Infosecurity General's Warning: The use of software and hardware that is not certified secure can harm your system and other people's systems, and you may be held liable for those damages.
Oh brother. All together now, "I'm from the government and I'm here to help". Perhaps the last time the Surgeon General actually did something was the cigarette labeling issue, and for crying out loud, that was before Cream broke up. The Surgeon General is a public policy harrumpher that in general has been stunningly ineffective due to the partisan politics (neither Koop or Elders did anything worth a damn except pontificate, and not all that well, either).
And who in the industry is going to play Surgeon General, or for that matter, capi di tutti di capi to the kingpins of the industry? Gates, Palmisano, McNealy, Chambers and their peers are not about to surrender any of the hard-won territory nor intellectual property to control of a government czar. Czar-hood usually doesn't do a heck of lot of good (ask the Romanovs, ha ha) other than it gives one single person the ability to act as a lightning rod for criticism from all sides. Can you imagine if a government czar will suddenly have to start approving RFCs?
There's quite a bit more in this article worth dissecting. The gist of it is to start regulating computing, an idea which scares the hell out of me as a technologist, a free-markets supporter and a conservative. We'll take more of this up tomorrow....
All excerpts from CIO Magazine are the property of their respective owners, and are quoted only for fair use purposes.
Thursday, March 17, 2005
Anybody up for some Pink Floyd?
Cool! I Want One!
Beastly bore being a pundit....
100. Xena - One tough broad. Boring show.
99. Monk - Who?
98. Steve Urkel - One note gag. Worked for about half an episode.
97. Dr. Smith - Seriously annoying character, however, Jonathan Harris was a real gentleman.
96. Artie - Which Artie, Bucco?
95. Doug Ross - Who?
94. Vic Mackey - See #95
93. Maynard G Krebs - Absolutely cosmic. Should be much higher on the list.
92. Agent Dale Cooper - Nope.
91. Caine - Unless they're talking about Howard Caine.....
90. Herman Munster - Gold-hearted ghoul should be much higher on the list.
89. Lt. Castillo - Quien?
88. Jamie Somers - Cute. No substance.
87. Gomez & Morticia - Way too low on the list. They smoldered!
86. Maxwell Smart - Also way too low.
85. Napoleon Solo/Illya Kuryakin - Forgot about them, it's been so long. Yep.
84. Bob Hartley - Should be much higher.
83. Vinnie Barbarino - One note joke. Got old within a year.
82. Gil Grissom & Catherine Willow - Nope.
81. Cast of Will & Grace - Never saw it.
80. Jack Tripper - Funny stuff. About right in the standings.
79. Charles Ingalls - No. A thousand times no.
78. Rob & Laura Petrie - Where are Buddy, Sally, Mel and Alan Brady? Way too low.
77. Dr. Craig - Forgot about him. William Daniels always was very enjoyable
76. Ellenor Frutt - Nope.
75. Ally McBeal - Too scrawny and neurotic
74. Beaver - Iconic. About right in the ratings.
73. Dr. Johnny Fever - See #93. WKRP is still one of my all-time faves
72. Dick Solomon - About right.
71. Dan Fielding - No opinion.
70. Niles Crane - Criminally low in the rankings. Sparklingly funny.
69. David Addison/Maddie Hayes - Never liked Moonlighting
68. Benson - A lot funnier on Soap then on his own show.
67. Jim Ignatowski - Funny indeed. Should be higher.
66. Carla Tortelli - So where's Lucille Toody?
65. John Boy - A resounding no.
64. Jessica Fletcher - See #65
63. Andy Taylor - Iconic and laconic. Where's Floyd The Barber?
62. Francis Xavier Pembleton - No idea who this is.
61. Crockett & Tubbs - Never liked the show.
60. Mork - Wore thin after a while.
59. Al & Peg Bundy - Great stuff.
58. Barney Miller - It was the ensemble, not Hal Linden that made this show work.
57. Rhoda Morgenstern - At times very funny. Aged badly.
56. Mick Belker - Great stuff
55. Capt. Picard - Er, polish your head, sir?
54. Rocky & Bullwinkle - Should be in the top 3. No ifs, ands or buts. Where are Boris and Natasha?
53. Pres. Josiah Bartlet - Bleccch.
52. Emma Peel - Drool. Should be in the top 5.
51. Murphy Brown - Funny when it was first on. Probably has aged badly
50. Sam & Diane - Should be higher in the rankings.
49. Maude Findlay - Aged incredibly badly. Only time she was really funny was on All In The Family (the flu episode)
48. Ted Baxter - A classic. Annoying at times, but an old friend
47. Carmela Soprano - Fuckin' A
46. Cast of Friends - Have I mentioned that I really hated this show?
45. Marshal Matt Dillon - About right
44. Cliff Huxtable - I like Bill Cosby, but not this show
43. Thomas Magnum - OK, I guess
42. Laverne & Shirley - Feh
41. The Barone Family - Who?
40. Fred Sanford - Wilfrid Brambell did it better, and Redd was funnier on his "party" albums
39. Kojak - About right
38. Sgt. Ernie Bilko - Should be higher in the list
37. Marcus Welby - Never liked the show
36. Barney Fife - About right
35. Lou Grant - I've really started to dislike Ed Asner, so I can't be objective about the character
34. Kermit & Miss Piggy - Never cared for it
33. Maverick - Ancient history
32. Scully & Mulder - Never cared for it
31. Samantha Stephens - Drool
30. Det. Lenny Briscoe - Never watched the show
29. Alex Keaton - Got annoying after a while
28. Perry Mason - Just about right. Best theme music ever on TV
27. Ann Marie - No. Extremely annoying.
26. Frasier Crane - Literate. Funny. Longevity. Great character.
25. Joe Friday - An icon. Just the facts....
24. Louis DePalma - Funny indeed
23. Andy Sipowicz - I still think Franz's best turn was as Benedetto on Hill Street Blues. Do the right thing, Sal....
22. Richard Kimble - Never cared for the show
21. Mr. Spock - Most illogical positioning. Should be up in the top 10
20. Ed Norton - Top 5. No question about it. The man defines cosmic.
19. Eric Cartman - Not my cup of tea.
18. Roseanne - No. End of discussion.
17. Jim Rockford - Never a favorite, but I always liked James Garner
16. George Jefferson - About right, maybe a touch lower in the rankings.
15. J.R. Ewing - Nope. Hated the show.
14. Hawkeye Pierce - Too freaking preachy after the first season.
13. Buffy - Nope.
12. Edith Bunker - Remember the dumb Mama Bear in the Warner Brothers Three Bears cartoons? That's Edith Bunker. All In The Family is an immediate channel-changer for me
11. Carrie Bradshaw - Should be a lot lower in the rankings
10. Tony Soprano- Top 3.
9. Capt. James T. Kirk - About right
8. Mary Richards - About right (I still love the line when her mother says to her father "Don't forget to take your pill" and both of them answer "I won't")
7. Lt. Columbo - Iconic, but I think about ten notches lower is right.
6. Seinfeld Cast - Should be top 5.
5. Homer Simpson - Somewhere in the top 15, not this high
4. The Fonz - Way lower down, in the 70s or 80s
3. Lucy Ricardo - An icon. Top ten for sure. Grating after a while. Needs some distance.
2. Ralph Kramden - Top 3.
1. Archie Bunker - Yeah, groundbreaking and all that. The show has aged horribly.
And just to stick my own two pfennigs in about some other egregious omissions:
- Toody and Muldoon ("Car 54 Where Are You")
- Doberman ("Sgt. Bilko")
- The Beverly Hillbillies
- Lurch ("The Addams Family")
- 99 ("Get Smart" - and no, 99's real name was not Susan Hilton)
- Siegfired ("Get Smart")
- Sgt. Schultz and Col. Klink ("Hogan's Heroes")
Wednesday, March 16, 2005
Randomness, Markov's got nothing on me....
Hotbar's privacy statement:
..HOTBAR COLLECTS AND STORES AGGREGATED INFORMATION ABOUT THE WEB SITES ITS USERS VIEW AND THE DATA THEY ENTER IN SEARCH ENGINE SEARCH FIELDS WHILE USING THE SOFTWARE. HOTBAR USES THIS INFORMATION TO DETERMINE WHICH ADS AND BUTTONS TO DISPLAY ON YOUR HOTBAR TOOLBARS AND WHICH ADS TO SHOW YOUR BROWSER...
Not shouting, folks. Just copied from the Broadband Reports link.
The big question is probably whether this thing is bundled with something (and I'm pretty convinced at this point that bundling crapware with P2P stuff is a tactic of the entertainment industry to so louse up people's computers who trade files that they become unusable) and it is installed without affirmative consent to the component (in other words, they're installing a bundle and you have to agree to the entire bundle without any chance of evaluating whether they've done a good job of integration testing on said bundle). There will always be the PEBKACs who will click on a pop-up and come whining about it, but I will exclude them from the discussion (hey, they're profitable). If it's ever installed through an exploit of any sort, it's on the Dark Side. When Win32.beavis installs iSearch, that's a virus installing ahem adware. iDownload doesn't proactively reach out to the computer security community to get the thing off people's computers who never intended to download the thing. This speaks of either supreme arrogance, indifference or complicity. Hopefully Hotbar is merely one of those items that are installed through sheer user idiocy (gotta love redundancy), but since Hotbar is playing in a very close area to iDownload (read as you've got to use their SuperDuperSpecialProprietaryDon'tDareUseSpybot Uninstaller) they're treading on some iffy moral ground.
Tuesday, March 15, 2005
Beware The Ides Of March
The Lashkar-e-Toiba militants killed in an encounter at New Delhi on Saturday night planned to attack software companies in Bangalore besides Indian Military Academy in Dehra Dun, Delhi police said on Sunday.
The militants visited Bangalore in December last year and surveyed the location of several software companies there, joint commissioner of police (special cell) Karnal Singh told reporters.
"They planned to hit economic installations to hinder the economic development of the country," he said
Oh, isn't this just peachy keen for the outsource-niks. (and yes I know I should be saying offshore-niks, but it just sounds better for the unwashed masses to use the 'O' word). I can easily imagine the level of security built into the average campus in Bangalore isn't anywhere near what it is in the US (I can think of one major campus of a Large Financial Services Firm in what I'd call an exurban area, a solid 60, maybe 70 mile drive from the nearest big city, where everything is keycarded, including the rest rooms. I can understand the data centers, and perhaps keeping Compliance keycarded off - incidentally Compliance had no presence here, this operation was really unrelated to trading, banking or anything of the sort - but the can?) Of course, sectarian violence is a lot more common in Lower Outsourcia than it is say, in South Dakota but that didn't factor necessarily into the decision to locate operations there. The bean counters strike again. I wonder if someone decides to issue a little fatwa-gram that causes a regrettable incident in sunnier climes and there's insufficient resilience and recoverability, will the bean counters and consultants who advocate outsourcing decisions have their heads handed to them?
Blogger has been someone peripatetic today, so perhaps a shorter post than really warranted. I did see a mildly funny reference to certain splodeydopes as Osama E. Coyote along the way, a reference even a jaded sort as myself could appreciate. I was hoping to check out Eric Olsen's commentary on Blogcritics on the R&R Hall of Fame inductions, however, even Blogcritics has been a bit grumpy today.
A lady from The Jams And Jellying Fishwrapper called the other day to confirm my identity so that it was indeed me that penned the missive on the avocational area I mentioned the other day. Said young lady assured me that my minor commentary would indeed be published "in a couple of days", and as of yet, there's still no indication (in the online edition at least) that my scintillating observation has been published. I shant hold my breath.
Finally, I started taking a listen to the King Crimson box set, and the live tracks were actually pretty cool. It's actually put a minor bug in my ear about doing "In The Court Of The Crimson King", although I can't imagine my band doing this one (the live disc pulls it off amazingly, even given that it's a 1969 recording. The show also had The Nice and The Chambers Brothers on the bill).
Monday, March 14, 2005
Ah Via Emptor
While I figured I could get my Sam Tellig and Mike Fremer fix from a quick perusal in the local bookstore, Art Dudley did a column that absolutely floored me. Ordinarily, Mr. Dudley's column isn't my favorite read in the magazine (the aforementioned Messrs. Tellig and Fremer being the folks I immediately turn to), but he's OK in most cases. This column actually really cut to the heart of matters in a way of speaking. Mr. Dudley openly took on Consumer Reports. Consumer Reports you say, the champion of the emptors, the magazine that exposed the faulty electric welders you used to see advertised at the back of Popular Mechanics, the magazine with the damning car reviews? Yeah, those guys.
The occasion for Mr. Dudley's wrath was a Consumer Reports review of (as they used to call them euphemistically on TV when even Norman Lear couldn't get away with it) male contraceptives. Art specifically lampooned the test results which declared a clear winner on the basis of "taking the most punishment". One wonders how CR could actually publish such an evaluation with a methodology and qualitative results. Which brings us to the general question as to how CR can evaluate anything that it is not entirely expert in. I will grant their expertise in evaluating cars, although their methodology is not one that would produce results that a true aficionado of autos could use to evaluate a car (at least as a pre-sales screening tactic). The qualitative and quantitative in a CR auto review is useful for determining the car's capacity as basic transportation, nothing more.
I well remember the day I stopped picking up Consumer Reports, as they promised an upcoming review of guitars. This was of course the height of absurdity, as I easily imagined them giving a "Best Buy" rating to some Samick while trashing the marques that every guitar player loves (we reserve that for our observations about Mr. Juskiewicz). Their methodology for rating audio is ridiculous, as their opinion is that "it's all digital, therefore get whatever has the most bells and whistles at the lowest price". Bull. Case in point - I was in the market a few years back for a new audio rig (I ended up buying only new speakers, but it made for some pleasant research) and I spent several weekends dragging the Mrs. around to various high-end audio dealers to audition sound systems. I naturally brought some favorite CDs with me, as an early excursion from work to a very well-known shop in Manhattan demonstrated that I couldn't depend upon what I listen to being there for me to test things out (while their classical collection was OK, their classic rock selection was horrendous). We found ourselves in one establishment and began auditioning Adcom and Rotel gear (the megabuck gear was droolworthy, but I just couldn't commit to such a huge price for a system that really doesn't get that much use). Nice stuff, and the salesman mentioned to me, "Well, if you like the Rotel, take a listen to the Naim system. It'll blow your socks off". Before I had a chance to protest, he'd patched a Naim CD player into a Naim amp, and loaded my Revolver CD. Without even asking, he cued up track 9 (he definitely knew his customer - track 9 being "And Your Bird Can Sing") and hit play. It was like a revelation from Providence - I heard tremelo guitar on there previously buried in the mushy CD mix, the vocals jumped out at you, the drum sound being incredibly crisp and punchy, you name it, it was awesome. Needless to say, cooler heads prevailed and I didn't bring home the rig (the salesman was talking close to five figures once we included the speakers I was looking at), but there is no way that I could have gotten that information from Consumer Reports, as their methodology doesn't accept the intangible input of someone hearing new nuances in familiar, great music.
So, I think I might stick with Stereophile. They've given me a couple of bum steers in music reviews (I bought a relatively recent Oregon CD on an audiophile label based on their recommendation, and after taking a total of two listens to it consigned it to the back of the cabinet, only to be played when a soporific is indicated), but there's a lot of good reading in there that isn't the clinical qualitative stuff you get out of CR. And I've gotten a lot of respect for Mr. Dudley's column to boot.
As for Consumer Reports, well, any organization and publication that made its bones on the back of Ralph Nader isn't my cup of tea.
Saturday, March 12, 2005
Henry - You Are Killing Gibson
The following was reported on another forum:
The Gibson District Sales Manager shows up this week for the "big meeting" and explanation of the new Gibson policies.
1. If you are an existing Gibson dealer you must commit to a $90,000 order immediately. (in addition to what you have in stock).
2. If you are not a current dealer but wish to become a Gibson dealer the opening order amount is $150,00.00. No ifs, ands, or buts.
3. 40% of all the guitar hooks in your store must contain a Gibson product. Period.
4. The $90,000 figure does NOT include OAI Division proiducts (Dobros, mandolins, and banjos).
5. The OAI Division opening order is an additonal $150,000. There will only be 12-18 OAI Division dealers nationwide. No ifs, ands, or buts. These guidelines are for any store...whether you are in Cleveland...Seattle...or Bugtussle. In other words,
the guy in Bugtussle with a population of 10,000, has to buy the same amount as
the dealer in the Washington, D.C. area who can draw from over 6 million. Once
again, no ifs, ands, or buts.
When pondering these order dollar figures remember this: LP Studios cost the dealer about $750.00 (a litttle more for the fancier one...)...LP Standards are in the $1250.00 price range, an ES-335 costs $1700.00 or so, a Custom Shop '57 Reissue LP costs about that amount also.
When you start adding up and trying to get to the "magic figure"...a small to medium-sized dealer is choking to death on product. This is clearly a move to weed out the small to medium-size dealers and make way for only the big boys to have Gibson available.
BTW....Sam Ash is no longer a Gibson dealer...I find that particulalry interesting in lieu of the fact that they are probably Musician's Friend's biggest competition.
Dave's Guitars (www.davesguitar.com) was shut down with no explanation at the time and Gibson refuses to this day to give him a reason why he is no longer a dealer. Dave's Guitars had annual sales figures with Gibson in excess of $1.6 million.
Music Machine (www.musicmachine.net) in Washington state was also shut down with no explanation. Their annual sales topped $2.2 million. Let me say that again...their sales were $2.2 million per year with Gibson and they were just cast aside.
As of this date 65% of all Gibson dealers who have been presented with these figures....have opted to no longer be a Gibson dealer. This exceeds Gibson's expectations by 35%. They figured they would lose about 30% of the current dealer network....they had no idea that 65% of the dealers would tell them to go to hell.
We are, as of this date, undecided as to what we are going to do. If it were strictly up to me I would opt with the other 65% of the dealers and tell them to go to hell.
Friday, March 11, 2005
Sorcery, n. The ancient prototype and forerunner of political influence
I'm not especially ticked at Drudge, but if whoever is doing their ad serving is listening, you've caused me to stop going there, at least when I'm on a machine that isn't fully up to my specs when it comes to spyware prevention.
Thursday, March 10, 2005
The comment that should've been made in court today....
Are you mockin' me with that outfit?
Scribbler, n. A professional writer whose views are antagonistic to one's own.
Trying to get back up to speed with work and all of the nastiness that it implies, needless to say that even though everyone at work is quite well aware that I'm still recovering from my procedure, the administrivia and pressure keeps coming (needless to say as I look for a new Esteemed Client or attempt to book further business at an old Esteemed Client), the pressure has been turned up to get myself doing something quickly despite the fact my recovery is still a work in progress (I'm getting around, with some residual nasty pains here and there. I'm guessing anywhere from 10 days to 3 weeks more until I'm fully back to myself). Ecce vitae...
I caught a minor factual error in the local newspaper yesterday, and seeing as it was in an avocational area I consider myself somewhat learned in, I promptly fired off a missive to the editor correcting the error (and amazingly enough for me, I was actually polite and didn't cast aspersions on the scholarship, integrity or lineage of the author). I received a note back from their editorial staffer saying that they indeed would publish said missive, however, it was too long for their standards (three hundred words maximum for a Letter To The Editor) and would I please edit it down. Now, if you've been reading these pages for a while, you've noticed that I tend to take a somewhat pedagogic or Socratic style in explaining issues that I might care to expound upon, and that I will generally support them with facts prior to imposing my viewpoint on my readers. Needless to say, said issue required some explanation of the background of the events in question (which I assure you is esoteric enough to bore everyone but certain hobbyists to tears) but because I generally dislike pontificating without having tons of supporting rhetoric (or in this case, actual facts) I found the final edited product (which came out to 270 words) to be most unsatisfying. The amusing thing is that this stands a pretty fair chance of being published (and in line with my desire for anonymity, I shan't point you towards it, nor give any clues other than what you read here).
In many ways, I'm my own worst critic. I've taken a look at stuff I've written over the years and cannot believe that I've actually put pen to paper and come up with such drivel, yet for some reason my writing does indeed have its fans (one deliverable I wrote for a very prominent investment bank had the reviewer so engrossed that he actually missed his train station while reading it).
Three hundred words? I'm just getting warmed up in 300.
Posting may be irregular until Monday. By that point all of the nonsense and pain should be quite manageable, so bear with me a bit. Next week, back to a full schedule of venom.
Tuesday, March 08, 2005
Religion, n. A daughter of Hope and Fear, explaining to Ignorance the nature of the Unknowable.
What I'm about to post about has nothing to do with Mr. O'Dowd, other than he's probably spouting fashionable Euro anti-semitic tendencies, only peripherally related to Mrs. Ritchie in the sense that being a dumb celebrity with a following can be exploited by a shaman, and everything to do with shamans and religion.
What Mrs. Ritchie follows is only related in the most superficial sense of the word to Judaism. As I noted on Blogcritics:
There is somewhat of a Jewish tradition of mysticism that does include kabbalah, which is an esoteric interpretation of the Torah based on a couple of books "Sefer Yezirah" and "Zohar", however, this tradition dates from medieval times by most scholarly opinions (the Zohar, although written in Aramaic, shows many grammatical errors and has words from medieval Hebrew and Spanish in the text). There are other such texts such as "Tanya" (the popular name for "Likkutei Amarim", a Hasidic text) which are similar in spirit and approach, just not as trendy. Traditionally, Jewish scholars don't delve into these areas until they've become quite learned in the foundation texts.
I fault my own Jewish education for not expounding better on the matter, but the concept I'm trying to get across is simply that Philip Berg's version of Kabbalah, to put it bluntly, is a load of hooey. I should probably change my reference to the Tanya from "spirit and approach" to "spirit if not approach" if I were to be truly accurate, but then again, I have to defer to the experts, as I'll stick to learning the ground rules first (I don't think anyone should be messing with kabbalah until they can give a decent divrei Torah, something I'm far from able to do). I had known that the Zohar was written in Aramaic, but I wasn't aware of the Aramaic grammar errors (I have to admit that I started nodding off in Talmud Torah when they got to teaching us Aramaic, I had enough trouble understanding the differences in the Hebrew in Chumash. I well remember going nuts with Lech Lecha, which our teacher insisted on us repeating back each phrase in a more modern Hebrew - in this case Lech l'tovascha. For the non-cognoscenti, the portion of the Bible I’m referring to is Genesis 12:1).
OK, so it's a fair bet that the Zohar actually dates to medieval times and not biblical times, not exactly earth-shattering, in that it's a commentary and an interpretation, another of the very long line of such texts interpreting Jewish theology and practice. It's somewhat different because of its mystic bent and as such was traditionally only open to more mature scholars for study (given the esoteric nature of it, it takes an advanced scholar to penetrate it). The Tanya is fairly ubiquitous in Lubavitcher circles but it's something that's not marketed to the average baal teshuva, at least until they've gotten a lot more conversant with matters.
Since I know my own limitations in these matters, I know enough not to touch these texts in any manner until I understand all of the underlying principles and history. Which brings me to Mr. Berg. Presumably, by his qualifications, he has a heck of a lot better Jewish education than I do, yet he peddles a "light" version of what is some very dense and esoteric material to a bunch of dilettantes that cheapens on many levels. Rather than encouraging fundamental Jewish education for his Jewish patrons, and rather than encouraging his non-Jewish patrons to observe the Noahide laws or just be good people, he peddles strings and bottled water, along with books that few if any of his patrons have a hope of understanding. It cheapens on so many levels, it's angering.
Think back to the Beatles going to the Maharishi. The Maharishi's path was an easy one, just a few minutes of meditation a day and you were on the road to enlightenment. Then came Rishikesh. Ringo headed home after a few days, dismissing the place as being like Butlin's (the English holiday camp). John ended up telling the yogi off after discovering some allegedly less-than-holy conduct. George ended up discovering the deeper ways of Indian mysticism after leaving the popularized version to the innocents who devoured the Maharishi's plaudits.
Other than the blinding glimpse of the obvious that celebrities are dumber than dumb for the most part and are easily led around by shamans, it points out the dangers of individuals like the Bergs, who peddle ersatz religiosity for the gullible while conveniently omitting the years of intense study needed to understand the concepts they're basing their marketing campaign on. Shamans are dangerous, and come in all varieties, be they robe and sandal-clad, pompadoured televangelist, or whatever "spiritual" pontificator flavor of the month.
Monday, March 07, 2005
Another Ambrose Bierce Fan
Sunday, March 06, 2005
How To Reconcile The Kulturkampf In My Miserable Existence
Image courtesy of The Joy Of Tech
Recollect, v. To recall with additions something not previously known.
I definitely could have lived without the ubiquitous clip of Joan Baez singing "We Shall Overcome". That woman rivals Hillary and Barbra on my annoying scale. No huge surprises in the other clips, other than a live clip of Janis doing "Piece Of My Heart" with what I assume is the Kozmic Blues Band (Sam Andrew is in the band with his painted SG, and there's a horn section, so by deduction it's the KBB). I noticed that they were playing "Piece Of My Heart" in 'D', a full step down from the original recording.
The schnorring, well it was a typical WNET beg-fest. The unbelievably bland Midge Woolsey (a woman who rivals Whitney Blake and Meredith Baxter Birney in the white bread department) desperately trying to appear hip while coaxing lame stories out of Cousin Brucie. (The pitiful reference to Midge singing "In A Gadda Da Vida" was cringeworthy; she probably sings Sondheim in the shower. And as far as Brucie goes, he was lame back when he was relevant - Murray and Scotso were the ones to listen to) Some other functionaries and factota appearing for fifteen minutes at a time telling how our money brought this program to PBS, and why we're such incredible cheapskates for not coughing up the incredibly reasonable three figure suggested donation for a premium (either a DVD of the show or a four CD set of songs that you can easily pick up for twenty bucks). Of course, this was interspersed with a long-running interstitial clip that told how wonderful the show we were watching was, before they finally got back to some useless interstitial material in the show until they finally got around to showing someone you were actually interested in.
Saturday, March 05, 2005
Piracy, n. Commerce without its folly-swaddles, just as God made it
Items of interest include a seriously nice looking rosewood Telecaster at Ishibashi sure to delight the George Harrison fan. Big things about this that might give pause to some folks is that it might just be a rosewood veneer on a basswood body as opposed to the rosewood / maple / rosewood sandwich on the "Let It Be" guitar, also that it's a stained maple neck with a rosewood board as opposed to the solid rosewood of the original, however, points in its favor are its price ($800), Fender Japan's high quality, Ishibashi's great service and frankly, from an audience perspective, it would take someone with hawkeyes to pick out the differences. Sonically, you could make the argument that the construction would make a difference in the sound, but if you're playing through a Leslie effect as on the single version, I don't think it really matters. Most sources have George playing through a silverface Twin Reverb at the time of "Let It Be" (they can be seen in the film) but there's quite a bit of crunch on the album version of the song that leads me to believe that might've been recorded with George's piggyback Bassman.
This tale of a gentleman being attacked by a chimpanzee is most cringeworthy, in that it seems that angry chimps tend to maul external reproductive organs of other primates. While exceedingly unfunny to the affected gentleman (and of course engendering a protective gesture) it perhaps explains certain things about a certain popular singer formerly known for harboring such a creature. The guys at NASA had plenty of stories about how nasty the chimps used for testing the Mercury capsules were, not to mention the story of how a latter day "Cheeta" in one of the last Tarzan films performed an unpleasantness on Lord Greystoke's interlocutor.
A quick perusal of Broadband Reports shows that many users are complaining of the same DNS issues afflicting my frummie friend, and that the ISP in question is about as responsive as the federal government is when it comes to stopping illegal immigration. Time for a call to the Public Service Commission to get the issue resolved (presumably, since it's a cable company)
Posting will still be irregular for another couple of days as I come back to myself....
Friday, March 04, 2005
On The Mend, On The Rag
I noted that some judge in Virginia dismissed one of the spamming convictions so highly touted back in November, quoting from the CNN report "saying he found no "rational basis" for the verdict and wondering if jurors were confused by technical evidence.". No rational basis, indeed. I've basically come to the conclusion that most jurists are idiots (with the notable exceptions of Justices Scalia and Thomas) and that this judge himself was likely confused by the whole affair. It's quite simple, really. Jessica DeGroot was an accessory to a crime committed by Jeremy Jaynes. She in some way facilitated his theft of service by misusing SMTP services. You don't have to explain the theory and practice of the internal combustion engine to jurors in a case of Grand Theft Auto, therefore explaining the mechanics of SMTP to jurors other than the basics needed to fairly judge the case isn't indicated.
As to Mr. Jaynes, Ralsky, Hawke, Marin and all the other leading spammers, the only thing that's going to stop them is some seriously bad medicine....
I'm in somewhat of a grumpy mood today....
Wednesday, March 02, 2005
Still In One Piece
Let me go enjoy the painkillers.....
Tuesday, March 01, 2005
Piping Hot Schadenfreude
Like many online service providers, T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account.
Needless to say, said skank's pet's name is quite well known, and it wouldn't take a specialist in high temperature laminar flow boundary layers to get past this elementary security measure and obtain the contents.
One time passwords, they work.....
Reason #436 Why I Hate To Fly
OK, so the plane loses an engine on takeoff from LA, but the pilot decides to fly across the Atlantic instead of risking a fine for delaying the passengers. Pilot realizes that the extra drag from flying lower and with increased rudder means a fuel consumption problem which requires an emergency landing in Manchester.
Let me guess, the local enviro-whackos would've gone nuts if he dumped fuel near LAX and returned, right?
I find it hard to believe that any pilot would risk such a long flight with his aircraft in an impaired condition so soon after takeoff without serious incentive to do so.
Safety first, please.
Unrelated, I happened to download a "sticky notes" program for the High Altar last night and I was rather impressed by the way MS AntiSpyware picked up on the way the program was trying to install itself to start at boot time. It's a benign program, but I liked the way MS AntiSpyware gave plenty of warning about what it was trying to do and allowed me to manage a whitelist / blacklist. As to whether I'll keep this program, I don't know, depending on how much use I get from it (anything to get the thirty odd sticky notes off the monitor) and whether it causes any instability (a previous program called "Stickies" worked fine with the Win2K boxes here, but caused instability on the High Altar and necessitated an uninstall).
I had my guitar tech do a full setup on the Epi Riviera 12, and the action is wonderful on it now. The relief on the neck is suboptimal (the first two frets are a tiny bit out of spec) so there's a touch (just a touch, mind you) of "slappiness" if you play way up the neck. This wasn't really a concern playing the lead on "I'll Feel A Whole Lot Better" (yeah, I know, wrong guitar for that one, but what the heck) and it sounds gorgeous capoed. My tech recommended keeping very light strings on the guitar (I tend to play with either .010s or .012s on most of my guitars, the guitar came set up with .009s) and I'll take his advice. I'll probably swap the strings out for Elixirs one of these days; it's a big contrast to my Rickenbacker, where I slap a set of Ricky 12 flatwounds on every three years whether it needs them or not. Since people are finally taking delivery of the 360-12C63s (someone on the Rickenbacker forum posted pictures of his, man, is that guitar beautiful) it might just be the impetus for me to flip the old 360-12 for a C63. Not that I don't love my '78 360-12, but that damn 'R' tailpiece makes chaging strings a chore and an exercise in frustration. The C has the trapeze tailpiece which will make life a lot easier.
As I noted yesterday, my minor procedure is tomorrow AM, so I won't be posting until Saturday or Sunday, depending on the recovery. Needless to say I'm not looking forward to it, but it'll resolve some major pain that's been going on for almost a year. I'll get a good jump on the Stephenson book while I'm laid up and I've got a couple more coming in from Amazon (they're supposed to be here today, but who knows with the snowstorm). I've also got a couple of CDs coming in with the order, the King Crimson 1969-74 retrospective (I have the first album already, but it's very hard to find "Lark's Tongue in Aspic", plus there are some live tracks that seem interesting), and also a Faces compilation (not the five CD box set, as there's a lot of filler on that; brings up an interesting tangential point - why is it so hard to find the Small Faces' "Ogden's Nut Gone Flake" in a "normal" CD release format? Lots of imports and special editions, media catalog management being a very interesting study)
Catch you all sometime on the weekend. It may be a short post, just saying I'm here, but I should be fully back to myself and loaded for bear for Monday AM.