Robust McManlyPants on Average Display

OK, you must check it:  the new Mac Pro.

Buh…

Want!

WANT. 

Another awesome week at The Lake has passed, and I feel much refreshed.  My laptop died on Friday, with a series of grinds and screeches coming from the hard drive and the CD drive refusing to shut properly then refusing to open properly.  One sale item at Best Buy later, I am writing this on a new laptop that is scaled to my mobile needs – it can play games if it has to, but it would rather write.  This is a good thing.

Speaking of writing, the sad news from my laptop woes is that I lost a great character background I’d written for a new World of Darkness game and I lost the 2nd zombie story, which I worked on while at the lake but didn’t have a chance to offload anywhere given the lack of interwebs.  Ah, well, you win some, you lose some.  This just gives me a chance to rewrite it, after all.

So, the gubmint’s amassing a database of every phone call placed or received in the US.  I don’t mean they’re just curious as to whether you or I are calling the terr’ists, I mean they’re curious as to whether you or I are calling you or I.

Of course, only terrorists could possibly object, right?

Red-blooded Amurkins with nothing to hide have nothing they care to keep private, right?

This boils my mountain-born blood.  This is the sort of thing that could make me start to wonder whether those Libertarians have got something worth listening to.

And of course, President Smirk sits on his tall, white horse and shakes his itty fists and swears that they’re not just trolling for any ol’ information.  They’re trying to keep us safe!  We’re at war!  A War Preznit needs his powers of war, dang it, or the terr’ists have already won!  Only islamofascist running dogs of the brown-skinned extremists would possibly care whether anyone is keeping track of who calls whom, 24/7, domestic or international, local or long-distance.

And what makes me even more sick is that only Qwest had the gonads to stand up to them, to ask that they get a FISA warrant before they start handing over that information, and as soon as Qwest mentioned FISA then the NSA said, “Oh, well, we don’t know that they’d actually let us do this,” and then they walked away and never mentioned it again.

The only explanation I can come up with is that the people collecting this data are cowards and criminals who knew their request was unreasonable.

That is the only explanation.

If it were a reasonable request, it would have been a simple thing for them to get a FISA warrant.  It would have taken hours.

They didn’t even try.  They just clammed up and walked the second FISA got mentioned.

They are cowards and criminals.

But will anyone get impeached for this?  Will anyone be cost anything, politically?

I don’t think so.  I don’t think anything will happen in Washington.  I can’t imagine this playing very well among certain of my relatives, certain elements of my home town – that network of hills and hollows where families lurk for generations, where life and change are slow, where privacy is not some luxury reserved for times of peace but a basic requirement of life, where a respect for privacy is a fundamental element of sociable human behavior not a nicety.  But come November (’06, ’08, forever) there will always be bigger, more hot-button issues that can be played to curry just enough favor, just enough less revulsion, to string votes out of expected constituencies so that real change – ever feared – is kept at bay.

And so my heart sinks just a little, and a little more of our privacy and our expectation that the government follows its own laws and my trust for authority are eroded away, and we all get used to one more thing the government shouldn’t be doing but is.  Sure, Congress could pass a law, but then Bush could just refute it with his signing statement and go about his merry way – or, hell, he could just ignore it altogether.  I am reminded of one of my favorite things The Boyf has ever said:  “As late as the 3rd or 4th century CE you could probably still find Senators who thought they ran the Roman Empire.”

The next person elected President is going to have to do something drastic in their inaugural speech.  I am serious when I say I want to see this, and I will vote for any candidate who promises to do so.  I want the next President, standing there on the stage, with Bush shaking off his DTs behind them and the nation watching, to say:  “Everything is going to change.  We are going to be more open.  Gitmo will be closed down.  Warrantless spying on our own citizens will stop.  The color-coded alert levels are over.  The Era of Fear is at an end, and we will be held accountable, and in addition we will hold an accounting of others.”

But will either party make that claim?  Is there any candidate interested in being President – for which, surely, a job requirement is a lust for power – who will look at all the crazy fucked-up shit Bush has gotten away with and then say to themselves, “No, I will not use this same power.  I will give it back, or give it up.  I will apply a brake to the Executive and I will not rule as a despot, but lead as a President?”

A part of me wishes it were so, and a part of me finds it doubtful.

All of a sudden I want to draft Jimmy Carter.

So, is anyone reading this knowledgeable about, or experimenting with, or curious about High Dynamic Range photography?  This is something I really, really want to try, just for the heck of it.  (If you ask me, it makes real subjects look like pre-rendered backgrounds in videogames, which is strangely beautiful).

Some samples can be found in the HDR Flickr pool, or in the blog post linked above (which also includes links to a tutorial).

I don’t have the full version of Photoshop CS 2, just Photoshop Elements 4.  However, Photomatix has a trial version available for download, and there are of course versions for both Mac and Windows.  I’ll probably download the OS X version tonight, then bust out the camera this weekend and see what I can produce.

In 2000, as I was standing in line to vote, a woman in front of me addressed those of us standing around her with this: “Why can’t I just do this online?” I should have kept my mouth shut, but I didn’t. “Because,” I said, “It would be too easy to hack.” After finding out I worked in network security, she went on to decide that it was somehow my fault that this hadn’t been figured out yet. While I certainly didn’t have the answer, I shared her frustration. A part of me relishes the civic cameraderie of standing in line to vote – how else would I have met that lady in ’04 who told me her kids played soccer with the Bush twins in Texas years ago, and said “Laura is the biggest bitch you’ll ever meet,” without that experience? Still, online voting would make some things much easier.

And so, with that in mind, pretend for a moment that you and I are sitting in a bar. There is a large plate of cheese fries between us, with ample supplies of both ranch and honey mustard dressings. I have a Diet Coke (it counteracts the cheese fries, right?) and you have the beverage of your choice. You have just pulled out a pen and one of the bar napkins and said, “So how could it work and be safe?”

This is not a circumstance in which we are going to solve the problem from start to finish, but I do have a few ideas. I don’t know how feasible they are. I don’t even know if they’re truly secure, because encryption and authentication are not my specialties. I do network perimeters, though, so I do touch on authentication and encryption. I am not, however, a genius. I am a guy who is good enough at his job to keep doing it. Keep this in mind. I say this in part to excuse any gaffes and in part to make clear that criticism or other suggestions will not offend me. I am aware of my limitations! Anything we can come up with to improve on the following scenario is a good thing. I do not believe that in a day or a month or a decade the whole world will look back on this post as The Answer That Worked, but neither have I found much of anywhere that this is being discussed in a serious but casual and open way. So, we begin here, and see what happens.

The biggest issue with online voting is, how do we know your vote was cast by you? Online voting would, if dissected into an order of operations, look a great deal like voting in person, in part because that’s already the model that works, and in part because this can be translated into a friendly, tech-free presentation to the user that will make them comfortable with a new process by making it feel like the old process wherever possible. That means the first thing we have to do is check in at the front desk. So, we need to authenticate you. However, managing a national database of logins and passwords is impossible and, just as importantly, neither would it be anonymous. Confidential is not the same as anonymous (let’s hear it from the HIV-testing activists from ten years ago, people), and what we’re gearing for is authenticated anonymity. (I don’t even know if that’s a real term, but we’re too busy eating cheese fries to care. This is all just kicking the ball around.) You want to check in at the front desk but, after that, you do NOT want your vote in any way tied to your name. Remember, you don’t sign your ballot before you stick it in the box.

The second big question is going to be ensuring that your vote is not tampered with. In real life we do this by being alone in the voting booth and then putting the ballot in the box ourselves. Polling place workers do not take the ballots from our hands after they’re filled out. Instead, they are tucked away in the big, brown boxes for security’s sake. After that, we have to trust that the authorities are honest with their counting, but hey, we already do that. So far, so good. How to duplicate this online is going to be to use extra-strength encryption. I am not talking about 128-bit encryption you use to check your bank balance. Yes, that’s great, and the kid down the street sniffing your wireless link is not going to be able to crack that in a hurry, but we know someone can: the government. Rumor has had it for years that 128-bit is the industry standard because the average cracker can’t break it but the NSA can and in real time. Perhaps it is true that Uncle Frank is simply not going to care about that, but the geeks sure as heck will. If we’re going to sell online voting to anyone, we have to win over the geeks first. Then they can sell their Uncle Frank on it on their own time. Thus, I’m going to go out there and suggest 1024-bit encryption. It’s overkill, yes, but it is very, very safe, and all the nerds out there with GnuPG are going to like seeing that big number.

The third question is, how do we deliver it? The bottom line is that, like any question of voting equipment and processes, it’s going to be decided at the state and local-elections-board levels. Your town or county or city or whatever is going to have to keep a server where the votes are tallied. This is not hard, because the process of tallying votes is now largely computerized anyway. Butterfly ballots excluded, do you really think that here, in NC, when we complete the little arrow to the candidate’s name that someone is going through and checking those by hand? Those things are scanned and the results stored on a computer. We will store our results on the same computer. Voila.

“That’s a lot of nice talking,” you say to me around a mouthful of Beverage(tm), “But we already know all that.”

Too true! Here’s the tech part of it, and it’s very simple: one-time crypto keys.

Let’s say we have our system in place. I want to vote online because I am lazy and I could be sitting at home stuffing myself with my own plate of cheese fries rather than out standing in line. Thus, I appear at my local polling place and skip the line and go straight to the front table that’s next to the other front table. There is no line. I tell them who I am, and they check me off in the big book because I’m now saying that I have voted and I am not going to vote in person. The other front table checks me off, too. The nice people behind the table hand me a CD with the voting client software on it (a cosmetically modified VPN client that is light and simple and will uninstall the day after the election and a link to the page where I will vote, using a private IP address for which I’ll only have a route after the VPN client has bound to my network interface). Then, they reach into a big box next to them and pull out an envelope. It looks like a paystub – perforated edges on each end – and they open it. They toss the carbon-copy sheet in the middle, hand me one of the two pieces of paper inside, and take the other piece and stick it into a ballot box.

I have now, for the purpose of validating that as many votes were cast as voters showed up to vote, voted.

I go home. I start warming up the cheese fries.

While that’s happening, I pop the CD in and install the VPN client. It is quick and painless, and requires minimal user interaction. When it launches, I am asked for one thing: the string of letters and numbers printed on the otherwise blank sheet of paper I was handed at the polling place. That string is my key. I should note here that I don’t mean the actual encryption key, I mean something like a pre-shared secret – it’s not 1024 bits of characters, it’s just a random jumble of characters (let’s say 8 to 12 characters in length) that can be compared on the far side of my connection to verify that this is legit. Once I put that in, my browser launches and I am taken to a page that has the appropriate offices and candidates for my precinct/district/etc. I vote by clicking a few radio buttons. I click submit, which takes me to a listing of the votes I just cast. I am asked to review these votes and confirm them. Because this is just a simple page, my enhanced accessibility software for any disabilities I might have has no problem handling it – the page is read outloud, the text is enlarged, whatever. I click that I have verified this information, and tah-dah, I have voted.

The server on the far side marks my key as having been used. It can never be used again, not even next election.

I eat my cheese-fries.

That night, one candidate in a race asks for a recount. The number of votes cast is compared to the number of voters having shown up to vote, voted early or listed as voting online. The tallies are run again. There is no problem with online votes because they are, ultimately, every bit as secure as the output of a touch-screen machine that has no paper trail. So, OK, there are potential problems of the tallies having been tampered with, but these problems exist already in our system, so they are separate questions entirely.

Now, of course, there are problems with this. What about all those unused keys sitting in that box? They are thrown away. But what if someone decides to start opening them and checking off random no-shows in the voter roll and just voting for them? Well, that could already happen with blank paper ballots at any polling station. If we distrust the people running our elections, that is a separate question entirely and not of import to the technical matter of allowing secure, online voting.

But what, then, of Uncle Frank? He’s so bad with computers he tried to install iTunes and wiped his hard drive! He didn’t even know what iTunes was!

That, my friend, is Uncle Frank’s problem. Perhaps his geek niece will help him. Perhaps his geek niece will be so civicly minded that she sets up a local volunteer tech-support line for her precinct to help folks who aren’t sure what to do – staffed by both Democrats and Republicans, and endorsed by the local elections board after receiving election-staffing training. Perhaps she is supported entirely by one party or the other, like the many other programs the parties run on election day to assist voters by giving them rides to the polls, ringing doorbells to remind them it’s election day, all sorts of things.

But they could trick them into voting the wrong way! Yes, and so can phone-jamming schemes in New Hampshire prevent them from getting to the polls in the first place; the thing is, if it’s found out, it can be punished just as surely as any other form of election fraud.

Fine, Mr. Smarty Pants, what about spyware? Hackers? Key-stroke loggers? What about a virus that changes the local host file on Uncle Frank’s computer so that he gets redirected to a false website and his vote is stolen and he gives away his key to someone else to use? That? That I’m not so sure about. That’s partly a function of making sure your computer is safe in the first place and partly a function of threatening such voter fraud with the same punishments as any other form of voter fraud. It is, ultimately, a matter of law enforcement. I’m here to answer the technical matter of making the online voting happen as securely as possible, though, so I simply don’t have the technical answers other than to say that we all risk this every time we check our online banking or pay a bill. As such, Uncle Frank (or his geek niece) are going to have to take the same precautions they take every day, cross their fingers and hope for the best just like the rest of us.

So who’s going to pay for this? We are. We’re the taxpayers. The same budgets that pay for touch-screen voting machines will pay for the VPN equipment, and connections, and the perimeter security around the machines that handle tallying and the VPN concentrator itself, and on and on and on. Will it be expensive? Oh, you bet it will. It’ll be worth it, though, and heck, what we’re spending now on touch-screen devices is already pretty outrageous.

And yet, there are other problems, and other questions, and probably a whole slew of technical issues and hitches and hiccups that I just haven’t thought of. So what are they? It’s time to get cracking on this issue, because it’s going to happen one day, sooner or later, safe or not. We might as well start kicking around the best-case scenarios – not the worst-case, but the best-case – so that we can push for them early.

Now please, stop bogarting the honey mustard.

The Black Box Voting site has released initial findings from their study of the logs from the Sequoia brand touch-screen voting machines used in Palm Beach, FL, in the 2004 Presidential election. The results? Around 100,000 errors on the 40 machines they used.

100,000 errors on 40 machines.

In one county.

In one election.

(UPDATE: Five minutes after posting this I was convinced I’d misread it. I went back and checked. Nope! 100,000 errors on 40 machines. Just check out all those zeroes after that one. That’s a lot of zeroes. My head is still spinning.)

Some of the highlights from the report include:

• “several dozen voting machines with votes for the Nov. 2, 2004 election cast on dates like Oct. 16, 15, 19, 13, 25, 28 2004 and one tape dated in 2010″ (they report that machine-assignment logs indicate these balloting machines were not used for any early voting periods)
• “1,475 voting system calibrations were performed while the polls were open, providing documentation to substantiate reports from citizens indicating the wrong candidate was selected when they tried to vote” (yes, they had to open them up, mess around with the guts and then close them back up in the middle of election day, nearly a thousand and a half times)
• “[voting machine] logs rule out the possibility that these were Logic & Accuracy (L&A) test results, and verified that these results did appear in the final totals”

Here’s one of my favorite quotes:

Many of these machines showed unexplained log activity after the L&A test but before Election Day. In addition, many more machines without date anomalies showed this log activity, which revealed someone powering up the machine, opening the program, then powering it down again. In one instance, the date discrepancy appeared when someone accessed the machine two minutes after the L&A test was completed.

Voting machines are computers, and computers have batteries that can cause date and time discrepancies, but it does not appear that these particular discrepancies could have been caused by battery problems.

The evidence indicates that someone accessed the computers after the L&A and before the election, and that this access caused a change in the machine’s reporting functions, at least for date and time. Such access would take a high degree of inside access. It is not known whether any other changes were introduced into the voting machines at this time. As learned in the Hursti experiments, it is possible for an insider to access the machines and leave no trace, but sometimes a hasty or clumsy access (such as forgetting to enter a correct date/time value when altering a record) will leave telltale tracks.

Of course, when they asked the IT supervisor for the county elections board to name who had access to the machines, or whether they could set up a day to test the machines themselves, they say “the IT person, Jeff Darter, remained silent and never answered the question.”

Welcome to the 21st Century, folks. Want to vote? Don’t bother. It’s already taken care of.

If the whole idea of ~100,000 anomolies and errors in one county bothers you, or the idea of electronic voting with no paper trail and zero accountability bothers you – and they should – then consider doing something to help these folks out: NC VOTER, a grassroots group advocating for verified voting and against paperless electronic voting. I’ve talked to them at various things (Carrboro Day, for example) and they’re good peeps. If you’re in another state, look for a group there. This is a huge deal that I think a lot of people think doesn’t matter since it “fixes” the whole issue of butterfly ballots; the fact is, yeah, something may be getting “fixed” alright, but it’s not what we think.

I’ll say it: I lust for the new MacBooks. They are so hot. But, of course, many of my most-needed or most-wanted applications don’t have Universal Binaries out yet for the new Intel hardware.

A large part of that concern went away today, though. Actually, a fairly embarrassingly large portion of that concern. The 1.9.3 patch to WoW that got pushed out last night updated the game to Universal Binary status. Apparently it runs great.

Yarrrrr…

No, I’m not dead – just on vacation.

And ooooooooh, but I have a new toy!  Photoshop Elements 3.0.  Behold, and be blinded by my nerdiness.

It’s from World of Warcraft.  It started as a screenshot:

And I screwed around with it from there.  This… this is awesome fun.

(more…)

So, I’m reading around the interwebs today (the interwebnets as a client referred to it today, entirely without irony) and I see this on Wired:

For 26 years, strange conversations have been taking place in a basement lab at Princeton University.

No one can hear them, but they can see their apparent effect: balls
that go in certain directions on command, water fountains that seem to
rise higher with a wish and drums that quicken their beat.

Yet no one hears the conversations because they occur between the minds of experimenters and the machines they will to action.

Researchers at the Princeton Engineering Anomalies Research program, or Pear, have been attempting to measure the effect of human consciousness on machines since 1979.

Using random event generators — computers that spew random output –
they have participants focus their intent on controlling the machines’
output. Out of several million trials, they’ve detected small but
“statistically significant” signs that minds may be able to interact
with machines. However, researchers are careful not to claim that minds
cause an effect or that they know the nature of the communication.

Well, holy shit.  That is some cool stuff.  I have to confess, the nerd in me had an immediate reaction:  That’s what Charles can do.  Charles, you see, was my character in an extended Trinity chronicle run by Mr. Pink Eyes (Katastrophes
and Pants Wilder and I were his trio of players).  He was an
electrokinetic, and manipulating machines with his mind was one of his
main deals.  Damn, what a fun game that was.  Eventually
Charles morphed into the non-superpowered main character of Shell Access, my NaNo from last year.

Reading further into the article I saw this, though:

Participants have been able to direct one out of every 10,000 bits of
data measured across all of the tests. That figure might seem small,
but Dean Radin, a senior scientist at the Institute of Noetic Sciences
and former researcher at AT&T’s Bell Labs, said it’s to be expected.

“Many times in the beginning of a new scientific realm the effects are
weak because of high variability,” Radin said. “We don’t know all of
the factors yet that are involved in the effect (that could increase
the results).”

Radin likens the current state of research to when scientists first
began studying static electricity and didn’t know that humidity levels
could affect the amount of static electricity produced.

OK, now we’re heading more into the arena of the Technocracy, that
venerable and formidable opponent of all free-thinking dirty hippies in
White Wolf’s much-beloved Mage: the Ascension (link goes to the new version, Mage: the Awakening)
game.  In that game, Reality was a fluid thing susceptible to
subtle (or not-so-) pushes and shoves from those able to grasp the
underlying mechanics of reprogramming the universe.  The
Technocracy claimed that its use of magic was actually new applications
of science, misunderstood and difficult to reproduce.  Magi on
both sides of that war commonly believed that all technology
was, in fact, magic that had been accepted by the vast majority of
“sleepers” and thus was no written almost indelibly into the workings
of the world.  Interesting stuff for a night of sitting around
chewing the fat, but it’s not the same gig as Charles’ was.  In
Trinity, the super-specials (Psions) used a force called subquanta to
affect reality.  The science of studying quanta and subquanta was
called Noetics.

Then I re-read that part above and noticed this on the second pass:

…Dean Radin, a senior scientist at the Institute of Noetic Sciences…

That got me going, and I did a bit more looking around; turns out there’s even a Wikipedia entry on noetics. 

I want you to understand that right now, in the back of my brain,
Charles is sitting there with his arms crossed and his feet up going, Yeah, yeah, laugh it up now, while you can.  You just wait and see what the future holds.
(more…)

A couple of weeks ago, Mr. Saturday was moving out of La Casa de Pan de Jengibre
and held up an old, dead IBM 600X laptop.  “It doesn’t work,” he
said.  “It won’t boot, the battery is dead, I don’t have the AC
adapter for it anymore and god only knows what else is wrong with
it.  Do you want it?”

Of course, I said yes.  It’s unloved technology, and if nothing else I could use it build my nest.

When asked what he wanted for it, Mr. Saturday said, “You’ve saved me from carrying it to my car.  It is yours.” 

So, I started hitting eBay.  The 600X is an old machine, and parts for it are cheap.  So far, I’ve gotten:

–a new power adapter
–a new hard drive
–128 MB of RAM for it
–a floppy-drive insert to swap for the CD when needed

Since then, I’ve installed Libranet 2.8.1
on the new drive, installed the new RAM, and turned it into a working,
fast-booting Linux laptop.   I’m probably going to go ahead
and pick up a new battery for it and then?  I was going to donate
it to NaNoWriMo, as they maintain a small collection of dead-and-dying
laptops to lend to NaNoers who have no computer at home.  I mean,
I could just donate a few bucks to NPR or something, but charity feels
better when you actually do it yourself, you know?  This is a
lesson I learned in high school when I worked on a Habitat for Humanity
house in Asheville.  There’s nothing like putting that insulation
in the wall yourself and saying, Holy shit, I just made someone warm this winter. 

I wanted that same feeling with NaNo, but, well… they don’t need more laptops.

How’s that for a success story?

So now, I’ve got this laptop that’s just kind of sitting there. 
The battery is dead, but it can be replaced off eBay for around $35,
and Libranet supports a few of the wireless cards (especially USB
wireless devices, of which I have a random Linksys sitting in a
box).  So… suggestions? 

Farm it out to a friend? 

Donate it to the Durham public schools (if they take such donations -
it might be too old and slow for them to be interested, to be honest,
or they might not take donations of random computer equipment)? 

Just reBay it?

Other? (more…)

I don’t actually advocate a war on war-driving.  It was just the first title that came to mind.

The point I’d like to address, actually, is a recent General Accounting Office study of Wi-Fi security
around the various agency HQs in DC.  They found lots – and I
mean, lots – of entirely open, unprotected wireless networks in federal
agencies around DC.  How did they find them?  They walked
and/or drove up to them, popped open a laptop with a Wi-Fi card and,
like any other war-driver, saw what they could see.  And they
could see a lot, including others on the network who were clearly
unauthorized:

GAO investigators were able to pick up Wi-Fi signals from outside all
of the six agencies they tested, and they were able to find examples of
unauthorized activity at all six as well.

So why was it so easy?

But nine of the 24 major agencies haven’t
issued wireless-security plans, while many others provided little
guidance for acceptable use, the GAO found.

Thirteen
agencies don’t require their Wi-Fi networks to be set up in a secure
manner, and most don’t monitor their wireless activity, the report said.

OK.  Setting up encryption can be a pain – except that it isn’t a pain at all. 
Admittedly, I work in network security so I’m biased, but Jesus H. in a
catsuit, what are they thinking?  Anyone with even the faintest
hint of an aroma of security experience has heard the old saw that
there is no such thing as “security through obscurity.”  Just
tossing your access point up and hoping no one notices is NOT a security plan.  It is not a security policity.  It is not secure.

Any security posture is better than none at all, in my opinion.  Even WEP, easily broken and repeatedly denounced as little more than wishes on falling stars, is preferable to doing nothing. 
In a place like DC, or in any area with lots of wireless networks set
up, any measure of security is a good idea, no matter how weak. 
The vast majority of outside intrusions into any given network are done
purely to use that network as a jumping-off point for other
tasks.  Make your network any degree less attractive than others
just as easily available and you take yourself out of the running for a
lot of types of misuse for the simple reason that there are other,
easier targets out there.  The bottom line, the dirty little
secret no one will tell you, is that if you are an intended target for
electronic intrusion then there is little that can be done – no matter
what you do, if someone wants to get at you, specifically, they will do
so with enough time and effort.  Fortunately, it is rare (outside
of electronic blackmail)
for someone to be such a specific target.  Just slapping WEP in
place would drive a lot of innocuous but also uninvited and
unauthorized access off a given WLAN and onto any of countless other
networks nearby.  I’d bet it would cut three quarters or more
unauthorized access from any network, especially in a place with other,
softer targets in easy reach.

But these are government networks, and they deserve more than that pittance of attention.  So how hard is it to use WPA, a much more (ahem) robust encryption solution?  NOT VERY HARD.  YARRRRRRGH.  This kind of thing drives me crazy. 
Yes, there are aspects of it that are kind of a pain in the ass except
they’re steps these people probably already have to take anyway -
things like setting up authentication servers.  Hello?  Don’t
they have logins on their local LAN anyway?  I know it’s not
exactly a five-minute, hassle-free conversion, but if the federalis can
take the time to anally rape me every time I walk into an airport can’t
they be bothered to require a few login servers and some decent
encryption at federal agencies?  And if they got their access
points on the cheap somewhere right before they went out of stock, all
it takes to enable WPA is a firmware update.  A couple megs’
download and one access point reboot later, those access points are
WPA-capable.  It’s not like it would be expensive.  In fact,
it would cost nothing.  The firmware updates that enable WPA on older APs are all fucking free.  It is no more difficult than – in fact, it is just like – running Windows Update or Software Update on your home machine.

This is the part where I could launch into some sort of (even more)
shrill screed about how in the War on Terr’r we deserve the very best
protection for our various asses and baby Jesuses (Jesi?) and our
whatevers, and on and on, and I’m not going to do that because, for
fuck’s sake, that is so fucking tired.  My annoyance is
not political, it is purely technological.  This is not Robust
McManlyPants, Certifiably Crazy Leftist, talking here – this is Robust
McManlyPants, Network Dude.  I mean, for fuck’s sake.  It would not be the end of their world.  HIPAA
makes nursing homes keep their fax machines in locked closets because
customer data might pass over a phone line and into a dusty old Brother
machine with a leaking ink cartridge and a wad of chewing gum holding
up its left side but they don’t bother to secure the wireless networks
in the headquarters of their own agencies?  The FBI show up at conferences
to demonstrate that WEP is far from being secure, but their colleagues
in other agencies can’t be bothered to click a couple of options in the
setup screen for their wireless Access Point?

Gah.  People are so stupid.

I am not worried that Al Queda or some shit are hanging out in DC with laptops and Wi-Fi cards going, Aha, our knowledge of tax returns and the price of tea in China will be their undoing! 
It is not about that.  It is about my tax dollars and how they are
spent and what it means to be responsible with data and what the
government does even as it requires more responsible behavior of the
civilian sector under threat of penalty.  It’s about not
protecting the wireless network at a federal agency just being stupid.  It’s about lazy engineers or budget directors who just won’t listen.  It’s just dumb.  D-U-M dumb.

Bah.

OK.  I’m done. (more…)

Ah, yes.  apostropher beats me to posting it, but it fills my
heart with such mirth that I post it anyway.  All I can say to this is HELL yeah:

LEESBURG, Va. – A man convicted in the nation’s first felony case
against illegal spamming was sentenced to nine years in prison Friday
for bombarding Internet users with millions of junk e-mails.

Prosecutors said Jeremy Jaynes used the Internet to peddle pornography
and sham products and services such as a “FedEx refund processor,” and
at the time of his arrest was considered among the top 10 spammers in
the world. Thousands of people fell for his e-mails, and prosecutors
said Jaynes’ operation grossed up to $750,000 per month.

Jaynes, 30, was convicted in November for
using false Internet addresses and aliases to send mass e-mail ads
through an AOL server in Loudoun County, where America Online is based.
Under Virginia law, sending unsolicited bulk e-mail itself is not a
crime unless the sender masks his identity.

The
judge delayed the start of the prison term while the case is appealed.
Loudoun County Circuit Judge Thomas Horne said that because the law
targeting junk e-mail is new and raises constitutional questions, it
was appropriate to defer prison time until appeals courts rule. A jury
had recommended the nine-year term for the North Carolina man.

He wasn’t just a fellow North Carolinian – he lived a stone’s throw
away in fabulous Raleigh.  In fact, he kinda looks familiar. 
Does anyone who knows me know where I might know him?  (Does that
sentence even make sense?  Jesus, me and English, we’re like
cousins who hate each other.) 

My favorite part is this:

Jaynes told the judge that regardless of how the appeal turns out, “I
can guarantee the court I will not be involved in the e-mail marketing
business again.” He remains under $1 million bond.

I bet he won’t.  I bet he twitches every time someone uses the word “Outlook” for a nice, long time. 

I started to spend this post questioning whether email should really
land someone in prison for nine years.  Then I checked my
“caughtspam” folder on my main, entirely private email account and
found 915 messages from the last, oh, three days.

Um, yeah.

Throw the book at ‘im. (more…)

OK, so I had thought podcasting was basically a cute but unnecessary
fad.  I would rather read than listen, most of the time, and I can
read while at work whereas listening… not so much.  But The Boyf mentioned seeing a note during Battlestar Galactica that there was a podcast relevant to that episode on SciFi.com. 
I’m like, hey, cool, maybe the producer/creator/whatever guy has
something interesting to say.  I figured I’d download the little
mp3 and give it a listen and say, hey, that was neat.

No.  It’s way, way more incredibly cool than that.

It’s a commentary track for the episode.

You download it, you press play when the opening starts, you pause for commercial breaks.  It’s like DVD commentary only right now. 
Why wait for DVDs when the glorious, blessed,
holy-light-spilling-from-their-every-orifice interwebs can give us the
same experience right now?

I know this doesn’t sound like much, but it seems to me like this is major. 
This has (dare I say it?) the fleeting scent of synergy.  You get
your podcast commentary, you watch your show, it’s easy and it happens now.  (Actually, it happens precisely one installation of jPodder or iPodderX
from now, but hey.)  Combining anything with television to
accelerate an experience already popular (such as commentary tracks for
movies & shows on DVDs) is hot.  Hot hot hot.  I know that’s what they said about WebTV, I know, but this is different.  Call me crazy, but I see a shitload of potential applications that would be awesome.  Oh yes, call me crazy, but can you imagine what hot shit podcast commentary tracks would be if Joss Whedon had been doing this with Buffy?  Can you imagine what hot shit podcast commentary tracks would become, overnight, if CSI: Fuck If We Know, It All Kinda Looks Like LA Oddly Enough were doing this?

Oh, but they aren’t, are they?  Sure, 3 million people watch Battlestar Galactica every week, but assloads more than that watch CSI: Toledo or whatever.  And they aren’t going to do it because they don’t have to.

Ah, but you know that friend of yours who’s always been into forensics
stuff?  They read all the mystery novels that are based on actual
science and they like to talk about what shitty jobs all the various
Science Cop shows do with the real science?

Why can’t they do their own podcast commentary for each episode of CSI?

And what happens when some friends get together and MST3K up some of their own least favorite dreck on the tube?

Podcast Commentary Tracks + Television = Awesome.

I’m currently downloading the commentary tracks for BSG.  I
am such a nerd.  I know.  But I don’t care.  I revel in
it.  And now I desperately hope the countless people who will
certainly have already had this idea do something with it so that I can
find someone who’s producing their own MST3Ks of various things and that they’re good. (more…)

I asked about D&D tools for the Macintosh, and lo and behold, InsideMacGames.com comes to the rescue with snippet reviews of a bunch of gaming tools.  I’m kind of feh, whatever
on the die rollers, because I like the feel of plastic polygons in my
nerdy hand and I distrust a computer to do the die-rolling for me, but
the others sound interesting.  Too bad White Wolf’s tools were
universally awful and pretty much no one else has bothered to make any
for their games, eh? 

Anyway, woot! (more…)

OK, so as you might have noticed, I’m newly converted back to
Macintosh.  I have to use the term “converted” despite its overuse
because, frankly, the experience of getting everything set up and
sitting there going holy crap as Firefox launches in, what, two
seconds?  Maybe three?  Anyway, yeah, that is a religious
experience.

So now I’m trolling for utility suggestions.  Any good utility
recommendations you might have are welcome, though I have a special
interest in good Dungeons & Dragons utilities.  Yes, I am that
big of a nerd.

I’ve read a little about CrystalBall X and DragonAid X, and plan to give them a spin tonight.  But what else is out there?  What do you use?

John, I’m looking at you here. (more…)