Today’s Moment of Motorcycle Maintenance… er.. Zen.

Filed in Uncategorized

Context: discussion of the sparsity and vagueness of LDAP documentation:

Engineer 01: there has to be some secret cabal of the keepers of the ancient knowledge

Engineer 10: Yeah, they all live in a hidden valley in the Colorado mountains. Smoking ganja by the pound and laughing all us kids with our fancy GUIs.

Engineer 01: pretty f-ing much

Engineer 10: One day, I shall be met by the ghost of Dennis Ritchie and be shown the way to that shangri-la of geekdom.

Engineer 01: and then you get recruited as a new sysadmin in the fight to keep the “Universal Machine” running

Engineer 10: Next up on Cyber-Battles!! It’s Universal Machine vs. Turing Machine! Which one will win? The Machine War had BEGUN!!!!

On the Safety of Vaping

Filed in vapingTags: , , , ,

The discussion of vaping in public spaces at a local Atlanta convention came up a couple of days ago.  As anyone could predict, much muppet-flailing ensued on both sides with more mis-informed and un-informed opinions than you routinely see on CSPAN when discussing anything scientific than how to take a bribe.   (and we all know that politicians are born knowing how to do that..that’s why they’re politicians)

First, on the toxins released by ejuice on inhalation (ie…the maximum exposure possible. Exhaled vapor is going to be significantly less than this by fact that your lungs absorb a majority of it).

From the Journal of Regulatory Toxicology and Pharmacology we have a study entitled: Comparison of select analytes in aerosol from e-cigarettes with smoke from conventional cigarettes and with ambient air

link: http://www.sciencedirect.com/science/article/pii/S0273230014002505

The takeaway from that study is that the levels of HPHCs in the aerosol (ie.. “vapor”) were consistent with the air blanks (ie.. ambient air in the room) at <2 micrograms / puff.

Mainstream cigarettes were in the level of 3,000 micrograms/puff.

Table 5 is the one you want to look at:

I don’t care about cigarettes as this is about vaping so I’m only going to give those numbers:

The range of e-cigs tested came up at 1.7micrograms/puff (on average, range is 1.5 to 2.0).
Air comes up at 1.6 micrograms/puff.

Four of the classes of HPHCs being tested for were lower than was reliably measurable, but again, consistent with *air*.

Remember, this is the *inhaled* vapor, not exhaled.  The lungs hold onto much of the particulates and most of the chemicals.

(addendum using data from the study talked about below)

Normal breathing (~ 20 breaths/ minute) in a room with a low, but measurable amount of cigarette smoke yields an intake of 1 microgram of nicotine every THREE HOURS of breathing..  The study above shows the levels of nicotine in vapor from ecigs or ejuice to be 15% of that of cigarettes.   Using those numbers, you’d need to be in a room for 21 hours or so to get the same dose, or the amount of ‘vapor’ in the air would need to be 7 times as high.

—-

The topic of nicotine exposure from exhaled vapor (I refuse to call it ‘smoke’ or especially ‘second hand smoke’) comes up a lot too.

From the study: Nicotine yields to the aerosol were approximately 30 μg/puff or less for the e-cigarette samples and were 85% lower than the approximately 200 μg/puff from the conventional cigarettes tested.

So, whereas there is a measurable amount of nicotine in vapor, it’s miniscule compared to cigarettes.

—-

While we’re talking about nicotine exposure, let’s look at other things that expose us to nicotine.

This time, let’s look to the New England Journal of Medicine and a study called “The Nicotine Content of Common Vegetables

(and no, I don’t mean your dear uncle Fred who lives in his mother’s basement at 45 years old surfing /b/chan 20 hours a day)

Go read the study if you’re inclined:  http://www.nejm.org/doi/full/10.1056/NEJM199308053290619

But here’s the gist.   Certain human foods, especially the plants in the Solanaceae family (potatos, tomatoes, eggplant, etc..) contain  nicotine in measurable quantities high enough to result in nicotine byproducts to be expressed in urine (ie.. cotinine).

I’ll let you look at the study, but you’d have to eat 140g of potatoes to get the same nicotine as breathing normally for 3 hours in a room with a low amount of cigarette smoke.

Normal breathing in those conditions gives you 1 microgram of nicotine in 3 hours.

Power Rangers De-Boot fan short.

Filed in ShortsTags: , , ,

Or what I like to call the “Shut Up And Take My Fucking Money!!!” Power Rangers fan short.

I won’t spoil it for you by telling you more than this:  Watch it.  If you hated Power Rangers, watch it.  If you loved Power Rangers, watch it.  If you don’t have a single fraking clue who the Power Rangers were, then you should still watch it you old decrepit troglodyte who didn’t have a TV in the 80s or 90s.

Nudity (very brief, but oh so lovely), language, violence, and (in the words of Darph Bobo) Bloody Vengeance!!!!

UPDATE:   Vimeo has pulled the video.  They apparently don’t understand the concept of parody and derivative works.   Queue “The Streisand Effect” in 5…4….3…

So, with that said, here’s a youtube link:

Superfish, https redirects and other security stupidity

Filed in SecurityTags: , , ,

First there was a $300m bank heist that was driven out of the news by the NSA (again) snooping on everyone (well, yeah.. this is news?) and then the news broke of one of the most boneheaded tech decisions since Sony’s rootkit laden audio CDs.

With that kind of week, you know the awesome weight of attention turned on one little company’s products,ie.. superfish, was going to turn up more and more fun for us security types.   Lo and behold, here’s what’s behind door number 2.

The SSL exploit code has been identified in at least a dozen more apps,  several of them marketed as security apps.  If that wasn’t enough, it’s been discovered that it also signs invalid or self-signed certificates for you and presents them as valid to the browser.  An in depth technical explanation of just how nasty this can be is out at filipo.io who seems to be rapidly becoming the go-to place for info on this debacle.

Microsoft has stepped up to the plate with an update to Windows Defender to help clean up this mess.  All I see in Windows Updates is one for IE 11 and an ASLR but in Jscript9.dll.   I haven’ t tracked down the details from Microsoft’s site about the Defender update, but The Verge has some good info on it.

So now that the work deployment I’m assisting with (I’m on call.. if it goes bad, I get woken up anyway so might as well be useful, ya know?) is done, I’ll bring this post to a close and leave you all crying in your beer and cursing at your packet dumps.  After all, how much worse could it get?

Scott

Lenovo & Superfish == Sony Rootkit redux?

Filed in SecurityTags: , , , ,

Seems Lenovo got the bright idea that they wanted to be in the adware business and started shipping Superfish adware system that uses a self signed root cert to basically commit a MITM attack and intercept HTTPS connections.   Why?  To inject adverts, of course, because we all know there aren’t enough advertisements on the net these days.

Ars Technica’s article has a good summary and Errata Securty’s blog goes even deeper into the mess.  If you bought a Lenovo laptop any time after October of last year (though some say as early as June) there’s a good chance you have this abomination installed.   The Errata Security link above will walk you through testing for and uninstalling it.

This is why we can’t have nice things and why any company that lets marketing make these kinds of decisions deserves the pounding they get from the users and buyers of their products.  There is absolutely no excuse for this in 2015. Period.

Lenovo just took themselves off my list of considerations for my new laptop this spring.  I’ve been looking for a 4k laptop to replace about 90% of what I use my desktop for and Lenovo had a couple of good prospects.  Not any more.  Damned shame, really.  I love their hardware, at least on the upper end.

Scott

Equation Group, Stuxnet and the NSA

Filed in SecurityTags: , , , , , ,

A few links to get you started then I’ll return later today for more analysis.

One of the most impressive bank heists outside Hollywood:  Bank Heist Steals Millions
Sophistication that would make even William Gibson envious: Beyond Stuxnet and Flame
And you guessed it, The NSA is involved (maybe): Sources connect NSA spying with hacks reported by Kaspersky.

More later as I have time to read and research.  If you have something, post it in the comments.

Scott

 

Beige.. I think I’ll paint the universe beige…

Filed in QuickiesTags: , ,

Or at least a nice latte color.

While staring up at that black sky (or rather, the light grey sky if you’re near a big city.. damned light polluters!) think about this:

The sky is a light latte color.  More specifically, a “Cosmic Latte” color.

For a more scientific explanation and a good demonstration of what happens when a bunch of astronomers and astrophysicists get bored: Go to the original article here: The Cosmic Spectrum and the Color of the Universe

On the character of Wesley Crusher

Filed in SF&F, Star TrekTags: , ,

Or the things that float through my mind while watching paint dry servers build.

(pure unedited stream of consciousness)

Wesley could have been such a great character..  starts out at about 10-11 years old at beginning of the show.. adhd, very easily frustrated by the stupid adults around him, explores everything anywhere, often getting into trouble.  Not a ‘whiz kid fix it by the end of the show deus-ex-wesleya.  Just a hyper intelligent brat.

As the show progresses and he ages, he is drawn to Data, Geordi, etc.. because they’re at least smart enough to keep up and take a bit of interest.  He still gets more and more withdrawn into his own world and studies.  Spends inordinate amount of time hyperfocused on whatever interests him at that point, often triggered by some minor or major thing going on around him.   Driven to prove himself their equal or better.

By mid series he’s 15-16 and really hitting both his mental stride (outstripping even geordi on theory at times, if not necessarly practical application) and spending more and more time alone.   Gets kind of scary at times, intense, focused, extremely impatient with anyone and anythign that interrupts him.

Outwardly, it looks almost bipolar with grandiosity, bouts of isolation / depression / moodiness with sudden bursts of energy and effusive megalomania.    What’s really going on is the hyper focus vs. exploration and searching for the next problem to solve.

near end series, he’s old enough to be a civilian part of the science teams and working on and off with data, et al..  Starts encountering some of the aliens of the week and from that encounters Q who takes a bit of interest in him.   End series includes Q introducing wesley to the ‘ascended’ one who takes him away for further study and growth, etc…   He ‘Graduates’ from his mere human limits and eventually becomes one of the great scientific minds.

Very good, solid arc for that character.   Would have taken writing a 6-7 year arc for him, but could have been done.  He wouldn’t have been in every episode except maybe in the background or a passing moment in 10-forward.  If that.

Take out the Q factor and just have him, on his own, communicating on-line with other scientists, theoreticians, etc… and one of them agrees to sponsor him to something like the equivalent of the MIT or some hyper-think tank or some such.  No big finish, no ‘Wesley’s a god now’ or other bullshit.  Just the normal life arc for a hyper intelligent military brat.

Ping, Traceroute and Trinity’s Leather Clad Butt

Filed in Guest Post, WendiTags: , , , , ,

Over dinner one night, I tried to explain ping, traceroute and portscan to my wife.   This is what came from that conversation.   This is *her* interpretation and yes, I married her.  You can’t have her.*

(A guest post by my lovely wife: Wendi)

This is what happens when I ask Scott to explain something.

I am now going to horrify every honest to god computer geek I have that reads this.

…that, or you’re going to die laughing. At me, or with me, it’s all good.

I asked Scott about “tracert” and “ping” and “ports”; he tried to explain that. Unfortunately, my brain works best with some very visual metaphors. So this is what I came away from that conversation with, presented here for your amusement.

“Ping” is a chore. This chore is performed by Bit (the little Yes/No guy from the original Tron). You tell Bit to… say… drive to DismalLand, find out why the fuck the lines are so long, and come back. When Bit comes back and says”Because it’s DismalLand, the Tragic Kingdom, dummy. The lines are always long!” the Ping chore is complete.

Now, there are a lot of hazards between you and DismalLand. Some of it is bad road, some of it is bad drivers, some of it is that incredibly STUPID civil engineer who designed the fucking roads. I like to think that some of those hazards might include Jack Sparrow driving a parade float pirate ship, and he’s being chased by a other pirates – either the kinds with swords in their teeth, or the kinds who are busily downloading cars and purses and stuff off the intarwebs. And then there’s DHS, who are kind of like the Keystone Cops but with more guns and stuff.So to navigate all those things, Bit turns into Trinity from the Matrix. Probably on a motorcycle. I picked her because her leatherclad ass is amazing. Plus, she has guns and kung fu, and that picture is a lot more interesting.

Now, maybe you don’t trust Bit. Maybe Bit ran off with your best friend like a two dollar whore this onetime. Maybe Bit is a pathological liar. Maybe Bit is the Godspouse of Tinkerbell and easily distracted. Who knows? But you think Bit is really damn flaky. So you hire some guy named TraceRoute.

TraceRoute’s job is to follow Bit around EVERYWHERE AND REPORT EVERYTHING. “Bit’s left turn signal came on at 10:15:00. Bit merged into the left lane at 10:15:20. Bit took her hands off the handlebars and blew the living shit out of Jack Sparrow’s parade float at 10:16:31.” So when Bit comes back, Bit comes back with an attitude and a ream of paper that details every time she did anything, ever.

So then you ask about the “ports”. Ports are basically like doors.

I’m going to massively change metaphors here.

Say you’re in a whorehouse. There are many doors. And behind each door is a different thing. Blowjobs behind this door, handjobs behind that door, goatse behind the other door, and thank all the gods of network traffic that the Etsy Cupcake Circle Jerk door is always locked. Naturally, all these doors are closed. Some of them are locked all the time, some are unlocked all the time, some are only locked when something fun is happening, and sometimes some asshole with a master key runs through and just randomly locks and unlocks shit to piss you off.

You can make Bit go check this for you,too. That way, YOU don’t have to suffer surprise goatse. Bit deserves it, the bitch. There’s about three different ways this can happen,but they’re all called PortScan.

There’s a doorman/bouncer at all those ports.

This bouncer is called…

WAIT FOR IIIIIIIIIT!

 

A DAEMON (This part is an inside joke to a particular forum. Don’t worry about it if you don’t get why that is side splittingly funny)

 

*You can’t have her unless you ask her nicely.

Ebay hacked. Change your passwords.

Filed in SecurityTags: , ,

(edit: s/Changed/Change/g)

Maybe I should turn this into a security blog.  Seems I can’t go a week or three without a post about yet another major corporation getting hacked.  This time it’s Ebay.   Took them a couple of months to figure it out too.

What makes this one extra special is that it wasn’t through some SSL bug or other exploit.  It was through compromised (week?  social engineered?) employee passwords.

They got hacked back in March. and only discovered it a couple of weeks ago and announced it today.

Though no Credit card or bank info was in the compromised database, enough info on there for a good shot at identity theft was:

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”

Ebay’s blog post about it at the link below.
http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

Categories
Click to view/hide
Calendar
Click to view/hide
September 2017
M T W T F S S
« Apr    
 123
45678910
11121314151617
18192021222324
252627282930