Friday, September 15, 2006


Well, ended up having to restore my computer last night. I was running FC5, just playing with some VMs and... well, I'm not sure what it was, all I know is it disappeared. I had installed it a couple of weeks ago over an Ubuntu Dapper install. Mostly because I have had a love/hate with Red Hat way back since the (in)famous Halloween release v0.9* (remember the bat?). I just had to try it out. I'm used to the hierarchy in /etc (although debian-style is not all that different), and the artwork in the default GNOME theme and icon set is fantastic.

Fedora 5 is just... sluggish. I'm not sure why. I had the same network drivers, the same kernel version, the same Nvidia drivers as my Dapper install. It just seemed slow. And there were packages Fedora used to have that it phased out. There was also a lot more manual configuration than I remember. Everything was stable (or so I thought), but I just couldn't squeeze anymore speed. GNOME acted like it was on Valium. Anyway, it died.

Thank god I back up /home.

So I decided to switch back to Ubuntu. That was a bit more pain than I wanted. I have never had a problem installing Ubuntu on either my desktop or my laptop.

Last night it decided to be contrary. Of course the first part was my fault. I though I'd give Edgy Eft a shot, even though it has not been officially released. Well there's a reason it's not released yet. It started complaining that the modules it was trying to load off the DVD did not match the kernel the DVD booted with. Huh? Screw it. I'll just do Dapper Drake, the latest official release.

Everything went fine. Added my extra apt repositories without a problem. Got my wireless up and working with WPA2. Synced my Firefox bookmarks and cookies using this great extension. Got my win32 codecs, libdvdcss2, mp3 support. Everything I like to have on my machines.

And then, we get to the Nvidia card. Something I have never had a problem with before. For some reason, the nvidia driver in the repository kept thinking my card was an ATI (but it still tried to load the nvidia Xorg driver). Weird. At one point I was going to manually install the driver, but then realized what a PITA that would be when I tried to update either the Kernal or X. Plus, one of the reasons I went with Ubuntu is so I don't have to muck around with config files and kernel modules.

Finally got it working around 1 AM so all is well in the world.

*Holy crap! I just looked up the exact date of the Halloween release. 12 years ago... I've been messing with Linux that long. I'm getting old.

Thursday, September 14, 2006


Well, I updated to the new framework for Blogger (Beta, just like everything else Google does...)

Not 100% I like this template. The links are much easier to see. I just don't know about the layout and colors. I guess I'll have to bite the bullet and actually learn CSS, rather than cutting and pasting other peoples examples...

Updating blog

I'm going to be updating the blog (moved to the new format) sometime in the next couple of days. It may be inaccessable at times (I really don't know). Stuff may disappear for a while (again... don't know).

Wednesday, September 13, 2006

Popular Mechanics vs. Loose Change

Do yourself a favor and watch this video. It's a bit long, but more than worth it.

The Loose Change people give me a headache.

I am still amazed by how many people believe the conspiracy and massive "cover-up" allegedly perpetrated by the US government re: 9/11. They are probably the same people who claim we never made a moon landing in 1969, or that JFK's assasination was anything other than a nutjob ex-Marine in a book repository.

I'll probably address this in more detail later, but I just can't fathom how people just discard facts and evidence that contradict their claims. I touched on this in some fashion in this post.

Oh, yeah. Get this book.

UPDATE: I was going to write a long response regarding these "theories", but it's been done. Better and more authoritative than I could ever hope to be. Just read this. It should lay to rest any lingering doubts that we were attacked by terrorists, who used civilians on public airlines as weapons

However, I do have one comment regarding the video I linked to above. The guys who did Loose Change are petulant children. And just like children they refuse to let facts interfere with a cherished belief. When adults debate they tend to refrain from eye-rolling and interupting with jeers of "Liar!"

I swear, they're worse than Scientologists (well, maybe not)

Oh, I Gotta Get Me Some of These

Cool USB Gadgets

Tuesday, September 12, 2006


I just got my GIAC Certified Forensics Analyst Certification!

I didn't do spectacular on the two exams, but I did pass with a comfortable margin. I guess I shouldn't have waited so long after the course to take the damn things. There were some details I couldn't remember because it was less than fresh. There was a 6 month window and of course I waited until there was less than 72 hrs left to prepare and take it.

Well I can add it to my list of GIAC certs (I have a GCIH). Of course they're both only Silver level. I'll guess I'll have to get cracking on submitting a technical report topic and get an advisor assigned (if they don't reject the topic) to get the Gold levels. The hard part is coming up with a concept that hasn't been done to death.

Technology Tuesday!

Yay! Geek time!

Just a quick round-up of some things I've come across. Some old, some new, all pretty interesting.

Modern Life Leads to More Depression Among Children

In an open letter in The Daily Telegraph, 110 teachers, psychologists and authors (including Phillip Pullman and Jacqueline Wilson) decry the dangers of technology on the social, emotional and mental development of children. There's no solution or suggestions of what should be done, but I'll give them a pass on this one since it is a complex topic with no easy fix.

I suppose identifying the problem is the first step, but I'm not sure they haven't pointed out the wrong cause. It is not so much that children are not affected adversely by technology or early academic demands (the current pace seems a little... rough). I believe they are when not taught responsible usage and given adequate play and rest time. The real culprit is the environment available to the child during the formative years. And the main shaper of the environment of a child are the parents (or guardians).

Children's primary emotional and social teachers are their parents (or parental figures). They see how their mother and father (or mother and mother; or father and father; or just mother, or... you get the point) interact with the world -- their coping skills, socialization skills, etc... Children will pick these up and emulate them.

I think this is more an issue of the inability of adults to deal with the rapidly changing landscape of technology and the availability of a truly staggering amount of information. And children see this.

Unless there is a clear biological component, problems with coping skills, emotional retardation, and inadequate social skills are typically a direct effect of a developing child's environment.

So, what is the solution? I have no frigging clue. All I know is a disease is not cured by attacking the symptoms.

Secure Your Wi-Fi Traffic Using FOSS Utilities

Here's a neat article for those of you that use WiFi at public APs and don't want anyone snooping on your traffic. It's a step-by-step article for setting up a SSH tunnel on a home Linux box and then using that tunnel to connect to the Internet. Everything leaving and entering your laptop will be encrypted.

Of course you will need a broadband connection and a Linux box at home for this to be useful.

Notes from the Hash Function Workshop

Bruce Schneier's blog entry about NIST's Second Hash Workshop. Mostly for replacing SHA-1 since it has been shown to be cryptographically weak. While there are no practical attacks (yet) and SHA-1 is still considered operationally safe, it's still time for companies and government agencies to start looking for a replacement.

Personally, I use like to use SHA-256 or TIGER if they are available as options. Otherwise, I'm still pretty comfortable using SHA-1 for anything non mission critical.

Monday, September 11, 2006

Holy crap! He's still alive?

Walter Cronkite!

I just now heard him on the radio. I was leaving the gym and had my usual station on in the truck. Normally, it's some ass named Tom Leykis. This was something else. I'm guessing (cynically of course) a ratings grab by CBS radio. You know -- jumping on the 9/11 bandwagon. Long faces and weepy eyes. I pretty much have a reflexive distrust of the media these days so I view these "tributes" for what they probably are. A chance to charge advertisers a premium because of the almost guaranteed increase in viewers/listeners.

Anyhow, they had Walter Cronkite on the phone. Seriously, I thought he was dead. That stentorian voice of his is a little more gravelly. A little diminished. But without a doubt recognizable. He was only on briefly, and one thing really stood out. He was asked what he thinks when he drives (or is driven most likely) past where the WTC stood.

His response:

"I think about all those people jumping from the buildings."


I Thought This Crap Was Over or WTF Happened to Critical Thinking?

I thought this was done. Dead. Buried. Pulled from the meme-pool by the life-guard of common sense. But no. I still see people linking to YouTube or Google Video and saying "See! See! This is what America's imperialism has wrought!"

What the hell am I talking about? Good old Jesse Macbeth. Remember him? He was the alleged US Ranger who claimed (among many other things) to have executed children as part of interrogating the parents, infiltrating a mosque and slaughtering the worshipers, and personally killing a mother and her three children (including an infant). There was a video interview that was posted to back in May 2006 where he detailed these atrocities.

Holy cow! Another My Lai. This was incendiary, incredible news. The Anti-War Left was jumping all over this as definitive proof of the evil of the US.

Except there was one problem. None of this ever happened. Within hours, it was being deconstructed and refuted by many on the internet.
Blackfive led the charge along with other mil-bloggers. What were the problems with the video? Why were they claiming hoax?

Take a look at the entry on
Wikipedia for Jesse. It pretty much spells out all the little "inconsistancies". Of course then there's the response of the Army itself regarding his service in either Special Forces and/or the Rangers:
“Initial research by the U.S. Army Special Operations Command at Fort
Bragg shows no Soldier with the name of Jesse Macbeth having ever been
assigned to the Special Forces or the Army Rangers -- which are, in
fact, two separate disciplines. This appears to be some sort of hoax.
No Soldier by that name at Fort Lewis to our knowledge, in the past,
either. Of course, the line about "go into the Army or go to jail" is
vintage TV script not heard since the 1960s. There are also numerous
wear and appearance issues with the Soldier's uniform -- a mix of
foreign uniforms with the sleeves rolled up like a Marine and a badly
floppy tan beret worn like a pastry chef. Of course, the allegations of
war crimes are vague, as are the awards the Soldier allegedly received."

So. Why the hell am I bringing up this (relatively) ancient history. Well, some people are still falling for this after "discovering" it on YouTube (or Google Video -- sort of the less popular book-worm cousin of the HS cheerleader that is You Tube). And these people are showing up
everywhere. I'm a security professional, and as a result I subscribe to a lot of technology and security related mailing lists. Some of the un-moderated lists get items such as "The real truth of American Fascist Imperialism!" or "OMG!!!11! Bushitler's Real Purpose In Iraq!~!". This gets tiresome so most of this stuff gets quietly and automatically filtered out. Unfortunately, every now and then one gets through.

This was the case today. In the mailing list appeared a message "OT: ". Now the OT was a nice touch to let us all know that the subject of the message was "Off Topic" and not related to Information Security. But of course, curiosity got the better of me and I opened the message.

When will I learn.

All that was in there was a link to a this
Google Video page. No content to the message other than that. As if the author of the message was saying "If you watch this video, the obivious truth should hit you like a clue-by-four between the eyes." I was expecting the heavens to part and see the sainted pantheon of the Democratic Underground* sing in an angelic choir about the evils of the Bush-Rove-Cheney-Haliburton conspiracy.

So, I replied that this had been shown as a hoax some time ago. OK? Thanks for playing.

He reposnds by sending me a link to his own blog with other links to... Google Videos [ed. corrected from YouTube]. Kind of a circular argument. I am supporting my position by citing myself talking about my position. And linking to undocumented videos does not make it right or even authorittive.

Really, I am constantly amazed by the lack of critical thinking people exhibit these days. It doesn't take long to find actual citations to back up a position. A loon talking in a video is *not* a credible source. Unfortunately, people want to believe something that backs their own opinions so badly that they will take unsubstantiated stories as truth and use that as evidence. These are the same people who ignore scientific evidence and believe that the US government destroyed the WTC. Or believe Intelligent Design is a valid scientific theory (Hint: it's not. It's just another faith-based belief. It's completely untestable via the scientific method - hence, it's not a scientific theory. It's theology playing dress up)

Of course, eventually someone points out that the "evidence" being cited is a fraud and fake... Well, at best that someone gets ignored, at worst called tool of the vast neo-con conspiracy. (Seriously,given the government's track record at keeping things secret... a "vast" conspiracy is ridiculous at best)

Just because something is on the Internet does not necessarily make it true. Now we can go all reductio ad absurdum and claim nothing can be believed, but it's really not that hard to verify information. A good ability with a search tool such as Google, is all you really need. Of course you still need to take what you dig up with a grain of salt. But for most things, there will be a preponderance of authoritative evidence if they are real.

Most of the refutations were relying on points of fact -- not emotive arguments and ad hominems (of course the El DeBarge meets the Army comment was pretty good). And most of these facts were cited. Either by pointing to authorities/experts (such as people who were verifiably Rangers and would know) or a multitude of documentation.

Hoax and fraud does nothing but weaken one's position regardless of the overall validity of said position.

* - For a good laugh, read the DUs forums. They're being serious. Really.

UPDATE: Holy shit. The fool is still arguing about the validity of this video. I had put some refutation and links to most of sites that had "outed" Jesse. Of course, I managed to pull others into this little free-wheeling discussion on the mailing-list.

Now he's frothing at the mouth going into full moon-bat mode. His "rebuttal" is almost as long as my post here, so I need some time to read it. I think it will require an entry of its own.

UPDATE2: Never mind. Just the same old, tired nebulous talking points that have been argued ad infinitum. Yawn. I though I might see something original.