newspaper
The DMC Times

newspaper  In Memory of a Kindred Spirit
2010 - 03/07 - 11:47

John Patrick Bedell. His story has so many spooky similarities to my own personality, I feel inclined to comment. Which you must understand, due to my own "blunted affect", only comes with great reluctance. See, I ran across the phrase "blunted affect", while reading again the wikipedia page on schizophrenia yesterday, in response to this story. Schizophrenia is a funny thing, no matter how many times I read the definition in my life (must be half a dozen now), I can never remember it months later. I suppose I'm in the camp of those professionals described in the wiki article who think the term should be abolished, instead viewing the many characteristics that currently build up the definition, as all being traits of the normal human psyche. Normal traits with a sliding scale, i.e. a person can have a slightly 'blunted affect', a moderately 'blunted affect', or a severely 'thousand mile stare' blunted affect. Or any gradation between. Ditto with tendencies towards bipolar-ness, dissociative personality, etc...

Please forgive the tangential nature of this prose, as the issue is complex enough, that it is unavoidable without dedicating a month to reformatting as a publishable paper, which is time I truly don't have to spare at this point in my life. I.e. to comment on 'multiple personality disorder', I truly think it is entirely normal and beneficial to have differing personality traits in response to differing situations. I'm sure any soldier can tell you that the personality face/facet they wear on the battlefield is entirely inappropriate to wear at the dinner table with their family. Any poker player can tell you that if you can't intentionally periodically 'change-gears' both in your play, and your pokerface, you will be at a disadvantage. Does this mean the soldier or poker player has unhealthily dissociated and compartmentalized their personality? I say no. I say this is how humans are meant to interact with the world. I myself had an entirely different personality before 9/11, Abu Ghraib, American Torture/Waterboarding, Illegal wiretapping, The outting of Valerie Plame to discredit a dissenter, etc.. etc.. etc... I try to tap into that pre-9/11 personality when interacting with innocent children, but when interacting with adults who are familiar with the new neo-realist american attitude, I don't bother. I know that they too have adapted to the pressures coming down from the government suppressing dissent. I know that people unlike myself, with families they are beholden to, are unable to have _free_ conversations about folks like Blackwater. I mean, you don't want to politically mess with folks like Blackwater and their GOP supporters, if your voice is likely to be heard in any politically meaningful way. Because there will be consequences. Those guys like their money, their football size bricks of hundred dollar bills they throw around in Iraq (look it up), and they aren't going to sit idely by and let dissenters interfere with their operation if they can throw a few of those hundreds at some underfed third world hackers with the ability to ratfuck and discredit dissenters via the internet. If what I'm saying here is crazy and unrealistic, I welcome my family friends and government to come lock me up. I.e. I take issue with the washingtonpost here-

"
But in the early 2000s, Patrick's curiosity and skepticism changed to an off-putting perspective laden with conspiracy theories. He smoked marijuana frequently. One time, Monaco said, Patrick asked him for his cellphone. Monaco handed it over, and Patrick removed the battery. "He said, 'That's how they can listen to us,' " Monaco said.
"

I'm sorry folks, but I too believe that our cell phones, even when not in call-mode, or even 'on-mode', are being used to spy on us, by organized criminals, within, and outside our government. Again, if this is paranoid, I'm honestly tired of fighting the stigma- come lock me up. I believe, as an educated, graduated even, computer engineer, that that is the God's honest absolutely probabilistically accurate truth. Given everything I have seen in the last decade, I would be _astonished_, and _flabergasted_, if organized criminals, both within and outside our government, had not infiltrated or gained the cooperation of the telecommunications companies enough to be doing that. And not because they want to spy for spying sake. Not because they want to intimidate for intimidation sake. But because it is extremely PROFITABLE for them. (And because it is also extremely JUSTIFIABLE for them, when they bring up arguments like fighting terrorism and pedophilia.) It can help them discredit their political enemies so that they can continue to fleece billions, if not trillions of taxpayer dollars. It can help them maintain their power in countless ways. Again, if this belief is evidence that _I_ am a greater threat in a distressed lone-wolf sort of way, than the Blackwater's of the world are in a mass-corruption sort of way, then please, my friends, my family, my countrymen- come lock me up. I won't resist. After Obama failed to close Gitmo 51 weeks after I was positive he could have had he really had the sincere motivation and power, I have given up. I give up.

Now, lets return to "blunted affect" for a second, as some astute psychologists may have noticed my affinity for it early in this rant. "Blunted affect" is where we are all headed, once it becomes more widely known just how pervasive and detailed the recordings of us are. See, what happens when you have as many cameras recording people as they do in the UK, along with facial threat detection software running endlessly, is that people will learn to instinctively hide any and all expression of their emotion, in order to recover some amount of psychological privacy. We've all seen the TV shows and news reports of anti-terrorism techniques at airports. People being asked questions designed to provoke an emotional response, detectable as thermally visible heat flushes in their faces. As this sort of thing becomes more widespread, and its inevitably corrupt use for political purposes as well as security purposes, everyone you know will develop a "blunted affect" response.

Anyway, there it is. I hope I've now given the world what it needs to lock me up, if in fact, as it certainly superficially seems, I am just as troubled as Patrick was. I have certainly had similar suicide-by-cop and columbine fantasies, from grade school to the present. I am only human, and I too could probably snap. I sincerely hope that my biggest threat to society is via the truth of my words exposing the bigger dangers. But who knows. Go ahead, lock me up, drug me up with the crappy un-fun drugs, I really don't care anymore. Good luck.

newspaper  dglog:: been a while, but happy to be even
2010 - 03/04 - 21:28

Getting settled here in Lawrence... How 'bout those 'hawks! 

course::Lawrence:Centennial
date::2k10/03/04
score::0
hole:12:3:
hole:13:4:missed par putt
hole:14:3:
hole:15:3:chainsplash on the birdie putt
hole:16:2:
hole:17:3:
hole:18:3:15' birdie putt missed on the icefield
hole:01:2:short(was driving at long, nice tree bounce)
hole:02:3:
hole:03:3:
hole:04:3:
hole:05:3:
hole:06:3:
hole:07:3:
hole:08:4:eh
hole:09:3:
hole:10:3:
hole:11:3:
newspaper  Quasi-Dawg-Food Release: Guitar-ZyX-0.5.0
2010 - 02/25 - 19:44

A new release of Guitar-ZyX is available. Version 0.5.0(BlackBeauty) is descended from Fedora-12. This marks the first time that Guitar-ZyX is not lagging its ancestor at all. Note, that I consider this to be a 'Quasi-Dawg-Food' release (and generally all *.0 releases as well). Unlike Guitar-ZyX-0.4.0, which truly was known buggy, 0.5.0 seems fine so far. But given the release date was defined by my geographic migrational plans, there may well be a few things that slipped through that I might have otherwise caught and fixed before release.

The news for this release, other than the ancestor rebase, is that UNetBootin is now included, and can be used on winblowz even, to create the LiveUSB media. More polished and tested integration will come with 0.5.1 in a couple months, but it seems to work pretty well. Also, Guitarix is now included as an alternate live guitar-f/x engine. It can be used instead of, or in conjunction with Rakarrack. I've actually never used it myself, perhaps put off by the confusingly similar name. Note that while Guitar-ZyX did not have any releases prior to Guitarix's first, I did have the name in mind pretty much as soon as I saw the first Rakarrack reviews which appears to predate Guitarix. And Guitar-ZyX's predecessor G-ZyX was on LWN's distro list years before Guitarix existed, so I don't think anyone can mistakenly accuse me of intentionally choosing a confusingly similar name for my project. In any event, it took all of a single config line to include Guitarix, so confusing name or no, it is now available to Guitar-ZyX users.

Finally note that I restyled the site - mainly this news page and the menu a bit. My understanding of CSS has certainly solidified since years ago when I blindly copied Spock's. One of these days I'll do a rewrite from scratch. The important thing is that with some changes there, and elsewhere, the site should now render on smaller screens better. Or at least that is what iPhoneTester.com is telling me. Though I still need to figure out how to get the menu column to stack when the screen width is less than 480px. A brief netsearch didn't come up with anything as easy as I was hoping for...

newspaper  Filtered Perception Of The Day
2010 . 02/23 . 11:51

In today's edition of civilians being misled by the media, I point to newsweek's article discussing the privacy implication of cell phones used as spying devices by governments. If we lived in a sane, free world, the article would have at least in passing, mentioned the ability of governments via cell phone providers, to record from the microphone of cell phones that are not in use, and even those that the user has turned off, but not disconnected the battery from. Oh those elephants in the room are so hard to see...

newspaper  Changes Aren't Permanent, But Change Is
2010 . 02/21 . 00:24

Quote of the day - "Getting bugs fixed is surely the way to go, but sometimes one needs a quick workaround in the meantime." - Michał Januszewski


I ran across that while checking in on the progenitor of The Site Formerly Known As Smiley's Website. Spock (aka Michal Januszewski), in addition to having a great website whose style I shamelessly copied, seems to share my taste in hacker wisdom. VirOS and it's exploded-directory-style traits, are a distro-infrastructural embrace of that philosophy. Yes, it is always best to know how to fix things in the proper way. But often, when you are just improvising new code amalgams the way I play guitar, it pays to be able to quickly and on-the-fly patch over the errors you run across.

Anyway, I was checking Spock's site today and found that quote. I decided earlier that I finally after three and a half years, wanted to stop paying quite so much homage to his site. Thus begins the reign of Dawg's Metaverse. A slighly darker site, for slightly darker times.

newspaper  iCandy: ZyX-LiveOS-Strains, Fork-ZyX BootScreenCast
2010 . 02/19 . 04:36

In addition to the obvious SWS menu icons, the ZyX-LiveOS-Strains Taxonomy Page now looks somewhat like I originally envisioned it many years ago. No trait checkbox matrix yet... And I did go a little nuts with pyvnc2swf to make the new Fork-ZyX-0.9.3 Boot ScreenCast. I hope to add a simulated audio track, as well as a theora version soon.

newspaper  Release: VirOS/ZyX-LiveInstaller/Fork-ZyX-0.9.3
2010 . 02/13 . 23:41

A new release of VirOS is out, with initial support for generating LiveCD/DVD/USB distros derived from a fedora-12 ancestor. As promised, integration with the upstream bootsplash and initramfs happened, which has finally facilitated a new 0.9.3 release of Fork-ZyX. Screenshots and a boot video will be available soon. And of course, this means that Guitar-ZyX-0.5.0 is just around the corner... perhaps with a LiveCD version and one or two other improvements... 

-----
VirOS
-----
* Fri Feb 12 2010 Douglas McClendon _dmc AT viros DOT org_ - 0.6.2010_02_12
- misc cleanups
- initrd to initramfs
- vxmog: correctly clean up other kernels
- f-zyx: selinux initialization as per contemporary mkinitrd
- synthesize: removed some acpi= workarounds, added qreaper workaround
- style: decided x$ is needless (until I see proof otherwise)
- bugs: TMPDIR environment checking corrected
- smirfgen/xmog: ancestor bootsplash integration
- smirfgen: put kmods in natural subdirs
- smirfgen: parse ldd output a bit better
- zbuild: new smirfgen only xmog mode (zyx-smirfgen xmog)

-----------------
ZyX-LiveInstaller
-----------------
* Fri Feb 12 2010 Douglas McClendon -dmc AT viros DOT org_ - 0.2.3-1
- enhancement: use /etc/zyx-liveinstaller.banner.png if it exists
- bugfix: tmpfs symlinks now owned by owner of their target
- update: mkinitramfs new syntax
- zyx: no tmpfs mounts like ancestor anymore
newspaper  Lamenting Lost
2010 . 02/03 . 14:32

Sadly, even without my TiVo, I still have brain-rotting access to most of my favorite shows on the net. I'm a few minutes into the final season premier of Lost. Even if last season was viewable on my linux platform (ABC says it will be eventually), I would skip it. Instead, I read the wikipedia synopsis. Which is just absolutely hilarious, and makes me glad I gave up on the show before that. Lost started out as a great mystery show, utilizing the lack of coherent plot, to allegorically explore whatever topics the writers wanted to. I.e. Sayid the torturer back int the days of newspapers showing wet shaggy haired pictures of Khaled Shiek Mohommed. Or Charlie the heroine addict. Or Sun and Jin and the pressures of the aristocracies they were born into.

But then that quality plot-irrelevent acting led to popularity, and the writers themselves admitted that they were stretching out the middle of their overall plot (I'm still skeptical there ever was one). But I'll give the final season another chance, and try to appreciate the core of the show, which has always been the acting, and not the plot. Or then again, maybe I'll easily find better things to do...

newspaper  mad props of the day
2010 . 01/27 . 12:24

A new TV theme via guitar that I have to aspire to - Hill Street Blues. All I really hope is to learn the first dozen or so notes.

In other news, Guitar-ZyX-0.5.0 has begun it's slow journey to release. The aesthetic improvements in 0.4.1 were just the start. And in parallel I'm taking the plunge into ajax/php/mysql world. I had been planning on it several months down the road, but I guess it has too much synergy with the current software engineering job market (and potential GZ050 'cloudsession' features...)

newspaper  spam imposter attack 2k10-01-21
2010 . 01/21 . 17:22

I find the coincidence in timing with the release of Guitar-ZyX-0.4.1 to be unmistakable. But it appears spammers have decided today to start impersonating with my domains again. This time using the questionpoliticians domain and perhaps others. I'm actually somewhat mildly relieved that this confirms that when it happened before it was never the result of my domain mail being run on my own mailserver. Now I use the cheap decent 1and1 service. In any event, a sample of 3/120 bounce messages that started flooding my inbox in the last couple hours, are located here in case any admins want to try to track down the culprits. From what I remember of admining sendmail, it is not hard to spoof just about every aspect of emails, so I don't know what good they really are. Hopefully if it is a widespread issue, the right people will see this message and take the appropriate actions.

FOLLOWUP(Feb 3rd): nearly a week has passed. The deluge continues in spurts. I'm now up to 5800 spam bounce messages from arguably misconfigured mail servers. The conventional wisdom is that bouncing spam like this to the sender address is generally considered useless, and even bad. Precisely because it ends up flooding domain owners like myself instead of the culprits. On the other hand, procmail is procmail, and it's interesting to see in real time the spammers in action, and so that I can post explanations such as this.

newspaper  release: Guitar-ZyX-0.4.1
2010 . 01/21 . 00:14

As promised- it's up!

Check out the release notes, particularly the What's New in Guitar-ZyX-0.4.1 section.

Note that while it didn't quite make it into the release notes, the larger 5.6G .wsource.iso is precisely the same as the basic 2.8G LiveDVD. The difference is that, as the filename implies, it also contains the complete source code. To extract the .srpms, try a command like 'tac *.wsource.iso | tar xvf -'.

Finally, all I can say is - Rock on... And continue praying for the people of Haiti and their terrible suffering. I thought Obama could close Gitmo in a year (actually I thought he could do it in week). Now I just don't know anymore.

newspaper  5.6 gigs of Guitar-ZyX-0.4.1 goodness uploading...
2010 . 01/20 . 14:55

Rocinante has come up for internet air, and the upload is in progress... release will be tomorrow. I improved so much in the last few days, I'm looking forward to the upgrade myself...

newspaper  My Rocinante is diving to the depths of internet free waters...
2010 . 01/18 . 21:34

Offline build commencing ... Vast improvements, even just in the last couple days ...

newspaper  Music Updates
2010 . 01/16 . 03:30

I updated my music a bit. All eight 2009 tracks have mp3s. The bs-1 ogg and echoback tracks are no longer uncut, as those oversights were due to laziness. A few might sound a bit better having been normalized with audacity, though I intentionally left boycott torture alone. I could easily rerecord parts of it or change the volumes, but it was entirely recorded on 2k90911, so for historicity sake, it will remain as is. TechnoSpyra'ell, I do intend to practice and rerecord however, as it is entirely reproducable (unlike most of my playing).

In other news, I did nearly finish that new patch allowing -midimap to be passed to rakarrack, in order to override the default midi parameter mapping. I posted it to rakarrack-users and -devel, but Josep has plans for something else, but providing similar functionality. For now I'll wait for that, though if that takes too long, I may do the final repetitive gruntwork and support -midimap for those who want exactly the functionality that -midimap provides. ... ... BREAKING UPDATE ... THIS JUST IN ... literally minutes after posting this blog entry, while in progress of being pushed with the new music even, Josep announced that he had gone so far as to implement proper midi learn. Quite possibly inspired to burn the midnight oil in response to my proof of concept implementation posted earlier in the day. Right on Josep, rak-0.4.0 is gonna rock! ... Though it does occur to me that the Guitar-ZyX::MCP's whammypad being more sensitive to latency, I may still prefer my simpler solution for that narrow use case. Or I may even get around to hooking into rak with a unix pipe instead of midi and see if that can shave MCP WhammyPad latency down to its minimum...

Finally, I'm theoretically building a testable quasi-release candidate of Guitar-ZyX-0.4.1 right now. But I estimate a 97% chance of discovering more rough edges to smooth out. But well on track to be released this coming thursday. So that I can have that behind me when I have to listen to Obama's Gitmo explanation. If that is he feels the need to explain himself. Sadly I'm rather used to presidents that feel no need to explain themselves...

newspaper  Misc Ramblings...
2010 . 01/14 . 12:09

A few misc bits of news to report to the cloud...

First, I am glad that Google has made a move against facilitating totalitarian censorship. Unfortunately I remain skeptical and cynical for many reasons. First, there is the fact that this seems to be an overt response to international hacking espionage, and not in fact, a repudiation of the 'evil' of helping a government to repress it's citizens. Second, it seems unclear if the veil has already been lifted. Searching for instance for 'tiananmen square massacre' on google.cn vs google.com, does not convince me the censorship has been lifted. The news reports and google's blog seem confused about whether the change has happened, is coming, and what it really means. And I don't read any dialect of chinese. Third, I wonder if this is some machiavellian play to gain corporate goodwill, allowed because the technology of the so called great firewall of china has been advanced to the point that both sides feel they can afford to forgo the public-relations stain. I.e. some combination of the GFW and/or chinese ISPs filtering results in real-time, so that it doesn't matter what google's servers serve (one set of results make it to IP addresses in the local nation, and a different set of results to everyone else). Or merely those ISPs sufficiently tracking, that the oppressors find it more useful to track citizens that are failing to 'censor themselves'. I.e. what good is a free press if the government is powerful and has sufficient surveillance capabilities that 99.9% of citizens rightfully fear sipping from the cup of the free press. Fourth, Google may well provide a good leadership front in this case, but until microsoft and yahoo and everyone else follows suit, it doesn't seem to matter that much. Likewise commentators have suggested that Baidu and local Chinese services are quite strong (perhaps after ignoring US-style IP rights and just copying the patented algorithms that make google the useful tool it is). Fifth... Time will Tell, as always...

Next up, I feel the need to amplify WARNINGS about the potential health hazard of bugs in open source software. I nearly blew out my eardrums due to this bug. Probably the real culprit is Sony and/or Intel for designing hardware, which with buggy software, can drive my earbuds loud enough to cause significant pain in the fraction of a second it takes my brain to get my hands to rip them out of my ears. The workaround that seems insufficiently mentioned by fedora and others that seems to work for me thus far is setting flat-volumes = no in /etc/pulse/daemon.conf, which I will of course do for Guitar-ZyX-0.4.1. Obviously this falls into the category of 'you get what you pay for' and 'no warranty, not even the implied warranty of merchantability or fitness for a particular purpose'. However given the real HEALTH HAZARD, I am severely disappointed by comments from redhat employees in the fedora bugzilla on this issue. Hopefully the pulse or kernel folks will find a way to put a final filter into the end of the audio chain that simply prevents the audio from being driven to a certain level, unless the user goes far far out of their way to override the safeguard. Note, I do suspect that fedora-12 probably has this fixed, but f11 is still supported and therefore more warnings ought to be in the appropriate places.

And yesterday I finally gave away my decade old TiVo, and now am TV-Free. Which led me today to start appreciating the excellent free internet radio available via fedora and guitar-zyx in rhythmbox. And colorado's regional NPR as well. TiVo was the first serious mainstream consumer application of linux- it will be remembered for that. It will also be remembered for driving the GPLv3 and its anti-tivoization clauses. While tivo hackers did succeed in adding some little things like msftp and tivoweb to the device, they failed in really allowing the users to extend the functionality of the device. How hard would it have been, with access to the source for the main app, to add wonderful features like automatic commercial skipping, and video editing via the remote control and native interface? Pretty easy is the answer, but it never happened. Now with TPM there is a very real fear that all the fruits of the open source community can be used in devices that are completely locked down, and not modifiable by their owners (cough, correction, users, because with this, nobody can really be said to own the device sitting in front of them). Oh well, not surprising really, but still a valuable lesson.

Finally, my prayers are with those in Haiti. I only cringe at the ability of wealthy nations to help those in need, when it seems the Goldman Sachs, the Blackwaters, the Citibanks, and the rest of the corporate villians who are truly above the law, no matter how much damage they manage to do to us all, and our ability to provide for ourselves, let alone those in need. I know I'm a spoiled american, and I am greatful to God for my ability to be warm, clothed, sheltered, and babbling into the cloud. Maybe with the rest of the day I can find some way to help current and future peoples by enabling rakarrack users to define their own midi mappings... It's what I can do...

newspaper  Team Rakarrack!
2010 . 01/12 . 20:05

I'm honored to now be a member of the Rakarrack development team. My first contribution, which can also be seen in that screenshot, is the FX% (global wet/dry) slider in the upper left. This has been in Guitar-ZyX for awhile as one of the two default touchscreen whammypad parameters (the other default is master volume). Rakarrack is definitely coming along nicely. Josep Andreu, the creator, has been turning out some great improvements these past few days for the imminent next major release. Support for user selectable widget backgrounds (can you guess the source of the one used in that screenshot?), as well as automatically and manually resizable fonts. And as of yesterday, the natural progression of collecting them all in skins/themes. Ryan Billing has also added several major DSP enhancements, which I expect that after more months/years of my guitar hobby, I'll understand a lot better, but for now, you can read more about them at the Rakarrack blog.

Also, Guitar-ZyX-0.4.1(non-dogfood) is coming along. I discovered the root cause of the major qemu performance regression I was getting with the new f11 base. Turns out the fedora packages no longer support kqemu, and even the vanilla source requires a new commandline argument to -enable-kqemu. I ran across some completely wrong comment in fedora's bugzilla suggesting that kqemu was not much benefit with the 2.6 kernel. I'm certain that is an incorrect assessment based on a misreading of qemu documentation. I can testify to the fact that on my laptop, with a 2.6 kernel for both the guest and the host, that kqemu gives me a greater than 100% speedup. So GZ-0.4.1 will include a /usr/local/bin/qemu that supports kqemu as well as presumably not sucking with the qemu native qcow2 format, which f12 fixed and called a 'feature'. The fedora folks refused rebootless live installation as a 'feature', but claimed the fixing of a performance _regression_ as a 'feature'. Yeah, OK, whatever...

Finally, last night I refused to watch a war criminal interviewed on TDS-wJS. Reading the blogs today, it sounds like I didn't miss much at all. Though I do agree with the sad assessment from that war criminal that the Obama administration has effectively endorsed and continued those policies that in my judgement are clear violations of the Geneva Conventions. Que Sera Sera. Whuddyagunnado?

newspaper  The agency reaping what it sowed
2010 . 01/08 . 09:50

From an AP article-

"ISTANBUL—The Turkish wife of a Jordanian doctor who killed seven CIA employees in a suicide attack in Afghanistan says her husband was outraged over the treatment of Iraqis at Abu Ghraib prison and the U.S.-led invasions of Iraq and Afghanistan."

Personally I sympathize with the rage, though have more faith in God's ability to bring justice to CIA agents and the guilt they bear for their moral transgressions. As well as those who continue to obstruct justice while employed to do the opposite.

I also found it interesting listening to an astute NPR reporter yesterday, I believe interviewing an actual high ranking CIA official about this matter. They questioned the CIA, asking whether or not the CIA believed that the bomber, who became a (double) agent for the CIA while imprisoned by the Jordanians, might have been tortured by the Jordanian authorities. The CIA interviewee basically gave a non-response, implying that that was precisely what had happened. Just goes to show that torture as a recruitment methodology is not all that effective. I wonder how many years of elite training it takes to figure out that wisdom...

newspaper  The beginnings of a general computing FAQ
2010 . 01/03 . 11:58

I'm in the middle of some decade transition lifestyle re-evaluations. My original _original_ TiVo has been retired, lifetime subscription, telnet daemon and all. I don't know if this will really be the time I kick the TV habit, but I'll give it a shot. Last year's notice about how google had licensed the data the tivo was collecting on my remote control button presses, along with the general crapitude of tapioca land, was the last straw. The old joke about 'In the Soviet Union, your TV watches YOU' is just too true. Same reason why I'm no fan of DRM encumbered ebooks. In my mind, any media, be it a Cervantes novel, or stereoscopic pornography, that I can't ingest privately, isn't worth ingesting. What good is it to read a history book of revolutionaries casting asside totalitarian governments, if how you are reading it is being watched by transnational self-interested above-the-law corporations? Hmm... I wonder if I just broke my new decade resolution against political rants. So be it. In any event, I think I want to start an FAQ for friends and relatives without computer engineering degrees, relating to best practices. The first entry, which I found by finally turning off slashdot and going straight to the upstream source, comes from Bruce Shneier's CryptoGram free monthly newsletter. Basically, standard best practices for networked computing security, aimed at average computer users. Really, I think #4 is handwaving, but coming from Bruce, makes me feel better about my own handwaving. Ultimately it really all boils down to #5.

"
Reacting to Security Vulnerabilities

Last month, researchers found a security flaw in the SSL protocol, which is used to protect sensitive web data. The protocol is used for online commerce, webmail, and social networking sites. Basically, hackers could hijack an SSL session and execute commands without the knowledge of either the client or the server. The list of affected products is enormous.

If this sounds serious to you, you're right. It is serious. Given that, what should you do now? Should you not use SSL until it's fixed, and only pay for internet purchases over the phone? Should you download some kind of protection? Should you take some other remedial action? What?

If you read the IT press regularly, you'll see this sort of question again and again. The answer for this particular vulnerability, as for pretty much any other vulnerability you read about, is the same: do nothing. That's right, nothing. Don't panic. Don't change your behavior. Ignore the problem, and let the vendors figure it out.

There are several reasons for this. One, it's hard to figure out which vulnerabilities are serious and which are not. Vulnerabilities such as this happen multiple times a month. They affect different software, different operating systems, and different web protocols. The press either mentions them or not, somewhat randomly; just because it's in the news doesn't mean it's serious.

Two, it's hard to figure out if there's anything you can do. Many vulnerabilities affect operating systems or Internet protocols. The only sure fix would be to avoid using your computer. Some vulnerabilities have surprising consequences. The SSL vulnerability mentioned above could be used to hack Twitter. Did you expect that? I sure didn't.

Three, the odds of a particular vulnerability affecting you are small. There are a lot of fish in the Internet, and you're just one of billions.

Four, often you can't do anything. These vulnerabilities affect clients and servers, individuals and corporations. A lot of your data isn't under your direct control -- it's on your web-based email servers, in some corporate database, or in a cloud computing application. If a vulnerability affects the computers running Facebook, for example, your data is at risk, whether you log in to Facebook or not.

It's much smarter to have a reasonable set of default security practices and continue doing them. This includes:

1. Install an antivirus program if you run Windows, and configure it to update daily. It doesn't matter which one you use; they're all about the same. For Windows, I like the free version of AVG Internet Security. Apple Mac and Linux users can ignore this, as virus writers target the operating system with the largest market share.

2. Configure your OS and network router properly. Microsoft's operating systems come with a lot of security enabled by default; this is good. But have someone who knows what they're doing check the configuration of your router, too.

3. Turn on automatic software updates. This is the mechanism by which your software patches itself in the background, without you having to do anything. Make sure it's turned on for your computer, OS, security software, and any applications that have the option. Yes, you have to do it for everything, as they often have separate mechanisms.

4. Show common sense regarding the Internet. This might be the hardest thing, and the most important. Know when an email is real, and when you shouldn't click on the link. Know when a website is suspicious. Know when something is amiss.

5. Perform regular backups. This is vital. If you're infected with something, you may have to reinstall your operating system and applications. Good backups ensure you don't lose your data -- documents, photographs, music -- if that becomes necessary.

That's basically it. I could give a longer list of safe computing practices, but this short one is likely to keep you safe. After that, trust the vendors. They spent all last month scrambling to fix the SSL vulnerability, and they'll spend all this month scrambling to fix whatever new vulnerabilities are discovered. Let that be their problem.
"

newspaper  The Dawn Of A New Decade
2010 . 01/01 . 11:27

Resolution, Revolution, Reconstitution, Repostulation, Repopulation, Restituion, Rendering, Reveling, Redressing, Reciting, Referending, Regenerating, Renegotiating, Repairing, Resisting, Resounding, Returning, Retelling, Rearing, Roaring in the new year.

An older and hopefully wiser friend and colleague in late 2001 or 2002, said something to me in passing while lamenting 9/11 et al. They said that things were pretty much frakked for the entire decade, and that their optimism lay in the next decade. Here's hoping that was prophecy. Certainly the negative aspect seems to have come true, and certainly 2009 brought the transition. Now it's time to pray the trajectory holds.

This decade I resolve... To get employed... To release Guitar-ZyX-0.4.1 in polished and useful form... and to avoid as much as possible political rants. My rants just aren't quite creative or effective enough to be worthwhile. But I'll still humbly and hopelessly reach for the heights achieved by Patti Smith. If you happen to catch the recent(?) P.O.V. documentary of the last decade of her life on PBS, definitely check it out. No, she's not dead. I hope to have one tenth as much fight left in me when I'm her age.

Cheers...

newspaper  Older News / Archive
2112 . 12/21 . 12:21

Older news archived here-

(2009)

(2008)