Archive for PEBKAC

Broke into the wrong database, didn’t you?

This isn’t technically funny, yet the laughs will not subside:

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin.

The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday.

The stolen database wasn’t needed by the cash-strapped city so the ransom was never paid, according to local reports.

I mean, really. Extorting money from Detroit, of all places? You’d have better luck trying to sell snow shovels in San Diego.

(Via @SwiftOnSecurity. Of course.)

Comments




All about that guilt reflex

At least twice a day something like this comes up:

Yahoo Answers screenshot:<br />
Will my parents come to know about my net history from the MTS internet bill?

Oh, you poor, porn-obsessed adolescent!

Actually, they’ll probably figure it out the moment you come down with a malware infection from chasing down stuff you thought was “free.”

Comments




Techlet

Those of us who routinely outsource computer maintenance to younger folks will probably not be too surprised at this:

A boy from Coventry has become the youngest computer specialist in the world.

Ayan Qureshi is now a Microsoft Certified Professional after passing the tech giant’s exam when he was just five years old.

Ayan, now six, whose father is an IT consultant, has set up his own computer network at home.

He told the BBC he found the exam difficult but enjoyable, and hopes to set up a UK-based tech hub one day.

The Fark blurb for this: Five year old boy passes exam to become Microsoft Certified Professional in spite of being younger than most Microsoft bugs. And, I might add, way younger than this one.

Comments




Damn right they is

Screenshot from the Oklahoman: Personal info breaches is a concern, many say

From this morning’s Oklahoman, page 3C. I couldn’t find the story on NewsOK for some reason, but since it’s an AP wire story, it’s all over the place. Try here.

Comments




Bring your own leopard

In today’s episode of Security Theatre, we present the Password Rules from the Child Support division of the Texas Attorney General’s office:

  1. The password must be exactly 8 characters long.
  2. It must contain at least one letter, one number, and one special character.
  3. The only special characters allowed are: @ # $
  4. A special character must not be located in the first or last position.
  5. Two of the same characters sitting next to each other are considered to be a “set.” No “sets” are allowed.
  6. Avoid using names, such as your name, user ID, or the name of your company or employer.
  7. Other words that cannot be used are Texas, child, and the months of the year.
  8. A new password cannot be too similar to the previous password.
    1. Example: previous password – abc#1234, acceptable new password – acb$1243
    2. Characters in the first, second, and third positions cannot be identical. (abc*****)
    3. Characters in the second, third, and fourth positions cannot be identical. (*bc#****)
    4. Characters in the sixth, seventh, and eighth positions cannot be identical. (*****234)
  9. A password can be changed voluntarily (no Help Desk assistance needed) once in a 15-day period. If needed, the Help Desk can reset the password at any time.
  10. The previous 8 passwords cannot be reused.

Sheesh. Just hand them a DNA sample and let them figure it out on their own. They think they’re pretty damn smart in Austin anyway.

(From @RooneyMcNibNug via @SwiftOnSecurity. Title adapted from H2G2.)

Comments (2)




Keep stirring

Nobody sells software anymore. What is sold is “solutions,” amalgams of the stuff you wanted and the stuff they surrounded it with, neither of which works worth a damn after combining. A recent example:

[S]tuff needs to be simple and just work. Unfortunately, no one seems to be willing or able to design a system that works with default browser settings. In particular, everyone wants to design their software to require popups. I have no idea why. But time after time I put a system out for a subset of my employees to test and I immediately get 19 people calling me back saying that it does not work, they can’t get in, etc. The typical problem is that most of this software seems to require that the browser’s popup blocker be turned off. Why in the world would you design software for a feature that 99% of browsers today have turned off by default? And worse, that require users to change a setting that only exists deep in setup menus most users don’t even know exist. I am pretty capable and it took me some poking around to find the popup options in Chrome.

Not that you can complain about it, of course:

I had a long talk today with my onboarding company trying to explain why getting rid of an hour of HR time with their software at the cost of an extra hour of IT support time for each new employee trying to access the system does not save me any freaking money.

Went right over their heads, I’d wager.

Comments




Fresh Apple bugs

I have spoken before of the Randomator, a Smart Playlist I worked up on the work box’s iTunes install, which shuffles through 10 percent of the available tracks that haven’t been played in a while, and after playing a track, replaces it with the next one in the chronological list. (Right now, songs from the third week of August are being inserted into the rotation.)

If this sounds OCD, consider that I’ve inserted manual sort codes into the lot of them, so that the Jacksons, for instance, sort out Alan, Bull Moose, Chuck, Deon, Freddie, J. J., Janet, Joe, Michael, Stonewall, and Wanda, to appear in exactly that order. Unfortunately for my neurosis, iTunes 12.0.1 occasionally ignores the sort code when it adds a fresh track to the Randomator. It’s still there — Get Info reveals it under the correct tab — but at least once a day the code is disregarded, which is how I found Lisa Loeb right under Lisa Lisa and Cult Jam instead of under Hank Locklin. I’ve run this playlist through at least five full versions of iTunes; this is the first time it’s done this to me.

Comments




The need for feigned speed

If you’ve never believed computer benchmarks in your life, well, there were very good reasons not to:

Intel has agreed to settle a class action lawsuit that claims the company “manipulated” benchmark scores in the early 2000s to make its new Pentium 4 chip seem faster than AMD’s Athlon. Intel will pay affected consumers $15 if they purchased a Pentium 4 system between November 20, 2000 and June 30, 2002. Affected systems include all systems with a Pentium 4 CPU purchased between November 20, 2000 and December 31, 2001 — and all systems with a first-gen Willamette P4 or all P4s clocked below 2GHz, between January and June 2002. The exception is Illinois — if you live in Illinois and bought a P4, too bad for you.

Is this the same AMD that invented the “Performance Rating” that they hoped you believed was the chip speed? My work box used to be a Sempron 2800+, which despite that number ambled along at a mere 2.0 GHz.

I did own a P4 for many years, though it was not purchased during the time frame involved, and it involved a slightly faster CPU — not the Willamette, but the subsequent Northwood. (I am now running an AMD chipset instead. Go figure.)

Comments (1)




Sitting in his Nowhere Land

The other day (like you should care), they bought a house that wasn’t there:

A funny thing happened yesterday: Our house ceased to exist. In fact, our entire street.

On Google Maps, I mean. Put in our address and … nothing. Clancy was trying to map out her route to work, and this complicated that greatly.

It could be worse. Imagine this:

  • House catches fire.
  • Alarm system dials 911.
  • 911 dispatch computer records the address.
  • Address is automatically looked up on Google Maps.
  • Google Maps can’t find it.
  • Emergency call is blown off, and house burns down.

And you wouldn’t have a case against Google, because how would you know the 911 crew were even using it?

Comments (2)




The POODLE bites

In fact, the POODLE chews it, and the little bastard needs to be put out of its misery.

(Title from the late Frank Zappa.)

Comments




It Fappened just that way

Francis W. Porretto gets in the final word — well, it ought to be final — on that celebrity-nude-photo business:

The “she ought to have known better” crap is exactly that: crap. The companies that promote the use of their “cloud” services are forever telling us about the depth and power of their security measures. Is a very young professional actress, highly unlikely to have been schooled in the technologies and their vulnerabilities, supposed to be more aware of the risks than the average non-technical American? If the same thing were to happen to any of her detractors, would they enjoy the degree of opprobrium that they’ve heaped upon Jennifer Lawrence? Would they feel their naivety had earned it?

And the cloud doesn’t care what its proponents say about it, either:

Besides, there are non-technical issues to be dealt with:

Let’s not neglect the other aspect of the matter: that Lawrence photographed herself in the nude so her boyfriend would have a sensuous reminder of her when the two of them were far from one another. There are “conservatives” reproaching her for that, too. Apparently that Lawrence would permit someone — someone other than themselves, that is — to see her in all her unclothed glory grates unbearably across their neo-Grundyish sensibilities.

This is approximately where someone comes in and completes the circle by saying “But she should have considered the risks involved.” Well, yeah. But life itself is a prolonged exercise in risk management. If you haven’t noticed this by now, you’re either 8 years old or you’ve been appointed to a high government post.

And the little dweebs who spent their data allotments for the month begging for download links for these pictures? Morally indistinguishable from the little dweebs who spent their data allotments for the month pirating software.

Comments (2)




Time for another Unfortunate Juxtaposition

The ad placement to the right evokes a single sentiment: “Gee, ya think?”

(Via SwiftOnSecurity.)

Comments




Who put the bömp?

Opening statistic: Iceland has only 320,000 people, about as many as Corpus Christi, Texas. That number makes this more believable:

[T]wo random Icelanders have about as much in common as second cousins, once removed, according to Dr. Kári Stefansson, CEO and co-founder of deCODE Genetics. That might sound like a lot, but accounting for the vast possibilities for genetic recombination in each generation, it really isn’t.

A consequence of this genetic similarity:

A collaborative venture between deCODE and software engineer Friðrik Skúlason, the Íslendingabók site developed as a corollary to deCODE’s genealogical research. “The reason why we have been able to lead the world in genetic research,” Kári Stefansson says, “is because we understand the structure of Iceland’s population so well.” DeCODE has an advantage over “the big guys in human genetics” because the organisation has intimate understanding of Icelandic genealogy, he says. “Our history is mapped in our DNA.”

DeCODE has attracted no small amount of international press over the years, but it is unlikely that its student app competition would have created such fervour now were it not for one of the novelty features of the winning ÍslendingaApp: the Sifjaspellspillir or “Incest Spoiler” alarm which alerts a user if the person she plans on going home with is a near relation. Using the app’s “new bömp technology,” users can tap their phones together and see how closely they are related. If the alarm has been activated — it’s turned off in default settings — it will either erupt with a discouraging siren, or issue a gleeful “No relation: go for it!” message, while a Barry White-esque voice urges you on with a subtle “Oh, Yeeeaaah.”

There are parts of the US, I am told, where an application of this sort might be useful.

(Via TYWKIWDBI.)

Comments (2)




This is not a viral marketing campaign

It’s called the Sincerity Machine, which is off-putting enough: who, pray tell, seems less sincere than the person who loudly proclaims his sincerity? And there doesn’t seem to be a touch of irony in this production:

Still, it’s a one-off: the chap is not trying to sell you this contraption, and he deserves credit for that.

(Via mental_floss.)

Comments (1)




LaserJetsam

This is the next step beyond the infamous PC LOAD LETTER:

I think I’m in love.

Comments (2)




Perhaps they’re drugged

The old online prescription refill at Target was clunky in the extreme, but it worked most of the time. And then they decided to outsource it, to an operation called PDX, Inc. It’s still clunky, but now it doesn’t work at all: since it didn’t read any existing cookies, it defaulted to filling my order at a store in Pennsylvania — except that it refused to fill my order because it didn’t like any of the prescription numbers I keyed in. Twice.

What’s more, it has a CAPTCHA.

Whatever the opposite of “I wish them well” may be, that’s what I wish.

Addendum: I whined on Twitter about this, prompting Target HQ to ask me for an email report.

Comments (11)




Downtime a-comin’

The surfer dudes who host my sites have advised that said sites will be down for at least part of Sunday evening:

We’re continuing our roll-out of Ubuntu 12.04 Precise to an additional 150 web servers this Sunday, October 12th. As we’d like to get all of our customers over to this new OS, we will be upgrading 2 batches per week. While the total estimated maintenance is 5 hours, we expect actual downtime due to the upgrade to be around 45 minutes. A large part of the maintenance window will be spent testing all of the servers post-upgrade to ensure everything is in order.

And it is indeed a new OS for them: far back as I can remember — and I’ve been there almost 13 years — they’ve been running some flavor of Debian.

Of course, the major thrill with any such announcement is the list of actual machine names to be upgraded, which includes such august designations as “augusta,” “coweta,” “king-william,” “snowstorm” and “tricia-mcmillan.”

Comments




A site old enough to vote

Still like that old-time Robert Dole? Jonathan Blake advises that the Dole/Kemp 1996 campaign Web site is still up in more or less its original format, maintained by political-history site 4President.org.

I must tell you, it looks every one of its eighteen years. (Like I should talk, right?) Still, it’s no Space Jam, as Bob Dole would tell you if you were talking to Bob Dole.

Comments (1)




Whatever it is, it’s here

News Item: As expected, Microsoft launched a new version of Windows on Tuesday two years after the troubled release of its last operating system, Windows 8. But instead of introducing the expected name, “Windows 9,” Microsoft announced it will jump to “Windows 10.”

Top Ten designations considered by Microsoft before settling on “10”:

  1. 8.2
  2. 9000
  3. Post-Millennium
  4. Seven Classic
  5. XPdited
  6. 666
  7. 640K
  8. 20-20
  9. 9X
  10. OS XI

This seems to be the actual explanation for “10.” (As always, thanks to @SwiftOnSecurity.)

Comments (3)




Beyond here lies nothing

A fairly neutral definition from Wikipedia:

A site map (or sitemap) is a list of pages of a web site accessible to crawlers or users. It can be either a document in any form used as a planning tool for Web design, or a Web page that lists the pages on a Web site, typically organized in hierarchical fashion.

Sometimes they’re complicated. (I’d hate to sit down and draw one for this place.) The consumer-information site MainStreet.com, however, seems to have boiled it down to the basics:

Sitemap for Mainstreet.com

“That is all ye know on earth, and all ye need to know,” said John Keats, while not looking at this.

Comments (3)




Eyes glued to the screen

Until such time as someone develops a portable eye-glue dissolver — and someone (else) develops a way of deploying it without being obtrusive — this may be the answer:

I was driving across a college campus this week just as the night school students were getting out of long evening classes (during which they presumably had been abstaining from texting). I had to slow my car down to walking speed to avoid accidents because the majority of pedestrians were drifting about heads down with their eyes on their glowing screens held at waist level.

Here’s an idea for a Silicon Valley start-up: an app that will freeze your smartphone screen with “LOOK UP” if you are about to get hit by a car.

Yes, it’s come to this.

Comments (3)




64-bit ambition, two-bit laziness

Evidently this chap was hoping to be told that there would be no math:

Yahoo Answers screenshot: Which computer major doesn't have Maths in it and makes a lot of money?

Five will get you ten that a year from now he’s doing WordPress installs for cheap.

Note: The original title of this was “The blind fashion designer says hi,” but as I was doing the draft save it occurred to me that, well, what if there is a blind fashion designer? And of course there is.

Comments (5)




Easier than getting it to print

First you need to know this:

“Canon Pixma wireless printers have a web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates.”

I have something like that on one of my printers, come to think of it.

Michael Jordon, Context Information Security analyst, having pointed out the interface, then pointed out what was wrong with it:

[T]he interface doesn’t need any sort of authentication to access. Off the bat the worst anyone could do would be print off hundreds of test pages and use up all of the printer’s ink. Jordon found you could do much more, though. The interface lets you trigger the printer to update its firmware. It also lets you change where the printer looks for the firmware update.

In theory, you could create a custom firmware that spies on everything that printer prints, it can even be used as a gateway into the network it’s tied into.

To show off what he’d learned Jordon opted for something far more deadly: “I decided to get Doom running on the printer.”

Which he did. [MP4 video, no audio, 28 seconds.]

Canon is working on a fix for both current and future models.

(Via Fark.)

Comments (6)




Always running out of room

Bill Quick tosses this one at us:

Was there even a terabyte of storage in the entire world when you first got into computing? Not when I did, but that was in 1965. According to Wikipedia, when I bought my first PC in 1986, there was about three exabytes in digital storage.

There’s a terabyte (about 75 percent empty) in the home box right now, which doesn’t seem like a whole lot. Then again, I started fooling around with these contraptions with the Commodore 64, which stored 170k on a single-sided floppy. Call it six to a megabyte; then you have six million to the terabyte.

An exabyte is one million TB, and to make sure I remembered that correctly I slid over to Wikipedia, where I found probably the same page WTQ did, in which I found the following tidbit:

The content of Library of Congress is commonly estimated to hold 10 terabytes of data in all printed material. Recent estimates of the size including audio, video, and digital materials is from 3 petabytes to 20 petabytes. Therefore, one exabyte could hold a hundred thousand times the printed material, or 500 to 3,000 times all content of the Library of Congress.

Or your backup copy of Windows 10.

Comments (4)




Somewhat lacking in dash

Attack with Numbers has a subtle little piece called “The laws of shitty dashboards,” the second of which is “If it’s called ‘Dashboard,’ it’s probably shitty.”

Of course, they’re talking software dashboards, but the principle could be extended further:

Take car dashboards for example. They use vast amount of real estate to display information that is useless 99% of the time. How often do you need to know the RPM on an automatic car? Can’t you just take that stupid dial out and put something useful instead?

Then again, if you don’t have that information in the remaining 1% of the time, you’re hosed. And I look at the RPM all the time, if only to see what sort of shift points I’m using. And there’s this, for instance: the car is fully warmed up when, and only when, 70 rpm can be had below 2500 rpm, useful information of the sort you can’t count on from today’s typically wonky temperature gauges.

On the other hand, I’m definitely down with this:

They also employ UX techniques that dates from a time where the only UI component you can use was a light bulb. If that red thing is critical, can’t you tell me right away what it means?

One wants to know, after all, what the engine is doing, not what it just quit doing.

Comments (8)




The new automotive priorities

The big thing at General Motors this fall, apparently, is in-car Wi-Fi. A two-page Buick ad in the new InStyle (October) contains this image:

In the back seat of a Buick Regal

The young lady, resplendent in orange, is obviously making best use of her time in the back seat. (Of course it’s the back seat: you don’t want drivers doing this, the curve of the roofline gives it away, and anyway this is the view from outside the car.) Apart from telling you that you can get a mobile hotspot, though, this ad tucks in a couple of additional messages that aren’t spelled out:

  • The average age of Buick buyers has actually been declining, from recently deceased to somewhere in the fifties, but there’s really no percentage to marketing to us old codgers, set in our ways, so let’s show someone about half that age.
  • Fear of cramped back seats haunts us all, or at least those of us who occasionally might find occasion to carry someone in the back seat, so the fact that Miss Tablet can actually cross her legs back there is reassuring, though I’m not sure how close her head is to the ceiling.

This latter point is seldom made by automakers; I can remember only once in recent years when it was blatant, and even then it was only a tweet.

Comments




Too much legacy

@SwiftOnSecurity posted a screencap of this last night, then took it down within minutes for reasons unknown, but not before I’d gotten a screencap of my own, and I eventually turned up the source on reddit:

I tried to take care of a customer that has manufacturing equipment that required MSDOS on a 386. There’s no way it will run on anything newer because it was built with timing loops that expect a (33?)Mhz processor and the cards require an ISA bus.

It won’t run on a VM or on anything newer and I was unable to find hardware to run it and finally gave up and recommended they contact the original engineer for specs (custom built controllers, steppers, etc) and get ready for a rebuild and rewrite.

They never called back and I assume they’ll just run it until it dies, then close the doors.

I can’t help but think there’s someone out there with a twenty-year-old Packard Bell clunker who thinks he’ll get $100 for it in a yard sale.

Comments (3)




The bogeyman from Fort Meade

The Z Man suggests that NSA’s espionage prowess might be the stuff of fantasy and nothing more:

The government buys all of its technology from the private sector. There are things done for the government by private contractors that are not for anyone else, but the government does not have special magic. Further, the government is not getting the best and brightest. There’s way too much money to be made in the private sector for the government to get the best and brightest. The Snowden affair shows you how sloppy this stuff is, even at the highest level.

More important, the volume of data involved is so large there’s simply no way to sort through it in a meaningful way. There are 150 billion e-mails sent every day. That’s 55 trillion e-mails a year. Searching that volume of records for useful data is simply impractical. Throw in the 100 trillion or so phone calls and probably the same number of texts and the volume of data is well beyond what could be useful. That’s why they don’t try, but they’re fine letting people think it. The Feds are relying on the CSI effect to convince the world they can read your mind.

What is this CSI effect?

The CSI effect … is any of several ways in which the exaggerated portrayal of forensic science on crime television shows such as CSI: Crime Scene Investigation influences public perception. The term most often refers to the belief that jurors have come to demand more forensic evidence in criminal trials, thereby raising the effective standard of proof for prosecutors. While this belief is widely held among American legal professionals, some studies have suggested that crime shows are unlikely to cause such an effect, although frequent CSI viewers may place a lower value on circumstantial evidence. As technology improves and becomes more prevalent throughout society, people may also develop higher expectations for the capabilities of forensic technology.

Ever try to defuzz a fuzzy picture the way they do on TV? Not happening, folks. And even if it were, you wouldn’t get a 1000-pixel-wide pastel-colored box on screen that says “Completed.”

Then again, NSA could just be stockpiling all this crap in anticipation of the time when they can do something useful with it.

And, per the dreamiest security person on earth:

Obviously, the most immediate need is for more realistic TV procedurals.

Comments (2)




One tiny tan line

“Who will buy our watches?” asks Apple. A bunch of naked people in the UK, perhaps:

A leading British naturist, speaking on behalf of millions of unclad Britons, has welcomed the announcement of the Apple Watch and claimed the nude folk of Albion will soon be happily strapping it on.

Andrew Welch, spokesman for British Naturism (BN) and Young British Naturism (YBN), said his birthday-suited compatriots would happily don wearable technology, even if they weren’t wearing anything else.

Of course, I approve of this sort of wardrobe. But I admit I didn’t think of this angle:

[T]he primary attraction is not — as some have theorised — the fact that nudists have nowhere to carry their phones or other internet devices, but rather the fact that i- or e-Watches in general do not have built-in cameras.

Although there remains a catch:

[T]he iWatch offers the ability to control an iPhone camera remotely, meaning that nudists’ naked bits could still be targeted by pervy Apple users.

(Via Nudiarist2.)

Comments (1)




No need for speed

Sure, we’d love to sell you a really high-speed, really high-priced Internet service, but only we can judge what is truly fast:

AT&T and Verizon have asked the Federal Communications Commission not to change its definition of broadband from 4Mbps to 10Mbps, saying many Internet users get by just fine at the lower speeds.

“Given the pace at which the industry is investing in advanced capabilities, there is no present need to redefine ‘advanced’ capabilities,” AT&T wrote in a filing made public Friday after the FCC’s comment deadline (see FCC proceeding 14-126). “Consumer behavior strongly reinforces the conclusion that a 10Mbps service exceeds what many Americans need today to enable basic, high-quality transmissions,” AT&T wrote later in its filing. Verizon made similar arguments.

Since American broadband is very much like American health care — pretty damned expensive for what you get — it’s no surprise that the guys who collect the tolls would like to keep their sweet little racket going.

FCC Chairman Tom Wheeler even suggested in a speech last week that 10Mbps is too low. “A 25Mbps connection is fast becoming ‘table stakes’ in 21st century communications,” he said. At 25Mbps, three-quarters of Americans have, at best, one choice of providers. At 10Mbps, 8.4 percent of Americans have no access, and another 30.3 percent have access from only one provider.

If the definition is kept at 4Mbps, statistics on broadband deployment and competition look a lot better, putting less pressure on telcos to upgrade infrastructure. AT&T and Verizon prefer to keep it that way.

Then again, even Nancy Pelosi, who did as much as anyone in history to fark up American healthcare, is at least coming around on broadband, insisting on the broadest possible definition of net neutrality:

Pelosi wrote in a letter to the Federal Communications Commission Monday that Internet service providers should be reclassified under Title II of the Communications Act — a step toward stronger regulations that would allow the FCC to more easily prohibit attempts by ISPs to charge other businesses for smoother, faster access to consumers.

“I oppose special Internet fast lanes,” wrote Pelosi. “I believe the FCC should follow the court’s guidance and reclassify broadband as a telecommunications service under Title II.”

Hang on to your routers, folks. This could get nasty.

Comments (1)