Friday, July 31, 2009

Apple Claims New iPhone Only Visible To Most Loyal Of Customers

Apple Claims New iPhone Only Visible To Most Loyal Of Customers

I too can see it!

OMG! My ignorance about dreadlocks makes other people inferior!

OMG! My ignorance about dreadlocks makes other people inferior!

These are actually my friend’s dreadlocks. I shouldn’t be but I’m stunned about how bad or disinclined people are about recognizing and challenging their assumptions. If someone is doing something I don’t understand it must mean that that they are stupid, right?

I didn’t get a hair cut for six years so my hair got silly long. When I eventually got it cut I donated it so some poor kid getting chemo can have some hair. When you get lots of hair cut off some barbers/stylists will ask, “Would you like to donate your hair?”

People assert that dreadlocks are created by not washing your hair and that you can’t. Proper dreadlocks are created by not combing your hair. Wash liberally. The texture of dreadlocks kind of reminds me of a wool blanket. Is it really so hard to wash a wool blanket?

Even if something being given away is not something you think is useful, why give people shit for trying to give something away that someone might find useful?

Ceci n'est pas une clé

I have one of those remote keyless entry key fobs for my car, to unlock and lock the doors as I approach and leave my car.

Anyone else occasionally find yourselves not thinking and try to use it on the front door of your home?

Thursday, July 30, 2009

Jailbreaking iPhone Causes Nuclear War (ish)

Jailbreaking iPhone Causes Nuclear War (ish)

So, it should be illegal to load custom software on your iPhone because you could potentially use it to disrupt cel towers.

Isn’t it already illegal to disrupt cel towers?

Wednesday, July 29, 2009



Tumblr Captures the Essence of Web 2.0

For those who aren’t indoctrinated, tumblr has a feature called “reblogging”. You see a post on another tumblr user’s blog that you like. There’s a link that says reblog. Click this and boom, it’s now on your blog with a little space on the bottom for you to say lol or wtf or this is so stupid.

As I browse the directory for some of the blogs with the highest “tumblarity” I find a common thread: they’re mostly pictures and the same pictures as you see on digg, reddit, etc and on each others’ blogs. Many of the posts you find on digg, reddit, and the like are simply references to blog posts talking about the thing that’s actually of interest.

+--> Tumblr Reblog Ad Nausem ->--^--> Original Tumblr ---> Twitter --> Reddit --> Random Blog -v
+--> Tumblr Reblog Ad Nausem ->--v--> Original Tumblr ---> MySpace --> Digg ----> Random Blog -+--> Actual Story

And this is really the essence of blogging, the essence of Web 2.0. It’s not that everyone participates in building new and exciting media. A few people make new and exciting media and others swarm around it and show it to you hoping that they can catch just the tiniest bit of fame or recognition for having brought it to you. Web 2.0 brings everyone the power to have their voice heard; puts a microphone in everyone’s hand. Alas, most people don’t have anything interesting to say but given the microphone you have to say something.

If this is Web 2.0, I think I’ll hold out for SP1.

Tuesday, July 28, 2009

Monday, July 27, 2009

Friday, July 24, 2009

Copy-cats Deploy Trojans on Anti-sec's Fame

Copy-cats Deploy Trojans on Anti-sec's Fame

An interesting tool has been seen in the wild that shares its name with one used by Anti-sec in one much ballyhooed intrusion. However instead of being the tool to help you own a box it gets you owned.

I can’t really endorse this kind of thing but it is a good reason why people need to learn security principles if they hope to put them into practice.

CBC-MAC on the command line

openssl enc -e -aes-128-cbc -K 0123456789ABCDEF -iv 0000000000000000 < testdata | tail -c 16 | od -h

The 16 “tail -c 16” corresponds to the block size of the encryption algorithm. If you were using aes-256-cbc you’d want to say 32 instead of 16. I don’t like the “od -h” representation but hex is more common and I care to dig through and just get hex. You could instead use | openss enc -e -base64 if you prefer base64.

CSS Is Awesome

CSS Is Awesome

Go buy one.

Anti-Sec spoof threatens s'kiddie mayhem

Anti-Sec spoof threatens s'kiddie mayhem

The problem with not giving a verifiable identity is now anyone can claim to be you and there’s no way for you to dispute the claims or actions of an impersonator.

I was thinking about these site defacements by Anti-sec and came up with what I thought could secure or destroy their credibility. If they breached a site they could leave a PGP/GnuPG public key and explain that they’re tired of the copycats and that all future “messages” would be signed by a key that’s signed by this key. The intermediate key should have an expiration no longer than a couple months. In theory, all future attacks can be verified as the work of Anti-sec or not.

That is, unless someone not in Anti-sec beat them to the punch. If someone outside of Anti-sec posted such a key claiming to be Anti-sec, especially noting that they’re tired of the impersonators it goes into an “our word against theirs” situation. The impostor(s) would then have to conduct a few more breaches in the same style as Anti-sec to establish “legitimacy”.

In theory a public key can serve as a verifiable identity but it doesn’t quite work like that. It can really only be used to verify someone has access to the corresponding private key. Someone can throw their key out there claiming to be Brad Pitt and we have to decide whether or not to accept his in-person denial of that claim. Having committed crimes no one from Anti-sec is going to step forward in person, prove they’re Anti-sec (somehow) to make authoritative claims about a public key. I think the difference between private key holder and identity is sufficiently subtle that most people wouldn’t quite perceive the difference. They could stand to lose a lot of credibility.

When you want to be anonymous but still make claims of identity, remember:

Wednesday, July 22, 2009

Tips on Wine

I know… basically crap about wine but my friend Gordon knows quite a bit. I respect Gordon a lot so I try to learn about wine here and there. My hurdle is that I don’t drink enough to buy bottles of wine for myself and my girlfriend doesn’t drink at all.

I thought I’d share what he shared with me on how to do well as a wine newbie.

Both of you have asked me about what wine to buy. Here is a list a
wineries that produce good wines each year. The list is in no particular

  • Berringer

  • Kendall Jackson

  • Robert Mondavi

  • Meridian

  • Kenwood

  • Clos DuBois

  • Beaulieu Vineyards

  • Michael Pozan

  • Beaujolais Villages

  • Macon

  • Yellow Tail

  • Rosemount

  • Santa Rita

As far as types of wines goes, Chardonnay is the most versatile white
wine and most variable depending on what region it comes from. Bringing
Chardonnay or White Bordeaux for fish is always safe. I have found
Pinot Grizio and Sauvignon Blanc to be good with lighter fish and
especially shell fish. A blend of Chardonnay and Pinot Grizio is not
easy to find but it is the best I have found for shell fish.

Merlot is the most versatile red wine and the most variable. It is
heaviest (Cabernet like) from California and France. It is much lighter
(like Beaujolais) from South America and Australia. With meat or highly
seasoned food it is always safe to bring a Cabernet, Syrah, Malbec or a
Merlot from California. For an italian meal or pizza Valpolicella,
Chianti (not a Chianti Reserve which is a good substitute for a
Cabernet), a Shiraz from South America or Australia as well as a
Beaujolais or a Merlot from South America or Australia are all good
choices. For Cheese a Cabernet from South America or Australia as well
as a Bordeaux from France are good choices. A Bordeaux from France is a
little heavier than a Merlot from South America or Australia and lighter
than a Merlot from California. A Bordeaux is a versatile wine and goes
well with meat dishes as well as Italian Food. I have found Bordeaux to
be much more consistent than Merlot. Your mother and Ilona have a
decided preference for French wines.

In terms of countries, the French are the most consistent. A French
Chardonnay is always a good choice for fish. A French Cabernet for
steaks is a good choice. A Bordeaux is great for lamb or Italian food
or spicy foods in general. A Beaujolais is great as a red wine for fish
especially when highly seasoned as well as just for sipping or for

Tuesday, July 21, 2009

New Technology to Make Digital Data Self-Destruct

New Technology to Make Digital Data Self-Destruct

Apparently these researchers have never heard of copy and paste. Or screenshots. Or DRM.

This kind of “technology” scares me. People will use this technology thinking their privacy is assured because a message can’t be read after a certain time.

Once you let a piece of data out, it is out. Any attempts to get rid of it are futile.

“The Net interprets censorship as damage and routes around it.”
- John Gilmore

The Internet is just as much a collection of people as it is networking equipment and computers. It is the people that route around censorship and will always find ways to find, circulate, and keep the information they want.

Monday, July 20, 2009

New graphics card

I play WoW and like to run my settings high. I found that pretty much all the fog effects kill my frame rate. Eventually I spent about $200 on a EVGA GeForce 260 GTX 216. I cranked every setting in WoW to the max. I flew out of Dalaran over Crystalsong Forest and almost threw up. I could see everything. Normally the distance fog limits what I can see from high up but this time I could see the entire zone. I got a very strong feeling of vertigo from the realness of the altitude that I haven’t previously experienced in a video game.

Holy crap.

Eternal Earth-Bound Pets

Eternal Earth-Bound Pets

Boarding for pets left behind by The Rapture.

Sunday, July 19, 2009

ARP Spoofing

respecting: hello i want to prevent attacks from software like cain and abel
respecting: what must i do ?
crunge: respecting: learn the attacks that tool X does then prepare appropriate defenses for those attacks
respecting: cain and abel made arp spoofing attacks
respecting: can you please give me a tool to prevent such attack?
respecting: Thanks in advance
crunge: respecting: Do you understand the nature of ARP spoofing?
respecting: Yes
respecting: i understand it
respecting: but i don’t know how can i prevent such attacks?
respecting: Can you please help me?
crunge: respecting: the solution is simple - hard code the ARP entries for each device in each device on the network
crunge: respecting: rather, get rid of ARP by hard-coding the IP-MAC relationships
crunge: I didn’t want to insult you by asserting that you don’t understand ARP and ARP spoofing, but I guess I’m content insulting you with an absurd resolution
crunge: To my knowledge there isn’t a good way to prevent ARP spoofing with software. Some switches will allow you to specify which IPs should be seen on each port
crunge: what you can do is get a tool like arpwatch that will track ARP replies and alert you when an IP-MAC relationship changes

Wednesday, July 15, 2009

I’ve taken this image for my Favicon/Avatar with permission from the artist. I’ve always liked koi but moreso after reading “Flatland” and “Hyperspace”. The latter shares the idea that fish might have scientists who wonder about the nature of their universe (the water) and what’s beyond it. Because they cannot openly pass the boundary of the water nor do they have good reason to do so they have little idea what’s outside their universe and most have no concern about the topic.

I think we’re not unlike the fish. There are the boundaries of our everyday experience and we seldom think about what’s past them. If we could break out of our everyday experience we might discover a universe greater in scale and wonder than we are capable of imagining.

Take a few moments to browse this artist and discover his work.

Sunday, July 12, 2009

Down Atheist, Down!

I think I’m right so you’re stupid

In terms of religious beliefs I think of myself as an agnostic working under atheist assumptions. I’m an agnostic because I don’t have the chutzpah to assert that small, short-sighted, fallible me somehow knows that there can’t be something powerful enough to escape my notice. Maybe God just manifests himself as neutrinos which easily escape my notice. I also don’t care to search for a God so I need to direct my life somehow. I assume there isn’t a God because that seems like a logical premise that matches my observations.

The key for me is that I’m willing to come right out and state that I don’t know what I’m talking about. My assumption that there isn’t a God is based purely on rhetoric, not on scientific, mathematical, or other proof. Because I don’t actually know anything about the subject matter I’m hardly in a position to tell others that they are wrong.

I’ve seen a lot of pro-atheist hate on the Internet over the last few months and frankly it makes me sad. Many articles and postings are targeted specifically at Christianity and are in the vein of, “Hey, look at this silly thing that these Christians believe!!” except there’s more lolspeak. Many atheists that you encounter are such because they’re lashing out against a set of beliefs that were thrust upon them. Don’t they see that their ridicule is no different? Ridicule serves three purposes: to make the giver feel artificially superior, to make the receiver feel artificially inferior, and to try to change the behavior of the receiver. The first two are of no merit, the last is exactly the kind of thing the “lashing out” atheists started lashing out against to begin with.

I think these self-serving atheists would do well to actually make friends with some Christians and see how that goes. The Christians that I know are fallible people who have found something that guides them toward being a better person and helping those in their community. The news reports child molestations, prayer in place of medical services, and other ways that any religion can be used incorrectly. But the news also reports terrorist bombings, natural catastrophes, and disease outbreaks. If any of these things were commonplace they would be normal and not newsworthy. You seldom see a news report about a school bus that collects all the children and gets to school without incident because that is what normally happens - it’s what you would expect. In the same vein, most Christians are normal, boring people who do normal, boring things except they try to better their lives and the lives of those around them.

I suspect a lot of loud-mouth atheists who like to tell others that those people’s beliefs are false on the Internet are really closet atheists. On the Internet they’re happy to spout off about their intellectual superiority. I bet when they’re with their friends who aren’t atheists they keep their mouths shut because they know that such behavior is asshole behavior. They’re content to be an asshole on the Internet when no one knows who they are but in person they’re afraid of being a dick (which they would be).

To the smarter-than-thou atheists I issue this challenge: prove that atheism brings more benevolence on a door-to-door basis than any major religion. I don’t think I’ve ever heard of an atheist bake sale to raise money for a local school. PTA bake sales seem to do that just fine without religious dogma attached. Personally I believe that religion is like color, gender, and nationality in that it has less to do with one’s behavior than a person is raised and their own character.

Monday, July 6, 2009

Hello World JAPH

This is my first JAPH although it prints hello world! instead. I wrote it for this because I like challenges.

This type of JAPH has probably already been done but it was fun to do.

use warnings;
use strict;
open my $fh,';
$self =~ s/[^a-z !]//g;
print map { substr($self,$_,1) } qw(42 8 62 10 55 26 15 33 9 -46 47 0);

I got Win #44.