Saturday, November 22, 2014

Interesting Read- Coding Malware for Fun and Not for Profit


Very nice explanation of the Windows XP Boot Process. That knowledge can also be leveraged for later systems.  Specifics have changed but the general flow of the process hasn't.

Another plus, the author promises if you read his blog you will get laid more.  He doesn't promise it won't be in a FFMUTA prison though.

Friday, November 21, 2014

Examining Obama's Immigration Overhaul - What I am reading 11/21/2014

Josh Blackman - Eight Observations About OLC Memo on Constitutionality of Executive Action on Immigration -

The TL:DR version.  The program appears legal, but the details will matter.  If it becomes a rubber stamp and all applicants are automatically approved then it becomes an exercise in executive overreach and therefore illegal.  At least that's how it reads to my non-lawyer eyes.

The Verge - Obama's immigration plan comes up short for Silicon Valley -

"If this is all there is, then the president has missed a real opportunity," Russ Harrison, of the IEEE, tells Reuters. "He could have taken steps to make it easier for skilled immigrants to become Americans through the green card system, protecting foreign workers and Americans in the process."

Reuters - Obama's immigration tweaks leave Big Tech wanting more -

The president's moves will make it easier for entrepreneurs to work in the United States and extend a program letting foreign students who graduate with advanced degrees from U.S. universities to work temporarily in the United States.
But tech industry insiders said the changes, while positive, were limited.

I think you all know how I feel about H1B visas.  There mat be some (limited) value to them but in general they are a scam for tech companies to avoid paying higher wages to US workers while not having to relocate to someplace like India, Bangladesh or the Congo.  Given that, I was not disappointed at all that Obama didn't expand the program.  As I said last night - If the Republican Congress really wants to hold Obama's feet to the fire on this they should let Zuckerberg and do the heavy lifting.  Simply refuse to authorize any H1B visas for the next 3 years and no green cards for current H1B holders.  Hit the Silicon Valley types in the pocketbook.  They supported Obama overwhelmingly, let them face the consequences.

My standard disclaimer - Don't take this as an anti-immigrant statement.  I think legal immigration is a good thing.  In general I welcome anyone who wants to come to America, assimilate and work.  My problem is with illegal immigration, both because it is illegal and because of the negative economic consequences and with the gaming of the immigration system (use of H1B visas.)

Public Service Announcement - 

Lifehacker - PSN, 2K, and Windows Live Allegedly Hacked, Change Your Passwords Now -

 CNET and report that hacker group DerpTrolling claim to have 7 million logins and 500,000 credit card data—including Comcast, Twitter, Facebook, and other sites.
Well I guess I know what I will be doing this weekend.  Again.  At some point we need to be able to sue these fuckers for not properly securing our data.

Wednesday, November 19, 2014

How to think like a Gorean Googler - What I am reading 11/19/2014

Boing Boing - Unpublished Gor Books -
Rob Beschizza presents these delightful and unexpected finds in the long-running saga of female humiliation and slavery.      
This article is intended as satire obviously, but when you attack the classic that are the Gor books, then you sir have gone too far.

Lifehacker - The Tech Skills and Courses Google Recommends for Software Engineers -
Software engineering is one of the most in-demand and best paying careers, but learning computer science can also pay off even if you don't do it professionally. Google has a guide on the courses and experiences future software engineers should consider.

Most of these courses are free, or extremely cheap.  They may not get you a job at Google, but as I keep telling my nieces and nephew, if you are going to move forward in life anymore you have to continually be expanding your base of knowledge. If you can spend 45 minutes a day cranking out a lesson or watching a couple videos then do it.  (It would be nice if someone would do something similar with infrastructure.)

Quartz - Why Amazon will never lose the book war -
Over time, there is a path for Amazon to become an author’s first-choice platform. It’s a peerless distributor that has already harnessed its prowess in warehousing and distribution logistics to its on-demand printing business, which lets it act as a wholesaler as well as a retailer of books. Bolt on a data-gathering publishing platform like Medium, or simply better integrating Kindle with Good Reads, and Amazon would have a low-cost business development sandbox, a platform that aspiring authors without followings could use to build their audiences.
I kind of agree with the author.  One of the things he misses though is Amazons ability to bring previously unpublishable authors to the marketplace.  I have read quite a few Kindle Direct Published books over the last two years, and a surprising number of them are actually very good.  They would have been better if they were more polished, but as that market expands I believe that void will fill itself.  I think that in and of itself will start cutting into the traditional publishing marketplace.

Tuesday, November 18, 2014

Gang operating rogue TOR exit node distributing Windows executables wrapped in malware

Didn't see this article this morning or it would have been in my What I am reading post:

Ars Technica - For a year, gang operating rogue Tor node infected Windows executables -
Three weeks ago, a security researcher uncovered a Tor exit node that added malware to uncompressed Windows executables passing through it. Officials with the privacy service promptly shut down the Russia-based node, but according to new research, the group behind the node had likely been infecting files for more than a year by that time, causing careless users to install a backdoor that gave attackers full control of their systems.
Maybe it's just me but TOR seems less and less to be a helpful privacy tool and more and more like an advanced malware distribution system.

What I am reading 11/18/2014

NY Times - Pay Phones in New York City Will Become Free Wi-Fi Hot Spots -
(B)eginning next year, city officials said on Monday, the relics will evolve into something deemed far more practical: thousands of Wi-Fi hot spots across the city, providing free Internet access, free domestic calls using cellphones or a built-in keypad, a charging station for mobile devices and access to city services and directions.
Seems like a decent idea (I had a similar one years ago to install paid WiFi hotspots in ATM kiosks only Starbucks, Barmes and Noble, etc.  all switched from paid to free hotspots so that kind of blew my idea out of the water.)

Wired - U.S. Gov Insists It Doesn’t Stockpile Zero-Day Exploits to Hack Enemies -

Of course it doesn't.  It stockpiles them to use on it's citizens.  Just Kidding:
In a new interview about the government’s zero-day policy, Michael Daniel, National Security Council cybersecurity coordinator and special adviser to the president on cybersecurity issues, insists to WIRED that the government doesn’t stockpile large numbers of zero days for use.
“[T]here’s often this image that the government has spent a lot of time and effort to discover vulnerabilities that we’ve stockpiled in huge numbers … The reality is just not nearly as stark or as interesting as that,” he says.
TLDR: It's more in the governments interest to find or purchase and disclose MOST vulnerabilities so they can't be used against us than it is to save them for use against others.  Note the word most.

Monday, November 17, 2014

Oh My God! This is completely unexpected - Tax increases kill economic growth - What I am reading 11/17/2014

Seattle Times - Japan slides into recession as tax hike takes toll -
Japan's economy unexpectedly slid into recession as housing and business investment declined following a sales tax hike, further clouding the outlook for the global economy.
I am going to be blunt here - This was only unexpected by absolute fucking retards and a certain class of politician (But I repeat myself).  Anyone who has paid any attention would have known that drastically increasing the sales tax would lead to a decrease in economic activity.  

And so speaking of retarded politicians killing economic activity:

‘Millionaires tax’ possible in Seattle? Council asks city’s lawyers -
The Seattle City Council voted Friday to have the city’s Law Department investigate the possibility of enacting progressive measures like a “millionaires tax.”
The action tells city lawyers to explore the legality of “an excise tax on annual individual or household earnings in excess of $1 million.”
because nothing says, "Come spend your money in my city" like a whole new series of taxes Especially when you couple it with insults about the 1%, but that's not the only new tax the council would like to enact:
A proposal from Sawant that didn’t make the council’s Friday agenda would have raised an estimated $20 million a year for bus service by establishing an employee head tax on businesses and increasing the city’s commercial parking tax.
Someone needs to tell this council that 3rd world status isn't something that you are supposed to be striving for.

Quartz - This US Navy ship is now armed with a drone-killing laser beam -
The US Navy now has a ship in the Persian gulf armed with a “laser gun.” That’s how the US Chief of Naval Operations described it, in passing, to a Congressional hearing back in March.
Great, but when are we getting the rail guns that can blast a hole in the moon?  Priorities people!

Medium - How to get a job in Silicon Valley -

I'm not sure I would want to since my daily reading of Valleywag and Pando Daily make it sound like Hell on Earth, but if it's your cup of tea here you go.

 The Register - Attack reveals 81 percent of Tor users but admins call for calm -

The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool.
"Although the capacity of current networks makes packet-level monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco's NetFlow, to mount large-scale traffic analysis attacks."

Oops! - Net Neutrality is Just a Symptom -
Lets call it like it is: in most of America, we’ve got a broadband duopoly at best. And it’s simple economic theory and best-practice capitalism that in an unregulated near-monopoly, you will see manifestations of policies, practices and behaviors that are not always customer friendly.
Read the rest.

Sunday, November 16, 2014

Sometimes I think maybe people don't get it -

Never Mind - don't want to start yest another series of blog / twitter wars.

Super Cool - Mechanical Computer Doing Fourier Transforms

The Fourier transform has many applications in physics and engineering. Fourier transformation from the time domain to the frequency domain transforms differential equations into algebraic equations and convolution into multiplication. This often results in simplification of needed mathematical manipulations. The Fourier transform is reversible, being able to transform from either domain to the other. The term itself refers to both the transform operation and to the function it produces.


Life as an illegal immigrant in Thailand - What I am reading 11/16/2014


The Register - Sarong it's right: Coining it in Thailand without a visa -

Hmmm I would have thought it was all ladyboys, kickboxing and beer but apparently "The Hangover II" misled me.

Wired - The Feds Are Now Using ‘Stingrays’ in Planes to Spy on Our Phone Calls -
according to a new report from the Wall Street Journal indicating that the government has been using Cessna planes outfitted with special phone surveillance equipment to track suspects. But the surveillance system is designed to pick up the phone signals of anyone within range. The range of the equipment is currently unknown, but it means that data on potentially tens of thousands of phones could be collected during a single flight.
I wondered why that Cessna always seems to be following me.  I just assumed I had a stalker who was into old, short fat, hairy, retarded, white guys.  After all we are quite the catch.

I know I am a lazy bum.  Only two articles but everything is so bleh.  


Andrew Grant - Run -

Based on the description I had had hopes for this book:

Marc Bowman, a highly successful computer consultant and software designer, walks into his job at a major tech company one morning only to find himself fired on the spot, stonewalled by his boss, and ushered out of the building. Then things get worse: An explosive argument drives his wife away and a robbery threatens to yank a million-dollar idea—and his whole future—out from under him. In a matter of hours, Marc has gone from having it all to being sucker-punched by fate. But it’s only Monday, and before the week is over, he’ll be stalked, ambushed, wiretapped, arrested, duped, double- and triple-crossed—until he can’t tell enemies from allies.

Suddenly, the only thing standing between him and the wrath of everyone from the FBI to Homeland Security to his desperate ex-bosses is a flash drive full of data that might just be the holy grail of high-tech secrets—and a holy terror in the wrong hands. Now, as the gloves come off and the guns come out, turning back is hopeless and giving up is madness. The only person left for Marc to trust is himself. And the only thing left to do is keep running—or end up a dead man walking.

Unfortunately they didn't pan out.  I don't want to give too much away but this book fails on a few   levels.  First, the main character is thoroughly unlikable.  I mean he starts off OK, but within 20 pages you know he is just a pretentious douche.  Not only that but as you get into later revelations about how he has treated his wife and friends you kind of end up hoping he will get his ass kicked.  Second, for being a supposed data analytics genius he has to be literally clubbed over the head with some revelations.  At some points I literally wanted to scream, "He's the bad guy you doofus".  The guys on the other side are no better consistently misinterpreting events, in ways that feel utterly contrived.  Extremely frustrating reading.  Finally, there isn't even really a story here.  At any point in time this entire problem could have disappeared.  This McGuffin is two usb flash drives that the main character had in his pocket when he left work.  The recognized the fact almost instantly and send his wife to get them back.  When he refuses do they a) contact a lawyer and have him issue a cease and desist letter, b) contact the sherriff and report the theft, or c) have the mafia send a super creepy hitman after him.  

All in all just a bad book.  I wouldn't even recommend it for airplane reading. 

Saturday, November 15, 2014

Free Cisco ASA Training

Found this last night - a 20 video course on basic administration of a Cisco ASA security appliance (Firewall).


The series doesn't cover everything but it is a resource that is available.