Saturday, April 18, 2015

This is why McDonalds, Wendy's, and In and Out are secretly bankrolling the $15 minimum wage movement (IMO)

Hamburger-making machine churns out custom burgers at industrial speeds

According to Momentum Machines, making burgers costs US$9 billion a year in wages in the United States alone. The company points out that a machine that could make burgers with minimum human intervention would not only provide huge savings in labor costs, but would also reduce preparation space with a burger kitchen replaced by a much smaller and cheaper stainless-steel box.
Lower labor costs, less real estate required, what's not for a burger tycoon to love?  The only problem would be backlash when you start laying of the workers.


What if the workers were making themselves into a giant pain in the ass?  Walking off the job, demanding unreasonable wages. People might complain for a little while but pretty quickly they would be like, "Well they had to do it.  They weren't making any money."


I know what you're saying now - but places like Seattle have raised the minimum wage to $15/Hr and there hasn't been any real backlash and people seem to be supporting the workers.

To that I say - Yet.  Big Hamburger just hasn't moved to their endgame right now they are just quitely funding the movement and encouraging service disruptions and nationwide strikes.  That will change.

Wednesday, April 15, 2015

Using Statistics to Crack Passwords

This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.
 the top 13 unique mask structures make up 50% of the passwords from the sample. Over 20 million passwords in the sample have a structure within the top 13 masks
 Based on analyzing the data, there are logical factors that help explain how this is possible. When users are asked to provide a password that contains an uppercase letter, over 90% of the time it is put as the first character. When asked to use a digit, most users will put two digits at the end of their password (graduation year perhaps).

So basically math and big data win again.  I am not a math whiz but I would guess that even if you increase the password length (add entropy) this type of analysis would still be useful.  As long as passwords are in use they are going to be subject to this type of attack.

via Slashdot

Tuesday, April 14, 2015

96% of cyber attacks use 1 of 9 methods

This year the report cataloged nearly 80,000 security incidents, including 2,122 confirmed security breaches in 61 countries.
Practically every breach — 96 percent — was the result of one of nine types of attacks that hackers tend to use. The finding confirms a trend that Verizon’s researchers first noticed last year after looking back on 10 years’ worth of attack data.

In cases where an organization’s systems were attacked and confidential data was disclosed, the most popular method used was attacks on Web applications, accounting for 458 breaches, Verizon says. 

So 21% of breaches are a result of just that one type of attack.  The next highest is 19% on Point of Sale systems.



Monday, April 13, 2015

Mini-Review - Furious 7

Went to see Furious 7, the 7th installment of the Fast and Furious franchise, today.  Overall it was OK.  I was a little disappointed that they abandoned the gritty realism that marked the first six outings and concentrated instead on over the top CGI stunts and violence.

Other observations -

1.  They managed to tie Fast and Furious - Tokyo Drift (the best of all the Fast and Furious movies) back into the main story line.  They had to retcon Han's death though and I don't know if I can forgive that.

2.  For being a Muslim country Abu Dhabi sure has a lot of Booze and a lot of Bikini clad women just wandering the streets

3.  Ronda Rousey looks good kicking Michelle Rodriguez's ass.

4.  The entire hacker subplot was retarded.

5.  Based off this movie I may move to Abu Dhabi.

6.  The tribute to Paul Walker was pretty well done.

Unless you are a huge loser or big fan of the franchise (I qualify on both counts) I wouldn't recommend seeing it at the theatre.  Wait for Netflix.

(Note;  This is easily Jason Statham's worst role ever, I include all 3 Expendables movies in that estimation)

Thursday, April 09, 2015

In 30 years this will be pointed to as the start of the end of Reddit OR The Harrison Bergeron School of Economics

Reddit CEO Ellen Pao Bans Salary Negotiations To Equalize Pay For Men, Women
“Men negotiate harder than women do and sometimes women get penalized when they do negotiate,” she said. “So as part of our recruiting process we don’t negotiate with candidates. We come up with an offer that we think is fair. If you want more equity, we’ll let you swap a little bit of your cash salary for equity, but we aren’t going to reward people who are better negotiators with more compensation.”
This is idiocy at it's basest level.  Maybe it would work if you had a captive job market, like Apple, Google, Intel et. al tried to achieve, but we don't and so talented workers will either not accept offers or will flee the company as soon as they realize that they won't be paid what they perceive they are worth.

Note:  It should go without saying, but I know that it won't.  Of course I believe in equal pay for men and women who do equal work, but that isn't what this is about.  This is about the use of leveling to achieve a political goal and apparently the vitality and success of the company is not a concern.
“by averageness and leveling down, everything gets obscured, and what has thus been covered up gets passed off as something familiar and accessible to everyone. virtue of an insensitivity to all distinctions in level and genuineness, and in providing average intelligibility, opens up a standard world in which all distinctions between the unique and the general, the superior and the average, the important and the trivial have been leveled”.[2]

Wednesday, April 08, 2015

Splunk (imagine me making a schpeeelunk noise as I say that, it's more entertaining that way)

My workplace is expanding it's use of Splunk.  As part of that expansion some web based training was made available and I just completed the first part.

Why Chad, you ask, are you sharing this seemingly random, boring, and irrelevant tidbit with us?  (don't try and pretend otherwise I know random, boring and irrelevant are exactly what you though because when I mentioned this to my mother those are the words she used).

Well, I'll tell you - Although I have been aware of Splunk and some of it's capabilities for awhile I hadn't realized exactly how extensive they are.  I probably still don't but I have a better appreciation for them now. 

 If you collect the right data you can correlate everything.  The example that the course gives is an attempted purchase at an e-commerce site where the transaction fails and the customer complains on twitter.  3 steps start to finish to tie the order to the cause of the failure to the customer complaint.  It is both awesome and scary.

That realization also tied back to a book  I read recently  @War: The Rise of the Military-Internet Complex as well as Greenwald's POS.  It gives a little more perspective on the NSA's capabilities.  It may also make me rethink my position on metadata collection and storage.  Currently I am of the opinion that if metadata is properly hashed to hide identifying information until it is unlocked by court order I don't really have a problem with it's collection.  (I know it's not that is just my example of how I would handle things).  I now wonder how much difference that hashing would make.  Gonna have to think about this.

The jist of all this is - I found a new toy with some pretty interesting capabilities.  If you get a chance to mess with Splunk at all take a look.