Wed, Sep. 14th, 2005, 07:40 am
A Safer America
I read Schneier's blog at least once a day, because the guy is truly brilliant when it comes to concepts in security. He has the right Idea about security in general and I've found that what he says reflects a lot on how we live our lives. I like how he uses the idea of "Movie Plots" to explain the gigantic misconception and waste of time worrying about box cutters and shoe bombs is. Honestly I still support Bush's action in going to war, but as the days go on I find myself calling into question truly the benefit we have gained. If you know me, I'm a war type of guy. I love anything that has to do with war, which is strange then how I didn't end up in the military. It's funny sometimes when you look through history, the foolish things wars are fought for. I guess this one is no different.
I'm glad Nagin and the governor of Louisiana are now taking some heat from what they DIDN'T do either concerning Hurricane Katrina efforts. I will agree Bush should have acted quicker, but there is no way Louisiana and New Orleans politicians should get off scott-free. There was a definite miss-appropriation of funds regarding this whole situation.http://www.schneier.com/blog/archives/2005/09/katrina_and_sec.html
I'll get Gamersanon.com back up one of these days, as soon as I rebuild the Linux server.
I read an interesting article this morning, about computer security and dumb ideas concerning it. The author had some great points and it's tough to really understand where he is coming from on others. In a society of engineers where we are taught things such as penetration testing and install working/secure later it's tough to agree with his statements.
I'll highlight a few of the points to express my opinion on them:
-"We're Not a Target" : The author hits this square on the head. Worms and malicious code don't care whether your network is interesting or not. I find that this is said a lot to smaller businesses as an "assurance" policy to make them feel better with their lack of security.
-"We don't need host security, we have a good firewall" - Again the author brings a great point to light. I find so many people that think because they have a hardware firewall at their point of entry they are safe. Host security is becoming one of the largest fields right now. Just look at the geek squad earning mad cash at Best Buy. They entire business is built on fixing your computer problems, which 90% are occurred from viruses, spyware and malicious individuals.
-"Let's go production with it now and we can secure it later" - In my IT career to date I can't tell you how much I hear this statement said. It just blows my mind that people do this, and they do it all the time. This point is also a great spot of debate. Because in the real world you have to balance security vs need. In the end no matter how secure flawed an item is, if you NEED it, it gets implemented. When instead it should be re-made more secure, and then implemented.
Here is the Fifth dumbest idea in computer security:
""Penetrate and Patch" can be applied to human beings, as well as software, in the form of user education. On the surface of things, the idea of "Educating Users" seems less than dumb: education is always good. On the other hand, like "Penetrate and Patch" there have been numerous interesting studies that indicate that a significant percentage of users will trade their password for a candy bar, and the Anna Kournikova worm showed us that nearly 1/2 of humanity will click on anything purporting to contain nude pictures of barely clothed females. If "Educating Users" is the strategy you plan to embark upon, you should expect to have to "patch" your users every week. That's dumb.
The real question to ask is not "can we educate our users to be better at security?" it is "why do we need to educate our users at all?" In a sense, this is another special case of "Default Permit" - why are users getting executable attachments at all? Why are users expecting to get E-mails from banks where they don't have accounts? Most of the problems that are addressable through user education are self-correcting over time. As a younger generation of workers moves into the workforce, they will come pre-installed with a healthy skepticism about phishing and social engineering.
Dealing with things like attachments and phishing is another case of "Default Permit" - our favorite dumb idea. After all, if you're letting all of your users get attachments in their E-mail you're "Default Permit"ing anything that gets sent to them. A better idea might be to simply quarantine all attachments as they come into the enterprise, delete all the executables outright, and store the few file types you decide are acceptable on a staging server where users can log in with an SSL-enabled browser (requiring a password will quash a lot of worm propagation mechanisms right away) and pull them down. There are freeware tools like MIMEDefang that can be easily harnessed to strip attachments from incoming E-mails, write them to a per-user directory, and replace the attachment in the E-mail message with a URL to the stripped attachment. Why educate your users how to cope with a problem if you can just drive a stake through the problem's heart?
When I was CEO of a small computer security start-up we didn't have a Windows system administrator. All of the employees who wanted to run Windows had to know how to install it and manage it themselves, or they didn't get hired in the first place. My prediction is that in 10 years users that need education will be out of the high-tech workforce entirely, or will be self-training at home in order to stay competitive in the job market. My guess is that this will extend to knowing not to open weird attachments from strangers."
I really like the idea he has going here. Take all the possibility for errors and problems out of the users hands. Enact software restriction lists, and implement policies that prevent the user from coming in to contact with these things. The initial overhead for this type of thought process is very high, but comes down substantially after it's implemented correctly.
Here is the article: http://www.ranum.com/security/computer_security/editorials/dumb/
I didn't get selected for Jury duty either Tuesday or Wednesday, so maybe next week will bring about new hope.
Men's health as always kicked ass this month. This month's cover article was Matthew Mcconaughey. It was a great read because he talks about how working out shouldn't be as much of a chore or a set thing, but more based on feel. Push yourself to the limit and you will succeed. It's very motivating and uplifting. Makes me long for summer.
The Abs diet worked while I was on it for 1.5 weeks. When WoW came out I stopped the diet to level in WoW. I'm back to eating well again for the most part, I just need to watch my soda in take now.
We are going to the lakefront this Friday again, it will be awesome as it always is. Last time we went there were a shit load of young women, and it made for a kick ass time. We only had a group of 4 last time. I think we are going to have a 20+ group again this time. It's going to get crazy no doubt.
I just read SHA-1 encryption was broken. That is huge news security wise.
Tue, Feb. 8th, 2005, 07:38 pm
As I said before, the quality of a restaurant is determined by their Fajitas. Tonight I went to Applebee’s, and again ordered Fajitas. I sat at a window overlooking the mall and couldn't help but notice how empty and deserted the Mall looked. I read my Infrastructure Master book, hopefully I can kick my ass into gear and get the rest of this MCSA Cert centered away.
Back to Fajitas, they were okay, but the chicken marinade was a tad bit strong and the steak tasted a lot like Taco bell steak, which isn't a good thing. I would have given them a C+ however once I got back to the room, my stomach went into a torrential storm. After what seems like an eternity I am finally feeling better. They get a D- for their Fajitas. BOO to you Applebees, I Shall never dine on your Fajitas again.
I can see problems brewing next week with what is going to go down at work. We'll see how it all works out. I'm going to read my book; I just got done watching 3 hours of law and order. That show really was way ahead of it's time.
The quality of a restaurant comes down to the simple element of making a Fajita. How good the fajita is determines where a restaurant resides on a scale of A+ to F. I seem to order Fajitas any time I go to restaurants. I just always order them, I love them so much. I really should refrain from ordering them at certain restaurants, because it's a large let down.
I ate at Chili's last night here in Michigan, along 94 East towards Detroit. The fajitas were very favorable but the cheese, or lack there of soured the tasting experience. I give their Fajitas a B+, thereby automatically giving their restaurant a B+ as well. Remember, if you make great Fajitas, your restaurant is the best in the world.
On that note I am a bit bored out of my mind at night. My work laptop can run Wow, but it feels way to stiff. I associate it with the fact that the LCD panel has either a slow refresh rate or bad color contrast. In the end I can't play more than 40-50 minutes on it before I find myself livid with the graphical lag.
I wrote a semi-bubble sort last night in an IM with a friend. I messed it up because in order for it to truly sort the entire combination, it requires a double recursive loop, one from the front and one from the back. The correct code would be as follows.
for(a=0; a < array.length-1; a++)
for(b=1; b < array.length; b++)
if(array[a] > array[b])
temp = array[a];
array[a] = array[b];
array[b] = temp;
for(a=array.length; a >= 0; a--)
for(b=array.length-1; b >= 0; b--)
if(array[a] < array[b])
temp = array[a];
array[a] = array[b];
arrray[b] = temp;
I woke up, my left knee is still pissed, hurts when I extend it. The shower was cold, I ran out of toothpaste and did not have another(wtf!). My shake this morning tasted horrible, I don't think I blended it enough. My tire Exploded while on the road almost losing control swerving into a semi-truck. The jack came out from under my car and the car almost slammed down on my foot, only about an inch away. I have never had that happen ever in my life in replacing tires. My spare is now almost flat, and I have a 35 Minute travel to get home. There is a Nonpoint concert tonight, but I doubt I can make it with the tire needing repair. I have a review this afternoon, we'll see how that goes. What a wonderful day.
On a lighter note I bought a Norelco Coolskin 7775x shaver. It's the closest shave besides a razor I have ever had, and the lotion is amazing. The friend with benefits said Friday night she liked the way it felt, so the Coolskin has the thumbs up from me.
Mon, Nov. 29th, 2004, 08:59 am
Week 1 down
So onto week 2 of the Abs diet, Same weight, height and all that, Didn't check the fat %, I'll do that later this week. The eating is going well, I like the shakes and all the other foods. There are some great recipes to make too. I might do some pasta tonight, see how that comes.
WoW is fun. Much better than my previous play attempts at it. I find it much more enjoyable than EQ2. Also however I find that it is much more a soloing type game than EQ2. EQ2 relies so heavily on parties, it's virtually impossible to do anything past lvl 15 without another person. WoW is much nicer when it comes to soloing, but in turn I think that hurts more the social aspect.
In EQ you form a group, and then you go hunting, and you just kick ass. In WoW groups seem to be formed for a quest that takes approx. 5 minutes to beat, and then the group disbands. The exception to this is Guild groups which rock because you know everyone knows their role and can rock it hard.
I was very impressed with Shakta, Vicious, Hyure, Wuss, and Natael. All 5 of them know how to play their class and play it well. Shakta and Vicious stand out among the pack as players of real skill, yet I still beat Shakta in a duel =p.
The professions in Wow are SOOOOOOOO much better than EQ2. EQ2's professions seem so mindless and utterly stupid. WoW's seem to have a direct effect immediatly. Being a Hippy is fun and it gives me an excuse as to why I have a train of 5 mobs on me. "dude there was Bruiseweed over there. I needed Bruiseweed bad." It so reminds me of this Penny arcade comic. http://www.penny-arcade.com/view.php3?date=2004-03-22&res=l
Sun, Nov. 21st, 2004, 10:23 pm
The Abs Diet
I've been a subscriber of Mens Health for a while now, and I finally went out and bought the Abs Diet book. I've been reading about it for a while and took the time to now officially look into. So here's the deal.
Currently I'm 190 Lbs, 6'5. my BMI is 22.8 and my waist to hip ratio is 88%. My Body Fat index is around 14-17%. I'd like to get it down a bit lower and completely erase my love handles. Currently I have the 4pack but the I'd Like to have the six pack.
So here's the deal. On tuesday I'm going to start the Abs Diet. I have all my meals mapped out, and everything ready to go. I'll report on it here once a week. We will see how it goes. I don't have problems staying true to this stuff at all. The reason this is the first diet program I'm doing is because this is the first Diet I can understand. Low fat, low carb do very little in the end, but changing how you truly eat and eating food better for you will be the key to succeeding.
So if anyone actually reads this, I'll keep you informed :).
Reasons for doing this are three fold. The first is to have a more healthy body. Studies have proven across the field that a healthy person is much less likely to have heart disease and diabetes. The second is for a stronger core. Everything we do in life revolves something with our midsection. An in-shape mid section is key to no injuries in life. The third reason is for sex appeal. The first place most women look are either the eyes or the abs. Having a lean mid section is vital to garnering that first look of approval and arousal sexually.
I'm ready, lets roll.
I've been actively using Windows Servers since NT 3.5 and while I like them for some areas, I dislike them for others. I'm a big advocate of Windows and Linux environments actively utilizing both sides’ strengths.
Today I passed the 70-290 exam Maintaining and Managing Server 2003. Finally after saying I was going to for like 2 years. I have three exams left to become MCSA certified since my A+ and Network+ certifications will qualify as an elective. Then I will have 2 more exams after that to become MCSE certified.
In the end I don't know if I really want MCSE. While it holds a lot of prestige, in the end I really want my CCNP and RHCE certifications. My CCNA certification expires in March 2006 and I want to be well on my way to CCNP before that point. So in the end, I need to really get my act together and re-affirm again where I want my life to go. In the end I really don't want to own my own business, I more want to be the part of team that functions flawlessly in an advanced environment built upon challenge and problem solving.
So I'm happy, life is good indeed.
Domo is getting a bunch of Cat5e a friend of his won on a crazy auction for cheap as hell, we are going to wire a friends house. He started building a new place along the Milwaukee River, amazing house and we are going to have a blast wiring it up with everything you can imagine. Too bad the weather here has gotten colder and it will be a tad bit un-comfortable working.
Started my EQ2 scout last night, got him to level 6 and then proceeded to study for the cert test today. I connected 2 Cisco routers and 3com router, and made some crazy loop, and then proceed to use ACL's to severely limit the amount of Upload Blizzards WoW client could hose from me. In the end I was downloading at about 40Kb a sec and uploading at 10Kb a sec. Awesome. Shows you that whatever they can think of, it can be outsmarted.
HL2 came out today, its on content delivery from Steam, so it will be waiting for me when I come home.
Today is a gym day, run 5 miles, bike 1 mile, stair climb 1 mile. My legs always seem to just kill me after the workouts, but it’s good. Then go home and use the medicine ball for 30 minutes and it will be set. I missed my Bowflex workout last night cause of studying. But it's cool; I'll work a bit harder tomorrow to make up.
So after the Fileplanet spots filled up Monday, Tuesday morning, around 6:00 am I got into open beta through Worldofwarcraft.com. The problem now lies in downloading the actual game. Blizzards proprietary Bit-Torrent application does not limit upload speeds. So my download starts at around 650KBytes/sec and then settles down to 10-25Kbytes/sec. This is to be expected says Blizzard because I am behind a Firewall. Now the Upload, starts at 0, then raises to 20Kbytes for one minute, then Tops around 110Kbytes a minute and NEVER goes back down. That is my maximum Upload and I am NOT cool with that. I don't mind sharing, but there is no way in HELL I am going to let Blizzard only give me 10-25Kbytes/sec and Milk me for 110Kbytes/sec Up. I've tried many individual torrents with no Success. So now I am in no mans land. Unless I can find a torrent that allows me to download it within a bit torrent client that lets me limit Upload rates, I won't be playing WoW until Release. And if Blizzard decides to let players keep characters from open beta into release I doubt I will play at all.
I dislike Blizzard fan-bois on multiple levels. Following anything in life with the sole belief that it is the only possible path is a layout for disappointment. I especially hate people who claim that Blizzard can do no wrong; even when Blizzard adamantly spits in their faces they seem to feel that it's sacred spit of the gods. This type of mindless following is in essence what Humans have become so known for.
The Blizzard I might have liked died a long time ago; their last good game being Diablo. Let me explain. Warcraft was amazing in the dimension upon which it existed. It expanded the whole Idea of what a computer game could really do at that time. Then Came Warcraft 2. It was one of the large reasons RTS's became so big in the late 90's. Issue number one; blizzard was not the sole being responsible for the RTS boom, however they take sole credit for it. The game many people forget about as having actually existed and rivaled Warcraft 2 was Command & Conquer, which I found to be just as amusing, but lacking in multiplayer where Warcraft 2 excelled. In the end the Multiplayer goodness found in Warcraft 2 was non-existent in Command & Conquer.
The majority of inspiration and wealth of programming knowledge left somewhere after Diablo. One of the coders for Diablo I remember meeting in Programming classes at my High School. He actually sent me a free copy of Diablo when it came out. I was thoroughly impressed. It has become however, very evident that the skill of coders and the inspiration behind games has walked out the door.
Diablo was also revolutionary in what it accomplished. It created an easy layout to play a rudimentary form of Dungeons & Dragons with your friends either over a LAN or a WAN such as the internet. It brought so many different ideas into a flowing entity of excellent goodness. It offered three classes that in themselves offered a multitude of expansion for that time. The graphics were stupendous and the fighting was flawless. Then the cheats and hacks came out of the woodwork. It seems Blizzard was not very security minded when creating games, which made for amazing games, but also made for many nights of pure anguish on Battle.net. In the end Diablo was absolutely awesome, but the experience was marred by cheating 10 year olds from little kid land.
Let’s take a look at two things Blizzard did in the evolution and process of WoW. The first was offering stress-tests and open beta entries through File Planet. This action shows they are more concerned with their bottom line and profit margin than a good gaming experience. It also shows just what they think of what they call "beta". See Blizzard has picked up on the wonderful idea that most people seem to be keen on these days, beta is a symbol of status. The days of beta testing to actually find bugs are long over. Now are the days of bragging to your friends about how you got into beta and they didn't. It’s about letting everyone know just what you think about a game that’s not even close to being done.
This troubles me to a great extent, because almost all MMO companies are now under the assumption that a game can be released full of bugs and problems, and can be fixed over the following year. That all they need to do is get a shell of the game operational to give the hordes of players something to gawk about.
The second thing Blizzard did was require that the Zip for the betas be opened with Winzip 9.0. Now I have not witnessed this first hand, however I've heard from a multitude of sources that it's true. I find that disheartening since I've vowed to never use WinZip again in my life. WinRAR is so much smaller and does so much more.
If I had to discern a point from my mindless rambling it would be this, that Blizzard is no longer the company I knew when Warcraft 2 came out; it has changed from a company built for gamers to a company about mad money. In the end am I really that surprised? No not at all, because every other company is the same way. I remember when Fallout by Interplay came out. Interplay was the bomb. They really cared for the gaming community and you could see it in their work. But after a while it got to be too much for them. The secret is that the problem doesn't lie within the companies but within the gaming community itself. The volatility of this very community is nerve shattering. Nine years ago I would have never thought that companies would have switched to a money oriented philosophy so quickly. Then again I would have never imagined using strands of chicken wings as a basis for making processors run 50 times faster and 80 times cooler than silicon.
Then there is Blizzard, a company whose has shown through many different facets just how much they care for their gaming community, and yet people still follow them mindlessly. It irritates me to no end. And to try and explain to them how they are being laughed at and ridiculed on a daily basis by the Blizzard brass, they shrug it off like nothing. I had a discussion once with a guy comparing Total Annihilation to Starcraft. I could not believe how intellectually challenged he was to think that in a million years Starcraft was a superior game. Now I am NOT saying about his opinion. If he liked Starcraft better that’s cool, but to say that Starcraft was a better designed, coded and implemented game is undeniable ignorant. Total Annihilation was built from the ground up using modular inter-connecting blocks of code sub-portable to an infinite amount of multi-level states. I have currently over 1500 UNIQUE units in my Total annihilation Build. I can sit down and take 20 minutes and create a new unit, and make it unique and make it kick ass. His argument was based around how Starcraft was built so well and how it was so original. Bullshit. Starcraft was the biggest rip off of Warcraft 2 combined with Command & Conquer I have ever seen. The sheer idiocy behind the idea of Starcraft being original is like adding Ice Cream to a banana and trying to patent it saying you were the first to develop the combination of ultimate deserty goodness.
And now we arrive upon Warcraft III or should I say "Role-Craft III". The whole Idea of Warcraft III fitting into the franchise of Warcraft is mind boggling. The game is so far from the mind set of the other two it’s un-comprehendible. Practically every person I talk says they love the unit specializations and customizations, but I don't. Warcraft is about mass, it's about strategy, not about single units, not about small parties. The races were trash, the story line was trash, and the whole game was trash. Of all the RTS's I've played in my life, Warcraft III has one of the worst pathing jobs I've ever seen. The whole game left such a horrible taste in my mouth, that I found myself playing Warcraft II on a Pentium 150 with 32 Megs of Sram in DOS that I built to solely remind myself of what the Warcraft franchise used to be.
A game is what you make of it, and if it is fun to you then enjoy it to no end. Do not however come to me claiming that because it’s a Blizzard game it will be better than EQ2 or other MMO’s. That claim is mindless and lacking of evidence. So as you can see I’m not to happy with how Blizzard has acted over the last months, and I’m trying hard to stay positive, because I’d like to give World of Warcraft a fair try. I’ve played it a few times and it was fun, but if Blizzard decides to keep up this attitude of players being inferior to the corporation, then they will quickly lose my business. After all I have a SOE all access pass, so I can play EQ, EQ2 and Planetside anytime I feel the need arise for games I’ve liked in the past.