Older than coprolite

Old jokes don't die, they just get longer.

Linus Torvalds in the 1990s:

Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it.

I encrypt my files and place them as spectral noise in pornography and make it available on the net.

I even have people emailing me asking to help implement my backup solution.

It is rare I cannot find backups of my files using Google Image search.

Mom's credit card number

The Month of MySpace Bugs observes:

When learning of this bug, we realized that there would be at least several thousand typical Myspace users who may be concerned about this sort information disclosure attack -- many more than would be concerned about a null pointer dereference, a local-only privilege escalation in Mac OSX, or a double-free in PHP4. While these other bugs, and even some XSS bugs detailed here at MOMBY, are more closely associated with information security, there is about zero common interest in these issues outside of a small, highly-trained circle of professional attackers and defenders. On the other hand, Myspace is simultaneously a common reference implementation of poor web application design, and one of the most popular and useful destinations in the history of the Internet. This is paradoxical to technical professionals, and the security set seems to be suffering a serious bout of cognitive dissonance on this point. Kids (12 to 24 year olds) are learning their Internet habits on Myspace -- that means cleartext authentication, random errors and re-logins, mysterious loss of data [and] privileges, and easy XSS-enabled session hijacking are pretty much the sum total of their day-to-day experience.

On the security industry

A particularly insightful comment on Slashdot today:

no such thing as a white hat is there?

I mean - I can only assume this was a 'white hat' hackers conference, given there was actual publicity given and a public bounty and such. But then things like these pop up?

"'Shane can have the laptop, I want the money,' Dai Zovi said in a telephone interview from New York"
"Conference attendees were underwhelmed, reasoning a Mac exploit that required no end-user interaction could be sold for upwards of $20,000."

Makes me think.. black hat, white hat.. what's the difference these days? I thought a white hat hacker was the 'good guy' (albeit still a hacker).. the kind of person who hacks for fun / curiosity.. the kind of person who notifies the developer of the bug or, at least, just makes the bug known to the world at no charge. Not the kind of person who hacks, then scours the 'security conferences' for a bounty, and when that bounty is lower than what they could get off of actual 'bad guys', complain that the bounty is too low. To me, that just sounds like the person is a black hat, but dons a white hat on top in an attempt to fool us into thinking they're white hat.

Waiting for Knuth

So does this sentence sum up all of the problems with modern software engineering?

Usually [Donald Knuth is] attending to his masterwork, a seven-volume series called The Art of Computer Programming, which, although only half-done, is widely regarded as the discipline’s ultimate reference guide.

Quotes about atheism

From Steve Dekorte's quote bank:

I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours.
- Stephen Roberts

Calling Atheism a religion is like calling bald a hair color.
- Don Hirschberg

So far as I can remember, there is not one word in the Gospels in praise of intelligence.
- Bertrand Russell

Troublesome kids

In the theme of dormitory residents running amok, I thought I'd link to the story of the first documentable computer virus. Pay special attention to section 3, where it turns out that their computer virus effectively served as an antibody to a subsequent, more destructive virus!

Digital evolution is so cool!

Boom

Kottke links to the classic Ken Thompson compiler hack that shows how there's no such thing as trustworthy computing unless you write your own compiler and compile all your software from source; otherwise, you are vulnerable to backdoors embedded by a possibly malicious compiler.

It reminded me of my favorite trojan horse story, perpetrated by the pranksters at the CIA:

The American intelligence community participated in a more subtle response [to coordinated Soviet technology espionage], instigating an operation of disinformation and faulty technology transfer. The most famous incident was the sabotage of the new trans-Siberian pipeline, which delivered natural gas from the Urengoi gas fields in Siberia into the West.

The Soviets needed sophisticated control systems to automate the operation of the pipeline's valves, compressors, and storage facilities. As the United States was unwilling to provide the necessary technical infrastructure to operate the pipeline, a KGB operative was sent to infiltrate a Canadian software supplier in an attempt to steal the needed software.

The CIA was tipped off by [a Soviet defector] and informed the Canadians about the attempted theft. The U.S. then delivered doctored software through Canadian software firms into Russian hands. This software, designed to run the pumps, turbines, and valves, was a Trojan Horse programmed to malfunction after a period of smooth running. The malfunction would reset the pump speeds and valve settings to produce pressures that were far beyond those acceptable to the pipeline joints, and welds.

The result was the greatest non-nuclear explosion ever seen from space, rated at around three kilotons by the Air Force Chief of Intelligence. There were no casualties of the pipeline explosion, but significant damage was made to the Soviet economy. In time, the Soviets came to realize that they had been stealing faulty technology, but this only exacerbated the situation. As they did not know which technology was sound and which was doctored, all became suspect.

And should be critically considered

I really like this disclaimer sticker for Bibles.

Today's atheism rant

Every once in a while, you just read a sentence that you know you'll be quoting for the rest of your life.

And so it was today, when I read P.Z. Myers responding to an article he read:

And the Dawkins-inspired "science vs. religion" way of viewing things alienates those with strong religious convictions. Do scientists really have to portray their knowledge as a threat to the public's beliefs?

YES! YES! YES! Knowledge is a threat to beliefs held in ignorance...

I also spent some time today listening to a local priest deliver a sermon via podcast. This line struck me:

...For faith is not blind; faith is, in fact, very, very reasonable.

Faith has never been enough for most people, and that's why they continue to fund scientific studies that seek to prove the healing effects of prayer. (Shorter version: no, prayer does not have healing effects.)

People are smart enough to realize that science is an effective way to discern truth about reality. Perhaps one day people will realize that faith is an ineffective way to discern the truth about reality.

Apparently my local priest is scared shitless of that day coming to pass.

The answer: off the deep end

Lee Iacocca apparently doesn't like our current set of leaders. I'm with him.

(That article reads very strangely when you realize that Iacocca endorsed Dick DeVos in our last Michigan gubernatorial election. Which of the nine C's did DeVos have?)

Clearing out the aggregator, Easter edition

Ok, time to throw some links at you:

• The father of MRI technology died recently. As the O'Reilly Radar blog points out,

  Lauterbur's first paper on nuclear magnetic resonance, which he submitted to Nature in 1971, was rejected because his images, taken with an early version of the device, were considered "fuzzy." It shouldn't have mattered that the images were fuzzy but that they showed something that was not made visible before.

  The message I take away from this is, scientific journals are very selective about what they publish. Which is all the more reason that you can't dismiss evolution or global warming as mere "theories".
• I always knew people didn't care about classical music, but I didn't know the situation was this bad.
• And apparently retired Marines are now enemies of the state, not fit to fly on commercial airlines. WTF?!

Red Bull madness

Yes folks, it is possible to overdose on caffeine and die.

(I challenge you all to find a similar story about someone overdosing on marijuana. Somehow, I don't think you'll succeed.)

Pillow talk

We already know that Cheney demands that his hotel TV default to the Fox News channel.

I wonder if he puts similar riders into his deals with phone sex operators.

My good name

So who is this Smithville guy, and why do his shirts look nothing like me?