Wednesday, June 28, 2017

General blog entries that aren't articles in and of themselves.

Dancing on the Electric Third Rail

Dancing on the Electric Third Rail

So I have an idea for an article. To say it's controversial would be accurate. And I think my position is clear, rational and fair. But I suspect some might not agree or, worse, might misinterpret what I'm saying.

So I'm going to write it anyway and then circulate it among some trusted friends for feedback first.

It's unfortunate, really - something very important, yet so polarized that there's almost no way to discuss it without risking backlash from someone. I guess I knew the job was dangerous when I took it, right?

1501 Hits

Problems...

1643 Hits
Featured

He Knows, You Know...

He Knows, You Know...

Donald Rumsfeld was the United States Secretary of Defense from 2001 to 2006 under President Bush. He is known for many things, but will always be remembered for his statement of an old truism, as quoted -

… as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns - the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.

Continue reading

Copyright

© 2014, Christopher Ambler

4785 Hits

It's been 25 years, I guess I can come clean

It's been 25 years, I guess I can come clean

By now you're aware that there's yet another security bug, this time in "bash," a "shell" used on many servers. For the non-geeks, the gist of the issue is that a very common and absolutely necessary part of the operating system could, in some reasonable circumstances, allow a malicious user to run any code they want on a server to which they should not have access. This is, of course, a bad thing. The bug, now identified, has been fixed and system operators are rushing to patch their systems with newer versions that don't exhibit the flaw.

It's been over 25 years, so I think I can come clean. I knew of such a bug when I was in college that gave me 100% read access to any file on any system. I couldn't modify them, and this bug didn't let me execute arbitrary code, but if I noticed that you had a file in your home directory called "ChrisIsADoodyHead.txt," I could read it. Even if it was in a closed-off directory and locked down, itself. While I never had a need to, I could have looked at all of your code for the computer science class we shared and cheat on my homework. And I mean every file on the file system.

I could read all of your email.

After about a year, the bug was discovered, and I was actually beta testing a version of UNIX (SCO - remember SCO?) that had it and I reported it. It took about another year to move through production and be deployed. Remember, these were the days before automatic patching. Most installs were done from a stack of floppy disks and new versions came out yearly. Maybe quarterly, at best.

The point I'm making is twofold. First, these bugs are everywhere and will always be around. Don't be shocked when they're reported. They happen, they get fixed, and the next one comes along. You're going to get burned by them. And yes, evil douchebags are going to exploit them to, say, illegally download nude pictures of celebrities. There's no victim-blaming when I say that you should acknowledge this reality and do what you can to protect yourself.

And my second point, which is the takeaway here, and the reason I've "come clean" after 25 years to make the point: These bugs are in the wild and known right now. Please stop and think about that. Someone, somewhere, is almost surely reading or copying your stuff if it's online. These bugs don't live in obscurity until someone discovers them and immediately fixes them. Someone finds them and uses them for years until someone else discovers them in a more public way. Remember the speculation and then confirmation that the NSA was exploiting a bug for years before it was ever discovered in public? You don't need to take my word for this.

And please don't shoot the messenger.

Full disclosure: I never shared this bug with anyone else in college as far as I remember. I never found anything illegal, and only once found something that, if disclosed, could have caused problems (someone was cheating something seriously in a number of classes). I never said anything. I honestly can't remember ever seeing anything on anyone that was even remotely bad. Email, back then, also was only something shared among geeks, for the most part. There was pretty-much no private social online usage. I mostly poked around administrative stuff. This being a time before digital photography, I never even saw any nude selfies :-) Some people may not believe this disclosure, and I'm okay with that.

1526 Hits

Moviepass: I'm in if my wife says it's okay...

Moviepass: I'm in if my wife says it's okay...

MoviePass (https://www.moviepass.com/) is making some news today. In a nutshell, pay a flat monthly fee and you can see a movie a day. Of course nobody's going to do that in the real world, but as noted by TechCrunch:

By subscribing to the company’s service, moviegoers can watch one movie a day — up to 30 movies in a month. While few movie buffs have the time to watch a movie a day, the service, which clocks in at roughly $30 a month, is a pretty great deal for even the casual fan. In New York, tickets are about $15, so after two trips to the movies in a month, the subscription would pay for itself.

That works for me. I don't live in a $15 zone, but three movies a month would break this even for me at the quoted price of $35/month.

The only problem, I think, is that I'd hit a movie every weekend if I could - I find them great entertainment; a good way to relax the brain for a couple hours - but my family doesn't enjoy them quite as much as I do. I think a movie-a-month is about my wife's speed. So that's the only reason I'm not buying right now.

Now if they also could do a flat fee on the terribly overpriced popcorn and dessicated hot dogs, I'd jump.

1382 Hits