So, there's a few interesting issues coming up on the ballot. I know you're looking to me to tell you how to vote, or at least clear up what they all mean.

Issue 1.

Simply put it's to authorize the State to issue bonds to pay a bonus to Ohio veterans of the Persian Gulf war.

So WTF would we do that? What makes them so special? Well, it's actually not that odd, the payments that is. We're talking about Ohio National Guard here, so that explains why Ohio would make the payments instead of the Federal government. A good piece on issue one: http://www.wkyc.com/life/programming/shows/seven/news_article.aspx?storyid=123090

So if you vote against it, you're an un-american bastard. Or you could make that up by funding your own veteran and send them checks.

If you vote for it, it'll cost you about $50 over 15 years.

You could also buy some of those bonds and make money off of the deal.

Issue 2

This is a constitutional amendment to create a farm board that will rule on things agricultural.

I'm not a fan of constitutional amendments, but they seem to be how they do things in this state. On the surface it looks great, who doesn't love happy cows, right?

From reading the issue, it looks like it creates a group that could be easily manipulated by special interests. Yeah, one of the members has to be a veterinarian but it doesn't say they can't work for Monsanto.

I did a little sampling of who's for and who's against issue two while visiting farmer's markets and driving out in the country. Large farms are pro issue 2, everyone I buy my food from was against.

I'm voting with my stomach on this one.

Issue 3
It's for gambling casinos. Not that any of the mailers that they send me mention that bit.

I get a mailing every day, which tells me that there's a lot of money on the line for somebody. That somebody isn't me. Maybe if there were mandatory bonds or shares made available so that people other than the owners might see some of that income.

I'm not sure how many times that I have to vote against gambling, but I'll keep doing it.

Don't sit on your ass on voting day

Yeah, I know it's not a history changing election or anything, but take the 15 minutes to vote. I'm talking to you Sean. :)

So the house has been sitting on the market all year. Despite redoing everything and swearing that I'd never rent the place, I've changed my mind. Well the two house payments helped to change my mind. The market isn't exactly that great and the neighborhood isn't that great and the agency listing the place wasn't that great. So basically it sat and the money set aside to help me stick to my guns dwindled away.

Thus plan B.

Plan B's going pretty well actually. While the end of the real estate contract was approaching I had an interesting chat about the situation to an engineer and graphed it out a bit and came to the conclusion that renting was the way to go. A friend in Chicago is building a bit of an empire there and he gave me the skinny on property management. But man I had a lot out doubts.

Last Saturday the sales contract ended. Thursday I call my original real estate agent to discuss the property. He comes to the same conclusion and recommends his property manager. That's a pretty good vouch if I've heard one. I talk to them that afternoon. Friday, my parents are showing them the property. Monday I have an agreement and they have a key. Tuesday they're showing the place and we have our first applicant.

Should everything check out, I'll be back into rampant slum-lordery. Good times.

22

A. was on the road and I had an important technology demo for the Red Cross re-scheduled up to today (Tuesday.)

So I went out, picked up a cheap pizza and a two-liter of go-juice and locked myself away for a week of hacking and frabricating.

The results look like something that would cause the bomb-squad to be scrambled, but it performed for the demo. It was a telemetry system for the Mobile Communication Center and had little simulated inputs to model the truck: generator status, air conditioner status, fuel level, battery voltage, and what direction the camera was facing with respect to magnetic north.

The heart of it was an arudino that pulled in all of the inputs, packaged them up into a simple data packet and it would spit it out at 115200 baud over a USB cable into a little ASUS EEE PC where a terrible-example-of-a-Python script would pull in the data, update a file with the latest status, and then keep a record of the data at one-minute intervals. It was also a mini HTTP server that would spit back a cheesy table with the current status, and links to gnuplots of the histories. The little fuel block would turn red if the value was less than half a tank. 6th-grade science fair kind of stuff.

Speaking of science fairs. I was scarred-permanently by my freshman science-fair, when I realized that it was really all about posters and who's dad had the coolest woodshop to build stuff in. No one appreciated my genius, but I'd show them! Ahem. Anyway....

So, python. This was the first real project that I've used it for. I've hacked up other people's scripts (and this was no exception) but this one was just embarrassing. Even the processing code running on the arudino is shameful. You'd think I'd respect the code reusability offered by simple things like sub-routines. Nope, this is straight up procedural commands in most cases. In my defense, it's definitely the best way to code when you have people shooting at you and you just need the thing to do exactly these 3 steps over and over. So it's not pretty, I hope I won't be forced to post it, but it works.

Which brings me to this. This whole make it yourself movement is pretty cool and all, but we've got to learn how to document our process. I don't have a really handy way of doing it. I can journal some of it here, and I have a private little geek-wiki, but I lack the discipline of having a camera handy and using it often, and stopping to keep notes. There's always a ton of lessons-learned, and little ideas that need to be captured in the process, that you loose in a simple post-mortem.

For example, in getting all of this together, I managed to brick the ASUS-- and recover it. That would be something worthwhile to document. I also managed to brick my sheeva plug, but alas have not managed to un-brick it yet. I had to make tough decisions to get the project ready for today's demo. I'll hit it again later this week I hope. It was a shame, because I think I've lost my disaster-response wiki and all of my quick client install tools in that.

One of the technologies that I didn't get to demo today was INSTEDD's (www.instedd.org) GeoChat. It's a simple, web-based GIS (google maps, with the ability to import KLM data layers) that interfaces with a chat system that links, SMS, twitter and email. I was toying with using it with twitter last night, you could tell it where you were and your icon would move on the map, then any messages that you sent from that location would persist there. So if you were performing a survey you could post messages like: power out, or flooding, or 3 dead, or gas station. And it would tag that message from where you posted it as you traveled through the scene. AS you get more and more people reporting in to your group you can really gather a lot of accurate and up-to-date intel on a scene. Neat stuff. Really limited security, but you have to open stuff up to allow interoperability sometimes.

And there wasn't one cookout. :-(

First off a little disclaimer: I haven't read enough of the proposed solutions or really researched either side of the health care debate. There's not a whole lot I can do about it at this point, and honestly, I'm doing more good for society spending my time in other ways at the moment.

Yet, I am now moved to say a comment or two that I think I'm still well qualified for, mainly because I'm not a raving lunatic.

If you are against changing the current state of the health-care system I think you really don't have to look to hard to find compelling, rational arguments to support that position. With virtually no research whatsoever I offer you off of the top of my head:

Nearly everything the government gets involved in gets fucked up some how-- this is a natural outcome of lowest-bidder and corruption.

Run with it, you can fill in some gaps and don't have to resort to any sort of crazy.

...unless the people railing against the program are, in fact, really FOR the program and just want to make people who are reluctant to change, afraid of what might happen to their current health care program, or afraid of the tax burden to support it all look like crazy fools.

A case in point that you might not be familiar with:

At the day job, we're having a little bit of a problem where some of our contractors are managing other outside contracts while working on our dime (and probably double-billing the other client as well.) So we've got some signature to detect that kind of behavior. Today it caught one of our full-timers who is also some sort of political activist on the side. He wrote a brilliant blog entry from the office this morning arguing against health care for every citizen. His justification: it's what Jesus would have done. Oh yea, he also made every mention of Jesus in his blog a link to wikipedia (WTF?) The argument went something like this (intentionally not quoting so you can't google him easily): when Jesus was spending his time on Earth, he had the power to heal everyone, but he chose not to for a good reason. So the government should be trying to one up Jesus.

This is of course coming from an individual pulling down high 6-figures. It's a pretty comfortable seat to be sitting in telling folks that they're poor because they deserve it.

I think I'll take my "don't be a dick" principle-based way of life over that dude's Jesus. I have a sneaking suspicion that Jesus would agree with me on this one too.

The best iTouch quote so far:

A.: I can't change the weather on this thing.

A. has been dropping the "let's go to Dirty Franks" hint since about 3 weeks before it opened.

We finally had an opportunity were we were both feeling up to the challenge... and it's definitely a challenge.

Located downtown (very downtown,) it's what one would expect from a Liz Lessner operation: funky art, sophisticated yet approachable cuisine, and RC cola.

The side dishes are meant for a table full of people, that tater tots being the clear choice. We tried three different hotdogs: The chicago (their "healthy" option,) the chlli dog, and the Classy Lady. I really enjoyed the Chicago and the Chilli Dog. The Classy Lady with it's cheese-sauce that I think was pumped out of a sysco can nearly killed me.

Sadly the cherry slush machine was down so I couldn't get the Cherry Slush/RC mix. We'll have to have that next time.

Today was the first day out for the little iTouch. A. has discovered the fun of war-driving.
"Look there's a linksys"
"Oh, that one's wide open"
"Ugh, I'm getting carsick."

We marketed with a vengeance today: 3 farmers' markets, stocking up on pork products because out butcher is going out on vacation next week, and then another market's demo. I got to socialize with some of Columbus' elite gastronauts (ha!) but the big excitement was that A could easily associate with a nearby WAP and tweet from the field.

The next challenge is how to easily snap photos and post on the road-- since the iTouch lacks a camera. At this point I'm presented with too many solutions: bluetooth between A.s phone and the iTouch, an Eye-fi for the real camera.

Confronted with 10 dozen ears of corn we picked up for freezing, I joked that we could wrap it in bacon. A. suggested that we try to make our own bacon salt this week. I'm intrigued.

A.'s iTouch arrived today. This meant that I spent the entire evening getting it to work. The first lesson: You will be assimilated, resistance is futile.

When iTunes is installed on your system it is no longer your system. After this experience I have reaffirmed my position that iTunes has no place on work systems. Systems running iTunes belong to the Woz, not to me. We can't have that in the workplace.

Similarly, it had to have it's own way with the wireless network. So we're running brand new keys and protocols here at the homestead to accommodate the new technology.

Since we're on Verizon and not AT&T we went with the iTouch/Mi-fi combo instead of an iPhone and data-plan. I think I'm coming out ahead a few dozen dollars a month currently. A. has to use a separate device for internet/media than for voice/text communications, but as long as the devices do those jobs well, and they all communicate, I think that's a better solution than a one device does everything in a mediocre way approach. That may be just my old Unix mentality at work there though.

A. seems to be happy with the gift. "I fell like a normal human being now."

Bah, A is one of the collective.

I other tech-acquisition news my parents went nuts and bought a new computer system for my dad and a new laptop for my mom. Crazy. Somehow they want me to spend 2 to 3 days setting everything up for them. I have no idea where I'm going to find the time.

So today involves dealing with Nazis. Not the you-think-differently-from-me-so-I'll-call-you-a-Nazi, but actaul occupy-France-and-plunder-the-wealth-of-the-Jews-they-ship-off-to-camp kind of Nazi.

Perhaps we can swap fashion tips? How DO you keep your boots so shiney?

At least it's easy to tell what side I'm on today.

Things leading up to last Friday:

i) another so-called "bio-terrorist" sending in stuff to work, causing evacuations.
ii) an employee's ex-now-stalker running a defamation campaign and sending in threats.
iii) random jackasses sending in threats to the CEO
iv) A. about to turn 40
v) the world's most petty HR case imaginable that required analyzing 30 days worth of people's web surfing habits.

That was Friday morning. I'm winding up the research on the HR case, and getting the paper work ready for my yearly review that afternoon. "What are your Strengths and Opportunities for improvement?"-- because nobody has weaknesses here at Wally's House of Pancakes. I'm working on things like "Strength: hasn't killed anyone this quarter" and "Opportunity: exercise patience with upper management" when I get an SMS from home.

Things have gotten sticky, literally, at home. Something involving 2 pounds of Honey and a microwave. So I need to drop everything and rush home.

As I'm rushing out of the building wondering if/when my boss is going to call me asking me WTF I am, and WTF I'm not on my review call, and I'm stifling a scream in my head-- I feel it pop. We'll not an audible pop, but definitely a sensation. The side of my head went numb like I'd been hit with a paint-ball in the ear. A wave of this-is-not-good-ness goes through me and I'm trying to decide if I should keep walking, or stop and sit.

Something in me didn't want to die in that building so I kept walking. I took a mental inventory, eyes were working, I tried to think of a good sentence to say out loud, but figured that if I was slurring, I wouldn't actually be able to tell.

I drive home without incident and make it in the door where I have a little freak out over "did I just have a stroke?" There's some discussion, there's some tests, but I get the honey Armageddon cleared up and logged back into work. My face is still numb, and work is melting down over threats coming in. "Seriously kids, someone would could possibly wire the boss' car to explode isn't going to send in a lame threat in ALL CAPS from @aol. If you think it's fucking serious, go out and check his car, and stop wasting time riding my ass to get the SMTP headers so you can rush an email out to your buddy at AOL because that guy is just going to ask you for a subpoena, so kindly STFU, while I talk to MY buddy at AOL to get the evidence-retention request in." This is my glamorous life.

The medical advice was: log the fuck off, take a Valium, and if you're still numb in the morning go in for tests.

So I stayed offline most of today, and now that I'm back, everyone seems to be running around spreading FUD about compromised systems that aren't. I'm really ready for defcon and blackhat to be over so people can calm the fuck down and stop jumping and shouting "OMG it's the SSH 0-day they warned us about!" I'll tell you when to be worried.

So, there's this Microsoft Zero-day thing running about (http://www.microsoft.com/technet/security/advisory/972890.mspx) Microsoft isn't planning on releasing a real patch until October, and if we're all good, they'll release a killbit package in August. Everyone's got a copy of the exploit code now, so you can look forward to malformed media files flying all over the place in email and on defaced websites.

That really should have been enough for one day to get the managers in a panic.

So, let's throw in this FUD/Media manipulation story coming out of China about an SSH exploit that may or may not exist. It's all just media hype for BlackHat/DefCon in the end of July to expect that to spin up and down a lot. It's also some drama between different security researcher factions. Stuff I don't have time to deal with really. Show me a pcap, then we'll start building detections and work-arounds, or STFU.

This doesn't get the managers phased at all. But it jams up my research resources as they try to confirm or deny the BS flying about.

The day isn't bat-shit enough so how about an article in Wired about an insider stealing source-code from Goldman Sachs. Now THAT gets the managers freaked the fuck out. I think a good 4 hours of my day was spent on one conference call or another talking about how we would, or how we wouldn't detect such a creature within our walls. And now the mangers KNOW we have an insider, because it's in Wired magazine. Those guys are real journalists. WTF would I know about stuff like that? It's always so strange that on the one hand they're calling you a bumbling idiot and in the next sentence they're asking you for solutions. So, I'm rolling out some traffic analysis projects that I've been trying to get in motion. It's nice to have things in a back pocket, but I really hate this develop-via-crisis way of doing things.

No, it's not busy enough.

Some whacked-out Tom Clancy shit starts up. It's a bit of malware that's being distributed (I haven't confirmed the distribution mechanism yet, sorry) which is intended to launch denial of service attacks against South Korean and US government websites. There are public reports that it's effective in taking down the FTC's website, and some unconfirmed stuff from South Korea are coming in now that the sun is up over there.

This stuff management isn't paying attention to. I'm not sure they should, but it's potentially big stuff so I'm paying attention to it.

Normally, well, normally in Eastern Europe. You DoS the hell out of a government website before you roll tanks in places. Do I think North Korea is planning on rolling tanks across the DMZ? No. But they use brinkmanship quite a bit. Put the weekend's missile tests along with a "cyberattack" (deliberate use of scary-quotes there) and you have the typical North Korean "look at my big penis" saber-rattling BS that always gets US military to do shit like move ships around. I'm curious what the cyber-equivalent will be, if anything.

It's interesting, this bit of code, because it's like Code Red, a bit of malware with the intent to DoS, which is unlike the standard method of build-a-zombie-army-botnet and use that to launch your attacks. I think there's some update capability in the code though so that target lists can be updated, which will turn out to be the main exploitable weakness of the code.

Despite the cycles and repetition of history, it rarely is a dull moment.

Step one: click on that link to a you-tube video of fireworks that a "friend" sent to you, on your computer at work.

Step two: deny it when you get my "hey dude, you clicked on a waledac link so we need to rebuild you system" email.

Step three: get belligerent with the poor desktop tech that gets sent out to pick up your system for re-imaging.

It's stuff like that that makes me think: "hmm, I wonder what this person has to hide... let's look through their web traffic for the past week and throw on a forensic agent to monitor them just in case."

It's so petty.

My time is better spent developing techniques to detect zeus-infected systems based on how an infected system interacts with our webservers. So we can find infected systems and identify owned customers before Ivan empties their accounts. But no, I'm stuck sifting through the web proxy logs hoping to find some little gem of a policy violation so that I can get a little glimmer of satisfaction from gathering up the evidence into a case and handing it off to HR, and think that in a week or so, there will be one less idiot on the inside.

It's so petty.

Last night I went to the Hills Market with A for root-beer floats made with Snowville Creamery ice cream. They made it on-site with a stationary-bike-powered ice cream machine.

Very good stuff.

While the show was getting started outside we went in and ordered a pizza from their deli. We wondered a bit while it baked. In the liquor section I overhear a child and her mother talking. The child is in her inquisitive "why?" phase.

"Mommy needs to get some margarita mix"

"Why?"

In my inner-voice I answer: "That's why."

The best part was that the child was pushing around one of those kid-sized carts and it had all of the liquor in it.

Fill in your witty comment here

My albatross property in Akron caused a couple of minor crises last week.

The neighbor on the right is in a difficult situation. They have empty properties on both sides of them and too much time on their hands. The result is that they call the city at every opportunity. Last Saturday I received my second complaint this year. I hadn't set up a lawn care service yet so things were getting out of hand.

While I was trying to line up someone to take care of the lawn this season, and mildly freaking out over the impending deadline and fine. It was annoying that of all the things to be worried about (A's injury, work, the sale of the house itself) I was stressing over a $250 fine.

Unknown to me, forces were at work in my favor. The neighbor on the left had seen the notice, and taken care of the lawn. Not to be helpful, but spoil the efforts of the other neighbor. When I finally got them on the phone to chat, they had no interest in payment to keep mowing the lawn-- they'll do it out of spite.

I'll be sending them a thank-you card. "Thanks for being a spiteful bastard-- my kind of bastard"

I'm working on a telemetry project for the Red Cross' Mobile Communications Center. We're trying to make it more of a Mars Rover/Mission Control kind of feel, where the Disaster Communications Center located at HQ can monitor and control the systems when the MCC is in the field. Now that we have semi-reliable internet link between the two we can finally start to do some of these interesting tricks.

I'm playing around with a Arduino micro controller to collect data, package it and broadcast it to the truck itself, my laptop if I'm wandering nearby, and of-course the DCC at HQ.

One of the data-points that we want to measure is how high our camera tower is from the truck-- it's a pneumatic mast and it would be nice to know if it's 10 feet, or 20 feet above the truck, fully deployed, or stowed. A possible option would be a simple sonar sensor pinging down form the instrument module on the mast down to the big flat top of the truck. So, I'm sifting through sparkfun.com looking at potential modules. They're not clear about the full, effective range of the sensor, so I click into the comments. Inside, someone notes that the circuit board has a bunch of Christian logos on it, fish and crosses and stuff.

I know some businesses are proud of their religious and political affiliations. I've always found it a bit risky from a business standpoint, mainly because I find it a bit odious as a consumer so I quietly exercise my dollar vote and don't usually support such businesses. That seems like a fairly sane response.

Anyway, the commenter mentions that they don't think it's cool to markup the PCB like that, and that they wouldn't have purchased it had they known it had a Christian-fish on it.

Their response: if you don't like our freedom of religion move to China or North Korea. Wow.

My take-away from all of this is: I plan to always post in my feature-list a warning if I'm going to have a flying spaghetti monster on my PCB or not. Nobody should be surprised by something like that.

Source: http://voices.washingtonpost.com/44/2009/05/07/dobson_disappointed_obama_skip.html?wprss=44

Thank God.

As I read the reports from several honeypots coming in, noting that the conficker update has been:

i) install Waledac
ii) install a FakeAV product
iii) install a keylogger

The business model behind it is now clear: they built up their network using a novel infection approach to tap new markets of compromisable systems, and now they're selling them off to other parties.

Now I can get those brain-cells back and retask them to new issues.

I've been struggling to come up a believable scenario where allowing the legal recognition of a same-sex marriage would lead to the destruction of the institution of marriage. I've phrased the question, asking someone to explain how this would occur without relying on the Bible and haven't received an answer.

I've been asking the wrong question. Because it is all about the Bible and the Church. It's not a defense of marriage, it's in defense of the church. Arguable, I could see how people would find the downfall of the Church leading to all sorts of calamity.

Here's how it would play out.

Assume that same-sex marriage is legalized. Joy and Julie want to get married. The get their license from the state and are looking for a venue. Joy went to Saint Cuthburt's as a kid and thinks the church there is lovely. So they go to schedule but get refused because, well, St. Cuthbertines don't look kindly on the gashlappers and refuse. Joy and Julie enjoy anti-discrimination protection and next thing you know, the ACLU is suing the church, the Pope looses, and suddenly the infallible is trumped by the supreme court and literally all Hell breaks loose.

See?

So, how do we keep this from happening, while still allowing Joy to keep their kids should Julie get run over by a Hummer?

I like the fact that if I don't happen to believe that the Pope is infallible, I don't have to attend St.Cuthburt's and they can't sue me to do so. I also happen to think that I shouldn't be able to make people think like me just because I might think they're wrong.

So how do we allow the church to exclude people, keep their beliefs, while allowing other's to keep and practice their own?

I'm aware of cases where organizations like the Boy Scouts of America have been sued to include people they were against including. Are churches protected from this?

Is this the scenario that nobody has been able to tell me?

I had to download the PDF version of this month's SERVO because my copy didn't arrive. Normally they arrive the same day as Nuts and Volts (since they're from the same publisher.)

I find that I still don't like to read more than a few pages of a PDF at once. I still like to lay down with a magazine before bed. I haven't found a comfortable spot in my house to read, so most of my reading is done in bed, or while flying (or waiting to fly.) The economy what it is, this means, I'm falling behind on my reading. Though I suppose I could just hang out at the airport pretending that I'm waiting for a flight.

Recently I picked up a subscription to Make. There's simply no way I'd pay cover price ($14.99 USD) Not when I can get a year for $25 (I think it's quarterly.) When I was kicking around picking it up, the SpyTech issue was on the shelves (Nov 2008.) I really wasn't impressed with that issue. It also happened to be the first issue that they sent me. I still wasn't impressed.

The first new issue that I received was March 2009's steampunk issue. While I jumped around the spytech issue, this one I'm carefully going through page by page. The talent they have working for them is quite surprising. So far I've seen names like Corey Doctorow (not really a surprise,) Bruce Sterling, and freaking Forrest M. Mims III. It still have his old Engineers' Notebooks printed on graph-paper when I was kid first learning electronics.

Unlike Server, or Nuts and Volts, which inspire me to do what they're writing about, Make simply inspires me. I hope I can keep riding this wave of get-up-off-of-my-assness and keep doing things.