A. has a death in the family last week. So it was my responsibility to transport her to WVa for the memorial services. It was a time to be quiet, funny on-demand, and wear uncomfortable shoes. I had a bit of a head cold, and there were three crises in full bloom at the office. If you're not from the area, there was a bit of a snowstorm that started Friday. It had just started to hit its stride as we were leaving town. A. was hesitant and willing to turn-around and go home and hide, but I was determined to get us there safely. I owe a big thanks to the Ohio and WVa. DoT crews. They did a really outstanding job. I think we saw only 3-5 cars that were off of the road or spun in the wrong direction.

I attended a couple of Catholic Masses. I'd been to one Catholic wedding so it wasn't my first Communion. A. was concerned that I would have trouble grasping what was going on, what the underling meanings were, but I think I kept up. I must admit that I'm much more comfortable with WVa Catholics, than I am with Protestants in the area. I didn't feel like I'd be "found out," and baptised (or worse.)

I'm more of a freedom-of-religion kind of Atheist. It's out of respect that I don't "play along" or "pretend" to be Catholic. They knew I wasn't, but I'm quiet, respectful, and look good in a suit. But I'm not about to try to pull one over on Jesus.

The experience was good for me. It made me think those thoughts that we often try to avoid as we live our lives day to day. A person's death makes us confront the topic. When I go, I hope to have clearly figured out and written down what it means to me to be Atheist. Why I think the way I do and why I believe (yes believe) the way I do. I hope someone reads it that day and walks away not as a convert but thinking "I can see that, it's not so bad really." I also want them to know that I have no fear of their hell, and I didn't convert at the last minute to avoid the fires.

One of the Brother's (clergy, not relation) spoke of the Body of Christ (i.e. the church's congregation) lifing up the Spirit (of the departed) and that sparked an interesting conversation on the drive home. A. believes that the body and spirit are intertwined, that the spirit is a form of energy that is shaped by the body (and consequently that the same spirit would turn out to be different people if it were in a different body.) I'm not a big believer in the spirit as an energy. To me it is information. The mind is that experience in your head that makes you: you. And spirit is what's left behind when you're gone. Think of it like "the Spirit of 76" or "esprit de corps." The spirit of a loved one "lives on" when you remember them, or strive to be more like them. A home, or a special collection of objects can embody a person's spirit. Carrying on a person's mission is a way to keep their spirit alive. I get this. It fits within my belief-structure.

I would like to congratulate Seamus McNasty on his recognition as official clergy (unlike a pretender like myself.) So say it with me: "Reverend Seamus McNasty." Who doesn't want that on their business card?

Backstory: I'm part of a geo-diverse team which means we have people spread out over the planet and there's no cluster of individuals. This makes it a great pain to my boss to comply with the company policy of "take your teams out for lunch and that'll pass as a holiday bonus." So to make up for that, the forensic team that sits next to me invited me out to their "Christmas Party."

I'm going to try to overlook the social miss-step of calling it a "Christmas" party in a building with over 10k people, I'm pretty certain they're all not Christian. I'll grant that the word Christmas works for most people as a short-hand for "any end of the year holiday that isn't New Year's Eve. I'm cool with that. No it's not some atheist principle that I stand upon when I turn down your invitation. No, this goes a little deeper.

You see, breaking bread with people has deep connotations. It's how we build friendships and form bonds. If you want me on your side of things, you put food on my table. It's a low level/reptilian brain thing or something. So, sounds like a great opportunity, go to the dinner with them right? Well, there's just one little thing:

They left me behind to die a fiery death.

No kidding. Earlier this year we had a suspicious package incident and the building was evacuated. I had my headphones on and my brain was fully engaged into analyzing some logs. No less that 15 people had to walk by my desk to comply with the evacuation order and not a single one of them bothered to take a moment to tap me on the shoulder, yell at me, hit me with a cat, etc.

Ignored and left to die.

So yeah, that kinda sucks the camaraderie and team-spirit out of me.

Happy holidays.

... and out of the Solstice.

Happy Holidays, whichever one(s) you celebrate.

From a conversation tonight.

Me: "If they made an electric snuggie, I wonder how many Americans would die."
A.: "Not enough."

So, there's a few interesting issues coming up on the ballot. I know you're looking to me to tell you how to vote, or at least clear up what they all mean.

Issue 1.

Simply put it's to authorize the State to issue bonds to pay a bonus to Ohio veterans of the Persian Gulf war.

So WTF would we do that? What makes them so special? Well, it's actually not that odd, the payments that is. We're talking about Ohio National Guard here, so that explains why Ohio would make the payments instead of the Federal government. A good piece on issue one: http://www.wkyc.com/life/programming/shows/seven/news_article.aspx?storyid=123090

So if you vote against it, you're an un-american bastard. Or you could make that up by funding your own veteran and send them checks.

If you vote for it, it'll cost you about $50 over 15 years.

You could also buy some of those bonds and make money off of the deal.

Issue 2

This is a constitutional amendment to create a farm board that will rule on things agricultural.

I'm not a fan of constitutional amendments, but they seem to be how they do things in this state. On the surface it looks great, who doesn't love happy cows, right?

From reading the issue, it looks like it creates a group that could be easily manipulated by special interests. Yeah, one of the members has to be a veterinarian but it doesn't say they can't work for Monsanto.

I did a little sampling of who's for and who's against issue two while visiting farmer's markets and driving out in the country. Large farms are pro issue 2, everyone I buy my food from was against.

I'm voting with my stomach on this one.

Issue 3
It's for gambling casinos. Not that any of the mailers that they send me mention that bit.

I get a mailing every day, which tells me that there's a lot of money on the line for somebody. That somebody isn't me. Maybe if there were mandatory bonds or shares made available so that people other than the owners might see some of that income.

I'm not sure how many times that I have to vote against gambling, but I'll keep doing it.

Don't sit on your ass on voting day

Yeah, I know it's not a history changing election or anything, but take the 15 minutes to vote. I'm talking to you Sean. :)

So the house has been sitting on the market all year. Despite redoing everything and swearing that I'd never rent the place, I've changed my mind. Well the two house payments helped to change my mind. The market isn't exactly that great and the neighborhood isn't that great and the agency listing the place wasn't that great. So basically it sat and the money set aside to help me stick to my guns dwindled away.

Thus plan B.

Plan B's going pretty well actually. While the end of the real estate contract was approaching I had an interesting chat about the situation to an engineer and graphed it out a bit and came to the conclusion that renting was the way to go. A friend in Chicago is building a bit of an empire there and he gave me the skinny on property management. But man I had a lot out doubts.

Last Saturday the sales contract ended. Thursday I call my original real estate agent to discuss the property. He comes to the same conclusion and recommends his property manager. That's a pretty good vouch if I've heard one. I talk to them that afternoon. Friday, my parents are showing them the property. Monday I have an agreement and they have a key. Tuesday they're showing the place and we have our first applicant.

Should everything check out, I'll be back into rampant slum-lordery. Good times.

22

A. was on the road and I had an important technology demo for the Red Cross re-scheduled up to today (Tuesday.)

So I went out, picked up a cheap pizza and a two-liter of go-juice and locked myself away for a week of hacking and frabricating.

The results look like something that would cause the bomb-squad to be scrambled, but it performed for the demo. It was a telemetry system for the Mobile Communication Center and had little simulated inputs to model the truck: generator status, air conditioner status, fuel level, battery voltage, and what direction the camera was facing with respect to magnetic north.

The heart of it was an arudino that pulled in all of the inputs, packaged them up into a simple data packet and it would spit it out at 115200 baud over a USB cable into a little ASUS EEE PC where a terrible-example-of-a-Python script would pull in the data, update a file with the latest status, and then keep a record of the data at one-minute intervals. It was also a mini HTTP server that would spit back a cheesy table with the current status, and links to gnuplots of the histories. The little fuel block would turn red if the value was less than half a tank. 6th-grade science fair kind of stuff.

Speaking of science fairs. I was scarred-permanently by my freshman science-fair, when I realized that it was really all about posters and who's dad had the coolest woodshop to build stuff in. No one appreciated my genius, but I'd show them! Ahem. Anyway....

So, python. This was the first real project that I've used it for. I've hacked up other people's scripts (and this was no exception) but this one was just embarrassing. Even the processing code running on the arudino is shameful. You'd think I'd respect the code reusability offered by simple things like sub-routines. Nope, this is straight up procedural commands in most cases. In my defense, it's definitely the best way to code when you have people shooting at you and you just need the thing to do exactly these 3 steps over and over. So it's not pretty, I hope I won't be forced to post it, but it works.

Which brings me to this. This whole make it yourself movement is pretty cool and all, but we've got to learn how to document our process. I don't have a really handy way of doing it. I can journal some of it here, and I have a private little geek-wiki, but I lack the discipline of having a camera handy and using it often, and stopping to keep notes. There's always a ton of lessons-learned, and little ideas that need to be captured in the process, that you loose in a simple post-mortem.

For example, in getting all of this together, I managed to brick the ASUS-- and recover it. That would be something worthwhile to document. I also managed to brick my sheeva plug, but alas have not managed to un-brick it yet. I had to make tough decisions to get the project ready for today's demo. I'll hit it again later this week I hope. It was a shame, because I think I've lost my disaster-response wiki and all of my quick client install tools in that.

One of the technologies that I didn't get to demo today was INSTEDD's (www.instedd.org) GeoChat. It's a simple, web-based GIS (google maps, with the ability to import KLM data layers) that interfaces with a chat system that links, SMS, twitter and email. I was toying with using it with twitter last night, you could tell it where you were and your icon would move on the map, then any messages that you sent from that location would persist there. So if you were performing a survey you could post messages like: power out, or flooding, or 3 dead, or gas station. And it would tag that message from where you posted it as you traveled through the scene. AS you get more and more people reporting in to your group you can really gather a lot of accurate and up-to-date intel on a scene. Neat stuff. Really limited security, but you have to open stuff up to allow interoperability sometimes.

And there wasn't one cookout. :-(

First off a little disclaimer: I haven't read enough of the proposed solutions or really researched either side of the health care debate. There's not a whole lot I can do about it at this point, and honestly, I'm doing more good for society spending my time in other ways at the moment.

Yet, I am now moved to say a comment or two that I think I'm still well qualified for, mainly because I'm not a raving lunatic.

If you are against changing the current state of the health-care system I think you really don't have to look to hard to find compelling, rational arguments to support that position. With virtually no research whatsoever I offer you off of the top of my head:

Nearly everything the government gets involved in gets fucked up some how-- this is a natural outcome of lowest-bidder and corruption.

Run with it, you can fill in some gaps and don't have to resort to any sort of crazy.

...unless the people railing against the program are, in fact, really FOR the program and just want to make people who are reluctant to change, afraid of what might happen to their current health care program, or afraid of the tax burden to support it all look like crazy fools.

A case in point that you might not be familiar with:

At the day job, we're having a little bit of a problem where some of our contractors are managing other outside contracts while working on our dime (and probably double-billing the other client as well.) So we've got some signature to detect that kind of behavior. Today it caught one of our full-timers who is also some sort of political activist on the side. He wrote a brilliant blog entry from the office this morning arguing against health care for every citizen. His justification: it's what Jesus would have done. Oh yea, he also made every mention of Jesus in his blog a link to wikipedia (WTF?) The argument went something like this (intentionally not quoting so you can't google him easily): when Jesus was spending his time on Earth, he had the power to heal everyone, but he chose not to for a good reason. So the government should be trying to one up Jesus.

This is of course coming from an individual pulling down high 6-figures. It's a pretty comfortable seat to be sitting in telling folks that they're poor because they deserve it.

I think I'll take my "don't be a dick" principle-based way of life over that dude's Jesus. I have a sneaking suspicion that Jesus would agree with me on this one too.

The best iTouch quote so far:

A.: I can't change the weather on this thing.

A. has been dropping the "let's go to Dirty Franks" hint since about 3 weeks before it opened.

We finally had an opportunity were we were both feeling up to the challenge... and it's definitely a challenge.

Located downtown (very downtown,) it's what one would expect from a Liz Lessner operation: funky art, sophisticated yet approachable cuisine, and RC cola.

The side dishes are meant for a table full of people, that tater tots being the clear choice. We tried three different hotdogs: The chicago (their "healthy" option,) the chlli dog, and the Classy Lady. I really enjoyed the Chicago and the Chilli Dog. The Classy Lady with it's cheese-sauce that I think was pumped out of a sysco can nearly killed me.

Sadly the cherry slush machine was down so I couldn't get the Cherry Slush/RC mix. We'll have to have that next time.

Today was the first day out for the little iTouch. A. has discovered the fun of war-driving.
"Look there's a linksys"
"Oh, that one's wide open"
"Ugh, I'm getting carsick."

We marketed with a vengeance today: 3 farmers' markets, stocking up on pork products because out butcher is going out on vacation next week, and then another market's demo. I got to socialize with some of Columbus' elite gastronauts (ha!) but the big excitement was that A could easily associate with a nearby WAP and tweet from the field.

The next challenge is how to easily snap photos and post on the road-- since the iTouch lacks a camera. At this point I'm presented with too many solutions: bluetooth between A.s phone and the iTouch, an Eye-fi for the real camera.

Confronted with 10 dozen ears of corn we picked up for freezing, I joked that we could wrap it in bacon. A. suggested that we try to make our own bacon salt this week. I'm intrigued.

A.'s iTouch arrived today. This meant that I spent the entire evening getting it to work. The first lesson: You will be assimilated, resistance is futile.

When iTunes is installed on your system it is no longer your system. After this experience I have reaffirmed my position that iTunes has no place on work systems. Systems running iTunes belong to the Woz, not to me. We can't have that in the workplace.

Similarly, it had to have it's own way with the wireless network. So we're running brand new keys and protocols here at the homestead to accommodate the new technology.

Since we're on Verizon and not AT&T we went with the iTouch/Mi-fi combo instead of an iPhone and data-plan. I think I'm coming out ahead a few dozen dollars a month currently. A. has to use a separate device for internet/media than for voice/text communications, but as long as the devices do those jobs well, and they all communicate, I think that's a better solution than a one device does everything in a mediocre way approach. That may be just my old Unix mentality at work there though.

A. seems to be happy with the gift. "I fell like a normal human being now."

Bah, A is one of the collective.

I other tech-acquisition news my parents went nuts and bought a new computer system for my dad and a new laptop for my mom. Crazy. Somehow they want me to spend 2 to 3 days setting everything up for them. I have no idea where I'm going to find the time.

So today involves dealing with Nazis. Not the you-think-differently-from-me-so-I'll-call-you-a-Nazi, but actaul occupy-France-and-plunder-the-wealth-of-the-Jews-they-ship-off-to-camp kind of Nazi.

Perhaps we can swap fashion tips? How DO you keep your boots so shiney?

At least it's easy to tell what side I'm on today.

Things leading up to last Friday:

i) another so-called "bio-terrorist" sending in stuff to work, causing evacuations.
ii) an employee's ex-now-stalker running a defamation campaign and sending in threats.
iii) random jackasses sending in threats to the CEO
iv) A. about to turn 40
v) the world's most petty HR case imaginable that required analyzing 30 days worth of people's web surfing habits.

That was Friday morning. I'm winding up the research on the HR case, and getting the paper work ready for my yearly review that afternoon. "What are your Strengths and Opportunities for improvement?"-- because nobody has weaknesses here at Wally's House of Pancakes. I'm working on things like "Strength: hasn't killed anyone this quarter" and "Opportunity: exercise patience with upper management" when I get an SMS from home.

Things have gotten sticky, literally, at home. Something involving 2 pounds of Honey and a microwave. So I need to drop everything and rush home.

As I'm rushing out of the building wondering if/when my boss is going to call me asking me WTF I am, and WTF I'm not on my review call, and I'm stifling a scream in my head-- I feel it pop. We'll not an audible pop, but definitely a sensation. The side of my head went numb like I'd been hit with a paint-ball in the ear. A wave of this-is-not-good-ness goes through me and I'm trying to decide if I should keep walking, or stop and sit.

Something in me didn't want to die in that building so I kept walking. I took a mental inventory, eyes were working, I tried to think of a good sentence to say out loud, but figured that if I was slurring, I wouldn't actually be able to tell.

I drive home without incident and make it in the door where I have a little freak out over "did I just have a stroke?" There's some discussion, there's some tests, but I get the honey Armageddon cleared up and logged back into work. My face is still numb, and work is melting down over threats coming in. "Seriously kids, someone would could possibly wire the boss' car to explode isn't going to send in a lame threat in ALL CAPS from @aol. If you think it's fucking serious, go out and check his car, and stop wasting time riding my ass to get the SMTP headers so you can rush an email out to your buddy at AOL because that guy is just going to ask you for a subpoena, so kindly STFU, while I talk to MY buddy at AOL to get the evidence-retention request in." This is my glamorous life.

The medical advice was: log the fuck off, take a Valium, and if you're still numb in the morning go in for tests.

So I stayed offline most of today, and now that I'm back, everyone seems to be running around spreading FUD about compromised systems that aren't. I'm really ready for defcon and blackhat to be over so people can calm the fuck down and stop jumping and shouting "OMG it's the SSH 0-day they warned us about!" I'll tell you when to be worried.

So, there's this Microsoft Zero-day thing running about (http://www.microsoft.com/technet/security/advisory/972890.mspx) Microsoft isn't planning on releasing a real patch until October, and if we're all good, they'll release a killbit package in August. Everyone's got a copy of the exploit code now, so you can look forward to malformed media files flying all over the place in email and on defaced websites.

That really should have been enough for one day to get the managers in a panic.

So, let's throw in this FUD/Media manipulation story coming out of China about an SSH exploit that may or may not exist. It's all just media hype for BlackHat/DefCon in the end of July to expect that to spin up and down a lot. It's also some drama between different security researcher factions. Stuff I don't have time to deal with really. Show me a pcap, then we'll start building detections and work-arounds, or STFU.

This doesn't get the managers phased at all. But it jams up my research resources as they try to confirm or deny the BS flying about.

The day isn't bat-shit enough so how about an article in Wired about an insider stealing source-code from Goldman Sachs. Now THAT gets the managers freaked the fuck out. I think a good 4 hours of my day was spent on one conference call or another talking about how we would, or how we wouldn't detect such a creature within our walls. And now the mangers KNOW we have an insider, because it's in Wired magazine. Those guys are real journalists. WTF would I know about stuff like that? It's always so strange that on the one hand they're calling you a bumbling idiot and in the next sentence they're asking you for solutions. So, I'm rolling out some traffic analysis projects that I've been trying to get in motion. It's nice to have things in a back pocket, but I really hate this develop-via-crisis way of doing things.

No, it's not busy enough.

Some whacked-out Tom Clancy shit starts up. It's a bit of malware that's being distributed (I haven't confirmed the distribution mechanism yet, sorry) which is intended to launch denial of service attacks against South Korean and US government websites. There are public reports that it's effective in taking down the FTC's website, and some unconfirmed stuff from South Korea are coming in now that the sun is up over there.

This stuff management isn't paying attention to. I'm not sure they should, but it's potentially big stuff so I'm paying attention to it.

Normally, well, normally in Eastern Europe. You DoS the hell out of a government website before you roll tanks in places. Do I think North Korea is planning on rolling tanks across the DMZ? No. But they use brinkmanship quite a bit. Put the weekend's missile tests along with a "cyberattack" (deliberate use of scary-quotes there) and you have the typical North Korean "look at my big penis" saber-rattling BS that always gets US military to do shit like move ships around. I'm curious what the cyber-equivalent will be, if anything.

It's interesting, this bit of code, because it's like Code Red, a bit of malware with the intent to DoS, which is unlike the standard method of build-a-zombie-army-botnet and use that to launch your attacks. I think there's some update capability in the code though so that target lists can be updated, which will turn out to be the main exploitable weakness of the code.

Despite the cycles and repetition of history, it rarely is a dull moment.

Step one: click on that link to a you-tube video of fireworks that a "friend" sent to you, on your computer at work.

Step two: deny it when you get my "hey dude, you clicked on a waledac link so we need to rebuild you system" email.

Step three: get belligerent with the poor desktop tech that gets sent out to pick up your system for re-imaging.

It's stuff like that that makes me think: "hmm, I wonder what this person has to hide... let's look through their web traffic for the past week and throw on a forensic agent to monitor them just in case."

It's so petty.

My time is better spent developing techniques to detect zeus-infected systems based on how an infected system interacts with our webservers. So we can find infected systems and identify owned customers before Ivan empties their accounts. But no, I'm stuck sifting through the web proxy logs hoping to find some little gem of a policy violation so that I can get a little glimmer of satisfaction from gathering up the evidence into a case and handing it off to HR, and think that in a week or so, there will be one less idiot on the inside.

It's so petty.

Last night I went to the Hills Market with A for root-beer floats made with Snowville Creamery ice cream. They made it on-site with a stationary-bike-powered ice cream machine.

Very good stuff.

While the show was getting started outside we went in and ordered a pizza from their deli. We wondered a bit while it baked. In the liquor section I overhear a child and her mother talking. The child is in her inquisitive "why?" phase.

"Mommy needs to get some margarita mix"

"Why?"

In my inner-voice I answer: "That's why."

The best part was that the child was pushing around one of those kid-sized carts and it had all of the liquor in it.

Fill in your witty comment here

My albatross property in Akron caused a couple of minor crises last week.

The neighbor on the right is in a difficult situation. They have empty properties on both sides of them and too much time on their hands. The result is that they call the city at every opportunity. Last Saturday I received my second complaint this year. I hadn't set up a lawn care service yet so things were getting out of hand.

While I was trying to line up someone to take care of the lawn this season, and mildly freaking out over the impending deadline and fine. It was annoying that of all the things to be worried about (A's injury, work, the sale of the house itself) I was stressing over a $250 fine.

Unknown to me, forces were at work in my favor. The neighbor on the left had seen the notice, and taken care of the lawn. Not to be helpful, but spoil the efforts of the other neighbor. When I finally got them on the phone to chat, they had no interest in payment to keep mowing the lawn-- they'll do it out of spite.

I'll be sending them a thank-you card. "Thanks for being a spiteful bastard-- my kind of bastard"