Friday, June 29, 2012

One small step for breastfeeding.....: Joyfully Kissing her beautiful baby boy: The girl ...

One small step for breastfeeding.....: Joyfully Kissing her beautiful baby boy: The girl ...: Joyfully kissin...

Monday, March 17, 2008

Move your mouse around in the gray box to see a picture...

Saturday, February 24, 2007

The Anti-spam Vigilante Metaphor

Imagine we're neighbors; I'm the volunteer neighborhood watch dweeb; you're the neighborhood party girl and you often tend to leave your front door unlocked. I have deep convictions about unlocked doors that compel me to mention them to you.  Your unlocked door has yet to cause you any problems, you just wish I'd mind my own damn business and leave you the hell alone.

But that's not good enough for me, I've seen your type before, I'm totally cheesed-off by your disregard for my infallible advice, because I'm correct and justified and there is no other valid point of view. I must bring you into the fold with the rest of my sheep, somehow. You've threatened to call the cops next time I knock on your door.

So I decide to make my own official list of careless leavers of unlocked doors; I walk the entire square block and the ones around it, going up to each door to give its knob a twist. Each one I find open, I write down the address. When I get to your door it opens right up, you see me and come unglued; I make a special note next to your address, "young single female, frequent parties."

I take my list downtown, make a few hundred copies so anyone that wants it can just tear one off, and I tack them up on a public bulletin board in front of the police station. That way others like me, who believe a locked door is a good door, will know you're not one of us.

Of course the list will also be noticed by thieves, rapists and other assorted scum bags, but that's not a problem to me, they'd have found you sooner or later, I rationalize. Whatever happens to you, you bring on yourself.

Soon after you're missing any number of things, your TV, stereo and computer have been stolen, and you've had frightening encounters with unwanted guests of the psychopathic kind. Mere door locks will no longer do, you have to get bars on the windows, an alarm system, and a can of pepper spray.

You demand that I take your address off of my list, as it no longer applies. I force you to ask nicely, say pretty please, and then maybe the next time I print my list, or maybe even the time after that, I take you off -- which of course does nothing to stem the steady flow of low-lifes your presence has recently attracted...

Now do you see what your carelessness has done to our neighborhood, bitch?!

The IT Security Researchers Metaphor

Imagine that I am an expert on the subject of an imaginery species of elephant, and all aspects of their behavior. Having studied them at length, I've discovered that almost any given specimen of this imaginery species will go berserk if it gets a jalapeno in its trunk.

It has come to my attention that the local zoo is selling jalapenos to tourists, and from a stand right by the imaginery spiecies of elephant enclosure, no less. I go to the zoo keepers with my findings, but they scoff at the danger, and show no inclination towards fixing this safety problem! They considered my behavioral factoids to be so obscure as to render harmless this terrible danger; of course they are wrong, I am right, it's irrefutable.

So now it's up to me, to make the public aware of this (and gain recognition for my work as well,) and ultimately compel the zoo to cease the sale of jalapenos. So I go to the zoo, I purchase some jalapenos from the stand, I find some empty peanut shells, and stuff them with jalapenos, as proof of concept. But what to do with them, that wouldn't be culpable?

I happen to notice a group of al Queda terrorists lustfully eyeing the females in the camel exhibit. Coincidently, I also happen to know a little about Arab terrorists, and I fully expect them to be highly interested in any discovery that will cause random harm. I walk to within earshot and procede to explain my discovery to no one in particular. I point-out the stand that sells both jalapenos and peanuts, and demonstrate the construction of a jalapeno-stuffed peanut, though I'm careful not to leave any of mine when I walk away.

In doing so I attract the terrorists' attention, and thereby virtually guarantee they will attempt to exploit my findings. When they do, I fully expect some of the elephants to come unglued, and I also expect the onlooking crowd to be in grave danger when this shortly occurs.

So I quickly move to a patch of high ground, from which to watch the drama unfold. Predictably, the terrorists start lobbing jalapeno-stuffed peanuts into the area where the elephants are feeding. More predictably, one of the elephants picks-up one with his trunk. And most predictably, that elephant flips, completely out of control, crashes out of its enclosure, and tramples dozens of people to death. Hundreds more are injured as the huge beast escapes the zoo, and thousands are delayed when sharp-shooters must kill the elephant as it's charging down the middle of I5, during rush hour traffic.

Now, it is true that I personally did not directly cause any of the mayhem - in that I did not bring the elephants or the tourists to the zoo, I did not decide to sell jalapenos at the food stands, I did not sell admission tickets to the terrorists, and most of all, I did not feed the jalapenos to the elephants. I didn't even tell the terrorists about elephants' behavior, I was merely publishing my findings for the public.

However, I knew with certainty the danger of being near a freaked-out elephant. I knew the Arabs were more than likely to jump at the chance to cause random destruction, and I knew that people would be crushed when the elephant wigged-out.

I knew the terrorists would have access to the information I published -- indeed I expected them to take notice. If not for my publication, the Arabs would never have thought to try this, and their damage for the day would've been limited to a few sordid camel molestations, at worst.

When I disclosed my findings to the public, I advised explicitly that this must not be attempted with real elephants and/or people nearby. Further, to protect myself legally, I notified the public in writing of the inherent dangers, and specifically disclaimed any/all liability for damage incurred by their actions, should anyone fail to heed my advise.

By virtue of the disclosure noted above, I perceive no responsibility for the actions of the terrorists -- even though I was well aware of their intentions. I had no reason at all to believe they'd respect my alleged concern for life and property, and every reason to believe they would use the information I provided to perpetrate an act of violence, the likes of which they would otherwise have been incapable, had I not taught it to them. Yet I still color myself blameless?

The questions:
  • If I speak the phrase "please don't kill and maim," at the beginning and end of every class, does that leave me free to teach, "Introduction to Causing Death and Mayhem 101?"
  • If I get signed statements from all recipients, affirming that "these weapons are not intended for use in the killing of other human beings," does that make it ok to distribute free guns and ammo to gang members?
  • If I have absolutely every reason to expect that my published work will be used to destroy the property of others, and no reason to believe there's even a chance it might be used ethically, for a good and useful purpose -- indeed, if my publication includes conjecture as to how soon and/or how severely my work can and will be used against us...
    • Aren't these expectations almost tantamount to intent?
      • It may not be my explicit intent that harm should be caused?
      • But is it not my effective intent, given my expectations?

Monday, February 28, 2005

What search?

I must not quite get the search thing, I've searched for several things -- things that I know are in at least one blog -- and so far it's found zilch, nada, nothing at all. What kind of bullshit is this?

Friday, February 25, 2005

Portait of an Asshole: those that add the same shit over and over just to keep their blog near the top

Man talk about abuse! Here's what I don't get: who in their right mind would buy anything from someone who behaves as though s/he doesn't give a fuck about anything other than making $20 here and there? Someone who replicates the same ad every 5-10 minutes is, by definition, an asshole! He's wasting storage, bandwidth, server capacity, probably 20x what normal users consume, but does he give a rat's ass about any problems he causes? Hell no! He'll send 1,000,000 annoying spams to make one sale, why? Because it costs him nothing. It costs others dearly, but that's not his concern. Only a real moron would send money to someone that abusive.

Thursday, February 24, 2005

If Microsoft can't do it, can anybody?

[this is a logical continuation or my last post, berating MS Anti-Spyware...] There is a tool/technology that's sorely needed by spyware/virus removal tools, but is conspicuously missing from anti-malware offerings, mostly due to licensing issues, it would seem. The technology is called a Pre-installation Environment (PE) that boots a functional O/S exclusively from read-only media (such as a CD/DVD.) Happily there is a tool that makes it reasonably easy to build such a boot disk, called Bart PE, it's free, I highly recommend it. It took me about 40 minutes to build my first Bart PE CD. I've since gone on to make several other bootable CDs and DVDs... can't imagine having to do without it now. The reason it's so necessary for effective spyware removal is simple: it's very difficult (perhaps even impossible) to completely remove a malintended process once it's running, it's just way too easy to dump another executable from a resource or create a copy of itself and spawn it before being forcibly shut down. It's even possible to attach a thread to another process. Plus the number of registry locations that can be used to facilitate activation of code is severe. Who would be in a better position to succeed at this than Microsoft? Maybe they haven't really even tried yet, but I can tell you for sure, their current anti-malware product is inadequate. So, you may be asking, what have I done about this besides bitch and moan? For one thing I've created a BartPE disk, that has an Undelete program, the original RegEdt32.EXE, Nero 5.0, Partition Edit and a few other essential utilities. It makes clean-up and/or recovery a much simpler prospect. I've also had some success with some AV software, but the glitch is getting current AV definitions on the fly in a place they can be used. I've also written a couple of partner utilities, that make removal of spyware somewhat painless, and genuinely successful, from within PE. One of them loads (and unloads) the software and user hives under specifically named keys, allowing access to an infected system's registry from within a PE session. (The PE has it's own registry, of course.) This makes it possible to change the registry used by one system, from within another, without the infected system running. Its partner (which has carnal knowledge of those specifically named keys) allows me to recursively deletes registry keys from those loaded hives, by passing the original keynames to it on the command line. For example, let's say you want to remove the key: HKEY_LOCAL_MACHINE\ Software\ Classes\ DyFuCA_BH.BHObj, (which is used by some filthy malware crap) and all of it's subkeys from an infected system's registry. The loader tool loads your infected software hive under the key: HKEY_LOCAL_MACHINE\ offline_HKEY_LOCAL_MACHINE_software Which means the path to the [temporarily] physical key location is: HKEY_LOCAL_MACHINE\ offline_HKEY_LOCAL_MACHINE_software\ Classes\ DyFuCA_BH.BHObj The remover tool accepts the original keyname, but removes it from the loaded hive: DELOFFLINEKEY "HKEY_LOCAL_MACHINE\ Software\ Classes\ DyFuCA_BH.BHObj" The remover tool adjusts the key that's passed to it, which makes it much easier to turn the output of a spyware removal tool into a batch file. (You can see why I won't be going public with these tools any time soon.) [to be continued, if interest exists...] -MM

MS Anti-Spyware: godsend or bad joke?

In the immortal words of James Hetfield, from the rock group Metallica, "it's so useless, heh hyeah." This, I believe, is axiomatic: if spywarexyz is detected, and then "removed" by an anti-malware tool, but on the very next boot it is detected again, then it wasn't really removed, was it? Claiming to remove the same [n] threats time after time is just plain dumb. Counting them incrementally -- claiming to have removed hundreds of threats, when in real life, it hasn't removed any -- now that's downright asinine! It just refinds the same infestations, pretends it has mitigated the threats, and assumes success. And then it wants credit for a job well done, riiighht. Process integrity? I think not! How hard would the tiniest bit of heuristics have been? A little internal effectiveness check? Some reason to believe you're doing absolutely anything more than putting the user on a treadmill? Maybe keep some stats on in-the-trenches workability? Wouldn't a level of tracking capable of detecting false success be both relatively easy and very important? How else would you know if/when it became appropriate -- call me crazy for this one -- to perhaps regroup and change your attack posture, because it has become overwhelmingly clear that you have FAILED, Microsoft, Giant... who-the-hell-ever, you have failed, most miserably and horribly... it's like a bad joke. Notice my expectations above made no mention of actually delivering an effective tool -- that seems way too much to expect at this point. Possibilities:
  • Why couldn't there be a special system mode, entered when shutdown is initiated (and invoked prior to shutdown as a user option) that locks the startup areas of the registry from updates and inserts? Allow read and delete so tools or techs can remove unwanted crap, and that's it, until the system restarts. What legitimate reasons could there be to alter such things as the system is shutting down?
  • How about a way to block/prompt for any process that performs i/o in response to shutdown, giving the user a chance to allow or ignore the i/o?
  • How about a log of all processes that either abort or initiate shutdown? Or better yet, give the user the final say, "Process xyz.exe has returned FALSE to WM_QUERYENDSESSION, do you wish to allow this, or should it be killed now without further notice?"
  • How about a special kill function, that neither gives the condemned app an indication of what's about to happen nor ample time to react. Unconditional full disclosure may be in the apps' best interest, but it isn't always in my best interest. I'm the user, it's my hardware, doesn't that count for anything?
(I will explore solutions when I continue this rant sometime in the near future...) -MM