Welcome to My World

With my friend safely home from her trip to Atlanta, Georgia to participate in the 2008 International Science & Engineering Fair (congratulations to her for winning her seat there, btw! More on that in a subsequent post this weekend ), I am free to rant about the bat-shit insane idiots working for the Transportation Security Administration. Like the “You can’t take pictures here!” crowd demonstrating that sanity has left the security industry behind in public spaces, I am more convinced than ever before that the entire concept of the TSA is fundamentally broken, flawed, and unworkable.

My friend’s luggage, you see, was flagged by the TSA on her flight to Atlanta, and her luggage was detained, screened, and thoroughly searched. She made it to Atlanta. Her luggage didn’t meet her there. It went on to New York (the plane’s next stop) for a thorough examination, then came back to Atlanta where it was eventually delivered to her late that night. So while some unnamed yokels at the TSA in Atlanta and/or New York rummaged through her bags, flipped through her clothes and underwear and all her other possessions that came along on the trip, she spent her first day in Atlanta wearing stuff that didn’t fit her (donated to her by the airline, her friends, and by ISEF sponsors), worrying about whether she’d actually get her bag back (which contained a contact lens case, prescription medication, and other “important” stuff).

What caused them to flag it as “suspicious” you ask? A plastic carrying case designed for, and carrying, eight rechargeable AA batteries. They looked “suspicious” on an X-ray scan, and this was enough for some TSA dickwad to flag the luggage as suspicious, requiring additional screening. How did they accomplish this screening? They put it on the fucking airplane anyway to fly to Atlanta, then put it back in the air again to fly to New York to be examined. Then, having ruled it “safe,” they flew it back to Georgia.

I’m officially sick of people lording artificial power just because they can. I’m tired of people who aren’t causing harm or even inconvenience being harassed for taking pictures of a public place. Lest a language lawyer pounce on me by pointing out “but, but, but Union Station isn’t a public place, it’s privately owned and operated!” I will explain that when I use the term “public place” in this rant, I refer to the concept of a place wherein random persons can freely enter, mill about, and exit unmolested under most circumstances. This includes places like bus stations, train stations, airport lobbies (the bits where you don’t have to go through security to reach), even 24-hour Wal-Marts. I refer to it as any place where you can walk in without paying an admission fee, goof around harmlessly for awhile, then leave.

I actually began the process of migrating my domains (willfe.com, willfe.net, and willfe.org) over to a different registrar that supports dynamic IP addresses in their DNS service last week, but because of a screwup at the current registrar (sigh … so nice of their “protected domain services” to “forget” to forward mail to me…) I had to cancel that transfer and start it again, but this time the confirmation mails actually arrived and so the move is officially in progress.

I’m told that the registrar switch doesn’t actually kill anything in DNS but I don’t completely trust this; it is entirely possible that the site, or mail to it, or the domain itself might temporarily vanish if something goes wonky. Because we live in a world occupied by humans, something is likely to go wonky

Consider that fair warning that there might be an outage over the next couple of days.

Recently a Debian developer discovered that a change made (by Debian) in OpenSSL (the underlying toolkit that powers OpenSSH and OpenVPN, as well as providing a stable SSL system for open-source web servers) a couple years ago significantly reduced how much genuine “entropy” (randomness) was available at key creation time for users of the OpenSSL library. Oops The end result is that it is theoretically possible for an attacker to guess your private key with just a little bit of information from your system.

Ubuntu users already have updates waiting when they next check for updates, but there’s the additional step of re-creating your private keys too (and the requisite “installing them on your systems” step that follows) to be free of the impacts of this update. It’s actually pretty straightforward to do (and if you don’t know what the hell I’m talking about, you’re not affected anyway ).

The relevant advisories are:

• OpenSSL vulnerability
• OpenSSH vulnerability
• OpenVPN vulnerability

A handy little tool called ssh-copy-id is a wonderful little bit of shorthand to help install your key on new systems quickly. On a regular box where you’ve just got the one key, you can just copy it over with a single command:

$ ssh-copy-id username@host

You’ll be prompted for your normal login password for username@host, but after that the tool automatically installs your public key in the right place on the target and from then on you shouldn’t need to take any extra steps for it to all “just work.” It’s spiffy.

BTW, anybody who’s gotten a bit rusty on their care and feeding of ssh and needs a refresher on how to regenerate a key, just run

$ ssh-keygen

by itself for an RSA key (add “-t dsa” to get a DSA key).

To the nay-sayers out there whining that this is an “obvious demonstration” that open source isn’t as secure as it’s claimed, bullshit. This is exactly how open source is more secure — somebody noticed a problem and it was fixed and rolled out within hours, not days, weeks, or months like with a closed-source vendor. Also, there is no known exploit for this vulnerability. Finally, this was a Debian-only (Ubuntu is based on Debian, so it and any other Debian-variant Linux distribution was affected as well) goof, and wasn’t a problem with the original OpenSSL on which this package was based.

Microsoft thinks it has an “innovative” way to encourage people to use Windows XP (not Vista, amusingly enough) on all these sexy new ultra-portable, ultra-cheap laptop computers instead of Linux (which is what almost every manufacturer of these little machines has been using so far): license XP at a steep discount so long as manufacturers deliberately cripple the hardware.

Heh. I haven’t poked fun at Bill O’Reilly for awhile, so let’s fix that with a quick “point-n-laugh” session at an early recording of his calm, gentle demeanor and complete professionalism as a teleprompter fails during a taping of a host segment for Inside Edition.

I guess he didn’t just turn into an angry old fart — he’s just always been an asshole. Bet he fits right in there at Fox I think I’ve figured out why anybody bothers to go on his show at all, knowing he’s a huge fan of the hit piece, the “cut off their microphone” trick, and the “shut up!” maneuver — a person goes on his show in the hopes of pissing him off enough to get an explosion like this one. I suspect that feels even better than winning the lottery

In the coming days, I plan to document this arcane process a bit more clearly (though admittedly it didn’t ultimately take all that much fidgeting around to get it working — it turns out that when you assume features labeled “advanced” won’t work because even the basics aren’t working, you are sometimes wrong ), but I made a series of really happy discoveries today regarding my HTC Excalibur (the “T-Mobile Dash” in the United States) and my laptop running Ubuntu 8.04:

• Synchronization now works (calendar, contacts, e-mail, and files) with Evolution on the laptop and the phone’s own native apps
• Network sharing works in both directions
  • If my laptop has a network connection and my phone is connected, the phone can happily share the laptop’s connection
  • If my laptop does not have a network connection and my phone is connected, if I enable the phone’s “Internet Sharing” app (just standard practice here — no special tricks), my laptop can snag an IP address from the phone via DHCP (again, all automatically) and share its connection
• Though it is an absolute pain in the ass (no recursion, and no wildcards), files can also be manually copied from anywhere on the device (storage card, root folder, etc.). Regular file synchronization in the device’s internal memory “My Documents” area works correctly.

Right now, synce-gnomevfs doesn’t seem to work (the damned binaries don’t seem to understand where to find each other):


will@prometheus:~$ synce-in-computer-folder install
Failed to open input file: '${prefix}/share/synce/synce-in-computer-folder.sh'.


(if I can get this piece fixed, it will mean the file browser (Nautilus) will let me skim around in the phone’s filesystem which will help sidestep the command-line “one file at a time” thing)

But this has got to just piss off somebody in Redmond, Washington something fierce — a Windows-based phone is cheerfully talking to and working with a “lowly” Linux box. Nyah, nyah! This was the last thing I “needed” Windows for (though the phone is capable of installing apps on its own, which made that issue much less itchy).

If I just sighed and shook my head in disbelief, you wouldn’t be too surprised, since this kind of thing always provokes that kind of reaction out of me. Still, let’s all point and laugh at “blessed” water in a 16.9 ounce bottle, yours for just $2 (not available in stores). The folks over at FARK are giving this the once-over, too, and are probably doing a better job of it than I am, but I thought this scam needed just a bit more limelight cast upon it.

Switching my site back to a more reliable system where I have more direct control over things is both a good thing and a bad thing, but it’s good in that I have a much nicer stats suite available now and it gives me all sorts of funny amusing stuff to poke fun at. It also helps me more quickly find abusers and spammers to [plonk] into the killfile.

Here are just a few of the funnier/stranger search phrases that lead to my web site, along with my ever-so-helpful answers to these meaning-of-life caliber questions.

Right, sorry, my nearly-nonexistent readers, for the outage this afternoon/evening. I made one tiny little change in my server’s Apache configuration:

ServerName willfe.com

…which proceeded to completely piss it off for reasons I will likely never fully comprehend. I’d normally never admit that, but since changing the directive to read

ServerName willfe.org

totally fixed the problem, I am officially confused, and it made one of my eyeballs fall out.