3.27.2015

Crazy Pilots

"Crazy pilots" is a new thing. We didn't have these problems before.

We can argue about the merits of strongly locked doors to the cockpit. Obviously, locked cockpit doors would have prevented the 9-11 hijackers from succeeding. Or, they would have found another way to use a jetliner as a missile.

The locking mechanism to the cockpit is really not the issue.

Clearly, people with mental problems are being permitted to fly planes. Or rather, people with issues are not being permitted to take medicine, since pilots can't take Ritalin, Celexa, etc.

Along with the spate of violent cop incidents, the question must be: what has changed?

We are getting a different result: crazy mass-murdering pilots. What has changed in the pilot-choosing system, or the pilot-vetting system, that we are getting these results?

The stories are terrible and frightening. Flying is scary for me on a good day.

There used to be three people in the cockpit. A Navigator would be in there with the pilot and copilot. That position has been eliminated in commercial flights as unnecessary and expensive.

Maybe it's time to rethink that.

3.25.2015

Starbucks Quality Slide

Look at this photo. The foam on top of my latte is flat.

I spend too much money for a latte to not get the fluffy milk foam I pay for.

And, yes, a person can complain and ask for another latte. But who wants to do that? Looking into the young, earnest coffee-preparer's face and complain? Can't do it.

Judge for yourself. Am I wrong? Is this how the milk foam is supposed to look?

2.06.2015

PETA Story From Reddit

Reddit user "fucking-hate-peta" posted his very interesting PETA story:

[–]fucking_hate_peta 

I worked in wild animal rehab for three years. For those of you who don't know, the ultimate goal of rehabbing wild animals is to get them to the point of being able to be released back into their natural environment. The point is NOT to make friends with the animals, because if they become human-friendly they'll almost certainly be killed, or become dangerous to humans. If an animal does become too human-friendly it can't be released and the only thing you can do is euthanize it or make it into a demonstration animal. We went to great lengths to make sure this didn't happen unless the animal was already non-releasable (e.g., a bird with a missing wing).

PETA members were a pain to us in two different ways. First, the less extreme members would volunteer but had no actual interest in doing any real work. They were there to demonstrate that their 'special relationship with the Great Mother Gaia' would allow them to charm any animal into their arms, as if life was somehow a f#cking Disney movie. Of course, the animals were wild and therefore having none of it, and the stupid PETA c#nts would invariably wait until they weren't being monitored, sneak into a cage, corner a damned animal (which at this point was scared shitless), and then they'd get attacked. This happened EVERY SINGLE TIME. They honestly believed that their special snowflake status would work some weird voodoo on the animal, who would then become their best friend. Instead, they'd get bit/scratched/torn up and need treatment which we could ill afford, and this after doing their best to avoid anything that smacked of actual labor.

Best part? Almost every time these dumb motherfuckers would go ballistic and blame US - yes, US - for the animal being hostile. They'd say that we "brainwashed" or "tortured" the animal, and they knew that because - ta da! - the animal would never have attacked them otherwise. We'd done something horrible to the animal, which is why it couldn't tell some random nasty human apart from a sacred PETA butt-boy. As much as we loved volunteer labor, we eventually added a question to our interview process that asked folks if they were part of PETA, and if they answered affirmatively we'd say we already had enough volunteers but we would be sure to get back to them when we had an opening.

The second kind of PETA member would try to sneak onto the property and open cages to scare the animals out. We're talking about badly injured animals, or orphans, who'd be dead in a few days, if that. Fortunately we had a couple of "attack lamas" and some very territorial dogs, and they'd always raise a ruckus when these #ssholes came around. I gotta say, it was f#cking hilarious to see some PETA dipshit running full bore, screaming, with two pissed-off lamas on his heels. Note: the lamas were generally mild-mannered, but for some reason they'd go nuts if anyone who wasn't on staff, or with staff, tried to open a cage.

Aside from seeing a PETA freak chased by lamas, my best moment was seeing a passle of PETA (three, iirc) trying to deal with a great horned owl in the hospital section of the center. The great horned owl is a large bird, and this guy was a monster for his species. They opened his cage, he objected to them trying to towel and grab him, and he flew out (not far, his wing was injured). They thought that they could talk him into calming down (PETA magic), but the owl had already decided they were #ssholes and any time they'd get near he'd spread his wings (very impressive for this guy) and shriek.

I walk into the hospital to find the owl loose and three PETA types babbling at him, they tell me they "don't need help". Sure you don't, which is why the owl is loose, flying around on an injured wing, and screeching - which is something they only do when they're really distressed. So, I hold out my arm, wait until the owl is focused on me, and say "here". The owl takes off and lands on my arm, careful not to tear it to shreds with his massive claws as I'm not wearing a glove. Great horned owls are bloody smart birds. PETA pricks are speechless, then become almost savagely angry - the jealousy is obvious, as a worthless meat-eating 'prole' has somehow managed to outdo them in the space of a few seconds. I'm senior on staff, so I order them out of the hospital, telling them I'm going to cover the rest of their shift. They object, I tell them to get the hell out or face the consequences with the center owner, and they finally leave.

What they didn't know is that when I was young I worked on farms and was a bona fide animal charmer. Only kids are real animal charmers - it wears off once you hit puberty - but I still had some of the mojo. Because of this, the animals at the center were much calmer and far more cooperative with me than anyone else. When the owl came in he took an instant liking to me, so I'd let him out of his cage will I did hospital rounds, sitting on my arm or shoulder. He was always very careful not to turn my body into hamburger with his claws and grateful to get out of the cage to stretch his wings for a bit, so it worked out very well all around. When the owl saw me he instantly took up his usual place because we'd done this before and he most likely saw me as a protector against the crazed PETA predators who were trying to eat him.

The three I kicked out were tossed from the volunteer program. They went and complained to the owner of the center, who told them to get lost and never come back. That was the final straw in terms of us deciding to reject any volunteer who was affiliated with PETA (i.e., they chased an injured animal around the hospital rather than get help as they were trained to do, lengthening his recovery time and putting him in danger of sustaining even worse injuries).

I hate PETA. I will always hate PETA. I eat meat and own pets, and I've done more for wildlife and the environment than any ten PETA tw#ts put together. F#ck the lot of these eco-terrorists.




2.04.2015

Gypsy on the Red Line

Was suitably entertained by a young man playing an accordion on the Res Line this morning.

His mother was with him, and when she started reminding him of something, he started playing.

Then the mother went around with a cup asking for money.

Made the ride in today somewhat interesting. Didn't give them money though.

1.26.2015

The Interview on Netflix - "They Hate Us, Because They Ain't Us-

Congratulations to the Sony hackers for making this movie more interesting than it otherwise would be. So I spent the entire movie trying to figure out what made Kim Jong-Un so mad.  Truthfully, the character that played the North Korean leader reminded me of a supervisor from long ago.  I mean, a lot.

For those who need a refresher, Kim Jong-Un, the real one, executed his ex-girlfriend for making porno, executed his uncle in a power struggle and supposedly embarrassed Sony executives because he didn't want this movie shown.  Read an earlier post on that.  Still, it made watching the movie that much more fun.

Many have panned The Interview, but they are all wrong.  It is funny and satirical.

The premise of the movie is that Kim Jong-Un, the deadly leader of North Korea, agrees to an interview with a television show on the level of Entertainment Tonight.  The host of that show is dumb, but with an instinct for pulling juicy tidbits from his guests.  The producer of the show is the brains, but feeling insecure because friends from school are doing "serious news."

The parallels to Dennis Rodman can't be ignored.  But I am not in favor of slamming on Dennis Rodman, after all, somebody has to be talking to the leader of North Korea, and right now he is it.  And given Kim Jong-Un's history with those close to him, it is no joke to think Mr. Rodman is taking his life in his hands with his diplomatic endeavors.

The pair are roundly mocked by media personalities for securing the interview with Kim Jong-Un.  That's where "They hate us, because they ain't us" is shouted a while, with some jumping around.  It has to be the take-away quote of the movie.

So the CIA gets them to agree to kill Kim Jong-Un, and hilarity ensues.  Kind of.  Some gross, disgusting, are-you-guys-in-eighth-grade humor, and the film drags a little towards the end, maybe because things blowing up and gun battles are what I call boring.  It's a good movie and you should watch it.

The other money quote: "You Americans keep making the same mistake."  Think on it.

I won't give away the ending - but it's a real finger-biter.  

1.21.2015

Broadchurch on Netflix

A really great detective series, even though it relies on old tropes like the seriously ill detective who is trying to redeem himself through the case investigation.

Even so, the story was so captivating, and unpredictable, it is one of those series that you will want to watch in a marathon.

It starts out like a commercial for small-town living: everyone says hello, is friendly, knows each other.  Then a thoroughly shocking event, the dead body of a boy found on the beach, disrupts relationships and trust.  And I guess the friendliness as well.

The female detective, Ellie Miller, a local, makes a transition from nice neighbor lady to a real detective with resistance and fight.  It's fun to watch her struggle between being a community member and looking at unpalatable information about people she knows, and then pursuing it.

The child actor who plays Tom Miller is superb.  His small expressions were so efficient and communicative.  That boy has a future in acting.

The ending is very surprising, but still ties into the whole story.

This show must be seen by all detective and mystery fans.  It is not going on a limb to say that Broadchurch is one of the best shows in this genre that I have ever seen.

12.22.2014

The Sony Hack - The Real Facts

"So to get a full picture you have to read a lot of very technical reports from the network security community. My understanding of the attack comes from reading (probably way too many) technical reports about it. I'll try and give the most readable sources here.

**November 24^th**

The first public notification of the hack came on [Reddit](http://www.reddit.com/r/hacking/comments/2n9zhv/i_used_to_work_for_sony_pictures_my_friend_still/). Within an hour [Deadline Hollywood](http://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295288/) reported Sony had sent a memo to all employees warning of the hack. This was followed by a flurry of reporting then the release of [proof of the hack](http://pastebin.com/8HbbUSkr).

**November 26^th**

Three movies leak online, [the FBI begins investigating the breach](http://www.nbcnews.com/nightly-news/fbi-investigates-possible-north-korea-link-sony-hack-n259361). When the BBC asks North Korea if they were responsible they respond ["Wait and see"](http://www.bbc.com/news/world-asia-30283573).

**December 1^st**

The initial data leak. I won't post it here but it's still available if you look on torrent sites. [It's 26 GB of files and contained Social Security numbers, names, contact details, contact phone numbers, dates of birth, email addresses, employment benefits, workers compensation details, retirement and termination plans, employees previous work history, executive salaries, medical plans, dental plans, genders, employee IDs, sales reports, copies of passport information and receipts for travel of all Sony Pictures employees worldwide](http://www.identityfinder.com/us/Press/20141204210449). Much of this information notably "\HR\Benefits\Mayo Health\Mayo XEROX assessment feed" was stored in plaintext.

**December 3^rd**

The second data leak. This one garnered less press but contained was considerably more dangerous. It contained full security certificate information, internal and external account credentials, authentication credentials with plaintext passwords for systems such as the Sony YouTube page and UPS accounts. I've heard that much of this information was available because an IT director was comprised apparently he had no background in IT and was actually a marketing exec who reached the position (and thus higher salary) through corporate politics. You can see for example is was good at [naming files](http://i.imgur.com/GngopXj.png).

**December 4^th**

The FBI issued a confidential flash warning to the security departments of large American companies warning about a new malware called Destover Backdoor.

I can't post the notice itself (it's confidential) but I can post the [Symantec writeup](http://www.symantec.com/connect/blogs/destover-destructive-malware-has-links-attacks-south-korea) about it.

As people started to analyze the code sample provided we learned that it was [created on a computer using the Korean language](http://securelist.com/blog/research/67985/destover/) and included pictures with Sony's name written on a tombstone (meaning that it was a targeted attack). The picture also contained the text "We've already warned you, and this is just the beginning. We continue till our request be met." Note that no where did they say what their demands were though North Korea had previous threatened Sony over the release of The Interview.

We also learned [how to detect](https://malwr.com/analysis/MWZkZjU4Mjc1ZTNlNDQzN2FkOWFhNWI1NjNmYjk0Nzc/) the "Command and Control" modules of the code. Initially the virus just exposes the computers files and configures it to run a webserver. It also attempts to spread throughout the network targeting access to specific machines and ip addresses. Because these are hardcoded it means the attacker either had inside help or had previously penetrated Sony's network and gathered information. The malware only begins to broadcast back to the C&C servers once it's been launched—and deletion of data on the targeted network has already begun. This likely triggered by a hard coded time in the code. This type of malware is consistent with a watering hole or spear phishing attack. The C&C servers the malware connects to were used previous by a piece of malware known as DarkSeoul which North Korea used to attack South Korea previously.

**December 7^th**

Third data leak. This one contains all of Sony Pictures' financial information. Bloomberg [reports](http://www.bloomberg.com/news/2014-12-07/sony-s-darkseoul-breach-stretched-from-thai-hotel-to-hollywood.html) that the initial data breach occurred at a hotel in Thailand where a Sony executive was staying. This is likely the source of the inside information about Sony's network.

**December 8^th**

Another leak, this one was just posted to pastebin before quickly being taken down. This one contains the email archives of two executives: Steve Mosko, President of Sony Pictures Television and Amy Pascal, Co-Chairman, Sony Pictures Entertainment and Chairman, Sony Pictures Entertainment Motion Picture Group. There's some confusion about the authenticity of this post. The data leaked is authentic but it looks like it came from a different group than the first 3 leaks. It also specifically mentions The Interview, which previous leaks did not. Consensus of the security community seems to be that this was a copycat or disgruntled employee taking advantage of the situation.

Security company Kaspersky releases its [report](http://www.theregister.co.uk/2014/12/08/kaspersky_deets_on_sony_malware/) which shows the initial computer virus used in the attack is the same at that used in the Shamoon attack where North Korea went after Saudi Arabia. We are also told that three security certificates used a password of "password".

**December 10^th**

The next leak occurs. This one bears the signature of the first three leaks, meaning it is likely genuine. It includes information about Sony's anti-piracy efforts, entertainment deals in the works, internal procedures related to tracking torrents and other illegal downloading. It also contains a document that outlines Sony's cooperation with 5 major Internet Service Providers (ISPs) to collect full data for monitoring illegal downloads.

On the same day the attacker behind the December 8th leaks releases another set of emails, these belonging to Leah Weil, Senior Executive Vice President and General Counsel for Sony Pictures Entertainment. They seem to be trying to piggyback onto the real leak. This is completely off topic but I wanted to mention the through these emails we learned that George Clooney is apparently the only person working with or for Sony that understand information security.

News stories proliferate.

**December 13^th**

The next authentic leak. This one contains internal documents for tracking deals, expenditures, and revenue. It also contains information about the state of all deals Sony is currently working on. While previous leaks were initially seeded in China, this one was initially seeded in [Taipei, Taiwan](https://twitter.com/Mario_Greenly/status/544967851795562496).

At this point IT workers at Sony begin anonymously [talking to the press](http://uk.businessinsider.com/sony-insider-the-security-team-has-no-fing-clue-2014-12?r=US). They paint a picture of a company with an outdated network, lax security standards, and an unwillingness to hire quality professionals in IT and software development (believing top talent in these areas to be "too expensive"). They also describe a very traditional big corporate office environment in which things like "ass in chair" time spent at work is valued over results. Most promotions seem to be driven by office politics not talent.

**December 16^th**

There's been many media articles, speculation, theories, and controversy. For weeks Sony has been fighting the leaks via takedown notices, hacking of their own, and pleas in the media. They activate their "cybercrime" insurance which provides them with [$65 million in coverage](http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html). They cancel most media appearances in promotion of the film.

**December 17^th**

A group of individuals makes threats of violence at US movie theaters which show The Interview. These are different in style, content, and tone than all communications from the actual hacker. They seem obviously fake, created by pranksters to take advantage of the tense situation. Regardless almost every theater chains pulls the movie from their schedule.

In an show of incredibly lazy journalism many media outlets (lead by Wired) publish stories stating that North Korea was not behind any of the hacking. These mix together the details of several attacks and treat all leaks (both credible and not) as coming from the same actor. At the same time more respectable media outlets like the NY Times, The Wall St. Journal, and The Washington Post publish stories stating that North Korea is "almost certainly" behind the attack and cite a litany of security professionals and confidential government sources.

While all the circumstantial evidence points to North Korea we do lack documented forensic trail that truly establishes some level of attribution with certainty.

**December 18^th**

Sony cancels The Interview.

They also quietly cancel "Pyongyang" another comedy starring Steve Carell. Produced by company New Regency and directed by Gore Verbinski, the story is based on a graphic novel and follows a Westerner that is accused of espionage in North Korea.

**December 19^th**

[The FBI firmly places the blame on North Korea](http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation).

Everyone rushes to put this in a political frame."

This is why no one trusts the media anymore. This is the best rundown of the Sony Hack that I've seen. Kudos to Reddit. Again.


Sent from my iPhone

12.21.2014

S Street Rising by Ruben Castaneda

"S Street Rising" is a striking and original book detailing Ruben Castaneda's experience as a Washington Post crime reporter covering the crack wars in Washington, DC - while being a crack addict himself.

What's so great about this book is it tells this story from many points of view:  his, as a crime reporter, a local preacher whose church was in the middle of an open-air drug market, a homicide detective whose insight and strategy turned around the unsolved murder rate for the city.  He details the types of people he interacted with while reporting on, and participating in, the crack epidemic in D.C.

This is a story well worth reading.  It reminds me of The Wire in its ability to turn a sprawling situation in the air so that a reader can take a look at all sides of what is going on. 

"S Street Rising" reminded me what living in this city was like in the late Eighties and early Nineties.  There were drive-by shootings all the time.  No place was safe.  I remember visiting a friend at Sixteenth and Harvard Streets, NW at one a.m. and having to run to the van of my friend and both of us getting into the same door because he was too afraid of the people hanging around to walk around and let himself in the drivers side door.

Another time we were driving home from somewhere and when we were stopped at a light two men with automatic guns approached the car and leaned in to see if the person they were obviously looking for was in the car.  They weren't, and the men backed off.

In law school, my classmates and I heard nightly gunfire just over the District line in PG County.  The driveways up to our apartment buildings were perfect for dealing drugs because you could see a police car driving up from a long way and get rid of the drugs. 

I was dangerous here in Washington, DC.  Crack ripped this city apart and a lot people died violently related to its sale. 

Ruben Castaneda's book brushes past some of Marion Barry's story.  "S Street Rising" tells of shady friends of the former Mayor, and implicates him in the cover up of a murder.

This book is a must-read for anyone who wants to understand Washington, D.C.

12.12.2014

What joke, no matter how many times you hear, makes you laugh?

I didn't want to believe my roommate was stealing from the transportation department, but when I got home, all the signs were there.


Sent from my iPhone