Main Menu

• About

• Recently Written

  • Has Obama duped you?
  • Hulu down, sadness ensuing
  • Shards of Alara - Rare Commons?
  • Coping with a house fire
  • miniature tigers - tell it to the volcano
  • Bloated Bailout
  • House of Representatives’ web infrastructure not scalable
  • McCain’s 13 Poor Quality American Cars
  • 23,000 Big Macs in 36 years
  • Another S3 outage

• Categories

  • coding
  • internets
  • linux
  • mtg
  • one-time-life-events
  • politics
  • random
  • rants
  • Uncategorized

• Search

• Archives

  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007

• Blogroll

  • Zombicide

• Meta

  • Log in
  • Valid XHTML
  • XFN
  • WordPress

Happy Earth Hour!

It’s dark in here… at least my DS is charged…

McCain over Obama

I thought this was a very interesting poll by the New York Times regarding Democrats who will vote McCain if their candidate isn’t the nominee. I’m beginning to wonder if I will lump myself in this category. Some of the comments are particularly interesting. Take for example this one from an Obama supporter who clearly can’t make a intelligent policy argument/discussion:

Thanks for wrecking our party, Hillary. Then again, anyone who believes your bs should vote for McCain. He’s a liar, just like you, only older, and better looking.

— Posted by jeffp

Or this one from a Hillary supporter:

Not surprising. I am a non-democrat (ie, independent) Hillary supporter that would never pull the lever for Obama. It started with his lack of credentials, moved on to his hypocrisy and inability to take responsibility for his own actions and culminated in his racism (”typical white person”).

I’ll be voting for McCain if Hillary is not the democratic nominee in November.

— Posted by Ann

Why do I think Hillary should be President of the United States? Look at the “leadership” Obama has exhibited on the disenfranchisement of the Florida and Michigan voters? He is running the clock. What a crock. And yet he is praised by both the media and his supporters for being a ray of hope amid a tumultuous world. That, my friends, is a farce. America is in the gutter because of the cronyism of George W. Bush and crew and we need someone to lead this country and the rest of the world. This man Barack Obama is nothing but talk.

Nope… as a long time Democrat, I can proudly proclaim that I’m going to vote for the person I think would be the best leader. This is the first step for all American voters to take. Get over the crap the media feeds to you, get over wedge issues, and vote for a good leader.

Mukasey ’surprised’ by scope of terrorist threats

That’s the headline on this piece at CNN where Bush-Cheney puppet Attorney General Michael Mukasey reports to “have been taken aback by the scope and variety of potential terrorism threats facing the United States.”

Furthermore:

“I’m surprised by how surprised I am,” said Mukasey, who as a federal judge presided over terrorism-related trials in New York.

“It’s surprising how varied [the threat] is, how many directions it comes from, how geographically spread out it is,” he said.

You have got to be kidding me.  Let me translate this whole piece of “news” trash for you:

Bush administration official thinks it’s “really crazy how scared we should be from threats of terrorists.  For real, it’s really, really bad.  It’s amazing how much we should give in and live in constant fear and continue to abridge our freedom and rights.”

This is nothing short of outright propaganda.  This piece of “news” is indicative of how the Republicans have run this country under Bush-Cheney for the past 8 years.  It is despicable.  Every so often, the news is permeated with pieces like this from alleged jounralist Terry Frieden to “keep being scared and vote Republican.”  There is zero substance here, naturally because - no surprise - it’s “secret”!

I, personally, have had it.  Yes, terrorism exists.  No, I won’t give up my rights and cower at every turn feeding into the Republican fearmongering machine.

I just heard thunder in Seattle

I moved here to the Seattle area (Kirkland, right now) almost 18 months ago to the date.  I moved from Florida, where thunderstorms are often times a daily occurrence.  Well I was just sitting here at the computer working on some stuff and I saw a flash (it’s raining outside, no surprise there).  I thought to myself “was that lightning??” and began listening intently.  A few seconds later… a low, short rumble.

18 months for my first dose of thunder in Seattle.  Weird.

5 Years in Iraq? I don’t understand…

I don’t understand what all this hullaboo is recently about the War in Iraq having gone on for 5 years.  The New York Times is running a whole bunch of pieces about having been at war in Iraq for 5 years.  They even have this nifty interactive timeline of events in Iraq from 2002 to 2008.  But I don’t understand any of it…  The war ended on May 1st, 2003.  And I even have proof:

H&R Block TaxCut bogus “password protection”

Unfortunately, I have to resort to using a Windows computer when it comes time to do my taxes. Last year I started using H&R Block TaxCut software for reasons I can’t remember. I think I picked it up at Target for 20 bucks because I knew my taxes were going to start to get hairy. What better than to have some software do most of the grunt work for me.

In most respects, I am completely pleased with the product. And more than likely they’ve lured me into their trap because they conveniently send me a new disk right around tax time, like they did this year for 2007 filing.

So today I had to file an amended return because I figured I could save some cash on the check I was about to write the IRS. While dicking around trying to figure out the terribly unintuitive way to amend a return, I saw an option in the “File” menu for “Password Protection.”

When I have sensitive data on my computer, if it’s seriously sensitive, I usually just use OpenSSL to encrypt it. I feel pretty safe knowing that something is encrypted with a 256-bit AES cipher-block-chained algorithm.

So I chose the password protection, entered one of my stronger passwords and did what I had to do. Later I of course backed up my files over to my linux box and for whatever reason it struck me to check out the contents of the files. Just blobs of data in vim, but then, naturally, run strings on it:

rwoodrum@slard:~$ strings my_taxcut_backup_file
... snip ...
int:ui_prop_start_state_tab_screen=0
int:ui_prop_xira_version=1
string:ui_psswd=MY_SUPERSECRET_PASSWORD
int:formprop_import_source=1
int:formprop_import_source=1
... snip ...
rwoodrum@slard:~$

Wow. I guess I’m kind of surprised that I’m surprised. I actually thought that since this sort of stuff could be pretty sensitive that they would have some kind of real password protection. Nope. The password is easily recovered by use of the 31337 hacker tool /usr/bin/strings.

I don’t understand why a software company would do this sort of crap. This is what you expect from 10 or 15 years ago. Strong encryption is readily available. Hell at least obfuscate the damn thing. (That sentence is NOT meant to condone security through obscurity, which is a deplorable thing to do.)

So, H&R Block. I challenge you. Make your product safe for thousands of individuals’ important tax data. It’s probably nothing short of misleading to end-users who think that their data is safe.

Word to the wise: If you use this software and are worried about your data, protect it via some other means.

Now… time to encrypt those files by hand…

No inflation under Bernake’s watch

According to the latest CPI report “which has been described as ‘bizarre’ and even ‘absurd’” according to this piece on cnbc.com, there is no inflation!

Anyone remember the Iraqi Information Minister (Muhammed Saeed al-Sahaf) from the first Gulf War?  If you don’t remember his antics and absurdities, check out his precious quotes on welovetheiraqiinformationminister.com.  That will probably jog your memory.

So I came up with a little game.  Take your best shot!

CNN embraces tabloid headlines

I’ve been really disappointed for the past couple of days. It’s not like this hasn’t happened before or anything, but I think the whole Eliot Spitzer thing is really bringing the mold out of the woodwork.

Case in point, I offer two screenshots of CNN Headlines for the past couple of days. You can see them here and here. The amount of smut and crap that passes for news nowadays is an affront to the intelligence of the American people. This is the kind of stuff I expect from Fox News, whom I won’t even deign to link to. You know, the media smelled blood with the scandal surrounding the soon-to-be former Governor of New York and sure enough a resignation ensued. I’m not even speaking to the point of whether or not that is justified, moreso I’m speaking to the point that the media got their kill, now MOVE ON. Instead, it continues to be sensationalized and now we have front-page headlines about Spitzer’s “escort’s” myspace page. Give me a break.

Notice how the New York Times seems to have moved on and their headlines are no longer tabloid quality. What happened to this ridiculous, illegal War in Iraq? (Or, actually, according to The Onion, things are going pretty well in Iraf.) What about the Chinese arguably fairly telling us to keep our double-standards on human rights to ourselves? (In all fairness, CNN did infact report on this.) But this isn’t just an attack on CNN. Certainly not.

The sensationalist garbage that has been passing for news in the public sphere is pretty reprehensible. Again, I might expect this from the (unfortunately very popular) propaganda and misinformation machines like Fox News, but not CNN.

I’ve been reading Al Gore’s book, The Assault on Reason, and I must say it is very, very good. It pains me that the GOP was successfully able to ramrod the election process with fiends like Katherine Harris and the real “activist judges” on the Supreme Court and keep this man out of office. America would be in a much better position and hopefully one day he will return and lead the party. But I digress. One reason why the book is so very good is because it is a systematic and scientific analysis of the current state of our “public sphere” which comes to startling and inevitable conclusions regarding the extreme abuses of power by the Bush-Cheney administration. Honestly, it’s very non-partisan. It’s actually stated very early in the book that (paraphrasing) “it’d be too easy and partisan to simply blame the Bush-Cheney administration.” So instead, he systematically evaluates what’s going on and how they’re breaking the law. The conclusions are unfortunate, but they’re hard to argue against. I’m only about 2/3’s way through, so I’ve got some more good reading to go.

I sincerely hope that, as Al Gore describes, the power of the television is reduced from its current monopoly and something like the Internet resuscitates the discourse in today’s “news.” Hint: It has nothing to do with a sultry myspace pages or Star Bucks closing for three hours.

SSL/TLS Virtual Hosting with a single IP

The question:
Is it possible, via name-based virtual hosting, to have multiple SSL/TLS sites using a single IP address on standard ports? i.e. If the host in question is at 4.4.4.4, can I host www.foo.com and www.bar.com for HTTP over SSL/TLS using the standard port tcp/443?

The answer:
No. Not on standard ports.

Why?

The nature of TLS prevents this sort of thing from happening. In a non-HTTP over SSL connection, the host to serve up is determined by the host header. You can try this manually on a host by telnet’ing to it:

rwoodrum@slard:~$ telnet www.google.com 80
Trying 209.85.173.147...
Connected to www.l.google.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.google.com
.
HTTP/1.1 200 OK
... snip everything else ...

In the above example, if for some crazy reason, google also virtual hosted www.bar.com, in the line ‘Host: www.google.com’ could be substituted “www.bar.com” and the contents of bar.com would be served.

So why does SSL/TLS prevent this from working?

The answer is in the handshake of an SSL connection. In a normal RSA handshake, immediately after the ClientHello is a ServerHello followed by the certificate. The certificate is used to decide if the host is trusted and later on plays a role in the key exchange algorithm. You can see a state diagram of an RSA handshake here.

The issue is really the fact that, in order to ensure all contents are secure, the secure tunnel has to be negotiated before any data can pass. The “data” in this case is our HTTP request! So… you can’t issue your HTTP request, and therefore the host header, until the SSL/TLS connection is negotiated. But wait… how will your web server know which certificate (the one for www.foo.com or the one for www.bar.com) to serve up? The answer is… it won’t.

So. You can’t do name-based virtual hosting using SSL/TLS on a standard port with a single IP address. Now… if you wanted to run those virtual hosts on separate ports, that’s a different story.

Note that this doesn’t have anything to do wirth reverse DNS lookups. Reverse DNS lookups in the context of SSL/TLS is something entirely different and is suitable for perhaps a separate post.

Eliot Spitzer Lawyer Profile - is he truly “No Concern”?

I think this particular lawyer’s rating of “No Concern” may now be in question given this breaking news on CNN that Eliot Spitzer has been linked to a prostitution ring. Here’s the piece about Spitzer in the NYTimes as well. We’ll see what happens. This is normally the kind of thing you’d expect from a Republican. Unfortunately, Eliot Spitzer is a member of the Democratic Party.

Check out Eliot Spitzer’s lawyer profile on Avvo. Some lucky soul might also be the first to update his wikipedia entry.

Maybe there should be a scandals tab for our good politician friend lawyers who constantly meet scrutiny in the public eye.

keep looking »