Main Menu

• About

• Recently Written

  • Has Obama duped you?
  • Hulu down, sadness ensuing
  • Shards of Alara - Rare Commons?
  • Coping with a house fire
  • miniature tigers - tell it to the volcano
  • Bloated Bailout
  • House of Representatives’ web infrastructure not scalable
  • McCain’s 13 Poor Quality American Cars
  • 23,000 Big Macs in 36 years
  • Another S3 outage

• Categories

  • coding
  • internets
  • linux
  • mtg
  • one-time-life-events
  • politics
  • random
  • rants
  • Uncategorized

• Search

• Archives

  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007

• Blogroll

  • Zombicide

• Meta

  • Log in
  • Valid XHTML
  • XFN
  • WordPress

Mukasey ’surprised’ by scope of terrorist threats

That’s the headline on this piece at CNN where Bush-Cheney puppet Attorney General Michael Mukasey reports to “have been taken aback by the scope and variety of potential terrorism threats facing the United States.”

Furthermore:

“I’m surprised by how surprised I am,” said Mukasey, who as a federal judge presided over terrorism-related trials in New York.

“It’s surprising how varied [the threat] is, how many directions it comes from, how geographically spread out it is,” he said.

You have got to be kidding me.  Let me translate this whole piece of “news” trash for you:

Bush administration official thinks it’s “really crazy how scared we should be from threats of terrorists.  For real, it’s really, really bad.  It’s amazing how much we should give in and live in constant fear and continue to abridge our freedom and rights.”

This is nothing short of outright propaganda.  This piece of “news” is indicative of how the Republicans have run this country under Bush-Cheney for the past 8 years.  It is despicable.  Every so often, the news is permeated with pieces like this from alleged jounralist Terry Frieden to “keep being scared and vote Republican.”  There is zero substance here, naturally because - no surprise - it’s “secret”!

I, personally, have had it.  Yes, terrorism exists.  No, I won’t give up my rights and cower at every turn feeding into the Republican fearmongering machine.

5 Years in Iraq? I don’t understand…

I don’t understand what all this hullaboo is recently about the War in Iraq having gone on for 5 years.  The New York Times is running a whole bunch of pieces about having been at war in Iraq for 5 years.  They even have this nifty interactive timeline of events in Iraq from 2002 to 2008.  But I don’t understand any of it…  The war ended on May 1st, 2003.  And I even have proof:

H&R Block TaxCut bogus “password protection”

Unfortunately, I have to resort to using a Windows computer when it comes time to do my taxes. Last year I started using H&R Block TaxCut software for reasons I can’t remember. I think I picked it up at Target for 20 bucks because I knew my taxes were going to start to get hairy. What better than to have some software do most of the grunt work for me.

In most respects, I am completely pleased with the product. And more than likely they’ve lured me into their trap because they conveniently send me a new disk right around tax time, like they did this year for 2007 filing.

So today I had to file an amended return because I figured I could save some cash on the check I was about to write the IRS. While dicking around trying to figure out the terribly unintuitive way to amend a return, I saw an option in the “File” menu for “Password Protection.”

When I have sensitive data on my computer, if it’s seriously sensitive, I usually just use OpenSSL to encrypt it. I feel pretty safe knowing that something is encrypted with a 256-bit AES cipher-block-chained algorithm.

So I chose the password protection, entered one of my stronger passwords and did what I had to do. Later I of course backed up my files over to my linux box and for whatever reason it struck me to check out the contents of the files. Just blobs of data in vim, but then, naturally, run strings on it:

rwoodrum@slard:~$ strings my_taxcut_backup_file
... snip ...
int:ui_prop_start_state_tab_screen=0
int:ui_prop_xira_version=1
string:ui_psswd=MY_SUPERSECRET_PASSWORD
int:formprop_import_source=1
int:formprop_import_source=1
... snip ...
rwoodrum@slard:~$

Wow. I guess I’m kind of surprised that I’m surprised. I actually thought that since this sort of stuff could be pretty sensitive that they would have some kind of real password protection. Nope. The password is easily recovered by use of the 31337 hacker tool /usr/bin/strings.

I don’t understand why a software company would do this sort of crap. This is what you expect from 10 or 15 years ago. Strong encryption is readily available. Hell at least obfuscate the damn thing. (That sentence is NOT meant to condone security through obscurity, which is a deplorable thing to do.)

So, H&R Block. I challenge you. Make your product safe for thousands of individuals’ important tax data. It’s probably nothing short of misleading to end-users who think that their data is safe.

Word to the wise: If you use this software and are worried about your data, protect it via some other means.

Now… time to encrypt those files by hand…

Systems Engineer vs. Systems Administrator

This is something of a hotbutton issue with me at the moment and deserves a blog post.

Call me a systems engineer, call me a systems architect. Don’t call me a system administrator or an “ops guy.” Why? Because they’re totally different. Some might disagree with my position in this similar, somewhat dated discussion on System Engineering vs. System Administration. I patently disagree, however, that they are equal and I patently disagree that the former is “resume inflation.”

I’ve discovered that there are a lot of Software Engineers, SDE’s whatever the hell you want to call them that are seriously arrogant bastards. Ok, maybe they’re not arrogant bastards. Maybe their exposure has simply been to “dumb ops guys” that are perhaps trained to press buttons when something breaks. Maybe they’ve just sat on a throne for such a long time that they can do no wrong. Maybe they have some notion in their head that they can do what everyone else can but no one can do what they can.

What might that “ops guy” do or the guy in your “IT” department do? He might fix your piece of shit Outlook. He might fix your piece of shit @microsoft_product. He might revel in buying a new computer all the while oggling over new flim-flams on the motherboard or some crap like that. He might be super uber and haxxorz and do something in BIOS!!111

Now, don’t get me wrong, there’s nothing wrong with doing that stuff. And, yes, years and years ago I did in fact do the same thing. You’d probably be hard-pressed to find anyone with a degree in computer science that hadn’t done that sort of thing. Now? Now I don’t give a crap about that stuff. I don’t give a crap about configuring apache for the 80 gazillionth time. I don’t care about setting up authentication with openldap for the 80 gizillionth time. What I do care about is figuring out real engineering problems. Why? Because that’s what’s challenging. How do I make large scale systems interact? How do I architect something such that it’s scalable? How do I automate those mundane tasks? What software can I write to make it easier?

These are not the same sorts of things as reading your logs for the, yes, 80 gazillionth time to figure out why postfix didn’t send some random mail. Not the same thing as writing your 10 line bash script to find files meeting criteria foo, bar, baz, and bit. Again, is there absolutely anything wrong with those sorts of tasks? No way. Do I ever find myself doing them? Sure. Is it my primary talent? Nope, because my time is spent better elsewhere.

As pointed out in this blog post, some places disallow use of the term “engineer” because it’s tied up in certifying bodies, etc etc. I’m not talking about that sort of thing. And I’m not talking about “resume inflation” equating the garbage guy with a “waste management engineer” or some crap.

Am I the only one that makes this distinction??