Previously, previously.

Tags: , , ,

Scene missing.

It's always a sad day when I update my "scene missing" tag.

Supposedly the lifetime of a web page is 100 days. I suspect Youtube videos have considerably accelerated decrepitude.

I mirror all of the the images that I post here instead of hotlinking them, but mirroring videos would be a lot more trouble.

Previously, previously, previously, previously.

Tags: , , , , ,

Borderlands Books owner doubles down on douchebaggery

Blames Closure On Minimum Wage, Not Amazon

Though he mentioned the problems posed by e-readers and Amazon in his initial statements on the impending closure of Borderlands Books, owner Alan Beatts would now like everyone to know that the real culprit is the increasing minimum wage. With $15 an hour due to each employee (by 2018), the Mission's science fiction-, fantasy-, mystery-, and horror-focused store says it can't survive.

"Let me put to bed this whole it's Amazon, bookselling-is-not-viable story," he reportedly said. "I am closing because of the minimum wage law. It's not our rent, it's not Amazon. It's not the way San Francisco is changing."

As a data point, I never once shopped there, because I've been buying all of my books online since before they opened in 1997, when bookstores were already a nonviable business.

I had a drink at the cafe once, though. It was fine.

Businesses fail when operating costs outstrip income, period. Cherry-picking a proximate cause of increased costs as the reason just demonstrates what political bone you have to pick, not the actual economics of the situation.

It's like those jackass restaurants whose reaction to having to pay healthcare for their employees was to passive-aggressively break that out on the bill as its own line item (and then just pocketed the money anyway). To their credit, though, these places also all itemized out "transportation costs" when gas hit $4.50/gallon, and reduced their prices when gas got cheaper again. Oh wait, that didn't actually happen.

Previously, previously, previously, previously, previously.

Tags: , , , , , ,

So basically, everywhere.

Map: Where you're most likely to get hit by a car on a bike, or on foot.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,


Why are these pilings so deep, and why are there like 20 of them? They're just putting in a surface Muni platform, not a 6 story building, right?

Tags: , ,

Now you have two problems, and one of them is Flash.

Project Zero: (^Exploiting)\s(CVE-2015-0318)\s(in)\s*(Flash$)

Quick summary - it's a bug in the PCRE regex engine as used in Flash. Spoiler: it's exploitable. [...]

Below is what happens when we compile a regex that combines the \c escape sequence (which is intended to match a single ASCII character) with a multibyte UTF-8 character. A simple trigger for the bug is '\\c\xd0\x80+', below. [...]

So clearly something has gone wrong... The question is now how to leverage this invalid bytecode to get code execution.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,


Doom has been modded to have Instagram filters and a selfie stick.

"Use the rule of thirds to compose your slaughter!"

Previously, previously, previously, previously, previously.

Tags: , ,

More on standing desks

Health Experts Recommend Standing Up At Desk, Leaving Office, Never Coming Back.

In an effort to help working individuals improve their fitness and well-being, experts at the Mayo Clinic issued a new set of health guidelines Thursday recommending that Americans stand up at their desk, leave their office, and never return. "Many Americans spend a minimum of eight hours per day sitting in an office, but we observed significant physical and mental health benefits in subjects after just one instance of standing up, walking out the door, and never coming back to their place of work again," said researcher Claudine Sparks, who explained that those who implemented the practice in their lives reported an improvement in mood and reduced stress that lasted for the remainder of the day, and which appeared to persist even into subsequent weeks. "We encourage Americans to experiment with stretching their legs by strolling across their office and leaving all their responsibilities behind forever just one time to see how much better they feel. People tend to become more productive, motivated, and happy almost immediately. We found that you can also really get the blood flowing by pairing this activity with hurling your staff ID across the parking lot." Sparks added that Americans could maximize positive effects by using their lunch break to walk until nothing looks familiar anymore and your old life is a distant memory.

Previously, previously, previously.

Tags: , ,

Poop stuff.

Previously, previously, previously.

Tags: , ,

IP Over Avian Carriers, NSA Edition

If the NSA has been hacking everything, how has nobody seen them coming?

As the Snowden leaks continue to dribble out, it has become increasingly obvious that most nations planning for "cyber-war" have been merely sharpening knives for what looks like an almighty gunfight. We have to ask ourselves a few tough questions, the biggest of which just might be:

"If the NSA was owning everything in sight (and by all accounts they have) then how is it that nobody ever spotted them?" [...]

We think that the following reasons help to explain how this mass exploitation remained under the radar for so long:

  1. Amazing adherence to classification/secrecy oaths;
  2. You thought they were someone else;
  3. You were looking at the wrong level;
  4. Some beautiful misdirection;
  5. They were playing chess & you were playing checkers;
  6. Your "experts" failed you miserably.

This part is kind of amazing:

We see the use of an entire new protocol, called FASHIONCLEFT to effectively copy traffic off a network, attach metadata to it, then hide the packet within another packet allowed to exfil the targeted network.

Tunnelling one type of traffic over another is not novel (although a 27 page interface control document for the protocol is cool) but this still leaves open the possibility that you would see victim_machine talking to HOST_X in Europe. This is where passive collection comes in..

This is beautiful! So the data is munged into any packet that is likely to make it out of the network, and is then directed past a passive collector. This means that we cant rely on the host the data was sent to for attribution, and even if we did completely own the last hop, to see who shows up to grab the data, we would be watching in vain, because the deed was done when the packets traversed a network 3 hops ago.

This really is an elegant solution and a beautiful sleight of hand. With the NSA controlling tens of thousands of passive hosts scattered around the Internet, good luck ever finding that smoking gun!

So basically FASHIONCLEFT is IP Over Avian Carriers, NSA Edition.

It's a protocol for encapsulating hashed, possibly encrypted, packets from other protocols inside a completely different protocol: you allow outbound ssh (let's say) so it dumps your internal network traffic onto the end of legitimate ssh packets that were on their way out anyway! I'm not entirely clear on whether this encapsulation is happening at the transport layer (munging TCP packets) or the session layer (munging in protocol-specific ways, like MPEG frames or something).

Those packets can be going anywhere and NSA will still be able to see them all because they own the midpoint routers, passively inspecting packets during transit. They're using existing connections as dead-drops, but the payload is copied before it even makes it to the drop.

And it's probably your BIOS that's doing this. Good times.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

  • Previously