The reason the Tuesday Noon sirens haven't returned:

A new system was installed in 2005, which was then hacked in 2018, and fixing that exploit apparently requires replacing the entire communications infrastructure. SFDEM has been downplaying this and referring to this security firedrill as simply "upgrades".

tl;dr version --

I keep seeing articles asking what happened to the sirens, and then answering themselves that they "are antiquated" and "need repairs", which sounds like they're rusty or something. But what really happened was, in 2018 the siren network was hacked because it had no encryption.

The vendor claimed to have immediately rolled out a fix, and then in 2019, San Francisco shut the entire system down for what they believed at the time would be two years. For "upgrades". So, upgrading this system, which had been going off weekly since 1945 necessitated shutting the whole thing down immediately. Not, like, acquiring the budget and the equipment; testing it; staging it; and then shutting down the old system, no. Something was so badly wrong with it that they decided to completely scrap this piece of security infrastructure. Keeping it running at all was judged to be more dangerous than not having it at all.

That sounds like an active exploit in the wild, to me. That sounds like "the only way to prevent this attack is to replace the entire system". My guess is that the fix they came up with is to go with a new vendor entirely. Why is it so expensive? One guess would be that the new vendor uses a different communication system that requires replacing the radios and antennae on all of the horns.

But since SFDEM has been completely silent about what's involved in this "upgrade" (E.g., what is being replaced? Why? Who are the new vendors?) we have no way of knowing.

Here's a timeline that I was able to scrape together:

1942: Sirens installed. This page went online in 2015 and hasn't been updated since, but describes the 2005 system:

Each device is capable of playing up to seven different tones. The most common one is a "wail".

Voice messaging can either be: 1) pre-recorded on a chip installed in each device; 2) broadcast from the Department of Emergency Management through a recorded message or a live message; or 3) broadcast through the use of a mobile transmitter. [...]

Public safety mobile and portable radios can be remotely programmed to patch into the siren devices to allow the operator to make emergency announcements. [...]

Siren devices can be pre-programmed into a variety of groups for specific announcements. One such group is the Tsunami Warning group for sirens located in the inundation areas of the City.

I haven't found any technical details on how that original system worked, or what kinds of upgrades (if any) were made to the signalling network between 1942 and 2005. That probably means that the answer is "none". It's unlikely that the WWII-vintage system was hard-wired, so it's fair to assume that the old analog system was also trivially exploited by anyone who knew the frequencies and signaling protocol.

Oct 1995: Emergency Sirens Fail to Wail:

Nine of San Francisco's 49 emergency sirens, including one at the Ferry Building, failed to go off as scheduled during Tuesday morning's test, officials disclosed yesterday.

"These sirens were built in 1942, and many of them need repairs," said Frank Schober, coordinator of the Mayor's Office of Emergency Planning.

Schober hopes to replace all 49 of the 500-pound electromechanical devices with lighter electronic sirens. The cost would be about $125,000 a year with the job spread over five years.

Nov 2004: It's kaput for those old air-raid sirens:

The old air-raid sirens that have been sounding in San Francisco every Tuesday at noon since World War II are being replaced with a state-of-the-art emergency warning system that can be used to alert the public in the case of earthquakes, tsunamis, bioterror attacks or other disasters, Mayor Gavin Newsom said Tuesday. [...]

San Francisco's old system has fallen into disrepair over the years, with only about a dozen of the original 50 sirens in working order. Officials are replacing the old mechanical devices with a digital system that will be both siren and public address system. They will be located in 65 locations in the city.

The federal government provided a $2.1 million Homeland Security grant to pay for the upgraded system. The new devices are expected to be fully up and running in January.

By 2005, the siren system was being described as "new", so 2004 or 2005 is when the WWII-vintage analog system was replaced with a digital radio network. Sorry, I meant to say a "state of the art" digital radio network. So how did that work out? Let's check in...

Nov 2005: Hearings urged on faulty siren system:

Mayor Gavin Newsom and Board of Supervisors President Aaron Peskin called separately Tuesday for public hearings to educate residents about flaws found with the city's new emergency siren system.

City officials say the sirens, an early warning system for disasters, aren't loud enough and can be heard in only 50 to 60 percent of the city rather than the 90 percent called for in the contract with Acoustic Technology Inc. The city attorney sent a letter to the contractor Friday claiming breach of contract and demanding that the problems be resolved by the end of the year.

After that, I don't see any press about the sirens for a few years, until a couple incidents where they mysteriously went off at unplanned times. And then... womp womp...

Aug 2012: Emergency siren accidentally activated:

San Francisco emergency officials activated a warning siren Sunday afternoon, triggering some confusion among residents. The siren, which sounded around 3:45 p.m., was activated accidentally, and there was no emergency, according to the San Francisco Department of Emergency Management.

Nov 2014: Officials investigate after outdoor sirens triggered at odd hours:

Outdoor emergency sirens in San Francisco were accidentally triggered late Saturday and early Sunday morning, according to the San Francisco Department of Emergency Management. The sirens were temporarily out of service on Sunday afternoon as city crews conducted testing to determine the cause.

Alarms went off around 11 p.m. Saturday in the Bernal Heights, Noe Valley and Hunters Point neighborhoods, the Bayview District, City Hall, and other areas, but there is currently no known emergency that would have triggered the alarms, department spokesman Francis Zamora said.

Alarms around the city went off again around 5 a.m., he said.

Apr 2018: SF's emergency sirens had a security bug -- it's fixed now:

San Francisco officials have been quietly scrambling since early February to patch a security vulnerability in the city's outdoor alert system that, if left unaddressed, could have allowed hackers to seize control of the city's network of 114 emergency sirens.

On Thursday, the Department of Technology announced that the problem had been fixed. [...] The technology department declined to share the specifics of the vulnerability, other than to say that it had to do with how electronic signals were being encrypted as they were being relayed across the alert system.

"It's fixed now", huh?

Apr 2018: This Radio Hacker Could Hijack Citywide Emergency Sirens to Play Any Sound:

Now, after two-and-a-half years of patiently recording and reverse-engineering those weekly radio communications, Seeber has indeed found that he or anyone with a laptop and a $35 radio could not only trigger those sirens, as unknown hackers did in Dallas last year. They could also make them play any audio they choose: false warnings of incoming tsunamis or missile strikes, dangerous or mass-panic-inducing instructions, 3 am serenades of death metal or Tony Bennett. And he has found the same hackable siren systems not only in San Francisco but in two other cities. [...]

When WIRED reached out to ATI Systems, the company responded that "the vulnerability is largely theoretical and has not yet been seen in the field." It also argued that Bastille had broken the law with its research by violating FCC regulations against intercepting and even merely divulging the existence of government radio signals without authorization. But in a statement it sent to Bastille after the researchers warned ATI about its security flaws, ATI wrote that Bastille's findings are "likely true" and that it's testing a software update it plans to roll out soon.

Apr 2018: SirenJack White Paper (PDF), and CVE-2018-8862:

No no no -- thank you!
The SirenJack vulnerability is distinct from the replay attack that struck the Federal Signal-manufactured Dallas tornado warning system on April 7th, 2017. The older Dallas system used Dual Tone Multi Frequency (DTMF) tones to activate the system over an analog radio link. It is trivial to record the audio of those tones (e.g. on a laptop or tape recorder), and then replay them on the same frequency while transmitting. The activation 'code' usually is fixed, and therefore can be accepted multiple times. [...]

The proprietary digital radio protocol used by ATI to control the San Francisco OPWS was found to have no encryption. As messages were sent in the clear, the patterns of changing elements became easy to interpret. These patterns could be extrapolated to craft malicious messages that conform to the protocol's format and therefore look legitimate, such as activation commands to trigger false alarms. In a deployment where regular testing takes place, knowledge gained by passive observation of test activation commands can be used to trigger the siren system in that deployment at will. [...]

The protocol does not draw on any truly secure practices to prevent analysis of the relevant fields, and thwart potential interference with the system. It is therefore vulnerable due to its reliance on security through obscurity. [...]

A Proof-of-Concept was demonstrated on an ATI siren node with a single horn at a low volume at an isolated location. A modulator and transmitter were created using GNU Radio and a USRP B200mini SDR. Knowledge of the protocol gained by passive observation of two active deployments (San Francisco, CA and Sedgwick County, KS) provided sufficient information to enable the crafting of legitimate activation commands for this node, the configuration for which was unknown. [...]

ATI has stated they have worked on increasing the level of security of their radio protocol, and this fix has now been reported to be rolled out across San Francisco's OPWS. During the weeks leading up the public disclosure, the OPWS frequency in San Francisco was active with an increasing number of packets that displayed higher entropy (appeared random), and activation commands in San Francisco have no longer been seen in the clear since public disclosure. No cryptanalysis has been performed to determine the efficacy of the fix. Details of remediation steps have not been made available publicly.

Oh, so the fix has been rolled out in San Francisco, huh? Let's see how that's going....

Dec 2019: Upgrades will silence sirens for two years:

The last scheduled siren test is planned for Dec. 10 before a hardware and software overhaul expected to cost up to $2.5 million takes them offline.

The upgrades -- the first since 2005 -- are intended to make the sirens more reliable and secure from outside tampering, the city's Department of Emergency Management said in a statement.

The two-year outage is necessary so that the city can test new specialized equipment before upgrading all 119 sirens.

Securing the sirens has been an issue for the city recently. Last year, the Department of Technology, which maintains the sirens, disclosed that it spent months trying to patch a security vulnerability that, if left unaddressed, could have allowed hackers to seize control of the sirens.

Dec 2021: Siren system stays silent after original upgrade deadline:

The Outdoor Public Warning System, which dates back to World War II, was silenced in December 2019 due to security concerns.

Upgrades were originally expected to take two years, but the city isn't any closer to finishing the project now. Zamora said it's because the COVID-19 pandemic response altered spending priorities.

Jan 2022: Tsunami advisory wouldn't have triggered SF's emergency sirens, but why do they remain silent?

"Right now the sirens are offline and they are offline due to the fact that there were some significant security issues related to the technology," said Mary Ellen Carroll, Director of San Francisco's Department of Emergency Management. "So, we had to take them offline about two years ago."

The city's Department of Emergency Management says this tsunami advisory would not have triggered an outdoor alert even if it were up and working because of the low risk to the area. Director Carroll says the department relied on first responders securing the beach and existing wireless technology to push alerts to the mobile devices of those who have opted into AlertSF and if necessary even to those who have not. "We would not have sounded the sirens for this alert, and we did use AlertSF, out texting alerts to let people know what was going on," said Carroll.

During the 2018-2022 period, we also got a lot of journalistic malpractice like this article on Curbed, which is what happens when so-called journalists just publish press releases without asking any real questions:

Why is it being repaired? It's antiquated. San Francisco will invest between $2,000,000 to $2,500,000 in upgrades to the bring the OPWS up to snuff. Upgrades will include new hardware that will improve the reliability system.

But we can always rely on the @SFSiren twitter account to tell the truth:

Nov 9, 2021: It's my #Twitterversary! I have been on Twitter for 12 years, since 10 Nov 2009

Nov 9, 2020: It's my #Twitterversary! I have been on Twitter for 11 years, since 10 Nov 2009

Mar 16, 2020: @SFSiren Retweeted @mjg59: San Francisco, noon tomorrow: the entire population leaning out of their windows and making the emergency siren noise

Dec 10, 2019: WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This is a test. This is a test of the outdoor warning system. This is only a test.

Dec 3, 2019: WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This is a test. This is a test of the outdoor warning system. This is only a test.

Nov 26, 2019: WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This is a test. This is a test of the outdoor warning system. This is only a test.

Nov 19, 2019: WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This is a test. This is a test of the outdoor warning system. This is only a test.


Here are some questions that I still have. If you are a journalist with enough clout that SFDEM will take your calls, how about you try and get these answers?

  1. What actually happened in 2012 and 2014 when the sirens were going off unscheduled? You're probably going to need to FOIA the incident reports to get a straight answer about this.

  2. What happened in 2018 when "officials" were "scrambling" to fix the security problem? What was their understanding of the exploit? What specific actions were taken?

  3. Was the exploit considered to have been mitigated? If not, why was the system left operational between Apr 2018 and Dec 2019?

  4. Why was the system completely shut down in Dec 2019? Was it because of the exploit discovered in 2018? Please note, "we needed to test new specialized equipment" does not answer the question of why the existing system was taken completely offline.

  5. What are the details of the plan for bringing the system back online? What hardware will be replaced? What vendors and what products are involved? What security analysis has been performed on the new products?

But those are just the questions that I would be asking, if I was a journalist. What do I know.


Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

Hacker Takes Over Numbers Station For Rickrolls And Memes

Buzzer is a Russian military station currently haunted by radio pirates:

Mysterious Russian shortwave radio station UVB-76, known as The Buzzer, normally broadcasts nothing but indecipherable beeps and numbers. But recently it has started to take music requests and post memes, after hackers seemingly took control of the channel for their own purposes. "Aboba" a voice repeatedly said over the station earlier today, before proceeding to blast Russian rave music.

The Buzzer, a Russian numbers station in use since the Cold War, became a sensation on the internet in the late 2000s thanks to 4Chan, and ever since people have wondered about the channel's origins and purpose. It's been especially good fodder for online creepypasta and paranormal enthusiasts because of the mysterious voices that occasionally read out nonsensical chains of numbers and words.

This week, however, it was home to Guy Fawkes masks, Discord pings, and Rick Astley's "Never Gonna Give You Up," as listeners gathered around YouTube streams for The Buzzer to witness the ghostly mashup.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , , ,

My 50 most popular blog posts from 2021

I excluded posts from before 2020, of which there were only a few that qualified.

Previously, previously, previously, previously.

Tags: , , , ,

Putting on my hacker hoodie to View Source

mhoye:

Seriously, the Chrome team just landed a patch that lets sites block "View Source" right in the middle of the Chrome Dev Summit.

(To everyone saying "this is just an enterprise policy": Look at the conversations in the bugs.

Somebody said, to the Chromium team, schools are using Google Forms for testing, and the kids can see the right answers in the forms, so to address that, we want to prevent students from reading source code.

And without an ounce of pushback, without so much as a nod in the direction that this might not be the right solution to this problem, the Chromium team said yes.)

That's what sticks in my craw here. Not the policy part, not the (naive, flawed) implementation. Somebody asked the Chromium team to restrict students access to devtools and source code, and there wasn't even a discussion.

Missouri Governor Mike Parson unavailable for comment.

Update: Because this seems to be catnip for "Well Actually" techbros, let me clarify:

Adding the ability to block View Source is antithetical to what the web used to stand for. It is profoundly fucking evil, and everyone responsible should be ashamed. I don't care how many times you say the word "enterprise" as an excuse for your decision.

Update 2: spifbv:

Imagine being a kid who would like to learn about how the web works. Your only computer is a Chromebook managed by your school district. They block access to view source with this. Are you okay with that?

This is why computer people need to study ethics.


Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,

Signal

The best comment on the Signal Iran thing is from N-Gate:

"A chat app based on a protocol that supports federation wants to borrow your computer instead of allowing federation."

Previously, previously, previously, previously, previously.

Tags: , , , ,

"Uber's former Chief Security Officer competes with Roger Stone for criminal incompetence"

Violet Blue:

I was pretty excited to find out on August 20 that some criminals apparently skipped the long line of people waiting to hack Uber and instead just decided to work there. I'm talking about Joe Sullivan, Uber's former Chief Security Officer, who we found out was "charged with obstruction of justice and concealment of a felony for his role in the attempted coverup of a 2016 hack that exposed the data of 57 million Uber customers and drivers."

Use of the word "attempted" here is pretty generous. A year after Sullivan was hired at Uber, the company got hacked hard: the October 2016 intrusion exposed personal information of 57 million users and leaked the license numbers of 600,000 drivers. "Uber didn't report the breach to anyone, especially not victims or regulators," I wrote when I summed it up for Engadget. "The company paid $100K to the hackers in hush money (as if that actually works) and concealed the payment in an expense column called bug bounty."

That's right: Sullivan and his team -- with the full knowledge and blessing of Travis Kalanick -- had the bright idea bribing the hackers with Bitcoin and NDAs, pretending it was a bug bounty, and then when Uber's new CEO Dara Khosrowshahi took over, Sullivan and his cohorts repeated the "bug bounty" lie to Khosrowshahi. [...]

What's also fun to think about is that Sullivan use to work with Mat Henley running their previous employer's security ops: Facebook, where Sullivan worked from 2009-2015. I mean, what are a couple (dozen) felonies between friends? [...]

Look, we know that Silicon Valley is an engine powered by white collar crime (emphasis on the white). But it gets even more awkward when we find out that after Sullivan's absolute poo-flinging shitshow at Uber, he was hired by... Cloudflare.

Previously, previously, previously, previously, previously.

Tags: , , ,

Webshit Weekly

On the twitter hack:

Twitter soft-launches its new application programming interface, and in the process demonstrates conclusively that advertising on the platform absolutely does not work. The "Hacker" "News" hall monitors point out that the resulting discussion is so large that the forum software used by "Hacker" "News," written by celebrated programming genius Paul Graham, cannot display more than a couple hundred plaintext comments at once. Hackernews thinks that any attack on Twitter must be part of a grand multinational conspiracy designed to subvert the course of human history, instead of the natural outcome of an absentee CEO hiring a few thousand webshits and disappearing back into a yacht club.

Honorable mention: "OpenAI's GPT-3 may be the biggest thing since Bitcoin"

Only halfway through the year, we are treated to the Hackernewsest headline of 2020. An absolute asshole uses an overgrown Eliza implementation to write a barely-coherent puff piece about itself. This, decides Hackernews, is the beginning of a new era, in which nothing really has changed over previous AI text generators aside from a moderate improvement in the use of punctuation. The only question, debates Hackernews, is whether this new era is destined to have absolutely no effect in any measurable way, or the slightest inching toward a possible future in which OpenAI produces something of use to people who do not run affiliate spamblogs for a living. What a time to be alive!

Previously, previously, previously, previously, previously, previously.

Tags: , , , , , , ,

Munching Squares

On a PDP-7 from 1964. Turn sound on.

Exhibit A:
The Type 340 XY display has a P7 phosphor has a slow decay which gives Munching Squares an eerie afterglow. Both programs read the left switches to modify patterns. A small AM radio was used to pick up RFI from the Type 347 controller. For the MIT AI lab hackers the Munching Squares "music" was referred to as Munching Tunes.
Exhibit B:
DATAI 2
ADDB 1,2
ROTC 2,-22
XOR 1,2
JRST .-4
HAKMEM (MIT AI Memo 239, 1972) Item 146 reports that it was written for the PDP-1 by Jackson Wright in 1962.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Contractors are giggling about your Alexa and Siri requests in chat rooms.

This remake of Blow Up seems completely unnecessary.

"We take the security and privacy of our customers' personal information seriously," an Amazon spokesman said in an emailed statement.

The team comprises a mix of contractors and full-time Amazon employees who work in outposts from Boston to Costa Rica, India and Romania, according to the people, who signed nondisclosure agreements barring them from speaking publicly about the program. They work nine hours a day, with each reviewer parsing as many as 1,000 audio clips per shift, according to two workers based at Amazon's Bucharest office. [...]

Occasionally the listeners pick up things Echo owners likely would rather stay private: a woman singing badly off key in the shower, say, or a child screaming for help. The teams use internal chat rooms to share files when they need help parsing a muddled word -- or come across an amusing recording.

Sometimes they hear recordings they find upsetting, or possibly criminal. Two of the workers said they picked up what they believe was a sexual assault. When something like that happens, they may share the experience in the internal chat room as a way of relieving stress. Amazon says it has procedures in place for workers to follow when they hear something distressing, but two Romania-based employees said that, after requesting guidance for such cases, they were told it wasn't Amazon's job to interfere. [...]

Previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Recent movies

Since there's nothing interesting happening in the news today, I might as well post some movie micro-reviews.

The Crow: Upon a recent re-watch, I have a few observations:

  1. This movie is about Ellis Act evictions. That's the entire plot.
  2. Candyman is also a movie about a Vengeful Spirit fighting Gentrification. Therefore they are set in the same universe.
  3. I always forget that Tintin is Lord Nikon. In my headcanon, following the events of Hackers, after all of his white friends went away to college, Nikon's life took an unfortunate, more explicitly criminal turn. RIP Nikon.
  4. So now Hackers and Candyman are set in the same universe.
  5. To this day, a Graeme Revell score is enough reason for me to go see a movie.
  6. I saw a very clean 35mm print on a big screen, and even so, this movie is just so, so blurry. The mastering is crap. I truly hope that they never, ever re-make this movie -- it is and should remain a monument to Brandon Lee, and remaking it would just be an insult to him -- but I wish someone would re-master it, by which I mean, digitally generate a better render of every single frame. Throw some of that Fury Road tech at it and make a watchable 4K version.
  7. A reminder about that TKK performace.

The Matrix: I re-watched all three to get in the mood for our upcoming screening of the first one on the occasion of its 20th anniversary. The first one is still a fantastic piece of filmmaking. That first scene, where we see Trinity performing the most incredible ass-kicking we've ever seen, and then she learns that Agents are inbound and she just turns tail and runs. She's afraid of someone? That's how you set the stakes. Also the dojo scene: "Do you think that's air you're breathing?"

The second two... can confirm: they are still an incoherent, babbling mess, and they make you like the first one less in retrospect. The freeway chase is pretty good. The Merovingian has a nice suit. That's about it.

And it reconfirms something I thought about Sense8: "Did they love that 'Burning Man rave in Zion' scene so much they had to expand it to 12 episodes? Yeah, I think they did."

Repo Man: I still love this movie so much. It's ridiculous. You should go watch it again.

The Magicians: I re-watched it from the beginning and it still holds up. The current season is killing it. And can I say how much I love that the Library Planets are triple mobius toruses? That makes so much sense to me in a Borgean way I can't explain. I am especially liking that the show is now totally "off book", because the show was always so much better than the books, largely by disregarding them.

The Man who Killed Hitler and Also The Bigfoot: This was great, and it was definitely not the movie I thought it would be. I mean, yes, those two things do happen, but mostly it's about how much he regrets them both, and they really make that work.

Perfect Skin: It's a "creepy stalker kidnaps and abuses a girl" movie, this time with non-consensual tattooing, so it's fair to ask "Why is this the story they chose to tell, again and again?" But the villain has this calmness to him and lack of mouth-foaming insanity that makes Stockholm Syndrome seem not-entirely out of the question. So, good acting and production. But still, "This story, again?"

Alita was pretty good. It was simple, but much punchy. It's relatively faithful to the manga, which is not necessarily great beause a lot of the manga was pretty stupid, such as her piece-of-shit boyfriend. The parts of it that were ripped off by Altered Carbon just made me angry at Altered Carbon all over again.

Vox Lux: This was really hard to watch. Good acting, but another movie about deeply unpleasant people. And it didn't really have much of an ending: I guess she just carries on being deeply unpleasant, the end?

Happy Death Day 2U: I am, as always, a sucker for Groundhog Day movies. This one is not as good as the first one, but still fun. It didn't waste a lot of time, so to speak. It adds some nice wrinkles in the cosmology, but it suffers from too much dumb slapstick. The "I am a blind French student in a beret and striped shirt" bit was stupid enough to almost overpower the whole rest of the movie. Why. Why would you do that, why. And the Dean doing his best Ed Rooney.... You are no Ed Rooney, Sir. Also, time travel fusion cores are clearly graduate level work, not undergrad, so why is that dude still living in the dorms?

Slaughterhouse Rulez: Well I should have known to veto it base solely on that "Z". Simon Pegg and some kids fight monsters, which sounds promising, but 3/4ths of it is on the theme, "English private schools are full of rich, bullying assholes", which was a daring revelation that I'm pretty sure has never before been committed to film.

Previously.

Tags: , , ,

  • Previously