I’d say this would pair nicely with Matt Sharp’s Thoughts From A Slow Train, but that’s not available on YouTube…..

Sunday afternoon, we were watching some of Bourdain’s Parts Unknown best-of episode. He had some interesting things from Detroit last season. Much has been made of the deterioration of Detroit, but little seems focused on how to actually bring it back. I have my own ideas about how to revive urban life, but they’d require changes even the politicians who run on CHANGE are unwilling to consider.

Still, it’s not just the industrial-era bastions of American might that are collapsing. There’s plenty of nasty suburbia that people have let die the last couple of decades. Who’s overseen that? Your kids are busy occupying Wall Street, when you’re grinning mightily at how your 401k is doing.

Rest comfortable in that, y’all. Thinking of what you’ve let slide into ruin might give you a headache. No, you can’t have your Aleve back. Not yours, desipite whatever the commercial on NBC Nightly News says. Oh, but the 1964 World’s Fair was so neat! yeah, about that.

Taking the time to investigate why things are the way they are is too tough. Better break out the Tylenol, again; you switched to that today, remember?  Cluetick:  it’s not the CEOs.  Yes, they’re getting incredibly rich.  Why?  You own the shares, and every time they tick up a penny unexpectedly, they get paid — outrageously, in some cases.

Do I really have a point with this? Yes, but I don’t think most people would care. Oh well. So, I’ll just go away, and leave whoever’s reading with this…..



I saw this on the full disclosure list Tuesday, but didn’t think much of it.

Yes, a lot of sites are affected. Yes, there’s potential for account hijack. Do you need to panic, as is HuffPo’s advicepanic? No. (And I’ll spare teh soliquily about how their operation make MSNBC and Fox look like bastions of crediblity….)

My understanding is that this was a bug that popped up sometime in the past couple of years. Surprisingly, if you’re running old stuff (or Microsoft nonsense) server-side, you’re unaffected.

It’s something that unless the sites were using the vulnerable version, and you changed your password while they were using the buggy version, and someone happened to be hijacking your session when you changed your password, then you might be vulnerable.

Do the math on the probabilities.

I’ll spare the schadenfreude about the commercial sekurity products affected because they used a buggy verison of OpenSSL, though *cough*McAfee*cough*Barracuda*cough* the temptation is tough to completely pass up.

Not-so-lazy Sunday

I’ve been looking around, applying for work, and so on. It’s Sunday, I’m by myself. And maybe that’s why I’m mildly amused that my CMS tells me, “howdy.” (It’s a bit like it sent me a smiley. I LOVE smileys.)

Part of what I’m working through in figuring out what I want work-wise, is health care. Part of my frustration recently has been dealing with having to change insurers as I involuntarily change employers. Because I was sick of paying an incredible amount for COBRA from the last company’s plan, I bought private insurance. So far, I’m happy with it. I don’t have to go on whatever “employer-sponsored” program whenever I do find a gig.

I also looked at private plans on the individual market, and ones offered through my auto and property insurance company. I ended up choosing something else due to local ubiquity, and, ultimately, cost. (To speak to that, the plans I ultimately ended up choosing for health, dental, and vision were cheaper than just health and dental from my auto and property insurance company.)

I’ve long speculated that the PPACA (Patient Protection and Affordable Care Act) aka “Obamacare” (what a terrible abbreviation, and nickname, by the way) would ultimately result in the death of “employer-sponsored” coverage. This implies that’s already happening. So, my calculation is to find a company paying into a private exchange that offers my insurer, or pay out-of-pocket until I can choose a plan offered in an exchange whoever I’m working for that week pays in to.

In the meantime, if I land on with a company that doesn’t pay into an exchange that offers my plan, or retains an old-school setup, I’ll have to try to see if I can get some sort of salary increase to support my decision not to use their benefits.

Also, if there’s something where I don’t need to work full-time, the employer can pay in proportionally based upon how much I’m working. (If I’m only working half-time, the employer only contributes half of what they’d normally contribute….)

Decisions, decisions.

What else have I been doing? Learning about Linux KVM, and trying to decide how to address this site, and HR Geeks.

Speaking of which, I should go put up the meeting info on

So Much This

It’s pretty rare when you run across a sekurity mastar who gets it. But, this is one of the best things I’ve read in a long time.

(Hattip to Drew, who told me about the FD reboot.)

I guess my sense of amazement at the pitiful state of the industry should wane over time. It hasn’t. The mastars keep getting more letters after their names, and bigger salaries. (I’ll set aside the fact that I have met CISSPs who are unable to parse, much less write, a script to manually patch and secure a Windows box….) Meanwhile, various vendors’ products render many solutions nearly unusable.

This one is along the lines of what I’d planned to speak on at Shmoocon 2013. I was writing my CFP response, and got to counter arguments I didn’t think I could easily refute. Are you really securing things if you have to increase the attack vector to use a tool? Are things more secure if you have to install Java and Flash for a tool to work? How about .NET?

It’s wrong of me to think such things; I should just shuttup, and improve my Minesweeper skills.


This thing about Firefox’s CEO and OK Cupid came up on a friend’s Facebook feed. Longer, testier, description of the nontroversy here.

Most of my searching shows that Firefox is somewhere shy of 20% market share.

“If a tree falls in the woods, and there’s nobody there to hear it, does it make a sound?”

(Setting aside for a moment that unless you’re in a vacuum, it always makes a sound. I had a slickieboy BD guy look at me quizzically when I refuted his “perception is reality” assertion by asking if that tree ever failed to make a sound… “PERCEPTION IS REALITY!!!1!”)

So, of those eighteen percent of people browsing with Firefox, how many will visit OK Cupid? Of that fraction of a fraction (Sup, dawg?), how many will be outraged by what this guy gave money to?

I’m reminded of William & Mary’s most famous alumnus (since Darren Sharper figured out that, unlike Spanish Fly, roofies actually work….) on Crossfire years ago. In a country with more than 300,000,000 people, how can a show with average viewership of less than 500,000 be hurting America? Nobody’s watching.