Gecko Bloggle

So Microsoft quietly released a USB drive to a bunch of law-enforcement officers to allow them to collect data (passwords, Internet history, cookies, etc) from “live” Windows machines. While this is “breaking news” today (probably more now, but this search only showed two pages on Google as of this morning), it seems that people have been talking about it since (at least) last year, and it’s almost May now.

Many people are freaking out that Windows’ security can be so easily defeated, which shouldn’t really be news to anyone when you’re standing in front of the machine. This is not some magic key that the police have that will allow them to breach every firewall on the planet and steal your secrets. So relax a little. If the police are standing in front of your computer, you’ve probably got bigger problems than them stealing your surfing history.

The biggest theft of data I personally know about was a server that was stolen from a Vancouver Law Firm of Note because someone with a hand-cart told the receptionist they were “here to work on the computers,” walked through the accounting department, opened the sliding glass doors to the server room, unplugged the primary document server, and rolled it back out the front door. Nobody knew anything untoward was happening untilthe System Administrator started getting “I can’t save” phone calls. Their firewall and security didn’t help them against a simple “walk up and take it” approach.

Physical breach of a workstation pretty-much guarantees loss of security/privacy.

Here’s some questions I have about this Cofee thing:

1. Remember when some people started bashing crypto groups with a “What do you have to hide, are you doing something illegal?” argument? Maybe those same folks are running to the nearest BestBuy and trying to buy “strong” security software. I’ve got news for you folks: if you can BUY it, and it’s not OpenSource, chances are extremely freakin’ high the People In Charge already have keys for that, too.
2. Do you really think Joe Consumer will switch to Ubuntu because maybe the cops can get at their surfing history?
3. Don’t you think similar toolkits exist for Linux/Mac?
4. What constitutes a “search” and whether or not they’ll need to convince a judge that it’s justified to pop one of these thumb drives into your machine for 30 seconds. They’re not *doing* anything to your computer, just popping a drive in there for a second.
5. What happens if you’ve got a visitor kiosk in the lobby of your office, attached to the network, and someone pops one of these drives into an exposed USB port (not that there would *be* any, of course).
6. How is the data that’s been collected protected against tampering/theft?
7. What’s to stop people from writing a “De-COFEE” utility that’ll look for signs that the USB drive inserted is a COFEE device, and simply wipe it, or inject something that’ll do horrible things to the law enforcement systems they’re later plugged into?
8. What’s to stop a “Wipe local drive upon COFEE detection” utility?
9. Expressed in minutes, how long do you think it’ll be before this kit’s utility set accidentally finds its way onto the Net?
10. …in hours, how long before I start getting comments on this blog about Linux-based USB drives that’ll perform EXACTLY the same function?
11. …in days, how long before there’s a new MSN-messenger-based Trojan that’ll do the same thing?

Maybe this’ll mean that they’ll have a standard method of collecting information about what is being done with a particular computer, instead of the current rather haphazard methodology that’s being used, which essentially means conviction (deserved or not) is based on how computer-savvy the local police detachment happens to be, and whether or not they can tell a usb drive from a book.

All in all, I think it’s a good thing, and I think the backlash against it, and the overall strengthening of everyone’s tools will be a positive thing.

As usual, metric schwackloads of swearing (if you’re shocked by this, I guess you haven’t heard our show before), so watch out.

Here’s April’s show. Right-click to SaveAs… instead of streaming it from your browser.

01 – Talkybit 1
02 – Broad Daylight – Gabriel Rios
03 – New Violence – White Williams
04 – You Are Never Alone – Socalled
05 – Talkybit 2
06 – Hustler – Simian Mobile Disco
07 – Can You Dig It (Bullet Proof Dirty Dub) – Journey Man DJ
08 – I Go Hard, I Go Home – The Presets
09 – Talkybit 3
10 – Certified Air Raid Material – edIT
11 – Ready For The Floor – Hot Chip
12 – Burial – Archangel
13 – Talkybit 4
14 – Istanbul – The Breeders
15 – Wata (Water) F. Mutabaruka – Beat Pharmacy
16 – A&E – Goldfrapp
17 – Talkybit 5
18 – Message FromOur Sponsor – Jello Biafra
19 – Anyone Else But you – The Moldy Peaches
20 – Testy

Okay web site, you win. I’m moving you outta the house.

The time has come to move this site to a place that does hosting. My days of trying to figure out why my server is so hooped I can’t even log into it any more (seriously, the thing doesn’t respond to Ctrl-Alt-Del any more, or when it DOES, it takes 15 minutes to prompt me for a username & password, and then spends another 20 minutes trying to get to a desktop).

Email’s been non-functional for MONTHS, and I can’t remote into the box any more, so trouble-shooting is somewhat, uh, hampered. What’s weird is that you’re reading this from that very same utterly hooped box, so obviously SOME of the services and things work. Oh well.

Moving on.

We’re trucking all of our blogs and stuff over to the good (fast, cheap, and friendly) folks at FusedNetwork, and since we’ve got a few databases on the go, and have things like Podcasts running here, we need the space and bandwidth offered with their “Package 2,” which worked out to less than we were paying Telus for the privilege of screwing up our own DNS. (Don’t get me started on Telus’ “We’re protecting you, so we’re going to break all inbound DNS and SMTP without telling anyone, so give us an extra $40/mo if you were running a server” thing that happened a year ago). Three months of having our website hosted will pay us back for the entire year of being with Telus on their “Business” package.

What with me no longer being gainfully employed (more on that after the move, perhaps), I have some time to work on things like moving web sites around, and thought about trying to bang my head against the wall and get the server running properly again, and starting thinking of the stress of trying to do that on a box that has two VERY active blogs on it (and one that’s more sporadic – mine), and trying to do all the patches and stuff that might be needed at 11pm so I don’t interrupt traffic for those two sites and just thought… forget it. I’ll pay someone else to make sure the site is up. $12/mo sounds like a decent amount to not have to think about it any more.

So we’ll talk when we arrive on the other side. Mmmmkay?

PS: Anyone wanting to leave more comments about Jan’s passing away can feel free to do so, I’ll just copy them over to the new site once we arrive there properly.

PPS: We’re at the new locale now, so if you’re reading this, we’re DONE! Yay.

I’m trying to write this before the shock wears off, so apologies now for rambling or moebius story-telling.

So, today I got some news from a succession of people at my old job that the guy I spent the last year and a half sitting next to passed away at his home some time after Monday evening. He’d gone home Monday morning complaining of trouble breathing. Maybe his heart gave out, I dunno. He was a big guy, sizewise, but he always was during the five years I worked there, so it’s not like he suddenly took a downturn in his health. Who knows? Maybe when he went to doctors, he was told to lose weight, instead of actually looking at what was going on? That response from hospitals almost killed my mom last summer. But I digress.

I was laid off from that job three weeks back, and the first thing both my wife and my mom said when I told them was (verbatim) “But you loved that job!” It was true, too. I liked the work, mostly, and enjoyed working for the largest studio of the largest gaming company in the world. Mostly though? It was the people. The people I worked with were the best thing about the job, and for the last 18 months, I’d been working a Nerf-dart’s throw from the sort of techie who would spend an hour figuring out how to mess with another tech’s machine and not get caught. Not for snooping purposes, not for bragging rights, but because it was funny.

We used to joke that we had to sit together in our department, because we would drive anyone else crazy if we were placed elsewhere. We were like the kids’ table at your Grandma’s Thanksgiving dinner: throwing food, making funny faces, quoting Monty Python and Little Britain at each other. In short, we were two big geeks who would often be amazed that we were paid to do what we loved. Even when we didn’t love it, we could commiserate about how much we hated it, and get the poison out of our system before getting back down into our mental trenches and reconfiguring the Retro Encabulators.

He always had a big stainless steel coffee-can full of jelly beans, and while he might have moaned about having to refill it so often, it gave people an excuse to come talk to him, and see what he was doing, without necessarily feeling like they were interrupting. He also had a big red spinning light, like you’d find above the radiation room, referred to as “The F-O Light.” If it was on, it meant he was busy, so “F-O.”

When we weren’t talking shop, we would mostly talk about comedians and comedy. Things we found funny, and things funny people found funny. We could spend ten minutes trying to remember where we’d heard a joke, or the first time we heard a Bill Cosby record, or just randomly saying “Yeah, I know” in Little Britain accents to each other without breaking our different trains of thought. You know how old married couples can finish sentences? We would speak in half-conscious nerdese: deeply obscure IRC and BBS terminology would get bounced back and forth between us, like a pair of HAL9000s talking in their sleep.

I haven’t worked with anyone who so deeply “got” me as a technician. He understood and could help with what made me livid with rage at the injustices of the job (even if he was arguing the other side, and had already resolved to just get it done), and he also joined in the celebrations and Zulu war-dances of finding solutions that were the vastly dangerous shortcuts and time-crunches we were hired to create. The self-taught techs we were? He had done it all, too, and knew how hard it was to put something down when there was still a problem to be fixed.

There are 2,500+ staff at that location, and damn near 3,000 computers running, and if they were running Windows, he was at least partly responsible for each of those machines running as well as they did. I know how hard his job was, ’cause part of my job description was to be his backup when he was away, and brother, that was one hell of a huge ship to try to captain when he was away.

The day after I was laid off, I started to write an email to the department, as my goodbye. It didn’t go anywhere really, so I put it aside, and tried to write a goodbye just to him first, thinking once I got over the barrier of saying goodbye to the guy I could sit next to for eight hours a day (without wanting to yell “Would you shut UP!” even once at), the rest would be easy.

In writing that letter, I got as far as “It was” before I burst into tears.

I know Han Solo, and I’m no Han Solo, but I sure feel like Chewbacca’s gone.

This past weekend, when I was in Bellingham with the kids getting stamps for Arwen, there was a giant bag of Jelly Belly beans for cheap, so I grabbed ’em, thinking “I’ll bring these with me next time I go out there, or send ’em via courier” or something equally nerdy.  While frowned upon, sending food in the interoffice mail system was also one of the things that made us giggle like idiots, and I thought he would know it meant I was still thinking about him, and would make him smile.

He was active in the BBS/modem scene way back when, before most of you fair readers knew what a computer was.  Before a few of you were even alive.  Before we talked about the Internet, and LONG before the World Wide Web.  It’ll take me a while to figure out where his online haunts were, but www.b3ta.com won’t have him making obscurely funny animated graphics.  He won’t be overly harsh with the helpdesk guys any more, ’cause sometimes he would forget that not everybody was seeing the system from his satellite view.

There was one woman he loved, that I know of, and he had wanted to marry her, but she was betrothed to a needle long before he came onto the scene.  Being young and naive, he didn’t see the signs until it was too late, and didn’t get a chance to pull out of the emotional dive before reality came up fast to meet him.  When he spoke of her, which was rarely, he always seemed to miss who he thought she was.  Perhaps he can finally meet that woman again, and this time, they’ll have a chance at something good together.

He was a huge nerd, a good friend, a great technician, and will be missed.

Goodbye Jan, you magnificent bastard.