Archive for 2008

Renaissance Faire

October 1st, 2008

I accepted an invitation from Brett and Timber to attend this year’s Northern California Renaissance Faire. It was my first time attending a Faire, which is considered a bit of a cultural necessity in geek circles, so I felt it was time. I took some pictures, which I uploaded to Flickr as an experiment.

I didn’t take very many photos of the attendees, though they were by far the most interesting aspect of the faire. The costumes came in a wide varieties, from the simple to the ornate. The only unifying theme I could find was the obsession with corsets on the female form. Since I’m entirely too shy of a photographer to take personal shots, here is one I took of a large group.

Later on this group would setup a life-size game of Janga which they played blind folded…

We took in two different jousting events put on by the Knights of Avalon, a full contact jousting troupe that is also a 501(c)(3) rescuing horses. Interestingly, the Knights of Avalon are sponsored by Monster Energy, if the stickers on Black Knight were to be believed.

Dudes had some serious armor

They actually hit each other with sticks going very fast

Of course, no Faire is complete without food. I purchased a roast beef sandwich that proved unexciting. But Timber purchased bread and cheese, seen here.

You could also purchase this with a sausage, in which case the entire thing was served on a stick

While eating we enjoyed minstrels and players on stage. In addition to the Irish music and dance group shown below, we also saw a rather clever 30 minute bit about Shakespeare that was rather intelligent. You needed to know a decent amount about Shakespeare to appreciate their humor.

The photo of the players was totally lit wrong, so you get this far less exciting photo of music

Perhaps most critical to truly appreciating the event was to join in with the costuming. Brett, as is traditional, was a bump on a log. But Timber got into the act with a garland that matched her dress.

Who wouldn’t want ribbons flowing off their head?

I decided to take the whole concept a bit further and made a true investment in ridiculousness. Behold, my new fluffy hat:

Now my Bowler Hat has a friend

It’s worth noting that I got a deal on the plumage, talking them down to just $15 for the three extra feathers, which apparently was quit a bargain. Here’s another shot of me standing in a rustic setting, with the hat.

Now I have something for Halloween

probonogeek Personal

Blood Money

September 23rd, 2008

The past couple of weeks have been a real eye-opener for ardent believers in the infallibility of market investment. It’s not that stocks of actual companies are in trouble, it’s that the so called financial sector appears to be in the state of some sort of meltdown. I’m no economist, and I don’t follow the market like I follow other things, but I certainly can’t say I’m surprised at the situation. For me this goes back to human nature and the basic concepts on which capitalism is based.

Capitalism, as opposed to say, socialism, seems based on the notion that humans are self-interest maximizers. Given the option we will always do what’s in our own best interest. Which is a really positive way of saying we are all selfish bastards. In my limited travel of the world, I think that’s fairly accurate. But capitalism had the brilliant idea of saying that so long as everyone is acting in their own self-interest, the outcome will be beneficial for everyone. Again, put more brutally by famed economist John Maynard Keynes, “[c]apitalism is the astounding belief that the most wickedest of men, will do the most wickedest of things for the greatest good of everyone.”

Underlying all of the market economy is the notion of risk, and in it’s purist form, the individual who takes on the most risk has the greatest potential for profit. I borrow $50,000 to start a business, I’ve now taken a risk, but if it pays off I’ll be much better for it. Of course, if it fails, I’m out $50K. This concept supposedly scales all the way up to the Fortune 500 companies who routinely borrow billions of dollars in the name of investment. At that high level of play it’s called leveraging. A company may have $5 billion in fixed assets, but only 10 million excess cash with which to invest. But, it can borrow against those fixed assets and leverage the company millions more. As long as the return on investment is higher than the interest rate on the loan, then it’s a profitable deal for the company.

What the past few weeks have demonstrated rather clearly is that the above concept of risk is simply not operative. When a bank buys securities backed by junk mortgages, on the hope that the risk will pay off, the bank is not the the only actor taking on risk, they are just the only one doing so voluntarily. Turns out that the entire financial system takes on risk, from the lowest bank depositor, up to the federal government, all the way back down to the lowest taxpayer.

The result is that risk takers are not, in fact, risk takers… they are risk distributors, with the added bonus that all of the benefits of the risk flow to just to them, while the negative fall out will be distributed. This creates a perverse incentive for risk takers to assume more risk than the profit margins would suggest, because the full weight of the risk is not theirs to shoulder. Suddenly the idea of buying complex securities with shoddy accounting backed by junk mortgages doesn’t sound so bad. Suddenly the idea of over-leveraging your company begins to make market sense. Suddenly approving mortgages to risky borrowers in order to cash in on the soaring housing market is the best way to meet quarterly earning projections. The next thing you know we’ve got a system stuffed full of so much unwise risk that it simply cannot hold under its own weight… and that brings us to today.

I entitled this post Blood Money not in reference to the funds these risk takers extract from us as depositors, pensioners, and tax payers, but rather as a proposal for the reverse. We often hear pure market advocates say taxes on the rich–though, generally in this context they are referred to as “risk takers”–should be cut to encourage investment. The thought goes that these rich folks won’t be sufficiently self-interested if they know the government is going to tax their income. I’ve never really been convinced by this argument, seeing as how if I have the opportunity to make $100, and in one universe the government is going to take $40 and in the other the government is going to take $45, I will still go for the $100, because in both universes the residual earnings is still greater than zero. The only situation where I wouldn’t act is one where the risk of failing is so great that the $5 profit margin is actually determinative. But I digress :)

The point is that lowering taxes on the highest tax bracket has always been justified because these folks are the so called wealth creators, through their clever risk taking strategies, and that if we tax them, we will destroy their ingenuity. But now we find ourselves in a situation where the rich are asking for a $700 billion bailout, financed by taxes, because they assumed too much risk… and we, as tax payers, are probably going to give them an amount in that neighborhood because the risk takers figured out a away to ensure that we already bear the risk, even though we were never in line for any of the profits.

Students of history will note a bit of a cycle here… whether with the Savings & Loan bailout, or the auto industry bailout, risk takers are always figuring out ways to trap us regular Joes with the risk, while pocketing the profits during good times. My suggestion then, is that it’s time for us to claim our share of the profits. Here are a few ideas just off the top of my head: we could go back to treating profits from investment just like normal income, ending the preferential tax treatment of those whose entire earnings come from their own existing wealth; we could enact windfall taxes on industry in boom cycles (I’m looking at you, oil sector) which has the added bonus of cooling off those boom industries so they don’t overextend and then crash out, leaving us holding the bag; we could even revisit the assumed knowledge that lower taxes on the high income bracket somehow benefits us all. That way, when times are good and the risk takers are rolling in the dough, so are we… and when times are tough and the risk takers come groveling for a bailout, there won’t have to be a discussion about Wall Street vs. Main Street, because we will have the money on hand and know that by helping the risk takers out today, we will be getting all that money back from them tomorrow.

probonogeek Politics

Pushing Algebra

September 22nd, 2008

Today I was going to write about market stabilization, moral hazard, and top bracket taxation… or maybe I was finally going to say something about Sarah Palin… or maybe just a quick post about Nginx to follow up on my much maligned posting from some months ago. But all of that is going to have to take a back seat because today’s Washington Post has brought to my attention a new crises in American schools… the rush to teach algebra.

First, a bit about my experience with math. I was privately schooled through seventh grade, where I excelled in math… and a good thing to, because I was awful at spelling at the time… for that matter, I still am awful at spelling. When I transfered to public school in 8th grade I was placed in a remedial math class, which is to say it was behind what was traditionally taught to 8th graders and even more behind what was taught in the advanced 8th grade math class. After a few weeks of acing every test and answering every question in class, I was given an aptitude test where I did well enough to advance not just to the traditional class, not just to the advanced 8th grade class, but all the way to the advanced 9th grade class… the highest level of math offered at my junior high. (I often wonder why this test was not administered before school even started…)

I chose to go into the advance 8th grade class (quit frankly, I was having enough social integration issues as it was, the last thing I needed to do was take a math class with a bunch of folks a grade above me). This began my journey through public school math. As I said, I was good at math, and got either As or high Bs in Algebra I and Geometry (which I eventually became a 9th grader). I also did quite well in Algebra II / Trigonometry in 10th grade. But by 11th grade the ranks of advanced math were getting pretty thin. We still had enough students to support two full classes of advanced math, but that was down from four full classes at the junior high level. 11th grade advanced math, known as Pre-Calculus, changed everything. This class was extraordinarily challenging. In the one class I can truthfully say I always did my homework and always studied for tests, I also received the only C in my entire high school career. The number of people competing for valedictorian dropped to one, and the eventual saluditorian would only be eligible because she was not even at Woodinville High School in 11th grade to have her GPA washed up against the rocks like the rest of us. In 12th grade I excelled once again, getting straight As through Calculus and doing very well on the practice AP tests (though I never actually took them).

The point of retelling this story is that I was good at math, one of the best in my class of 400 or so students, and yet even I struggled through the Algebra to Calculus track that one begins by taking Algebra in 8th grade. Students who took Algebra in 9th grade, which was the norm at my school, had a much easier time and a more gradual progression into advanced mathematics. So I’m left wondering why, in God’s name, are we pushing algebra on every 8th grade student? Is this some new arbitrary standard we have decided to push because it sounds catchy? Has anyone figured out what we are going to do with all of these students when they get to Calculus, having left a trail of Cs behind them? I’m all for having a system that pushes students to excel, but math is a foundation based learning experience, and advanced math in junior high and high school requires
mastery of advanced math in elementary, not happy wishes and talk of the “new civil right.”

Seriously folks, America has always resisted tracks as anathema to our egalitarian sense of education, and I generally agree. But the response shouldn’t be an arbitrary decision that this particular level of math is right for everyone just because it makes for good headlines.

probonogeek Politics

"Just listen to the music of the traffic in the city"

September 17th, 2008

This week marks an new chapter in my employment with Articulated Man. As of Monday I have my own office situated in downtown Santa Cruz. The office is actually part of a larger office space housing the venerable Stone Soup literary magazine. It’s amazing how many people I’ve mentioned this to know who/what Stone Soup is. But truth is the office culture doesn’t provide much opportunity for me to interact with them, so it’s really just me.

The space is roughly that of a Haggett Hall double room, sans beds and hexagonal shape, so it’s not exactly spacious. But, there is more than enough room for a desk, some shelves, and most importantly, my still relatively new bike that I’m always worried will be stolen when I lock it up on a bike rack. I think all those years on the UW campus have put the fear of bike theft into me. On the plus side, it has windows overlooking one of the major streets in town and on Wednesdays it looks right over the Farmer’s Market.

I made the move for several reasons. First, Sarah is back from Holland and will be spending more time around the apartment when she is not at school. While I love her dearly, two people shouldn’t occupy such a small space 24 hours a day… a little separation does, in fact, make the heart fonder. More importantly, I feel like I’ve been drifting at work recently. Not that what I’ve been doing is uninteresting, but that I haven’t been really focusing the way I feel I could be, or the company deserves from me. The hope is having an office will provide a dedicated place to concentrate and dig into what I’ve got to do.

Making the switch isn’t going to be easy. Before the relocation, my morning consisted of getting out of bed at 8:55am, stopping in the kitchen for a bowl of cereal, and then the arduous 30 second commute to my desk in the living room to be “at work” by 9. Now things are a bit different. I’m up before 8am to check email and make sure there are no emergencies. Then from 9am to 10am I’m exercising, showering, and biking to my new office. Then I’m at the office until 5pm or when I get done with what needs to be done. It’s quite a bit more regimented, which was sort of the point.

Currently I’m working off my laptop, which I bought three years ago as a note taking device for law school, not as a web development platform. So far it has not been up to the challenge. The hope is some added RAM will fix things, but expectations are not high and I’m mentally preparing to relocate my desktop over there until I have a better solution. I did get a fancy new monitor and keyboard, so that’s exciting.

For those who made it all the way to the bottom of the post, I have a little treat for you. Starting this week I’m going to be doing a little more political blogging than I have been, probably going through until the elections. Handful of topics have arisen that I feel the need to talk about, and since Sarah hears from me every day, I guess it’s time I blab to you all.

probonogeek Personal

Chrome: Speculation

September 3rd, 2008

If you are a geek and you haven’t heard about Chrome, then you’ve been living under a rock since Monday when it was first leaked. If you aren’t a geek, your failure to notice the news is acceptable, understandable, forgivable. But now it’s on my blog, and you have no excuse, so get wise.

There are more than a handful of interesting things to say about Chrome, and none of them require me to even have tried Chrome, since it’s not yet available for Linux uses… here are each of those interesting things in no particular order.

1) The Comic Book

Google used an unorthodox approach to explaining the technology driving their fancy new browser. Instead of your standard, boring white paper, Google released a freaking comic book! It’s still a point-by-point review of the problems of current day browsers and Google’s proposed solutions, but it goes a step further with use of clever pictures to describe complex technical problems. It reminds me of an excellent video on Trusted Computing circulated years back (worth a watch if you haven’t seen it before). Now, let’s not fool ourselves, the Chrome comic book is not for the faint hearted… processes versus threads, memory footprint, hidden class transitions, incremental garbage collection… this isn’t kids stuff and certainly not for public consumption. Were it excels is communicated complex ideas to folks with a shared vocabulary but without shared expertise. I don’t develop browsers, and probably never will, but I still understood the message. A contributor to Debian Planet quipped, “I think it would be good if we had a set of comics that explained all the aspects of how computers work,” and I couldn’t agree more. I suppose that’s one advantage of having serious cash to throw around.

2) Open Source as Market Motivator

It’s my belief that Google has zero interest competing with the likes of Firefox and Internet Explorer, giants that they are… or even the lesser three: Safari, Opera, and Konqueror (being the origins of WebKitKDE for the win!). Chrome will never be as big as those browsers and Google doesn’t care. Google’s purpose, stated in various press releases, developers conference, and in the freakin’ comic itself, is to improve the ecosystem in which they operate: the web. Google wants more content online, and more users searching for that content, in order to feed the growing advertising business on which Google’s billions are based. Chrome isn’t about challenging FF or IE for market share, it is about challenging FF and IE to be better.

To accomplish these goals they have open-sourced the browser and all of its fancy doodads. Some clever things here. First, they used WebKit as their rendering engine, and as I mentioned, I love WebKit because it is based on KHTML, which was one of the first good open-source HTML renders and is still in use by Konqueror. What’s unique about WebKit is that neither FF (which uses Gecko) or IE (which uses something I will refer to simply as the suck) use it. So, here you’ve got an entire implementation of a radical new way of building a web browser, with all sorts of cool features just begging for adoption and neither of the big players have a leg up… both will have to tear out parts and re-implement based around their rendering system. And re-implement they shall! If Chrome can deliver on all of Google’s lofty promises, then users are going to gravitate to whichever browser can best deliver the same results.

3) Process vs. Threads

This is the big thing that Chrome is supposed to offer. Modern day browsers utilize tabs to allow users to visit many pages at once, which is handy… but in order to visit multiple pages like that, the browser has to be able to do many things at once. Until now, that was down with threads.

To help visualize a thread, imagine you have a fourteen year old kid and you tell him to deliver newspapers along a street. Off he goes and does his thing and he does it very well. Then, the next day, you tell the kid while he’s delivering the papers you’d also like him to compose an opera. So, he goes and delivers a few papers, and then stops and jots down a few notes, maybe a harmony or two, then back to paper delivery. He gets it done, but all that bouncing from one to another causes him to do it a bit slower. The next day you ask him to do all those things he was already doing and do your taxes (does anyone else get a cat on the second result?!). This time, when he switches over to doing your taxes, his poor little fourteen year old brain can’t handle it and the whole operation goes to hell… no papers get delivered, no opera is composed, and certainly not tax returns. That’s threading… one “person” switching between various jobs.

Now, with processes, it’s like you have THREE fourteen year old boys to do your bidding… one goes off to deliver the papers, one composes the opera, and the final does your taxes. Even if the third kid can’t deliver, his epic failure doesn’t impact the performance of the other two. You may still get audited, but at least you’ll know the papers are delivered and opera lovers can rave about the latest wunderkind.

IE and FF use threads (though, rumor on the street is that IE8 beta is process based)… so if one thread goes wonky, you probably lose the entire browser. Chrome is different, it uses separate processes for each tab, that way if one has a problem, the others aren’t impacted. If, at this point, you are saying “big deal, how often does my browser crash?” you are right where I am. I use my browser for everything all day… 10 – 15 tabs at once is standard operating procedure for me. Maybe I’m not visiting the nefarious parts of the internets. But here’s what is cool about their concept. It’s not one process per HTTP request or page fetch, it’s one process per tab/domain. Which means that so long are you are browsing around, you operate within a single process, sharing memory for various javascript fun within that domain. But once you leave to visit, say,, the old process is killed and a new one, with fresh uncluttered memory, is spawned. Which, if you don’t know much about the AJAX security model, is really a clever approach. AJAX is sandboxed by design, meaning AJAX scripts running on a page at can ONLY talk with servers… it cannot make a request off to or whatever… it’s all isolated. So now, when you go to and sit there for HOURS, with its memory consuming javascript, it is all washed away the moment you move to a new domain. Now that, my friends, is good news.

Of course, it comes with a cost… those processes each need their own memory, and while it may be virtual memory at first, once they start doing a lot of writing, and you get all those page faults, it’s gonna be real memory… and then we’ll see what happens on less-than-modern computers that don’t have 2 GBs of memory to throw around just to read their daily web comics.

4) Javascript: V8

I like javascript and have no patience for its detractors. If you haven’t used the likes of prototype or jquery, you have no concept of what javascript is capable of or how it can be extended to do whatever you might possibly want to do. Having said that, Javascript can be slow… painfully slow… on underpowered computers (like my laptop, now three years old). You can hear it chugging away on some javascript code. It’s my observation, however, that it’s not the javascript engine at fault, it’s the javascript itself… folks relying too much on their framework and object oriented design and not enough on smart coding.

For example, I recently retooled a javascript library that reordered a sequence of pulldown menus (known as select elements in HTML lingo). The previous version of the library iterated through the list of selects SO many times, it wasn’t even funny (and I find most HTML/javascript base conversations to be hilarious!). So, although I had to sacrifice a bit of encapsulation to do it, I was able to rewrite the library to be significantly faster… and my CPU thanked me for the effort. So, what does this have to do with Chrome?

Well, Chrome has a new javascript engine, V8, which is supposed to be a lot faster for various reasons. I guess that’s great… but, at least for the vast majority of javascript code out there, the real problem isn’t the engine, it’s the code. Google has an answer for that too, but the day I choose to learn Java is the day I choose to dust off the law degree.

5) Gears Out-of-the-Box

When I first learned about Gears, I wasn’t excited. Then I went to Google I/O and I got a little excited so I tried it out… Firebug threw so many errors, and everything ran so slow, that I lost all my excitement the threw it out. I will say that the idea of a more robust javascript interface to the filesystem and to other hardware resources is a great idea… as is a persistent data storage system beyond cookies. But Google’s got an uphill battle here. Until the majority of users have Gears installed, or a browser with Gears like features, no web developer is going to utilize those tools, thus there will be no incentive for users to actually install them. I honestly have no clue how Flash managed to get installed on nearly every browser out there… but I don’t see how any plugin that is as invasive as Gears is going to be able to repeat that miracle a second time. So, Gears out of the box?! Yeah, just another browser with propriatary extensions that are tempting, but should not be used.

6) User Interface

I haven’t seen it yet, so I don’t know… one friend says it’s really hard to get used to. I reserve the right to be obstinate.

In Conclusion

Hell if I know… Google is a complete mystery. But, by and large, they haven’t steered me wrong, even if some believe what they are doing is more like sharecroping than software development. I’ll be the first to try Chrome soon as they release that Linux version… and while Google’s at it, maybe a Linux Picasa client?

probonogeek Technology

Netroots Nation 2008: The Good Side

July 19th, 2008

I’m still drafting a post about the Bad Side of Netroots Nation–and trust me, there’s lots to say–but I wanted to post about a very positive experience I just had, and it’s name is Lawrence Lessig. Regular readers already know about my love affair with Prof. Lessig, and I told my company (who paid to send me here) that I was attending for the sole purpose of declaring my undying love to the professor. I just left his keynote speech and it was so good that I plumb forgot to prostrate myself before the entire liberal blogger community. But that’s okay, because his speech was just damn good. I’m hoping he will post the slides and audio, but (a) he probably won’t for months and, (b) you probably won’t take the time to watch it. But that’s okay, because I’m going to summarize his point, which is both simple and powerful.

He argues that the recent 9% job performance rating for Congress is a product of trust, or a lack thereof. Which stands in contrast to the claim that the rating is a product of policy outcomes. If you had asked me yesterday why Congress rating is so low, I would have pointed to their failure to end the Iraq War. But that answer never really seemed to be complete to me. Every vote has winners and losers, and there is no way that Congress is voting such that 91% of the entire country is losing. There’s something more fundamental than policy outcome going on here, and whatever it is, it crosses the the isle to include an ultra-super-majority of the American population. Trust, it seems to me, fills in the gap. I buy the idea that 91% of the American people simply don’t trust the product coming out of Congress, regardless of which side they fall on a particular issue.

Which isn’t to say that Congress deserved our trust back when the rating was higher… more likely, we simply didn’t have the needed information to “build” our lack of trust. But with the advent of blogging and increased political access of all stripes, it’s becoming all too painfully obvious.

What I found most compelling about Lessig’s presentation about trust was not that members of Congress are undeserving of our trust. In fact, he went so far as to say that this decade’s Congress is far more deserving of our trust than any Congress before… not that this Congress is good, but that the past was so bad. What he pointed out is that there is culture in Washington, an accepted culture, whose byproduct is untrustworthiness. As an example he pointed to the bankruptcy bill, which in the late 90s First Lady Hillary Clinton opposed… but then in 2004 Senator Hillary Clinton supported. Clinton received significant donations from credit card companies during that time, leading to the claim that her vote was bought. She says the money isn’t responsible for her changed position, and as Lessig said, “I believe her.” The problem, he says, is that it creates the appearance of being bought and lessens trustworthiness. Hence the 9%.

He went on to pitch a new organization,, which has become his new passion, having put his free-culture crusade on hold. Which is not to say the free-culture fight isn’t important, or that so many other issues aren’t important. In fact, he’s willing to say all these other issues are more important than the issue of trustworthiness. What makes trustworthiness worth his time, and I agree everyone’s time, is not that it’s the most important problem, but that it’s the first problem. It is a pipeline problem that must be overcome before anything else can be really solved.

So, to Prof. Lessig, I was originally very disappointed when I heard you were leaving the free-culture fight, but now that I’ve heard your argument and see your direction, I applaud your decision, and I’m excited to start working on this, the first problem.

probonogeek Politics

Don’t be Fooled by

July 1st, 2008

I got an email today from Network Solutions declaring “Is the .COM Domain You Want Taken? Get the .US.COM & Save” and thought to myself, “wow, they are finally starting to advertise the .us TLD!” Here in the States we sort of take the .com and .org top level domains for granted. But in much of the rest of the world websites use their country code TLD… so, in the United Kingdom you will see lots of .uk domains. Personally, I prefer this, as it helps identify the site’s situs (to use a legal term)… don’t believe the hype of pure virtual existence, websites have tangible form in the physical world.

Trouble with this advertisement from Network Solutions is that they are not, in fact, advertising a .us TLD… they are advertising subdomains of the domain. Note the .com is at the end, not preceding the .us like with (I just set one of these up yesterday, nothing special about Australia). So, what we’ve got going here is somebody (presumably Network Solutions or a subsidiary) spent the $20 necessary to register–a process that is no different than when I registered–and is now going to sell subdomains of their domain for $20 per year and are passing it off as a “.COM Alternative!”

Now, I can’t speak for anyone else, but the idea of giving $20 to some dude who happened to buy the domain when I could just as easily purchase a .us domain for the same price through a legitimate registrar, seems awfully silly. To further bolster my claim, have a look at the actual site… looks like a google link farm to me. Having said that, if anyone wants to purchase subdomains for, I’m offering them at the competitive price of only $15/y!

probonogeek Technology

Political Roundup

June 27th, 2008

Lots of stuff in the news recently that I wanted to offer my two cents on in the interest of totally destroying my political credibility when I seek political office in 20 years.

2nd Amendment Ruling in District of Columbia v. Heller

I will come right out and say it that the Court got this right. The traditional theory to explain gun control in light of the 2nd Amendment is that the right is a collective right given form through state militias (or what we might call today, the State Guard). I’ve been searching for words to help describe why I feel this just didn’t cut it for me, because it runs counter to the usual liberal song and dance that, in general, I subscribe to. Thankfully, I found those words today in an OpEd by Eugene Robinson.

I’ve never been able to understand why the Founders would stick a collective right into the middle of the greatest charter of individual rights and freedoms ever written — and give it such pride of place — the No. 2 position, right behind such bedrock freedoms as speech and religion.

Makes you think… what if the 4th Amendment (restrictions against unlawful search and seizure) had been interpreted as a collective right… or Freedom of Speech? I may not agree with the 2nd Amendment, but it’s on the books and it deserves the same constitutional force as all the other amendments.

Obama Campaign Pledges

There are three at issue… a commitment to stay in the Public Campaign Finance program, a commitment to engage in a different kind of politics vis-a-vis the general election, and a commitment to filibuster any FISA amendments that included retroactive immunity for telcoms. I give a thumbs up to getting out of public financing. Obama is raising tons of money across the spectrum of donors and he should continue to do so. The Republicans have fought dirty in the past and I see no reason to believe 2008 will be any different. I give a thumbs down to the Obama campaign’s refusal to engage in Town Hall meetings with John McCain. I don’t care if they are McCain’s best format… they are formats where you have actual discussion and are tons better than traditional debates found in previous Presidential elections. And as for FISA… well, I suppose that’s politics and everyone can changes their mind sometimes, which brings us to…

Telecommunications Immunity in FISA

I’ve thought long and hard about this since it became apparent that immunity for the telecommunication company’s involvement in the Bush Administration surveillance program was all but a sure thing. For a long time, I was really upset. I even watched most of Sen. Dodd’s floor speech where he railed against the decent from the Rule of Law into the Rule of Man. In theory, I agree… but in politics, I think theory must give way to the practical.

So I asked myself to try a little thought experiment… what would I do if I was an executive of a major telecommunications company? Lets assume I’m your standard executive whose primary concern is the financial well-being of my company, it’s shortly after September 11th and representatives of the President of the United States shows up in my office saying “for the good of the country, we need your help.” I, of course, ask the question any good executive worried about the financial well-being of my company would ask, “what are the legal implications?” to which the representatives say, “the President has authorized this under his Article II powers to defend the country as Commander & Chief.” What, realistically, is the chance that my follow up is going to be, “you know, I think we should go to Congress and get explicit approval” or “how about we draft up a brief and ask the Courts to weigh in?” No, I think the most realistic response is going to be, “if you provide my company with a legal document from the President authorizing this activity, then we will provide assistance.” To do otherwise is to tempt the wrath of the President and the ire of the American people just after the largest terrorist attack in the country’s history.

Now, of course, I don’t agree with the President or his advisers. The program itself goes too far and the President lacks the authority to authorize the violation of the law. But there are specifically delineated tools at the disposal of the Congress and the American people to restrain, and if necessary remove, the President for such violations of the law. The telcoms, in my view, are less-than-innocent bystanders in this case. Did they break the law? Probably, yes. Did they do so under what amounts to duress under Presidential order? Seems like, yes. Is the one who we should be going after sitting in the Oval Office? Absolutely, yes. Which is why the immunity provision in the FISA amendments is actually a sort of poetic justice. Every time one of the telcoms gets a suit against them dropped, they must produce documented proof, in open court, that the President specifically authorized the activity in question… every time the public will hear, the President told us to break the law. Whether or not that leads to any legal ramifications for the suits against the government, I’m unsure. But I think in the political/historical context, it will mean a lot to have the world hear, over and over again, that the Rule of Law was put aside because the President said so.

So now we will turn to the proper tools, whether that is individual suits against the government or political actions by the Congress, is up to those who wield those tools. But I think these sorts of approaches go after the true villains of the piece and are preferred over attacking the middlemen.

probonogeek Politics

Getting Back Up…

June 25th, 2008

The server is starting to come back from the dead. I took down the slice following my recent hack and awaited instructions from my hosting provider. Sadly, this experience made them reconsider entering this business and they have terminated the beta slice program that in which I was a part. They pointed me towards slicehost, which is a competitor with Linode, which we use at work. Anyway, I thought it would be a good opportunity to try something new, so I signed up for a slice and got the ball rolling on a new server.

Remember kids, security first…

niles@zion:~/exploit$ ./exploit
Linux vmsplice Local Root Exploit
By qaaz
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2b7638001000 .. 0x2b7638033000
[-] vmsplice: Bad address

Now I just need to restore my Subversion and Apache servers and I’ll be rocking and rolling once again!

probonogeek Technology


June 18th, 2008

Today I received a very unhappy email from a fellow saying my webserver had launched an attack against his FTP server and that I needed to stop it or he would contact the Federal Authorities. I was unbelieving at first, to be perfectly honest, and asked him to produce logs verifying the attack. But then I went and checked my server and discovered it was running a script named ftp_scanner, which seemed to be attempting brute force attacks against random FTP servers. ack.

I quickly killed all the ftp_scanner processes, found the offending script on the server (cleverly hidden in /tmp/…/ so as to be both hidden from a standard ‘ls’ and appear like a system file when running ‘ls -a’). The immediate problem addressed, I tried to figure out how this could have happened. To my horror, I discovered that Thursday of last week someone had run a brute force attack against my SSH server and happened upon one of my users whose password was the same as her username. double ack!

A little back story is useful here… on Friday my server went down in a sort of funky way. I could still ping it, but http and ssh access were denied. It took all weekend working with my provider to get it re-enabled. They said it was because CPU usage had spiked, and since it’s a virtualized server, my slice was shutoff to prevent damage to the larger system. I should have investigated then, but I just figured the detection systems were borked and thought nothing of it. Bad idea.

Two days later, the intrepid attackers struck again… and I would never have known if not for the email from the poor guy whose server my server was attacking. But that’s not the worst of it. While cleaning things up, I noticed an SSH login to the ‘news’ account, which is a system user account that you cannot usually log into. It was then that I discovered the /etc/shadow password file had been compromised to enable a variety of logins that should not have been. This, unfortunately, was the worse possible news. If the attackers could change /etc/shadow, it meant they had manged to obtain root level access to my server. ack, ack, ack.

I went back to the /tmp/…/ folder to poke around the contents. It was then that I discovered the Linux vmsplice Local Root Exploit. And indeed, running the tests described my system was vulnerable, and the entire slice had been compromised. Since I don’t run tripwire, or anything like that, I was pretty much screwed. oh, ack…

All user data is now backed up onto my local desktop and the slice is scheduled to be cleared. Once the kernel is secured I will have to start building the system from the ground up all over again.

Oh, and if “Not Rick” is out there, I’m sorry to have caused you any trouble… but contacting me via means that prevent me from replying makes it difficult to apologize or explain the situation.

probonogeek Technology