mostly useless crap from me

Greebo, my first cat, has disappeared from her new home at my brother’s.

As this is on the same road where she was run over back in 2001, I’m a bit worried. Tuesday will mark a week of her not being around, and realistically the upper bounds for her to return by herself if she’s just having a sulk. I hope that she has found a new home and carer – it can be tough to move and not have your previous cat slave living with you, and two small children trying to pull your tail.

She is microchipped. Luckily, we changed the contact details for her in the week prior to our honeymoon, so if a vet or the pound finds her, we will get a call to the right address. However, since she was chipped in NSW, it’s not entirely clear if they share data with the Victorian animal registry. I will find out tomorrow.

If she stays missing by the time we leave for the USA, I will take Meebles with us to the USA. I miss my babies desperately, and I want them to be close to us. I hope Greebo is okay, wherever she is.

The other day, WGA decided that my volume licensed copy of Visio was a pirated copy. This is laughable… and annoying. Luckily, the situation sorted itself out; I have Visio 2007 installed and I was able to use that until Microsoft used the rubber hose on WGA’s servers.

But it got me to thinking how a hostile Trojan could cause massive disruption. Product IDs are easily tamperable. If the user is an administrator, all a Trojan or virus has to do is change the Product ID for Microsoft products (Windows, Office, etc) to random values. It doesn’t need to set it to known pirated Product IDs, but just random ones. These are unlikely to validate under WGA, and millions of folks will end up with software which can open, but not print or save documents. Or in Windows’ case, not boot after 30 days.

Microsoft’s only solution for this would be a massive program of issuing new ProdIDs to legitimate customers at a massive cost to everyone (including Microsoft), or to give up on WGA altogether.

If product IDs are susceptible to change, and they are, they must be better protected by the WGA process. If I’ve thought of this, and I’m not precisely hostile, imagine what the organized crime dudes can do.

I don’t know about you, but I find artists who know very little of what they complain about frustrating. I am not talking about irony and the lack of it in Ironic by Alannis Morrisette, but I wish I was a punk rocker (with flowers in my hair) by Sandi Thom. If you’re a fan of this song, please don’t get me wrong, it’s a nice song, but it’s woefully inaccurate.

In the olden days, scientist philosophers like Galileo, da Vinci, Newton and Franklin were masters not only in their respective fields and great minds, but accomplished authors, musicians, artists, and in Franklin’s case, statesmen. As with most of my geeky friends, we are passionate authors, voracious readers, keen collectors of music and often musicians in our own right, love museums and galleries and the arts. However, many “artists” do not respect our arts and sciences.

Let’s go through a few of the foibles of this song:

• “In 77 and 69, there was revolution in the air”    Where? In 1968, there was the France student riots and Prague Spring, of which only one, the French student riots made any difference with an election being called. In 1969, besides the Viet Nam war, very little revolution happened. Maybe she’s talking about Woodstock. 1977 was the beginning of the Sandinista revolution in Nicaragua, and the seeds of the Iranian revolution, but hardly progressive revolutions as the singer calls it out. The song’s main theme is punk (anarchy) and flowers in the hair (the hippy / free love movement), which is an expression of baby boomers “me me me” selfishness despite its best intentions. We owe a huge debt to the hippies for freeing up attitudes but little else. Anarchy exists today – see Darfur and a host of other hot beds of human misery and crimes against humanity. No one can claim to want anarchy without understanding what it truly represents. 1977 saw the release of Never mind the bollocks… by the Sex Pistols. Punks hated the hippies, so I’m unsure of why she wanted to be both. Anyway, disco / techno won the battle, not punk
• “Not everybody drove a car”    This is still true today, and if anything, anti-car choices in the major metropolises of London and so on make it very difficult for people to drive to where they’re going. The car is a symbol of freedom and personal mobility, so I’m not sure why this is a bad thing. The days of most people not owning a car or the ability to drive are long, long gone. This is more of a pre-World War II thing. My grand parents owned cars from the end of the war onwards. Certainly, by the end of the 1960’s most families had at least one car and it was an essential part of life.
• “When accountants didn’t have control”    This is especially amusing. A&R and accountants in the music industry have been entrenched for years. In Dirk Gently’s Holistic Detective Agency, written in the early 1980’s, the main protagonist fought against the A&R types and noted with extreme wit that music contracts were the devil’s work. This didn’t happen overnight. This is not a product of today’s society, but that of the exploitative music industry she so bitterly complains about.
• “And the only way to stay in touch was a letter in the mail”    This is also particularly funny. Although I’ve personally only written a couple of actual letters to friends, and none in the last 17 years of being on the Internet, the phone system has been around for quite some time. Telegrams predated the phone system by the some considerable time; the first Atlantic telegraph line was completed in 1858, some 111 years before 1969. It was possible to call internationally from the 1920’s onwards with the laying of submarine cables, and from the 1960’s onwards with the launch of Telstar in 1962.
• And the super info highway was still drifting out in space    The network that became the first nodes of the Internet were established in 1969 as ARPANET. It has only recently been extended to our local solar system – with a modified form of TCP/IP used to communicate with the Mars Orbiters to form the interplanetary internet (see http://www.ipnsig.org).
• When record shops were still on top/And vinyl was all that they stocked    This ignores the 8 track (from 1965 onwards) and the compact cassette (from onwards), both of which were popular in 1969 and 1977 respectively.

Although this song appeals to those hankering after a time long ago, the time the chanteuse desires never existed. I wish that artists were a bit more respectful of history and less hostile to modern life. I’d rather be alive now than living in the past; the world is a beautiful place and it is what you make of it.

Boomshanka, peace.

IOWA CITY, Iowa (AP) — Physicist James A. Van Allen, a leader in space exploration who discovered the radiation belts surrounding the Earth that now bear his name, died Wednesday. He was 91.

A sad day for astronomy and space geeks. More here

Work: I owe my boss a huge beer (and a document) and an apology when I get back to Australia.

Personal life: in the dog house. I got very little sleep these last few days, and I bet my other half is feeling far worse than me. Hopefully, she can come to Vegas so we can sort things out.

OSCON: Awesome.

My presentations went down well. I’ll upload the new presentations soon, but the Ajax Security demo went off really well. The room was overflowing with folks, so I’m really chuffed that so many of you decided to come.

I’ll put up the Ajax XSS demo I did later, but please be aware that these demos are INSECURE by design, and only to test them on your internal systems. The trick is to:

<img src="kitty.jpg" onLoad="... your javascript attack here ...">

People forget there’s literally hundreds and possibly millions of ways to do XSS. Do NOT look for script or Javascript and think you’re done. That’s stupid. Make the output safe, it’s faster, it’s simpler, and it works.

People

I met so many folks who I had spoken to over the net, or e-mailed. Everyone is so nice and friendly, it’s incredible to meet the greats. I really enjoyed catching up with Chris and Laura, met the Schlossnagles for the first time (cool dudes, cute kids , and of course, Wez.

Unfortunately, due to the bad things going on in my personal life, I could not bring myself to hang out after hours as I was feeling extremely down, but life goes on. I was hoping to go out to Portland a bit more; maybe next time.

Talks

I went to a fair few webappsec related talks, and it’s truly gratifying to me that the developers had an entire stream dedicated to it. I really enjoyed the PHP Security hoe down – we had a wack job in the back row causing a bit of a stir, but after he left, the hour really flew.

Portland

I’ve never been here before. It’s a very nice city, great public transport. I’ll post some images soon as it’s very pretty this time of the year. It was a bit hot when I got here (about 40C) but it soon cooled down to mid 20’s and I’ve been happy with that.

A friend through newbeetle.org picked me up from the airport last Sunday, and we went to her place and hung out for a while. She invited over a friend of hers, and I got to see her and her hubbie’s New Beetles (a nice Turbo S and a unired NBC), and her friend’s green Gecko TDI New Beetle. Very nice – I wish we could get that color in Australia. We had breakfast on Friday morning even though I was extremely tired (no sleep) and a bit sad, and she picked me up this morning to take me to the airport. I’m so impressed, I wish I could say I was as good a host when I have folks visiting. Thanks, Debbie – you set the standard!

Next steps

I’m off to SF next. I’m at the airport now. I have to spend a few hours this weekend getting stuff together to meet the CSO of a major partner of work’s, like running through the ESA presentations and ensuring that we have something constructive to talk about. I might need to go to Kinkos tomorrow and print off a few things unless my hotel has a printer I can use.

I’ve given up my PC to my brother as his computer (my old 1999 Dell) was finally giving up the ghost. I no longer have the ability to execute Windows x86 binaries or Linux x86… for now. This leaves me only with my Mac.

I miss the pedestal of my PC’s case (clear horizontal surfaces being a bit rare due to the chronological ordering system I use (ie I dump things on spare space, and neglect to clean up), but I will not miss is the fan noise.

In the new year, after the wedding, I’ll get a nice MacBook Pro once they’ve sorted out the whine (apparently sorted with later MacBook Pros which have a different display inverter), fan noise and overheating issues (probably fixed with the firmware update), distorted right hand speaker, and expanding batteries and reports of poor battery life.

 

Just a quick note as to the quietness of the blog. I’m working on a few things:

• my slides for OSCON (webappsec 150 tutorial, and updating my Ajax presentation to include the latest research and make it a bit more (ahem) controversial to liven things up)
• doing demos for the above
• my slides for OWASP Melbourne, July 2006 meeting (this coming Wednesday! Details)
• reconstructing my work laptop
• the OWASP membership packs and other executive director project items
• administrating Aussieveedubbers
• writing a fresh Ajaxy UltimaBB installer
• writing a proposal for a workable security architecture for PHP 6 which I want to present to Chris when I go to OSCON, and maybe earn myself an audience with Rasmus and the other PHP luminaries to discuss it over a beer or two and thus decrease my trolliness to those folks.

and plus Tanya would like my body sometime as well. I’ve given up TV. Woe is me!

See you at OSCON 2006.

I’m also making an appearance at BlackHat and Defcon, and will be in SF in between those two conferences, and possibly in Salt Lake City before OSCON (depends on work). If you want a Thawte Notarization for the Web of Trust (free *real* fully trusted S/MIME certificates!), please bring photocopies of your photo ID and I’ll do it for free.

As I was wondering how to force myself to sleep at 2.30 am as my body clock is still way out of whack from the unspeakable misery that is my throat, my fiancée Tanya had an anaphylactic reaction to something. After she tried all three methods of control, including an auto-injecting adrenaline monster needle, I had to zoom her to hospital. Although I am still suffering the full effects of laryngitis, extremely tired, and out in 7C weather wearing just shorts and t-shirt and with nothing to read. But I’d do it all again.

Our nearest hospital is Werribee Mercy hospital, about 5 km and around 5 or so minutes in the car. The hospital had nurses, but no doctors as they all called in sick, so emergency was shut down. Tanya’s breathing wasn’t improving. Although the nurses on duty tried to make things better, it looked as if the MICA dudes would have to intubate her whilst on the way to the next nearest hospital, some 15 km away.

The care Tanya received from all concerned was great (except of course, the Werribee Mercy, where due to stupid laws prohibiting qualified nurses from prescribing anything, Tanya couldn’t be given anything until the MICA dudes arrived, even though this meant she might have choked to death). The nurses at the Mercy were clearly worried and got us out of there as quickly as they could. They shouldn’t have needed to. I feel sorry for them, as it’s not their fault Tanya’s recovery was made so much worse by unnecessarily and potentially fatal delays in treatment. It is pure and utter luck that Tanya survived this period – there were no drugs available for treatment (see the bit about no doctors!), and adrenaline to keep your heart going only helps if you can breathe.

I rang her parents as I left Werribee Mercy, and they came as soon as they could, arriving at Western General shortly after I was allowed in to keep Tanya company.

After getting to Western General at Footscray an hour after the attack had occurred at our place, Tanya received treatment, but was left on a trolley under bright neon lights all night – there literally is no other option at Western General. It’s a bit ancient, run down, crowded and primitive there. However, for the poor western suburbs, there is basically nowhere else.

The triage area didn’t let Tanya’s parents in to see her until nearly 40 minutes after we arrived. I could see that Tanya was immensely relieved to see her folks, as I know I was. Tanya’s parents and I took turns staying with her in the very crowded and busy emergency department.

However, at 6.30 am it was obvious I needed my drugs for my throat. So I had to go, even though I didn’t want to. I was extremely tired and so I drove very carefully. I got home at 7 am, showered, ate breakfast, and rang Tanya’s parents to check up on her condition. Luckily, Tanya had been moved to a recovery ward and was resting, so I took the opportunity to take some sleep.

I woke at 11 am with the sorest throat I’ve had in the course of my horrible illness, had a huge painful coughing fit and spent the next hour or so gagging in the bathroom. I wanted to go back to Tanya, but I knew I couldn’t do it. Luckily (for me!), Tanya rang and told me that a reporter will be speaking to her, and most likely appear on the news that night. I hadn’t realized a political football had been set in motion by *someone*, but it certainly wasn’t us.

Tanya made the news: she was interviewed by Channel 9 for their main evening bulletin, and Channel 10 reported a slightly inaccurate version – she was never intubated. The Age also covered it here (“Furore over casualty closure”). Our phone was red hot for a while after the 6 pm news.

However, it would have been nice to have doctors in an area where there’s upwards of 30,000 families relying upon their hospital. I just hope that this leads to changes that allow us to assume that our nearest hospital is safe to attend in an emergency. I know that the western suburbs seem like the wasteland to our medical fraternity, but it’s unacceptable to leave us all at risk just so they can live in Toorak or South Yarra. Now this thing is a political football, it should be sorted. But having worked in the health care industry for a while in the past, I am terribly cynical and know it will not be fixed. Our horrible episode will just be forgotten in a day or two, and nothing will change.

I’ve got more stuff to go up here, but I’m not feeling very well.

On Sunday night in Steve’s flat in Munich, I felt a bit lightheaded after some decent wine and grappa. I put it down to that. I woke the next morning feeling very hot and flushed. I thought, bugger, what a hang over! I knew I needed some drugs, but it was a public holiday in Germany on Monday and every pharmacy I could see was shut. When we got to the airport, the pharmacy was on the inside, but no dice there either – they were shut.

When I got to Singapore, it was too short a stop over to try and get some drugs and plus, I didn’t want an ear temperature test keeping me in Singapore until they worked out what it is I have.

However, upon returning to Australia I was feeling less than stellar, so I went to bed, thinking I’ll sleep it off. Not being shy of the GP, my lovely financée rang and was directed by my GP to make myself available at my local hospital’s emergency department at the earliest opportunity. Which is exactly what my financée and her mum did. I was groggy from the long flight and tired. They woke me up, drove me there, and we waited. And waited. and waited. I could have done with that sleep! Eventually, the drugs she plied me with kicked in, and we decided to head back to the GP, even though he was treating me like a leper who also had avian bird flu.

A quick two minute exam – bronchitis. A short course of antibiotics, no alkyhol, and rest. Which is exactly what I feel like and have been doing. Except I should be at work today, and I should have been back in my own time zone. It’s 2.20 am, and I feel … well … up. Tired, crappy, and up.

I’ll try staring at the bedroom ceiling and see if it helps.

We got up, had breakfast, and walked to the Deutsches Museum.

Unlike any other museum, this is a geek museum. It’s like geek heaven there. Except there’s so much to see and that entails a lot of walking. They have feet massagers, but they take 50 c coins, and I haven’t acquired any of those yet, only heaps of 20 euro cents.

The first thing we checked out was the high energy lab, and that was amazing. Lots of noise, sparks and high energy!

We took in (not nearly exhaustive to describe it!):

• High energy lab
• Planes, and lots of them!
• Planetarium
• Rockets, rockets, rockets!!!!!! And more rockets!
• Chemistry … no explosions, doh!
• Space exploration (astronautics)
• Measurements and time
• A temporary exhibition on German progress
• Walked through the agricultural area, but checked out a complete house they’d reconstructed
• A cave about neolithic art work. It was dark.
• Nuclear physics and other physics
• Paper and printing (look at real leading and type!)
• Musical instruments (nearly missed out on this one, but it was awesome!)
• Techno Toys – looking at all these early proto-legos from the late 19th century and early 20th century

Check out the gallery of stuff here:

After the techno toys, my feet were killing me, so we headed back to Steve’s place. We geeked out there for about an hour and watched a Coupling episode. I’d forgotten how cool that show is – I’ve only seen the one episode until then. Will need to get the DVDs when I get back to Australia.

We had dinner at the Mexican restaurant near Steve’s friend Andi’s place. It was really good, particularly the half price Margaritas. Again, no Visa, and the prices at most European places are in ouchy land territory for earners in $AUD. At this stage, I’m nearly out of cash again. Need to find an ATM on Monday to deal with this if I run out of Steve’s hoard of cash (we’re trading at the correct rate, so he doesn’t need to be done over when he comes to Australia).

Sloshed our way back to his place. Even at 10 pm, the public transport doesn’t take long, despite needing to change trains (and system) three times. You simply couldn’t rely on public transport in Melbourne to do this.

We watched a few episodes of Coupling and I hit the sack.