Saturday, December 31, 2016

Stay frosty, my friends

Getting ready for the HOG chapter "Frosty Balls" ride tomorrow.



Actually not too bad if you bundle up, even at 37°.

My New Years' resolution

I resolve to eat more salads.


How Trump can pound the final nail into the Global Warming coffin

There's something floating around about how "100% of warming is due to data tampering".  It's worth your time to read it.

Long time readers know that I've been posting about climate science for quite a long time.  Newer readers who are interested in a condensed view of my opinions can read it here (it's sort of a "Climate Science 101" post for the educated layman).  Readers who want more depth and background (or who are gluttons for punishment) can get a list of climate posts here.

But everyone is familiar with the Global Warming scare machine which pumps out a never ending stream of ZOMGTHERMAGEDDON!!!11!!!ELEVENTY!!!  The climate science establishment feeds a stream of "hottest year ever" press releases to a media that is fully on board and which pushes this narrative.  Government funding to the tune of $100 Billion feeds the whole machine.

And yet the public is (rightly) skeptical of the whole thing.  Trump is making some right moves appointing skeptics to positions like head of the EPA.  Some have proposed cutting funding of climate science research by 80% or more.  These are good ideas, but won't directly address the problem of corrupted research and bureaucratic pushback.  Immodestly, I believe that I have something that will stop the global warming machine in its tracks in the space of a month, and keep it derailed for good.  And there's nothing that the bureaucracy and the scientists can do about it.

And it would be 100% scientific, which is why it would be so easy and why it would stick.  You clean up the climate databases:
If you look closely at climate data, you will find that all the major data sets consist of two parts:

Raw Data, which is the instrument reading: satellite, thermometer, or proxy (tree ring, ice core, etc). This is data straight from the sensor.

Adjustments, which are corrections applied to raw data to adjust for inconsistencies. For example, it is important to read the thermometer temperature at the same time every day. If the hottest time of the day is, say, 2:30 PM, but you read the thermometer at 10:00 AM, then the day's reading will be low. Adjustments are also made when weather stations are re-sited, and for other reasons.

An interesting question is how much of the 20th Century's warming came from adjustments, rather than from raw data?
Spoiler alert: according to the scientists themselves, over 85% of reported warming comes from adjustments to the data.  Re-stated, the data as recorded only show 15% of the ZOMGTHERMAGEDDON!!!11!!!eleventy!!! that is being fed to us.  Or all of it, if you believe the new post that's going around.

Now maybe these adjustments are actually correct, but it seems that the scientists should provide very solid and compelling reasons when and why they adjust the data.  Quite frankly, there are some good reasons to think that they are not doing this:
Anyway, lets look at the specific adjustments.  The lines in the chart below should add to the overall adjustment line in the chart above.
Ushcn_corrections2
  • Black line is a time of observation adjustment, adding about 0.3C since 1940
  • Light Blue line is a missing data adjustment that does not affect the data much since 1940
  • Red line is an adjustment for measurement technologies, adding about 0.05C since 1940
  • Yellow line is station location quality adjustment, adding about 0.2C since 1940
  • Purple line is an urban heat island adjustment, subtracting about 0.05C since 1950.
Let's take each of these in turn.  The time of observation adjustment is defined as follows:
The Time of Observation Bias (TOB) arises when the 24-hour daily summary period at a station begins and ends at an hour other than local midnight. When the summary period ends at an hour other than midnight, monthly mean temperatures exhibit a systematic bias relative to the local midnight standard
0.3C seems absurdly high for this adjustment, but I can't prove it.  However, if I understand the problem, a month might be picking up a few extra hours from the next month and losing a few hours to the previous month.  How is a few hour time shift really biasing a 720+ hour month by so large a number? I will look to see if I can find a study digging into this.  
I will skip over the missing data and measurement technology adjustments, since they are small.
The other two adjustments are fascinating.  The yellow line says that siting has improved on USHCN sites such that, since 1900, their locations average 0.2C cooler due to being near more grass and less asphalt today than in 1900.  
During this time, many sites were relocated from city locations to airports and from roof tops to grassy areas. This often resulted in cooler readings than were observed at the previous sites.
OK, without a bit of data, does that make a lick of sense?
Not to me it doesn't, and it shouldn't make sense to the Trump Administration, either.  And so my proposal:

Remove all adjustments from the climate databases and then allow them back only when justified for a single day at a single weather station.  If an adjustment is needed, then have NOAA specify why.  And report the last 100 years without any adjustments.

And this will basically kill the global warming movement.  It will reveal to the public that the data have been manipulated.  Those who complain about this will have to justify why unspecified and unjustified changes should be allowed to the data.  They will have to explain how that is scientific.  Quite, I don't see how the climate science establishment can effectively push back against this without confirming the skeptics' worst accusations.  I mean, do you want honest science or not?

And suddenly all the scientists who use that data set will have a data set without an artificial warming signal.  There will suddenly be a "97% consensus" that no warming is seen.

And this can all be done in a week.  No Congressional action needed, just the stroke of Trump's pen.  And then he can tell the EPA to justify all their new carbon rules ...

Brad Paisley - Welcome To The Future

New Year's is an occasion to think on what the new year will bring.  It's also an occasion to think on where we've been and what's changed.  Life is change, whether we like it or not, and we exist in a time machine heading into the future at a speed of one second per second.



Welcome to the future.

Friday, December 30, 2016

If only we could replace that cowboy George W Bush as President

America would no longer be mocked by the rest of the world.


Wednesday, December 28, 2016

Damn


It was a silly movie, but she was really good in it.  She was only 20.  That was 64 years ago.  Debbie Reynolds, mother of Carrie Fisher, dead at 84.

Digital Tao

And don't start looking at your bookmarks, either.

Tuesday, December 27, 2016

Monday, December 26, 2016

A Christmas Shopping Story

There was a woman who wanted to go the mall to do some shopping and when her car wouldn't start she called her husband to see where he was and ask if he would come home to help.

"Hey, my car won't start. Where are you?", she asked.

"Out shopping", he replied, "Do you remember that December the year before we were married? We went in that fancy jewelry store out past the mall and we looked at a diamond necklace. You really liked it but there was no way I could afford something like that."

"I remember!", she says, "When we left there, you told me that someday you'd be able to get one for me!"

"That's right", he says, "Well, anyway, I'm in the new gun store right across the street."

Christmas Morning

Life brings changes.

This Christmas found us on the Outer Banks, staying with friends at a home south of the Hatteras lighthouse.The beach in winter has it's own beauty and we were lucky to have a few days to appreciate it.


Sunday, December 25, 2016

Merry Christmas from Wolfgang


He hopes you got a frisbee, too.

J. S. Bach - Christmas Oratorio

It's Christmas by J.S. Bach.  Not sure how much more needs to be said, other than Merry Christmas to all!

Saturday, December 24, 2016

Thurl Ravenscroft - You're A Mean One Mr. Grinch

The Queen Of The World thinks that I need to post something for all y'all who are grinches this year.  And you know who you are ...



I always thought that this was sung by Boris Karloff, but he narrated the TV show.  Ravenscroft  sang the song.  He also looked looked just like Clark Gable.  Who knew?

Martina McBride - O Holy Night

It is the night tonight.

Friday, December 23, 2016

90 years of movies Frederick, MD

The Queen Of The World and I are at the Weinberg Theater in Frederick, Maryland which is celebrating its 90th birthday by showing the first movie ever shown here. It's the silent film "The Strong Man", with a live accompaniment on the original pipe organ (as was done 90 years ago).

Right now (before the show), he's playing Christmas carols. He's very good, and the organ sounds spectacular.

Bing Crosby - Mele Kalikimaka (with Mickey Mouse)

The cartoon is classic Mickey.

How the New York Times knows it's wrong about Russian hacking

And how we know that they know.  A detailed analysis about how scraps of information are woven into a narrative to support the Democrats:
Here's a trick when reading New York Times articles: when they switch to passive voice, they are covering up a lie. An example is this paragraph from the above story [*]:
The Russians were also quicker to turn their attacks to political purposes. A 2007 cyberattack on Estonia, a former Soviet republic that had joined NATO, sent a message that Russia could paralyze the country without invading it. The next year cyberattacks were used during Russia’s war with Georgia.
Normally, editors would switch this to the active voice, or:
The next year, Russia used cyberattacks in their war against Georgia.
But that would be factually wrong. Yes, cyberattacks happened during the conflicts with Estonia and Georgia, but the evidence in both cases points to targets and tools going viral on social media and web forums. It was the people who conducted the attacks, not the government. Whether it was the government who encouraged the people is the big question -- to which we have no answer. Since the NYTimes has no evidence pointing to the Russian government, they switch to the passive voice, hoping you'll assume they meant the government was to blame.
There's a lot more.  All I can add is that (a) the line that "the Russians hacked the DNC to help Trump" is really weak from a facts and proof point of view, and (b) the only people who will believe it are Democratic Party supporters (like the Times) who don't care about facts and proof.  Oh, and (c) the people in (b) are entirely convinced that they are smarter and better thinkers than you and me, despite their utter lack of interest in thinking this one through.

The New York Times: All the news that confirms our bias is fit to print.

Thursday, December 22, 2016

Wednesday, December 21, 2016

Joe Bonamassa - Santa Claus Is Back In Town

And it's a $400 fine for the second offense


California's Ongoing Secession

California has opened it's first embassy. In Moscow.

It just writes itself.

Why I'm not posting about the "the Russians hacked the election" nonsense

Because it's nonsense, and quite shockingly low caliber nonsense at that:
Then there is the persistent incredibly STUPID story that “The Russians Did It!!”. First off, you can’t know if they did the hack, or not. (As pointed out several times already, I’m a computer security guy who had to deal with this stuff professionally for a couple of decades… it’s ‘my business’ and I’m good at it.) My first encounter with The Russians was in about 1986, so call it 30 years ago. To think that only this year they woke up and started hacking is just dumb. They are about 1/4 as active as the Chinese, so anything they have, or did, the Chinese had more of and sooner. Now look at what ‘the hack’ was (and was not): It was NOT a changing of the vote. Recounts and paper ballot States show that. (In fact, they show a little fudging by the Democrats in places like Chicago…but not enough to change the outcome since they are concentrated in places like California where the Dims already run the table). It WAS a publishing of the criminal and completely immoral actual acts and crimes of the DNC, Clinton, Media like CNN and MSNBC and ‘papers of record’ in burning Bernie and going ‘all in’ on biasing the debates (and worse). So at most, it was exposing the truth. Golly, being truthful, such a crime… /sarc
Remember, the Democrats think that you're stupid, and will fall for this drivel.

Tuesday, December 20, 2016

What's the cost of cybercrime?

$1 - $2 Billion a year for one botnet:
New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.
[blink] [blink]

Wow.

UPDATE 21 December 2016 14:01: Fixed an autocorrect-induced typo.

What does a Climate Scientist say to climate scientists freaking out over the impending Trump Administration?

Dr. Judith Curry runs the school of Earth Sciences at Georgia Tech, and is a peer-reviewed climate scientist.  She is also a "like warmer" - she believes that the climate has been warming (as do I) and that mankind is somewhat responsible (as do I).  However, she does not see things as a crisis, and has repeatedly spoken (including before Congress) on the large uncertainties in climate science.  Her paper The Uncertainty Monster is required reading for anyone interested in the state of the science.

So what does she say to the scientists who are freaking out over Donald Trump?
Get over it, your side lost.  Changes of Presidential administrations occur every 4 or 8 years, often with changes in political parties.
Get busy and shore up your scientific arguments; I suspect that argument from consensus won’t sway many minds in the Trump administration.
Overt activism and climate policy advocacy by climate scientists will not help your ’cause’; leave such advocacy to the environmental groups.
Behave like a scientist, and don’t build elaborate conspiracy theories based on vague conflicting signals from the Trump administration.  Stop embarrassing yourselves; wait for the evidence.
Be flexible; if funding priorities change, and you desire federal research funding, work on different problems.  The days of needing to sell all research in terms of AGW are arguably over.
'Tis a consummation devoutly to be hoped, that right there.

Monday, December 19, 2016

Truck Attack In Germany

Someone drove truck into the Christmas Market in Berlin. No one is reporting the nationality of the suspect or the motive, but they are reporting an arrest.

From the English version of Deutsche Welle.

"The incident occurred on the Breitscheidplatz square, near the location of Berlin's iconic Kaiser Wilhelm Memorial Church along the Kurfürstendamm shopping mile. Nine people are reported to have died as a result of the attack; however, unconfirmed reports state that there may be more fatalities. Up to 50 people have been reported as injured.
The police are treating the incident as an apparent terror attack. The driver of the truck has now been arrested after fleeing the scene earlier."

I have no idea how something like this could happen


Sunday, December 18, 2016

Bing Crosby - White Christmas

One of the Queen Of The World's favorites - the original from the film, 'natch.  This one that is dubbed into German is pretty funny ...



Of if Deutsche is nicht sehr gut fur sie, Perry Como's version is perhaps more gemütlich:

Just between you and me, I have my doubts


The oldest Christmas Carol - Corde Natus Ex Parentis

This was written by the roman poet Prudentius in the late fourth or very early fifth century, although there is some argument that Veni Redemptor Gentiuma carol by Ambrose (Bishop of Milan and one of the Church Fathers) was the first.  Interestingly, both are still performed today over 1600 years after they were written.



Corde natus ex parentis
Ante mundi exordium
A et O cognominatus,
ipse fons et clausula
Omnium quæ sunt, fuerunt,
quæque post futura sunt.
Sæculorum sæculis.

Of the Father's heart begotten,
Ere the world from chaos rose,
He is Alpha, from that Fountain
All that is and hath been flows;
He is Omega, of all things,
Yet to come the mystic Close,
Evermore and evermore.

Saturday, December 17, 2016

Michael Buble & Thalia - Feliz Navidad

Love this song.

An Honest Christmas Song

A warm welcome for Robert Earl Keene, everyone.

Travis Tritt - Christmas In My Hometown

Country music can get pretty sentimental sometimes, and there's no time for sentimental like Christmas.  Travis Tritt does an old school country version of Sonny James' 1966 holiday classic.



Christmas In My Hometown (songwriters: Sonny James, John Skye)
There's a white Christmas in my hometown
Where the streets are snowy, shinin' bright
And the lights on all the Christmas trees are burning
For old Santa's sure to come this very night 
There are jingle bells and Christmas carols singin'
By the children who are walking in the street
Folks are smiling and they're sayin' merry Christmas
For there's joy in their hearts as they meet 
Oh, the Christmas chimes are ringing in the tower
Jingle bells can be heard all around
Time for all to go and wait for Santa's comin'
'Cause it's merry Christmas here in my hometown 
I can hear the reindeer in the distance
All the sleigh bells are ringing loud and clear
Little eyes are closed in their slumber
They are waiting for old Santa to appear


Friday, December 16, 2016

B.B. King - Christmas Celebration

The Department of Energy told Trump to go pound sand. Now what?

The Trump Transition team asked some pointed questions to the DoE. DoE just said that they weren't going to answer.  That does not seem like it will play out well for DoE:
Today, we get the first salvo fired in response. From the Washington Post
“Our career workforce, including our contractors and employees at our labs, comprise the backbone of DOE (Department of Energy) and the important work our department does to benefit the American people,” Eben Burnham-Snyder, a DOE spokesman, told the Washington Post in an email. “We are going to respect the professional and scientific integrity and independence of our employees at our labs and across our department. We will be forthcoming with all publicly-available information with the transition team. We will not be providing any individual names to the transition team.” [Emphasis in original.]
When I saw that, I cracked up. Busted out laughing. I thought “You idiots! You just fell into the trap!”
Here’s the deal. The Transition Team sent that memo out. It doesn’t ask for anything other than the duties the employees performed. It doesn’t ask them to change their views or alter their scientific conclusions. It just wants to know, who worked on these projects? There is no reason to refuse that—it’s asked in this situation all over the world. A new boss comes in and says “Hey, who worked on the Jones project?” And Sally and Bob raise their hands. No harm, no foul.
Does anyone really think that the incoming DoE Secretary won't get these names?  Does anyone really think that he won't get the names of everyone who, say, worked on anything to do with the Paris Climate Accords?  Does anyone really think that he won't get the names of anyone who, say, went to Paris on DoE time and expense for the Climate Accord meeting?

Seriously?

But that isn't the avenue of attack here.  What is going to be identified is the committee memberships that are involved.  That's because bureaucrats are incredibly risk adverse, and so they essentially become herd animals.  The herds are called "committees", and like the wildebeest on the African savannah the committee provides protection to the individual bureaucrat:
If you want to take over a bureaucracy, the key thing to know is that a single bureaucrat all alone is almost always a weak, pitiful creature for a simple reason.
He/she finds it very, very difficult to make a decision on his/her own.
Why do you think bureaucracies always spawn double handfuls of boards and commissions and working groups and the like? As a group, they can make decisions, no problem. Might not be good decisions, but they can make them. Plus which it makes them brave to have six or eight other men and women in agreement. But by themselves, chronological inertia takes over, and they slowly sink into their natural vegetative state of torpor.
...
SO … if you want to take over a bureaucracy, how do you do it? Well, you either take over or abolish the groups that give individual bureaucrats power, [or] you isolate or otherwise neutralize the leaders.
The Trump team seems to be determined to attack the entrenched bureaucracy, in a way that I can't remember seeing before.  What is interesting is that the new paradigm is very different from the old:

Old Paradigm: The country wants the government to function and to perform its tasks efficiently.  The bureaucracy wins this game because while the old committees can be abolished, the new Administration cannot succeed without setting up new committees to make the Agency function.  If the Agency employees don't want to play along, the new committees will fail to work well, and the new Administration will fail at making the government work.  Advantage: entrenched bureaucracy.

New Paradigm: The country doesn't give a fat rat's derriere whether the government works well or not, because a plurality or majority of the country thinks that government is the problem, not the solution.  A non-trivial portion of the country may think that the Agency has been politicized and is aggressively implementing policies that the citizens don't agree with.  In this case, all the new Administration needs to do is eliminate the committees that are not desired, and the Agency will grind to a halt on the activities that are politically unpopular with the country.  No need to replace them and make them work, just gum up the works.  Advantage: new Administration.

It doesn't seem like anyone even needs to lose their jobs, just be made powerless and irrelevant.  I am quite keen to see how this plays out, but the current people at the DoE should not be optimistic of the outcome.

Thursday, December 15, 2016

Even The Local Police Go Back and Forth

9 mm or .45ACP? Does magazine capacity sway your thinking? As in 17 rounds of 9 mm vs. 9 rounds of .45ACP? Is one better? Which do you prefer? What round is in your current carry piece?


Wednesday, December 14, 2016

Nat King Cole - Oh Tannenbaum

The Queen Of The World really outdid herself on our tree.  3,300 lights.


A classy tree like this deserves a classy song.

It wasn't my fault!


Use this one weird trick do that Ads DIE DIE DIE

Peter highlights a serious security issue - malware delivered via web ads:
Like many of you, I'm sure, I run ad blocking software, a pop-up blocker, and a script blocker on my Web browser.  In fact, I use multiple Web browsers.  For Web pages that simply must allow scripting, cookies, etc. - such as Blogger, on which I'm writing these words - I use Chrome.  For general browsing, where I don't want to allow Web sites to set cookies, run scripts, etc., I use Firefox, fully loaded with protective software.  As backups, for occasional use when I want to visit a Web site, then instantly clean out whatever it sets in the way of cookies, etc., I use Opera or Edge.  To add to my browsing security, I use a VPN (virtual private network)offering end-to-end encryption, and providing a 'location' that's many hundreds of miles away from where I am.  I want to make life as difficult as I can for scam artists, hackers and intrusive corporate spyware.

I therefore get very frustrated when certain Web sites won't allow access unless I disable my ad blocker, or demand that I disable some or all of my security software in order to use them.  I simply won't tolerate such nonsense. 
This is a serious issue, one that I've blogged about several times.  Web sites typically have little or no control over the ads they serve, and ads are increasingly used by the Bad Guys to serve up malware to unmatched web browsers.  Peter lists a set of tools that I also recommend, but There's another trick that you can use that will deep-six a lot of the web clutter that slows your browser down - and may try to infect it.

Internet Black Holes.  I just made that name up, but it gives you a picture of what this is doing.  If you make as many of the ad sites unreachable to your computer, they can't send you an ad.

Web pages look all nicely formatted, but they're actually a jumble of text, pictures, links, and computer code (especially Javascript).  Going to your browser's menu and selecting "View -> Source"  will show you just how complicated and ugly things are.  Your browser cleans this all up for you, pulling pictures down from links, formatting the text, loading video players, and fetching the ads that are encoded into the (mostly javascript) computer code.

And here is the weird trick: if you tell your computer that a particular ad location is at the Internet  address equivalent of Never Never Land, your browser will never be able to pull down that ad.  Sweet, huh?

What you do is basically override the Domain Name Service (DNS) for a particular set of bad sites.  DNS is what translates names (say, "www.google.com") into an IP address (I'm too lazy to look it up, but it will look something like "172.63.108.7").  DNS runs automagically, where your computer asks a DNS server (typically your home router) to give it the IP address for the name that you're trying to reach.

Except you don't have to always use DNS.  You can selectively (and most importantly, at no effort by you whatsoever) override DNS if you have some of these translations in a "hosts" file on your computer.  Your computer actually looks there first, and only asks DNS if it doesn't find what it's looking for.  If you have a bunch of ad sites in your hosts file, with an IP address pointing to Never Never Land, your browser will never send out DNS requests for those sites, and you will never see the ads (and the malware delivered with them).  Cool, huh?

As a note to the curious, "Never Never Land" has an IP address of "127.0.0.1".  This is called the "loopback" address and means that it's referring to your very own computer (whatever the real IP address is).  Since you almost certainly aren't running a web server on your own computer, and certainly aren't hosting those ads on those URLs, your web browser will get a whole bunch of 404 messages instead of ads.  And it will get them fast, because it doesn't have to wait for DNS to reply.

The only thing you need to know is "where can I get a hosts file that is already made up, because I'm far to busy to do it myself?"

The entries look pretty legit, although I can't vouch for everything.  There is non-ad stuff (like Sitemeter - the Sitemeter host that this blog used to point to is listed there) which will break, but it doesn't look like it will break much (or anything) that you'd notice.  And you want to zap a lot of the annoying stuff that Peter was talking about?  This is your huckleberry.

There are installation instructions at the link, and it looks like the file is updated regularly, so give it a try.

Disney sued over H1-B visa staffing

Laid off Disney IT staff suing Disney for racial discrimination:
Court papers, filed on Disney's home turf in Orlando, Florida, state that in October 2014, the Mickey Mouse operation told 250 or so technicians that they were being laid off and that they could apply for other roles within the entertainment giant. The lawsuit claims the techies were not successful, and instead the positions were taken by non-Americans on H-1B visas, who had to be trained by the axed IT bods. 
Essentially, it's alleged Disney racially discriminated against its own experienced American workers by replacing them with non-citizen rookies parachuted in from India. 
"Between October 2014 and January 31, 2015, Plaintiffs applied for employment in several available positions posted by Defendant," the filing [PDF], submitted on Monday, reads. 
"Plaintiffs were well-qualified for these positions, but were denied further employment with Defendant. On or about January 31, 2015, Defendant terminated the employment of Plaintiffs based solely on their national origin and race, replacing them with Indian nationals."
I'm quite interested to see what Trump does about this.  The Silicon Valley big wigs are meeting with him today - I wonder if this will be a topic.

Tuesday, December 13, 2016

Peter, Paul and Mary - A Soalin'


I grew up with Peter, Paul, and Mary.

QOTD

"but there’s one thing that, on a philosophical level, you will never be able to make me concede: That intentionally making yourself weaker in the face of danger and aggression is somehow more civilized, moral, intelligent, or enlightened. "
--Marko Kloos
It's not a new post, but I recommend you read the whole thing.

The Four Rules

Break them all. Keep breaking them all. Eventually someone will get shot.

Drunk people playing with a loaded handgun. Live streaming it on Facebook. Someone putting the gun in his mouth. The magazine is out, but it seems likely there's one in the chamber the whole time.

Finally, almost inevitably, this shit show ends with a death, a felony arrest, loss of the gun owner's concealed carry permit, loss of all firearms.

All four. All the time.




Monday, December 12, 2016

Jeff Gordon test drive prank

A disguised Jeff Gordon takes a Camaro for a test drive with a car salesman.  Hilarity ensues.



You're an idiot and I'm going to kill you!

Well, this is the Internet, and so people started calling it a fake.  So a disguised Gordon poses as a taxi driver and gives a ride to one of the most (ahem) vocal critics.  Hilarity ensues once again.



Man, this is some funny stuff.

Sammy Davis Jr. - Christmas time all over the world

Separation of Powers - half gone?

Aretae is back, with a post pondering Separation of Powers as envisioned by the founders and as recognized today.  His take: half of the original mechanisms are now gone:
Overall, there were at least eight elements built into the fabric of the federal government for the purpose of balancing the states’ power against that of the federal government. There are still four left.
Actually, by his count there are three left.  His first one is Secession, which Foseti dealt with some time back.  That link is well worth a read.

In unrelated-but-related news, we are told that the grandsons of John Tyler - the 10th U.S. President - are still alive:
The Tyler men have a habit of having kids very late in life. Lyon Gardiner Tyler, one of President Tyler’s 15 kids, was born in 1853. He fathered Lyon Gardiner Tyler Jr. in 1924, and Harrison Ruffin Tyler in 1928.
And so back to Aretae's list.  All eight elements were in full force when Lyon Gardiner Tyler Jr's father was born.  Five were left when he was born, and he has watched another two be eliminated.

TL;DR: it only took two generations for the majority of the pillars of Separation of Powers to be eliminated.  Moldbug said something similar, although in eleventy million more words.

But hey, Aretae's back!  Go leave him some welcome-back comment love.

Why the Department of Energy should be concerned about the questions the Trump team are asking

It seems that the Trumpeters know how to dig:
So, let’s take a look at this already infamous 74-question memo. In it we’ll find two things: (1) just what is setting their hair on fire, and (2) whatever clues are there about future actions by the new administration. I’ll discuss both individual questions and groups of questions.
Questions for DOE
This memo, as you might expect, is replete with acronyms. “DOE” is the Department of Energy. Here are the memo questions and my comments.
1. Can you provide a list of all boards, councils, commissions, working groups, and FACAs [Federal Advisory Committees] currently active at the Department? For each, can you please provide members, meeting schedules, and authority (statutory or otherwise) under which they were created? 
If I were at DOE, this first question would indeed set MY hair on fire. The easiest way to get rid of something is to show that it was not properly established … boom, it’s gone. As a businessman myself, this question shows me that the incoming people know their business, and that the first order of business is to jettison the useless lumber.
...
6 The Department recently announced the issuance of $4.5 billion in loan guarantees for electric vehicles (and perhaps associated infrastructure). Can you provide a status on this effort?
Oh, man, they are going for the jugular. Loan Program Office? If there is any place that the flies would gather, it’s around the honey … it’s good to see that they are looking at loan guarantees for electric vehicles, a $4.5 billion dollar boondoggle that the government should NOT be in. I call that program the “Elon Musk Retirement Fund”.
Folks, for $4.5 billion dollars, we could provide clean water to almost half a million villages around the world … or we could put it into Elon Musk’s bank account or the account of some other electric vehicle manufacturer. I know which one I’d vote for … and I am equally sure which one the poor of the world would prefer.
There are 74 questions in all, and they are all designed to dig into the soft under belly of a bureaucracy that has expanded its powers beyond what is authorized by statute, and to collect evidence of bias and incompetence to undermine the Department's defense of its headcount and budget.

Signs point to an ugly time for the Agencies, which will be a first.  Usually the Agencies can outlast a new Administration, but the information being collected suggests that knives are being sharpened.

UPDATE 12 December 2016 12:44: Link added.

Saturday, December 10, 2016

Friday, December 9, 2016

Dangerous toys NOT to get for Christmas

TL;DR: I strongly recommend that you do NOT buy the My Friend Cayla doll, the i-Que robot, or the Barbie Hello Dream House as gifts due to a grotesquely dangerous security flaw in the toy's design.

I often rant about poor security in products and how "security wasn't an afterthought, it wasn't thought of at all."  Mostly it's about something that is unlikely to effect most of all y'all.  This time is different - here are some toys that can endanger children, and I STRONGLY recommend that you do NOT buy these as gifts this holiday season.

My Friend Cayla is a doll with embedded voice recognition technology similar to Apple's Siri, that can interact with children.  It not only listens to what the child says but can respond appropriately.

While it's somewhat concerning that the doll "phones home" over the Internet for the voice recognition to work, the issue isn't that it's listening in on your kid.  Mind you, I find this more than a little creepy, but I remember when there were only 3 TV channels.

The danger is that the doll is Bluetooth enabled, and the Bluetooth is completely unprotected.  What this means is that anyone within Bluetooth range (which at 100 yards is actually further than many think) can connect to the doll and start talking to your child as she plays.

Let me say that again - Joe Shmoe in the park across from your house can connect to your little Princess' doll and have a chat.  There's a video of this, although they're wrong to call it a "hack".  It's simply use of the functionality as it was designed.

Also using the exact same technology with exactly the same flaw is the i-Que robot: this isn't just a threat to little girls.

Unconfirmed reports also include the Barbie Hello Dream House.  I don't know whether this is vulnerable to remote Bluetooth access, and it's almost certain that nothing definitive will be published on this before the holidays.  Given that I recommend that you don't buy this, either.


This seems to me to be bordering on criminal negligence by the companies involved (certainly My Friend Cayla and i-Que; possibly Mattel).  The idea that a child's toy could be released that would allow someone to remotely talk with your child his his or her own bedroom is mind bogglingly stupid.

To reiterate, I strongly recommend that you do NOT buy the My Friend Cayla doll, the i-Que robot, or the Barbie Hello Dream House as gifts due to a grotesquely dangerous security flaw in the toy's design.

Wisdom from the Dalai Lama



One day Chao-chou fell down in the snow, and called out, “Help me up! Help me up!” A monk came and lay down beside him. Chao-chou got up and went away.
- Zen koan

Image via Gerhard Van der Leun on Gab.ai.

Happy birthday, Kirk Douglas

We've had too much bad news lately, with the death of John Glenn and Grek Lake (from Emerson, Lake, and Palmer).  So here's a Friday dose of good news: Kirk Douglas is 100 years old today:
Kirk Douglas, who appeared in his first film in 1946 and was nominated for his first Oscar in 1949 (the first of three nominations), turns 100 years old Friday. Over the course of the more than 90 performances in his career, he played roles ranging from the gladiator-turned-rebel Spartacus to the painter Vincent Van Gogh. He was awarded the Presidential Medal of Freedom by Jimmy Carter and won an honorary Oscar for "50 years as a creative and moral force in the motion picture community" in 1996. 

Thursday, December 8, 2016

Rest in Peace, John Glenn

John Glenn passed away today.  He was one of the heroes of my childhood - a man who epitomized "The Right Stuff": Marine Corps fighter pilot with 59 missions in the South Pacific in World War II, a jet pilot in Korea and wingman of Red Sox legend Ted Williams, returning to base once with over 250 holes in his plane.  One of the original "Mercury Seven" and the first American to orbit the earth. Cool under pressure when a malfunction jeopardized his re-entry.

That was enough to trigger a big case of hero worship in four year old Borepatch.  Oh yeah, he was a Senator too, but nobody's perfect.

Listening to the radio report of his death, the hero worship welled back up.  Thanks for the thrills and inspiration, Astronaut Glenn.  May Angels sing the to thy rest.

Or since you rode the thunder and tore holes in the sky, maybe The Bellrays can rock you out with a space age Christmas tune.

Giraffedog

All it needs now is a "laser" on its frikin' head ...


You got no stinkin' privacy because the Courts do not understand the Internet

Good article on privacy, TOR, and the Court's ruling that using TOR does not give you a reasonable expectation of privacy (!):
First, let's discuss how the judge reasons that there's no expectation of privacy with Tor. This is a straightforward application if the Third Party Doctrine, that as soon as you give something to a third party, your privacy rights are lost. Since you give your IP address to Tor, you lose privacy rights over it. You don't have a reasonable expectation of privacy: yes, you have an expectation of privacy, but it's not a reasonable one, and thus it's not protected.

The same is true of all your other digital information. Your credit card receipts, phone metadata, email archive, and all the rest of things you want to keep private on the Internet are not (currently) covered by the Fourth Amendment.

If you are thinking this is bullcrap, then you'd be right. Everyone knows the Third Party Doctrine doesn't fit the Internet. We want these things to be private from the government, meaning, that they must get a warrant to access them. But it's going to take a clueful Supreme Court overturning past precedence or an armed revolution in order to change things.
The court ruled that since you have an IP address, Sumd00d on the 'net can get to you and so you have no reasonable expectation of privacy.  Ooooh kaaay.
As Orin Kerr's post points out:
Fourth Amendment law regulates how the government learns information, not what information it learns
In other words, it doesn't matter if the FBI is allowed to get your IP address, they still need a warrant to search your computer. If you've got public information in your house, the FBI still needs a warrant to enter your house in order to get it.
That seems right.  Your IP address must by definition be public on the 'net.  That doesn't mean that I want all my files on my computer browsable, duh.

But it gets worse - your computer is likely not connected to the Internet.  Instead, it's connected to an internal private network that is protected by a firewall (either a stinkin' big enterprise class firewall at work or your router/firewall at home).  Your private network uses a private IP address, by definition - this was defined in a technical spec (called "Request For Comment" in Internet Geek-speak) RFC 1918 "Address Allocation for Private Internets" - note to court and FBI G-Man: please pay attention to the work "Private" in that title.

But I digress.

The Court was ruling on the use of TOR, and basically said that since your computer uses IP (and responds to IP) there's no privacy.
Yes, the entry Tor node knows your IP address, but it doesn't know it belongs to you or is associated with your traffic. Yes, the exit Tor knows your traffic, but it doesn't know your IP address.

Technically, both your traffic and IP address are public (according to the Third Party Doctrine), but the private bit is the fact that the two are related. The "Tor network" isn't a single entity, but a protocol for how various different entities work together. No single entity in the Tor network sees your IP address combined with your activity or identity. Even when the FBI and NSA themselves run Tor nodes, they still can't piece it together. It is a private piece of information.
And quite frankly, one of the best arguments that the Courts won't provide oversight to Intel snooping is revealed in the fact that if things were as open and un-private as the Court said there isn't any need to attack the target computer with malware.  Of course, your data is private, and so the FBI has to pwn you, and to anyone with an expectation that the Fourth Amendment means what it says that's a search and the FBI should get a warrant.  Instead it's (legally) license to kill.

The punch line, of course, is all the lefties who didn't care about what the Federales were doing for the last 8 years will be appalled that the Trump Administration is probably going to totes keep on doing it, just to a different set up folks.  Now you know how we feel about the Second Amendment, where the argument has been "keep and bear arms" means that you can't have a firearm in your home and you certainly can't take it out with you, because reasons.

As a historical note, I posted years ago about how to hide yourself from NSA snooping.  It didn't rely on TOR, but probably won't work anyway.

If you think that I'm a bit paranoid, please keep in mind that I was trained to be that way by the finest minds in the Free World ...

Wednesday, December 7, 2016

The reason to stay late at the office on Friday

To install these.


How completely does Donald Trump own the media?

So completely that Piers Morgan nails it in a brilliant article:
‘Twitter helped win me the election,’ President-elect Donald Trump told me when we spoke two weeks ago.

He cited his extraordinary army of 16 million followers on the social media platform as one reason (he has almost as many on Facebook). Each follower represented a potential voter he could talk to directly on a daily, or hourly basis – in exactly the way he wanted.

The second reason, he said, was his ability to set the news cycle for a day with one solitary tweet.

He particularly loved the fact, as a businessman, that it costs him absolutely nothing; Twitter is the ultimate marketing tool.
This is perceptive and funny, but it's only the setup.  This is the serve:
Since the election, Trump has continued to set America ablaze with his tweets; from his calls for the musical Hamilton to be boycotted and flag-burning to be criminalised, to his angry attacks on Saturday Night Live, defense of his contentious phone call with Taiwan, and mockery of China’s hypocrisy.Each episode followed a familiar 10-part pattern:

1) Trump posts an inflammatory, highly opinionated tweet.
2) The media goes nuts.
3) Trump’s tweet then dominates the news all day.
4) The media demands he stops tweeting because it’s ‘un-presidential.’
5) Trump ignores them.
6) Conventional politicians demand he stops tweeting because it’s un-presidential.’
7) Trump ignores them too.
8) Trump wakes up next morning to every paper and cable news show talking about his tweet.
9) Trump chuckles to himself.
10) Trump tweets again.

Repeat.

LOL.  I'm not a Piers Morgan fan, but this is 100% dead on.  It's also funny, so make sure that you click through to read the whole thing.  It's odd that it takes the overseas press to figure this out - the fact that the domestic press is smart enough to figure it out but will absolutely not admit it says all you need to know about them.

Trump will keep beating them like a rented mule until they do.

Hat tip: American Digest.

Answer to a Question

Unknown asked in the comments if I had found a magazine for the Series 1 Colt Woodsman. I did. Brownell's has them. Still looking for grips I can afford.

Tuesday, December 6, 2016

Remember

The losses of December 7th, 1941 were only a pittance of the price that would eventually be paid to stop Nazi Germany and Imperial Japan. In the grand scheme, the losses appear as small numbers on a tally sheet.

On an individual basis, every one of the sailors and Marines on those ships were someone's son,  brother,  husband, uncle, friend. They were all, from where I stand now, young men with most of their lives in front of them.                 

Remember.




Only badasses need apply in Helsinki

Seen at the Helsinki airport.  Best.  Marketing.  Ever.


Makes me want to go to Helsinki in November, just to show how badass I am.

New Cybersecurity Commission report not so useful

Maybe even counter productive:
An Obama commission has publish a report on how to "Enhance Cybersecurity". It's promoted as having been written by neutral, bipartisan, technical experts. Instead, it's almost entirely dominated by special interests and the Democrat politics of the outgoing administration.

In this post, I'm going through a random list of some of the 53 "action items" proposed by the documents. I show how they are policy issues, not technical issues. Indeed, much of the time the technical details are warped to conform to special interests.
Washington loves Blue Ribbon commissions.  This is a Blue Ribbon commission.  But the recommendations come from people who don't understand security:
Action Item 1.3.1: The next Administration should require that all Internet-based federal government services provided directly to citizens require the use of appropriately strong authentication.
This would cost at least $100 per person, for 300 million people, or $30 billion. In other words, it'll cost more than Trump's wall with Mexico.

Hardware tokens are cheap. Blizzard (a popular gaming company) must deal with widespread account hacking from "gold sellers", and provides second factor authentication to its gamers for $6 each. But that ignores the enormous support costs involved. How does a person prove their identity to the government in order to get such a token? To replace a lost token? When old tokens break? What happens if somebody's token is stolen?

And that's the best case scenario.
I remember back in the 1990s when a major bank decided to issue a hardware password token device to each of their customers for use in online banking.  They spent millions of dollars to buy and deploy the devices, and then many times that on customer service call centers before quietly dropping the program.  The commission recommendation sounds good, but ignores the real world experiences that the industry has been through.

This is a long post which calls out many of issues where the commission just doesn't know what they're talking about.  But it's worse - sometimes the commission seems to know what it's doing just fine:
Action Item 1.3.3: The government should serve as a source to validate identity attributes to address online identity challenges.
In other words, they are advocating a cyber-dystopic police-state wet-dream where the government controls everyone's identity. We already see how this fails with Facebook's "real name" policy, where everyone from political activists in other countries to LGBTQ in this country get harassed for revealing their real names.

Anonymity and pseudonymity are precious rights on the Internet that we now enjoy -- rights endangered by the radical policies in this document. This document frequently claims to promote security "while protecting privacy". But the government doesn't protect privacy -- much of what we want from cybersecurity is to protect our privacy from government intrusion. This is nothing new, you've heard this privacy debate before. What I'm trying to show here is that the one-side view of privacy in this document demonstrates how it's dominated by special interests.
Because there's still a tiny corner of the 'net that hasn't been entirely monitored and subverted by the Intelligence Community.  Sorry, I'm way past the point of believing that security programs from the Fed.Gov are in my interest.

Hopefully the new Administration will toss this report in the circular file.

Monday, December 5, 2016

Christmas mojo

The Queen Of The World is in full Christmas decorating mode, and Castle Borepatch has been transformed into a Winter Wonderland.  She loves decorating, and I love that she loves to do it - the house really is a show piece.  We still need to put lights and ornaments on the tree, but will get to it presently.

But this is our first anniversary, and so lights will have to wait.  I look around at our cozy home and marvel at how one short year ago I was selling Camp Borepatch, we were packing to move, and snuck off to get hitched.  It's been quite a year, but it's led to, well, contentment - in a way that I haven't had in ages.

I'm quite a lucky man.

Oscar Peterson - The Christmas Waltz

A Christmas classic from the Maharaja of the keyboard.

Every story you will get from the Media about Donald Trump

Here's the format, just plug in the item du jour:
“Oh, I’m so concerned that Trump did {thing}, he is offending {SJW List Of Special Topic Folks} and damaging relationships with {Persons Du Jour}. I really hope he isn’t that {dumb | naive | uneducated | mean | incompetent | {insert other insult}}. How can we help him avoid offending {class list} again? Perhaps by {doing our agenda here}? He really doesn’t ‘get it’ about {tradition | OUR prior precedent | Progressive Norms} does he? Who can help him?”
It's Concern Trolling disguised as journalism, and it doesn't work anymore:
In large part, especially on CNN and MSNBC and even to some extent on Fox, they have adopted the role of Concern Troll In Chief, and frankly, my ‘concern’ is all worn out.
See, they have forgotten about Maslow’s Hierarchy of Needs. When one is worried about losing the house, not having a job for a year, how to pay back a $1/4 Million School Loan while working at Starbucks as a Barista with your Advanced SJW Degree, watching your sons and daughters go off to Iraq again perhaps to die, or just struggling to speak Spanish at the store so you can buy necessities (NOT hyperbole – I’ve done it twice in the last two weeks as the staff were all native Spanish speakers…); under those circumstances it just doesn’t make a God Damn Difference who’s phone call The Donald takes.
Basically, Dear Professional Concern Trolls: “Frankly, my Dear Troll, I just don’t give a damn.”
That sounds about right.  Until the Media rebuilds some trust with most of the country, this is going to be wildly ineffective.  For people who look down on everyone else in the country as "dumb hicks", this sure seems pretty dumb.

Why do we have bad security?

Because it costs a lot, and the rational decision is to have worse security than we'd like.  Visa gives fuel stations 3 more years to install credit card chip readers because of the cost of the program:
Avivah Litan, a fraud analyst with Gartner Inc., said the deadline shift wasn’t unexpected given how many U.S. fuel stations are behind on costly updates, noting that in some cases it can cost more than $10,000 per pump to accommodate chip card readers. The National Association of Convenience Stores estimates that station operators will spend approximately $30,000 per store to accommodate chip readers, and that the total cost to the fuel industry could exceed $4 billion. 
“Some of them you can just replace the payment module inside the pump, but the older pumps will need to be completely removed and replaced,” Litan said. “Gas stations and their unattended pumps have always been an easy target for thieves. The fraud usually migrates to the point of least resistance, and we’re seeing now the fraudsters really moving to targeting unattended stations that haven’t been upgraded.”
Credit card fraud from pull pumps is around 1% of all card fraud., which is about $16B world wide.  At $4B for the upgrade, mathematics says that fraud would need to be $400B a year for the expense to be justified.  What the delay will allow is for station owners to plan a technology refresh for their pumps (something that will be in the works anyway) and so the cost of the chip readers will be a minimal portion of the overall upgrade, rather than the whole thing.

This situation is actually quite a good view into the workings of the "security as risk management" approach.  Yes, the technology exists.  Yes, security will be better after this is implemented.  No, there's no way to justify the cost of an immediate upgrade.  Yes, there will be a cost to carry if you don't upgrade immediately.  No, that doesn't make an immediate upgrade the right decision.