does anyone at MSFT get security?

So Windows Genuine Advantage has a hole in it:

Microsoft “Genuine Advantage” cracked in 24h: window.g_sDisableWGACheck=’all’:

Microsoft “Genuine Advantage” cracked in 24h: window.g_sDisableWGACheck=’all’
Cory Doctorow: AV sez, “This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called ‘Genuine Advantage.’ It was cracked within 24 hours.”
Before pressing ‘Custom’ or ‘Express’ buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck=’all’)

It turns off the trigger for the key check.

Link (Thanks, AV!)

And then read this:
Schneier on Security: Microsoft Builds In Security Bypasses:

I am very suspicious of tools that allow you to bypass network security systems. Yes, they make life easier. But if security is important, than all security decisions should be made by a central process; tools that bypass that centrality are very risky.

I didn’t like SOAP for that reason, and I don’t like the sound of this new Microsoft thingy:

We’re always looking for new things that can allow you to do things uniquely different today. For example, this new feature tool we have would allow me to tunnel directly using HTTP into my corporate Exchange server without having to go through the whole VPN (virtual private network) process, bypassing the need to use a smart card. It’s such a huge time-saver, for me at least, compared to how long it takes me now. We will be extending that functionality to the next version of Windows.

That’s Martin Taylor, Microsoft’s general manager of platform strategy, talking.

Read that again: a new feature that is designed to bypass VPN authentication, all for the sake of convenience, is considered so cool, it will be in the next release of Windows. What IT manager is going to read that and not want Martin Taylor’s head on a pole?
Continue reading “does anyone at MSFT get security?”

genius and it’s roots

Two notes on a similar topic, recently brought to light:

scribble, scribble, scribble…:

Who first ate an oyster? And was he put up to it by a buddy? I’ll give you two shiny rocks if you eat that. Who was the first guy who looked at a horse and thought I bet I could ride one of those, and then jumped on? Who first looked at a round object and a round hole and thought it might be fun to toss the former through the latter? And who first decided to keep score?

The Deep North:

But what we wondered was, how on earth did anyone find out? Anyone who has disembowelled an ox presumably has a fairly hefty day’s work in front of him: in the thrifty Europe of the past, just about everything was used, but the gall bladder and its contents were, even by the standards of the ancien régime, wholly and absolutely inedible. Who on earth, rather than getting on with the unspeakably messy jobs of boiling up the tripe, making salami casings from the intestines, etc., wandered off with the brute’s gall bladder, saying ‘ooo, I wonder what this does?’ and started messing about with ink? And how did he get away with it, when there was so much to do? It’s one of those great human discoveries it is hard quite to imagine coming about, like, IF you get the cyanide out of cassava root, it is quite tasty, and highly nourishing. What Darwin-awardee of remote history went on experimenting after his mate had sampled raw cassava, gone blue, clutched his throat and dropped dead? There should be some sort of medal.

So how do people learn about the capabilities of organs, plants, minerals, etc.? And at what cost?
Continue reading “genius and it’s roots”

friday random ten

Love Is Everything / k.d. lang / Hymns of the 49th Parallel
1_I. Andante ma non troppo – Allegro energico / Sibelius, Jean (1865 – 1957) / The Complete Symphonies 1 (Disc 1) / Colin Davis & the Boston Symphony Orchestra
Burning Down / R.E.M. / Dead Letter Office
Requiem in D Minor, K.626: 3. Sequentia: Dies Irae / Agnes Baltsa, Anna Tomowa-Sintow, Berliner Philharmoniker, Helmut Froschauer, Herbert von Karajan, José Van Dam, Rudolf Scholtz, Werner Krenn & Wiener Singverein / Mozart: Requiem
You Don’t Miss Your Water / The Byrds / Sweetheart Of The Rodeo
Tomorrow Never Knows / The Beatles / Revolver
Can’t Keep a Good Man Down / Randy Newman & others / Randy Newman’s Faust
High Fidelity / Elvis Costello / The Very Best Of Elvis Costello (Disc 2)
Ziggy Stardust / David Bowie / Ziggy Stardust
Mr. P.C. / John Coltrane / Giant Steps

Now playing: Feeling Yourself Disintegrate by The Flaming Lips from the album “The Soft Bulletin” | Get it
Continue reading “friday random ten”

your tax dollars at work

Went sailing on Puget Sound (or the Whulge) yesterday, from Edmonds to Kingston. Beautiful day for it, though my youngest Able Seaman succumbed to seasickness and chundered on the coaming . . . .

Interesting to see that the Edmonds to Kingston ferry has a Coast Guard escort — two extremely fast patrol boats with 50 calibre machine guns fore and aft — while the return trip is unprotected. Coastguardescort

As the master and commander of our vessel pointed out, if one were wanted to target a passenger-carrying ship and saw both (since they pass each other on their runs) would you choose the one with 2 zippy little escorts or the other one?
Continue reading “your tax dollars at work”

Drupal needs a clue, perhaps?

As noted previously Drupal had a little trouble, and the community rallied around: individuals to the tune of over $10,000 and my employer with a server. So, I note that to build out their infrastructure, Drupal is going to use the community donations to buy Dell boxes. Um, let’s see here; IBM and Sun invest in Open Source, big-time. HP’s there too. Dell… uh, Dell? Ecosystem? Community? There’s something wrong with this picture.

Tim’s not saying that Drupal owes Sun anything, to be clear. I’m a little puzzled by this as well. If I had donated, I would be asking some questions of the Drupal decision-makers. Dell may offer a compelling price/performance solution: do the others not compete as well because of their self-imposed community obligations?
Continue reading “Drupal needs a clue, perhaps?”

the family that smiles together . . .

My daughter, aged 6, and I share the same smile now. I went to the dentist today to get a temporary false tooth installed and it didn’t fit (so much for people saying I have a big mouth). So now I just have a big unsightly gap in the same spot as hers. Once it looks a little less raw, I’ll take a picture to share with the grandparents.
Continue reading “the family that smiles together . . .”

The Book

My copy of Book The Sixth arrived yesterday and I am 3/4 through it (up til 1 AM with it).

Good so far, full of references and allusions to events past and yet to come . . . .

The war between Love and Hate, between Trust and Fear, comes to a gripping conclusion — but not for a year or so yet.

And Amazon is crediting me (and I presume everyone, including the other 31,411 Seattlites who got their copies yesterday) with a $1 refund. What, did Jeff Bezos run out of places to put the money?

<update> I finished it last night and I look forward to book 7 with even more enthusiasm. I now see 5 and 6 as prologue and I want to see how it gets tied up and resolved.

in case you finish the book by Monday AM

Harry Potter:

The sixth book of the Harry Potter series, Harry Potter and the Half Blood Prince, was released on Saturday at 12:01am. Besides buying the book, kids and adults all over our region attended Harry Potter events: sleepovers, magic shows, costume contests, and readings. But, now that it is Monday morning, how many kids have already finished the book? What is their review? What is so engaging about Harry?

KUOW wants to know what you thought of it.
Continue reading “in case you finish the book by Monday AM”

weak wireless

I took a look at my network’s signal strength with MacStumbler. The 26 is what I see most of the time, sitting 20+ feet away (the AP is downstairs, mounted to a beam), and the 74 was when I walked up and physically touched the AP with my iBook screen bezel.

Stumbling

Hmm, perhaps those antennas I have been reading about are a good idea.