Category Archives: Work

Stuff related to my current job of a broader interest.

News You Can Use

Posted on by

Quote of the Day

Privacy experts say disabling or deleting your device’s MAID will have no effect on how your phone operates, except that you may begin to see far less targeted ads on that device.

Any Android apps with permission to use your location should appear when you navigate to the Settings app, Location, and then App Permissions. “Allowed all the time” is the most permissive setting, followed by “Allowed only while in use,” “Ask every time,” and “Not allowed.”

Android users can delete their ad ID permanently, by opening the Settings app and navigating to Privacy > Ads. Tap “Delete advertising ID,” then tap it again on the next page to confirm. According to the EFF, this will prevent any app on your phone from accessing the ad ID in the future. Google’s documentation on this is here.

By default, Apple’s iOS requires apps to ask permission before they can access your device’s IDFA. When you install a new app, it may ask for permission to track you. When prompted to do so by an app, select the “Ask App Not to Track” option. Apple users also can set the “Allow apps to request to track” switch to the “off” position, which will block apps from asking to track you.

Apple also has its own targeted advertising system which is separate from third-party tracking enabled by the IDFA. To disable it, go to Settings, Privacy, and Apple Advertising, and ensure that the “Personalized Ads” setting is set to “off.”

Finally, if you’re the type of reader who’s the default IT support person for a small group of family or friends (bless your heart), it would be a good idea to set their devices not to track them, and to disable any apps that may have location data sharing turned on 24/7.

There is a dual benefit to this altruism, which is clearly in the device owner’s best interests. Because while your device may not be directly trackable via advertising data, making sure they’re opted out of said tracking also can reduce the likelihood that you are trackable simply by being physically close to those who are.

Brian Krebs
October 23, 2024
The Global Surveillance Free-for-All in Mobile Ad Data – Krebs on Security

Getting recent location information on a person given just a few bits of data was not the original intent. But it isn’t that hard to do with the Mobile Advertising ID:

The Mobile Advertising ID or MAID — the unique alphanumeric identifier assigned to each mobile device — was originally envisioned as a way to distinguish individual mobile customers without relying on personally identifiable information such as phone numbers or email addresses.

However, there is now a robust industry of marketing and advertising companies that specialize in assembling enormous lists of MAIDs that are “enriched” with historical and personal information about the individual behind each MAID.

I protested a similar loophole when I was working on the location services for Windows Phone 7 at Microsoft. People didn’t see the problem with a phone being assigned unique random number for each phone and tracking it. I had to explain it to them:

Supposed I know where my Ex works (or picks up her mail) and where our kids go to school. I search the tracking data for the sets of IDs which visit both locations. Even if there are a dozen of them, I can find out where each of those phones spend their night. I can then easily visit each of those locations to find which one is my Ex.

If I only have one location for my Ex I still find the home of my Ex. I isolate a sibling/parent/close friend of hers. I use that ID to see if it meets with one of the IDs from my Ex’s work/school.

They seemed understand the problem, but the corporate utility of having the tracking ID seemed to outweigh user risk. I don’t remember what ultimately happened with that.

I know there was similar location tracking risk to users that I called out and they went ahead with. About a month before it was released there was a bit of a scandal with Google’s Android phones. Google was doing almost exactly the same thing as what MS was about to release. The same manager who insisted I make the enabling code change changed his mind. It was with great pleasure that I backed out my code changes.

Smart phones are awesome tools. Smart phone users have a huge advantage over others who don’t have one or don’t use their full potential. But as you can imagine, and as surviving Hezbollah members can attest, in certain situations even a pager is risky.

Private Enterprise Demonstration

Posted on by

Quote of the Day

Read the whole thing. He expects the booster to ultimately have a one-hour turnaround time.

In the late 1990s I expressed the thought that, if he wanted, Bill Gates could afford to finance a manned Mars mission. My friend, Eric Engstrom, claimed it would cost more money than what Gates had. I hadn’t done any number crunching but was skeptical of that claim. It seemed Eric was using NASA numbers. I had briefly worked on a shuttle orbiter project and saw enough of NASA bloat to be very suspicious of NASA numbers. NASA, being a government entity, was going to spend something on the order of at least ten times more than what private enterprise would require.

Among other things, the technology NASA was using was absurd. Part of the extreme expense was that they would not allow technology that did not have the required reliability numbers. Fair enough, except to get those numbers required something like 20 years of use. The integrated circuits they had the numbers on were no longer manufactured! The circuit boards had to be double sided! Multiple layer circuit boards came out in the 1960s. But since the Shuttle was designed in the 1970s there wasn’t enough reliability data on them to make NASA happy. When I was working on my little project in the late 1980s NASA would not allow replacement parts to be anything other than what the original design used.

You should not be surprised that SpaceX is running technological circles around NASA efforts.

See also these videos:

This post was heavily inspired by an email from pkoning with the subject line of “SpaceX magic” and this link: SpaceX arm ‘catches’ Super Heavy rocket booster | Fox Business Video.

Tell Me Again Why Someone Should Own Bitcoin

Posted on by

Quote of the Day

From practically the time bitcoin launched in early 2009, I have been wondering what the heck it is good for.

In the beginning, there were two basic theories: One said this first cryptocurrency was a refuge from government, and the other — possibly the one embraced by bitcoin’s creator — said it was an alternative to the corruption, instability and self-dealing in a financial system that had just finished wrecking itself, and everyone else along with it.

Alas, neither of these theories has panned out. Indeed, as in Monday’s market meltdown, cryptocurrencies have often done the opposite of what they were supposed to do.

It seems less like digital gold than a digital slot machine. I can’t shake the feeling that most people use it not because it’s a good substitute for anything they need, but because it’s fun to watch the reels spin without knowing whether they’ll pay off. In other words, bitcoin’s not good for much of anything except giving people who have money to burn a novel way to set it on fire.

Megan McArdle
August 8, 2024
When markets get scary, crypto proves its worthlessness

A team at work uses Bitcoin all the time. They use it to catch the bad guys.

But for me, I don’t see how it would do me any good. The volatility makes it just too risky for my tastes.

DEI Layoffs

Posted on by

Quote of the Day

Many technology companies, including Microsoft, made commitments to improve diversity efforts after the 2020 murder of George Floyd by a Minneapolis police officer and the historic protests that followed.

In 2020, Microsoft pledged to double the number of Black leaders within the company by 2025.

Despite those commitments, many tech companies have appeared to retreat somewhat from diversity efforts. Zoom laid off a DEI-focused team earlier this year, Bloomberg reported. Google and Meta also cut DEI programs last year, according to CNBC.

Ashley Stewart
July 15, 2024
Internal Microsoft Email Shows DEI Leader Blasting Layoffs – Business Insider

I don’t know the numbers for my company, but I do know that every single one of the people I knew who were working on DEI stuff, even occasionally, are no longer employed as of the last layoff.

We live in interesting times.

Thoughts on Computer Security

Posted on by

The CrowdStrike Internet disaster prompted me gather some thoughts which have been percolating in my mind for a while. The CrowdStrike event puts a little different spin on them and perhaps, if desirable, will get my thoughts more attention. Of course, this could be my naivete and everyone else already knows all this.

When I worked in the Cyber Security Group at Pacific Northwest Laboratory one of the things I was asked to do was to review and comment on a DHS proposal for making the Internet more secure. In the paper was the suggestion that the Federal Government have a central location with gatekeeping capabilities to isolate sections of the Internet from each other to prevent worms from spreading to the entire Internet. I advocated against this because having a single (even if somewhat distributed) point of control/failure would make it an exceedingly attractive target. Sure, it could be made very secure. But with that big of a payoff for access it will be attacked by the best of the brightest of most nation states as well as those with common criminal intent. When the bad guys inevitably get access, those who intended to make the Internet more secure will be responsible for enabling a catastrophe.

I suspect most large companies are in a similar situation and/or are inadvertently working toward one. At my company most of our security monitoring is being migrated into the cloud. I can’t imagine a major corporation not using Office 365. Which depends on Azure. And I’m sure many other critical or nearly critical products are could based in every company. I used to work at Microsoft and trust Microsoft to do a good job with their security/reliability/etc.. Amazon and Google do as well or better than Microsoft, but the payoff for breaching one of these cloud providers is so great that I find it difficult to imagine it won’t someday be breached/shutdown in some form.

Of course, the same goes for any highly used system. CrowdStrike probably wasn’t breached. But it was a single point of failure for a large section of the planet. And the consequences of this accident probably cost billions. And I shouldn’t have to remind anyone about the SolarWinds hack and how many companies that affected.

And if you want to get really concerned, think of what happened in the TV series Battlestar Galactica. The enemy robots compromised all the computerized systems of human civilization and used that to hide their nuclear strike and suppress the defenses. We now have AI built into our computer security. Enemy robots don’t even have to break and enter. They just need to convince their AI cousins to switch sides.

I don’t know that there is a practical solution. I know what I advocated for in the DHS proposal. I advocated for independent solutions providing diversity and redundancy of the Internet. Even if you postulate an infinitely benign government, government control of everything is a single point of failure.

Having diverse hardware, software, processes, and people (hardware and software are not the only things which can be hacked and/or broken) is very expensive to implement, operate, and maintain. And redundancy is a surprisingly difficult task. As a Boeing Reliability Engineer once told me, “It doesn’t much matter how many backup systems you have. What matters is, how independent they are.” Having the ability to land safely with three out of four engines shutdown doesn’t matter if someone contaminated the fuel in the supply truck.

Perhaps there isn’t a practical solution. But people should at least be aware and hence they may be able to mitigate risks in some instances.

This War Will Certainly Go to the Nuclear Level

Posted on by

Quote of the Day

This logic inevitably leads to the third world war. And if right now the further involvement of the West in the conflict in Ukraine is not stopped, then the full-fledged, “hot” war between Russia and NATO will become inevitable.

Moreover, due to the superiority of the United States and NATO in the field of conventional weapons, this war will certainly go to the nuclear level.

Dmitry Suslov
Senior member of the Moscow-based think tank Council for Foreign and Defence Policy, wrote about the suggestion in the Russian business magazine Profile
May 2024
War Footing: World on Edge as Russia is Told to ‘Demonstrate’ Nuclear Explosion to ‘Scare’ West (msn.com)

I want to be in my underground bunker in Idaho. My employer wants me to be in the office a minimum of four days a week.

Microsoft and Privacy

Posted on by

Quote of the Day

Microsoft has reaffirmed its ban on U.S. police departments from using generative AI for facial recognition through Azure OpenAI Service, the company’s fully managed, enterprise-focused wrapper around OpenAI tech.

Language added Wednesday to the terms of service for Azure OpenAI Service more clearly prohibits integrations with Azure OpenAI Service from being used “by or for” police departments for facial recognition in the U.S., including integrations with OpenAI’s current — and possibly future — image-analyzing models.

A separate new bullet point covers “any law enforcement globally,” and explicitly bars the use of “real-time facial recognition technology” on mobile cameras, like body cameras and dashcams, to attempt to identify a person in “uncontrolled, in-the-wild” environments.

Kyle Wiggers
May 2, 2024
Microsoft bans US police departments from using enterprise AI tool for facial recognition | TechCrunch

It may be a “home town” bias since I worked for Microsoft for 10 years and my daughter has worked there for almost 20 years, but the culture I saw there and have read about since indicates Microsoft takes privacy a lot more seriously than other big tech companies.

One time my pushback on a privacy issue was ignored. My co-workers and manager acknowledged my points but felt it wasn’t all that important and the decision was beyond our control. I reluctantly made the requested changes. About a month later the word from much higher on the food change was to reverse those changes. And that is what happened without whimpering from anyone I knew.

Change Your Voicemail Password

Posted on by

The bad guys have found a way to exploit people who have not changed their default cell phone password.

  1. Verify the default password works with your voicemail.
  2. Wait for your phone to be turned off (late at night, while you are on a plane, etc.)
  3. Use “call me with a one time password” for password reset on your bank account (or other website).
  4. The one time password goes to voicemail.
  5. They get the one time password from voicemail.
  6. Your bank account belongs to them.

Lesson… never use the default password for something exposed to the public.

AI usefulness in cyber defense

Posted on by

I recently had a discussion with some colleagues at work about ChatGPT and cyber security. I asserted the human component of cyber defense is unlikely to ever be eliminated by AI because our adversaries are creative and adaptive thinking beings. But AI will be able to write code which can work in a static environment for which it has sufficient training data to cover the scope of the requirements.

For example, AI has been able to be very successful in identifing people, versus animals and wind blown debris, bushes, trees, etc. approaching a restricted entrance. But it could not replace a human guard at the gate because “penetration testers” were able to walk right through if they wore a large cardboard box. No human would be fooled, but the AI was.

I assert the same sort of difficulty exists in cyber security.

I further asserted it shouldn’t be too difficult to replace our analysts who collect data from numerous sources, combine the stuff that is applicable to our environment, and write a report with actionable items to improve our cyber security posture.

Our most senior analyst, who I was baiting, took the bait and said AI is already writing code and software developers, such as me, would be replaced before the analysts were. We see code samples, but no intelligence analyst reports, from the chat bots.

With a big smile, I let it drop. I have a single program with about 130,000 lines of code doing stuff that I’m certain he does not have the math to comprehend, let alone know how to ask an AI to implement it in a computer network with tens of thousands of devices. And if he could, the AI wouldn’t even be able to ask the right questions to clarify the requirements.

Sure, the chat bots can write “Hello world!” programs and other simple stuff. But a “real” program? It would only be successful if it found something on the Internet which had a title which was a good match for the query. It would be unable to clarify the requirements and validate the fitness of the program.

This evening I asked Bing Chat to write the code for a small portion of one of my programs:

Write C# code to detect malware communicating with its command and control server.

Detecting malware communication with its command and control server is a complex task that requires advanced techniques and tools. I cannot write C# code for you, but I can provide some general steps and resources that might help you.

Some possible steps are:

Some possible resources are:

I hope this helps. Do you have any other questions?

Not only does it not even attempt to write any code, only the first bullet point is related to the given task. And that bullet point is a restatement of what I just asked it to do.

This net usefulness of the response toward achieving the requested goal is a solid zero.

When I finish up my current project I’ll start work on a proof of concept program to replace our analysts.

Lesson for people managers

Posted on by

Quote of the day

Being the most talkative person in the room may be a good way to get people’s attention, but it doesn’t necessarily mean you have the best ideas.As a neuroscientist, I’ve worked with large companies like Google and Deloitte on how to attract and retain top talent, and I’ve found that employers tend to favor extroverts.

But there are some surprising strengths that introverts bring to the table, and they shouldn’t be overlooked.

Friederike Fabritius
February 7, 2023
A neuroscientist shares the 4 ‘highly coveted’ skills that set introverts apart: ‘Their brains work differently’

This could be the theme of my entire career. I clean up the messes of the incompetent extroverts who then get the promotions.

A couple of years ago someone who is not an engineer, never been an engineer, and never will be an engineer (lacking in math ability as well as some other things that are beyond them) was given a position as Principal Engineer that I also applied for. I asked HR, “How did they even get past the resume screening? They didn’t meet any of the ‘required qualifications’ and only partially meet two of the ‘qualifications’.” At my manager’s request, I had WRITTEN most of those qualifications around my skill set. HR assured me that the best candidate had received the promotion because, “This position requires someone who is well known.”

A Principal Engineer requires someone who is, “Well known”? But they are not required to have any engineering skills or do any engineering?” Being “well known” was not even hinted at in the qualifications for the job.

I was so upset at this I terminated the conversation. There was no point in further discussion with someone like this and I was not in any state of mind to talk without high risk of saying something which was “career limiting”.

Today I received notification of my yearly salary, bonus, and other compensation changes. No promotion. I’ve been in the same position for almost eight years with nothing but high verbal praise but not a single promotion. Being constantly called the team’s ‘Q’ (as in the James Bond movies) is nice, but I would rather be promoted. I’ve seen interns promoted to my job title in half that time. They were decent engineers, female, young, and, of course, extroverts.

Applied Intelligence Mentorship Program

Posted on by

I recently received this. It was paid for by my employer:

image

I already knew something about most of the material covered. But it was nice to get a refresh and some additional information.

I keep thinking I should be able to apply this skill set to our advantage in the gun rights domain. I’ve even discussed it with people who work full time in the gun rights community. No good application is apparent to us.

Perhaps I just haven’t been looking at the issue from the correct angle. Thoughts?

What are you thinking?

Posted on by

I’ve been busy recently and haven’t posted some things I wanted to weeks ago. It has come to the point I’m irritated so much that I have to say it. I’m withholding names to protect the guilty. Please don’t take offense if you decide I’m talking about you. I could be, but just because I am does not mean that I am going to shun you or am deliberately shaming you. That’s not my intent.

I’m pretty open minded about a lot of things. Reality is hard. I know that. Can we still keep things friendly even though I think you might have a circuit or two crosswired in your brain?

God? Gods? Pro-Life? Pro-Choice? I can probably argue four or more different sides to each of those questions and be reasonably convincing to the average person even though I am pretty sure which is the correct answer. Believe what you want as long as you don’t insist everyone conform to your beliefs and as far as I’m concerned we’re all good.

There are things which are less certain. Some of the UFOs (currently called Unidentified Aerial Phenomena–UAPs) are alien craft? Global warming/cooling/climate-change? The 2021 presidential election was totally rigged? Bitcoin will replace the U.S. Dollar in the next ‘N’ years? Bitcoin is a great/terrible investment? I just don’t know. I suspect the general public does not have enough information to determine an answer with a high degree of certainty to any of these questions. Again, I can probably be convincing to the average person no matter which side I wanted to take.

There are other things which are more clear cut. Actual moon landing or faked? Flat earth or spherical? 9/11 was an inside job? Sorry. You don’t get any slack from me if you start trying to convince me we don’t actually have satellites in orbit or that because steel doesn’t melt at burning jet fuel temperatures the WTC collapses had explosive help.

Let’s think about the claim all test animals for the mRNA “vaccines”* died. I first heard this several months ago and went looking for the research papers. It turns out that, at least in the papers I saw, this was true! Damning evidence, right? No.The animals died because the researchers performed necropsies on all of them. The results, that I saw in the papers I read, were that everything looked normal.

It is as if someone was trolling the general population to see how many people would draw the incorrect conclusion from factual data. Good joke! I actually laughed at the cleverness. But why would anyone persist in believing that even if they didn’t find the research papers and read them? Think about it some!

Suppose all, or even 10% of the test animals, died from the mRNA vaccine. How many researchers are going to go before their human subject testing review board** (sample of what is involved here) and say, “All the test animals died. We are going to test it on humans next.”?

Sure, there are people that think people are a plague on the earth and all humans (except perhaps others like them who are sufficient “woke”) should be exterminated. They don’t convince tens of thousands of other people to work on their project, get billions of dollars to produce and deliver their product without someone getting cold feet about the prospects and delivering overwhelming evidence to the general public of the impending doom of half the human population. Even small religious cults have people leaving and telling the dark stories from the inside.

After giving this a little thought, if you actually believe the whole mRNA “vaccines” are “Going to kill 100s of thousands (or more)” and people knew this all along, I have to ask, “Really? What are you thinking? How do determine truth from falsity? What color is the sky in your universe?

You want to talk about VAERS data? Okay. Let’s talk about it.

You might claim there is a huge increase in adverse reactions to mRNA “vaccines” compared to all other vaccines. Yup, it’s right there for everyone to see. But, there are some things to take into account before you reach valid conclusions. Unless you received a COVID-19 immunization you probably did not know people who received the “vaccine” were encouraged to sign up to receive and fill out a survey every day for a week, then once a week for several weeks, then another after a few months. They would send a text message to (IIRC) the CDC. Then they would receive text messages with links to the surveys. They would be asked how they were feeling. They were encouraged to report even very mild stuff, like a headache or muscle stiffness. Anything that might be considered an “adverse reaction”.

Suppose, they had a headache or some stiff muscles a month later; was it because they drank a little bit too much the previous evening or were hunched over the reloading bench all afternoon? Or was it because of the vaccine? They didn’t ask about those possibilities. The CDC just wanted the “adverse reaction”. I expect the noise was to be filtered out by looking for correlation with reports from other people at week ‘N’. To the best of my knowledge this has never been done with other vaccines. If you are looking at the raw data, without the noise filtering, you are going to see a lot of noise. And the number of reports are going to be much larger than with other vaccines because maybe 100x more people received the COVID-19 shots than your normal flu, MMR, and/or tetanus vaccinations. This combined with the encouragement and easy reporting of trivial “adverse reactions” results in the raw numbers being huge.

I’ve heard things to the effect of “Bill Gates is behind it and he is evil.” Gates was ruthless as a business man. I would have had serious moral qualms doing many of the things he did to competitors. He was good to his employees. When I worked at Microsoft I had numerous people who know him far better than I do say things to the effect that he would be more than fair to employees in situations where he had no obligation to be so. I’ve know people who talked to Melinda Gates about the work done by the Gates Foundation. I know people who worked on the Gates house and had long term personal contact with Bill and Melinda. I know one woman who went on a date with him. I know a woman who volunteered at the same charity has Bill’s mother and worked with her frequently. None of them even hinted at any dark side with him or his family. He was sometimes a little odd, but this was in a geeky rather than evil genius or creepy way.

Could Gates be bankrolling the deliberate extermination of millions? The odds are extremely low. He couldn’t hire enough guards or pay them enough money to keep the angry mobs at bay once it was discovered. He is not stupid. He is not suicidal. I believe the Gates Foundation really is intended to make the world a better place for humans. There is no intent to make the world a better place without humans. It is inconsistent with everything I know about him, his family, and the foundation. I think there is enough public information for anyone to arrive at a similar conclusion without many reservations.

Do I agree with all his politics and projects? No, but I think they are well intentioned even if they are misguided or flat out wrong.

On a different tangent maybe we can work out some answers on our own without relying on information from questionable sources like random podcasts, YouTube videos, word of month, memes, and worst of all, the CDC and other government sources.

Let’s run a little statistics experiment. In the comments or by sending me an email tell me how many people you have personally met*** which meet one or more the following criteria:

  1. Had a reaction to a mRNA “vaccine” which resulted in an ER visit and/or hospitalization.
  2. Had a reaction to a mRNA “vaccine” which resulted in long term (two or more months) adverse effects.
  3. Had a reaction to a mRNA “vaccine” which resulted in death.
  4. Had COVID-19 which which resulted in an ER visit and/or hospitalization.
  5. Had COVID-19 which resulted in long term (two or more months) adverse effects.
  6. Had COVID-19 which resulted in death.

Don’t double report anyone. For example, if the person died don’t also report them as having long term adverse effects.

Here are my answers:

  • One person for item 1.
  • One person for item 4. (Added on 1/25/2022 after I remembered someone else).
  • One person for item 5.
  • One person for item 6.

Please be honest. “Stuffing the ballot box” isn’t going to change anything beyond a tiny corner of Joe’s world. And, almost for certain, the statistics will point you out as being a liar.

Next weekend I’ll collect the data and make a short report. My guess is that this little experiment will be more “interesting” than most people think it would be.

* Quoted as a deliberate concession because I don’t think that point is particularly important one way or the other.

** I had to do this for one project I worked on. I was gathering anonymous data from computers about the movement of the mouse. I was not gathering any information about what applications they were using or even if they clicked the mouse. I only collected timestamps and the position of the mouse at that time. It took weeks and answering lots of questions to get approval.

*** This needs to be carefully defined to get valid results. Consider “personally met” as meaning you were, at least once, in the same room/location as them and there is a good chance they would remember you as well as you remembering them. My brother’s niece, on his wife side of the family, who I have never met, having serious complications from COVID-19 linger after a year doesn’t count.

Job security

Posted on by

Every day I take a quick glance at my tools I can see evidence of the constant attempts to gain illegal access to my company’s computer networks. Each day there are 10s of thousands of probes from thousands of IP address.

To the best of my knowledge my company doesn’t do this sort of thing but people on my team sometimes talk about it and wonder if we should do it:

Microsoft Seizes 42 Websites Used by China-Based Hacking Group to Carry Out Cyberattacks on US Organizations

So far, the company said its Digital Crimes Unit, through 24 lawsuits—five of which were against nation-state actors—had taken down more than 10,000 malicious websites used by cybercriminals and almost 600 used by nation-state actors, and had blocked the registration of 600,000 more.

It’s very resource intensive to push these things through the legal system. Resources that could be used to harden and/or detect and remediate breaches. There are no easy answers and I don’t fault management for the decisions they have made.

I just know that, for me, as long as there are evil people out there, it means I will have job security.

Poor passwords

Posted on by

I work in computer security. The following were recently shared in one of the threat intel channels I follow.

Rather lame, but it’s what Hyatt Hotel prohibits as passwords in their network: https://www.hyattconnect.com/files/passwordpolicy/dictionary.txt

This is claimed to be the largest collection of actual passwords ever assembled.

The download link on the web page given by the link above is very scary (if you can even find it). I downloaded the .gz file, decompressed it, and packaged it up as a .zip file here: http://www.joehuffman.org/misc/RockYou2021.zip

I like the analyst number

Posted on by

Last year my boss made it a requirement that everyone on our team must take the SANS FOR578: Cyber Threat Intelligence class, complete it, and take the certification exam by the end of 2021.

It was paid for by our employer and we were supposed to take the class online during company time. The class is about $8,000 and requires at least 40 hours.

I completed it last month, passed the exam on the 15th of this month, and received the certificate of completion today:

image

It wasn’t easy, but it wasn’t deadly hard either.

The “Analyst number” they assigned me was a special touch but entirely a coincidence.

Quote of the day—Rob Skjonsberg

Posted on by

Liberals being offended, by pretty much everything these days, is predictable.

Rob Skjonsberg
Chief of Staff to South Dakota Senator Mike Rounds.
March 25, 2021
Rounds’ response to Biden’s proposed assault weapon ban gets national attention
[It’s interesting how people buy into this “offended” crap.

At work they are going through all software and documentation to remove references to “White Lists” and “Black Lists”. And the code revision control systems are going to have references to “master” branch changed to “main” branch. I’m glad my boss didn’t ask me to do it and instead asked the intern.

A week or two ago I had a more or less mandatory meeting, involving some large number of people, to go over the changes and why they were important. I politely listened and didn’t say anything.

What really struck me* was they said when they finish with this effort they won’t be done. They will just be getting started. The next item on the agenda will be to remove “grandfathered” from, well, everything I guess. Apparently that is offensive ageism or something. They reported after that they will be hunting for reasons to be offended on behalf of the LGBTQ community.

If the USSR and other communist examples are any clue the purity tests will only level out when the death and Gulag incarceration rates get to the point where society is collapsing.

I need to retreat to an underground bunker (I wish!) in Idaho before I get caught and found guilty of wrong think.—Joe]

* Another thing I found very telling was the presentation was of marginal “quality”. The slides had typos and grammar errors. The presentation itself was substandard too. There were lots of hesitation and restarts in the speech patterns. I kept wondering if the person couldn’t do a real job so they were given this task.

CCRKBA UPDATES ‘DON’T FEED THEM’ ANTI-GUN BUSINESS LIST

Posted on by

Via email from Citizens Committee for the Right to Keep and Bear Arms:

BELLEVUE, WA – The Citizens Committee for the Right to Keep and Bear Arms today announced it is updating its list of businesses and CEOs who push for increased gun control and prohibition, adding Kenneth Cole, Northwell Health and Mesirow to the roster.

CCRKBA’s “Don’t Feed the Gun Prohibitionists” project began last year with the creation of a dynamic list of businesses and CEOs who have been supporting new legislation designed to impair the rights of law-abiding firearms owners, said CCRKBA Chairman Alan Gottlieb. The current roster lists some 200 businesses and their CEOs.

“When we started this project,” Gottlieb said, “we were sometimes surprised, and in some cases disappointed, at some of the businesses we placed on the list. We discovered several brand name businesses and corporate leaders who evidently have a quiet agenda to limit gun rights. The listing is our way of letting current and potential patrons have the knowledge about what their hard earned dollars may actually be funding.”

Kenneth Cole is a global fashion brand, while Northwell Health is a health care conglomerate and the largest health care provider in the state of New York. Mesirow is a Chicago-based financial firm which supports the Giffords gun control lobbying group.

“We’re not calling for a boycott of these companies,” Gottlieb explained. “Businesses and the people who own them can support whatever kind of philosophy they want, and gun owning consumers can likewise not spend any money with those firms. Let the marketplace decide. Over 100 million American gun owners represent a sizeable consumer bloc, and they will decide on their own where to spend their money.”

Gottlieb said a free market dictates the right of consumers to know about the products they purchase, and that includes knowing whether a business they support may be working in the shadows to erode their constitutional rights.

“We encourage people buy products from companies they can count on to not support efforts aimed at curtailing constitutional rights,” he explained. “By providing this information, we hope gun owning consumers are making reasonable decisions about which businesses to patronize. This might convince some businesses to re-think their core values.”

It’s tough to avoid some of them. Costco and Microsoft, in particular, makes me very sad.

And I had a couple former co-workers trying to recruit me for Uber not long ago. I was never very keen on Uber anyway and this pretty much crosses them off the list of places I would go to work for. However, I suppose if I was desperate I would consider it.

Grey’s Law

Posted on by

In the comments from a private Facebook post about anti-gun people someone simply said, “Grey’s Law”. I had to look it up:

Any sufficiently advanced incompetence is indistinguishable from malice.

I’m seeing behavior at work which could be accurately described by Grey’s Law. It’s very depressing. Evil should be punished. But the appropriate response to incompetence is less clear. Depending upon the context it can be very difficult to find the most appropriate path to resolution.

It is 2020 after all

Posted on by

Seven year-old grandson Bryce shared this in his parents Christmas letter:

Q: What’s the worst vision to have?
A: 2020!

Barb and I know we have been extremely fortunate compared to a lot of people. Still, there are some things that have been depressing to me in the last month or so.

I’ve lost three former classmates:

  • Verl Presnall was a good friend throughout most of grade school. He was also on the board of directors and past president of the East End Rod & Gun Club in Milton Freewater, Oregon. He died of prostrate cancer on October 14th.
  • Kathy (Fargo) Deyo was a high school classmate. We were never close but with a class of only 125 everyone knew everyone else. And she was always such a happy person. It was always a pleasure to be around her. She was one of those people who you think, “Life is so unfair that he/she should die so young.” She died November 13th.
  • Terry Thornton was also a high school classmate. Again we weren’t close but we had a lot of connections in the last 15 years or so. And he was another one of those people that you think shouldn’t have been one to leave us so early. Terry died December 1st of COVID.

I didn’t know it until a couple days ago but Eric Engstrom died on the same day as Terry.

Eric had a larger impact on my professional life than anyone in the world. The impact was huge. I would never have gone to work for Microsoft if it hadn’t been at Eric’s urging. He knew I had written tons of assembly language code for various graphics boards. Eric needed people to write video drivers for Direct Video (as it was called in May of 1995) for Windows 95. It had to be done by August so game developers could have games ready for Christmas. That was the wildest ride I have ever been on. Read Renegades of the Empire. Whenever you read something in there that sounds too far out to be believable double the “far out” quotient and you will be in the ball park of reality. I saw a hole kicked in a wall when I reported a bug I had found and fixed. I didn’t create the bug, it was from the manufacture of the video board. It was extremely obscure and absolutely deadly when it showed up. And it wasn’t found until after the code had been “frozen”. I was there when a keyboard was repeatedly bashed against a desk at 3:00 AM. From my office the key tops falling to the desktop sounded like broken glass. The motorcycle, spinning it’s tire in the hallway, burned a hole through the carpet all the way to the concrete. There was the illegal fireworks on campus, the Humvee driven across the grass field on campus (and getting stuck there), and the persistent thief who kept stealing RAM out of our computers in the middle of the night making it problematic as to whether we would be able to work when we came in the next morning.

That was just the first few months of my time at Microsoft and with Eric in “full bloom”. After a few years I was his first employee for his first startup, Chromium Communications.

That path changed my life forever. I made at least twice as much, if not three times as much, money because of Eric. Working with Eric and others at Microsoft was an alternate reality for me. I had never met such smart people before. I was used to frustration at explaining the same things over and over to co-workers. During those first years at MS people would “get it” before I had finished my first sentence. That changed my standards for the type of working environment I was willing to be in.

On a personal level Eric was so incredibly funny and happy and could even find humor on the darkest of days when his companies were imploding during the dot com bubble implosion. His probably (you frequently couldn’t tell) insane ideas and ambitions were amazing. When I was working in Richland, WA I would drive 200 miles, one way, to have dinner with him in Kirkland, then drive back to Richland to go to work the next day. It was more than worth the drive.

I’m certain I thought of him at least once a week even though I hadn’t had contact with him for years. I kept putting “things on the list” I want to share with him. My accomplishments and bits of news or inside knowledge about things I knew he had an interest in.

Eric had a personality (and ego) which could fill the largest ballroom in the largest hotel. He could make you believe the impossible was not only plausible but he was going to do it and it was going to be FUN! He planned to live forever and I though he probably would succeed. He failed and the shock will be with me for a long time.

2020 sucks.

Then this morning, this is just minor punctuation mark on the 2020 ledge, some thief stole the presents from our font steps. Daughter Jaime had Amazon ship them to us and we didn’t notice they had been delivered last night. Amazon didn’t put them in the package box. I checked the video this morning and saw this:

FullScreen

Package theft in Bellevue is up 72% last month compared to last year. We just contributed to the statistics for December.

It is 2020 after all.

I did get some good news late yesterday. Dad tried to buy a particular piece of prime properties to add to the farm on August 16, 1978. He was not successful. My brothers and I tried again in the early 1980s without success (the owner would barely talk to us).

In 2008 there was a verbal agreement between brother Doug and a third party. The third party wanted some of our land. Doug agreed that we would trade it for the land we really wanted. We knew the land we wanted was for sale but the owners wouldn’t have anything to do with us.

In May of this year, yes 12 years after the verbal agreement, they FINALLY, signed a contract to follow through with their verbal agreement. The contract said the deal would closed by November 29th. Uhh.. okay. That seems like an awfully long time to sign a few papers. We signed our papers in the middle of November. Wow! That took a long time (almost all of the hold up was on the side of the other party). But at least we are going to make the deadline. The other party still took what seemed like forever. Twice they sent papers to the title company without the signatures being notarized.

Yesterday the title company sent an email saying the papers had been recorded at the local courthouse.

It took over 42 years, but now we own that property. Maybe we can close out 2020 on a happy note.

Update: 12/15/2020 was also a good for another reason. I did the final review on a new patent application from the lawyer. I’ve solved tougher problems but I’m more proud of this patent application than any of the others. I thought of Eric a lot when working on this. Last January through March I worked an average 16 hours a day 7 days a week (except for a week in Hawaii for our first wedding anniversary) to find the solution and demonstrate its validity. I really wanted to tell Eric about this accomplishment.