Talblog

Movies

What have you been watchin lately? Here is what I have seen and what I want to see.

1) Jarhead - This was a great movie. Great photography, interesting story, and really unique take on the military

2) Just Friends - saw it b/c Ryan Reynolds is hilarious and Walk the Line was sold out. It wasn't as funny as it would have been if it was rated R, but I laughed a few times. That Reynolds has some great comic timing

3) Band of Brothers - I never saw this when I should have (like two years ago), and it isn't even a movie, but becky and I are watching it now on DVD, and it is as amazing as everyone says it is. Great footage, great camera ideas, great story and acting. Just great.

What I want to see:

1) Harry Potter, the new one - I don't know if it is going to be as good as the trailer, but fuckin shit that trailer was rad.

2) Syriana - looks interesting, if not boring

3) Walk the line - Johnny Cash rules, I want to see this pretty bad

4) Narnia - yeeah

5) The Wire, Season 3 - I think loren has the first two episodes for us, and I have the rest of the season sittin on my tivo. Man I can't wait to see it.

Who wants to see a movie? Anyone seen any of these?

Tell us what it is like Rob/Justin

To have a broken ass government?

Canadian Government Falls on No-Confidence
Canadian Prime Minister Paul Martin leaves as his minority government was defeated by a no-confidence vote in the House of Commons triggering a federal election, in Ottawa, Monday Nov. 28, 2005. Canada's three opposition parties, which control a majority in Parliament, voted against Martin's government, claiming his Liberal Party no longer has the moral authority to lead the nation. The loss means an election for all 308 seats in the lower House of Commons, likely on Jan. 23. Martin and his Cabinet would continue to govern until then.

How bad are Pomeranians?

Pomeranians are THIS bad. By the way, there is music.

I can't believe Becky's family wants to get one of these dogs. Also, I think they want to get it fromt his particular breeder. Oh my god. I won't be able to go there over christmas without kicking it.

Thanksgiving is over, back to work

I am feeling unmotivated this morning, so I thought I would write a random blog.

Thanksgiving was great. We went to see Rocco and Missy down in Los Angeles. The weekend went so fast that it was over before it started.

Rocco made a great turkey that Missy brought from worked pre-brined by some chef she knows. It was delicious. Then I drank to much in his backyard in front of his firepit thing. It was a towering inferno because he was trying to burn up his old fence pieces that were torn down. He had costco sized bottles of Maker's Mark and Knob Creek. We kept drinking them both to figure out which one was better. I never decided.

Friday was a write off... I laid around, bloated, and watched t.v. like a slug.

Missy made a great plan to drive up the coast on Saturday and we went to a group of wineries in Santa Barbara County. I forget the names of them... Firestone was one, and Bridlewood was another. I really know nothing about wine, but the views were great. Santa Barbara is beautiful and the weather was perfect. After that we hit the Firestone brewery for some beer and a burger. I will try to post a few pictures - which amount to santa barbara sunshine and lots of turkey.

During the car ride Missy, Becky and there Mom were arguing on the phone. I guess there Mom wants to buy a freaking mini pomeranian dog. Probably the most horrid dog ever bred on the planet. If you don't believe me, just look at this picture:

Sunday we got an early start and drove back up to SF. We left around Noon, hit crazy traffic, and didn't get home until 8. I like driving long distances, but the stop and go was nerve racking.

Becky and I woke up this morning and had to convince each other to go in to work. I have a feeling it will be a long week.

Skating with friends

I think it is just the beginning

Plenty of links with additional info in the actual article that didn't survive the copy / paste operation.

Wired Article

It's a David and Goliath story of the tech blogs defeating a mega-corporation.

On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent -- if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it.

The Sony code modifies Windows so you can't tell it's there, a process called "cloaking" in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can't be removed; trying to get rid of it damages Windows.

This story was picked up by other blogs (including mine), followed by the computer press. Finally, the mainstream media took it up.

The outcry was so great that on Nov. 11, Sony announced it was temporarily halting production of that copy-protection scheme. That still wasn't enough -- on Nov. 14 the company announced it was pulling copy-protected CDs from store shelves and offered to replace customers' infected CDs for free.

But that's not the real story here.

It's a tale of extreme hubris. Sony rolled out this incredibly invasive copy-protection scheme without ever publicly discussing its details, confident that its profits were worth modifying its customers' computers. When its actions were first discovered, Sony offered a "fix" that didn't remove the rootkit, just the cloaking.

Sony claimed the rootkit didn't phone home when it did. On Nov. 4, Thomas Hesse, Sony BMG's president of global digital business, demonstrated the company's disdain for its customers when he said, "Most people don't even know what a rootkit is, so why should they care about it?" in an NPR interview. Even Sony's apology only admits that its rootkit "includes a feature that may make a user's computer susceptible to a virus written specifically to target the software."

However, imperious corporate behavior is not the real story either.

This drama is also about incompetence. Sony's latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony's rootkit -- designed to stop copyright infringement -- itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library's license agreement. But even that is not the real story.

It's an epic of class-action lawsuits in California and elsewhere, and the focus of criminal investigations. The rootkit has even been found on computers run by the Department of Defense, to the Department of Homeland Security's displeasure. While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be. And lawsuits are never the whole story.

This saga is full of weird twists. Some pointed out how this sort of software would degrade the reliability of Windows. Someone created malicious code that used the rootkit to hide itself. A hacker used the rootkit to avoid the spyware of a popular game. And there were even calls for a worldwide Sony boycott. After all, if you can't trust Sony not to infect your computer when you buy its music CDs, can you trust it to sell you an uninfected computer in the first place? That's a good question, but -- again -- not the real story.

It's yet another situation where Macintosh users can watch, amused (well, mostly) from the sidelines, wondering why anyone still uses Microsoft Windows. But certainly, even that is not the real story.

The story to pay attention to here is the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us.

Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time -- on a par with worms like Blaster, Slammer, Code Red and Nimda.

What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home.

But much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.

McAfee didn't add detection code until Nov. 9, and as of Nov. 15 it doesn't remove the rootkit, only the cloaking device. The company admits on its web page that this is a lousy compromise. "McAfee detects, removes and prevents reinstallation of XCP." That's the cloaking code. "Please note that removal will not impair the copyright-protection mechanisms installed from the CD. There have been reports of system crashes possibly resulting from uninstalling XCP." Thanks for the warning.

Symantec's response to the rootkit has, to put it kindly, evolved. At first the company didn't consider XCP malware at all. It wasn't until Nov. 11 that Symantec posted a tool to remove the cloaking. As of Nov. 15, it is still wishy-washy about it, explaining that "this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software."

The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization.

You might expect Microsoft to be the first company to condemn this rootkit. After all, XCP corrupts Windows' internals in a pretty nasty way. It's the sort of behavior that could easily lead to system crashes -- crashes that customers would blame on Microsoft. But it wasn't until Nov. 13, when public pressure was just too great to ignore, that Microsoft announced it would update its security tools to detect and remove the cloaking portion of the rootkit.

Perhaps the only security company that deserves praise is F-Secure, the first and the loudest critic of Sony's actions. And Sysinternals, of course, which hosts Russinovich's blog and brought this to light.

Bad security happens. It always has and it always will. And companies do stupid things; always have and always will. But the reason we buy security products from Symantec, McAfee and others is to protect us from bad security.

I truly believed that even in the biggest and most-corporate security company there are people with hackerish instincts, people who will do the right thing and blow the whistle. That all the big security companies, with over a year's lead time, would fail to notice or do anything about this Sony rootkit demonstrates incompetence at best, and lousy ethics at worst.

Microsoft I can understand. The company is a fan of invasive copy protection -- it's being built into the next version of Windows. Microsoft is trying to work with media companies like Sony, hoping Windows becomes the media-distribution channel of choice. And Microsoft is known for watching out for its business interests at the expense of those of its customers.

What happens when the creators of malware collude with the very companies we hire to protect us from that malware?

We users lose, that's what happens. A dangerous and damaging rootkit gets introduced into the wild, and half a million computers get infected before anyone does anything.

Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?

These questions are the real story, and we all deserve answers.

uuuuum

brett, here are a few tips on how to handle a brazilian lady....heh.

Ah-nold

creeeeeepy.

...

liberal propaganda

right wing sesame street

And Back Here in America

Cheerleaders are having sex with each other in bar bathrooms. I like it. I like it alot. In fact, I think someone should have filmed it.

article

Wish me luck...

Heading to Paris tomorrow for a weeks worth of activities. Hopefully wearing my red, white and blue jogging pants won't get my involved with all the riots there.

Looks like it's mainly suburbs but who knows. Anyways, cross your fingers for me.

Au revoir!!

Another reason to love San Francisco

www.streetwars.net

Licensed to Kill

The name of the game is StreetWars. It's a three-week water gun
assassination tournament, and it's coming to San Francisco. The
lowdown: Before the games begin, you meet up with an agent of the
Shadow Government. (To maximize the competition -- and the fun --
form a team with friends or co-workers.) Said agent will reveal
the name, address (both home and work), contact information, and
photo of your target.

The games commence on November 14 and end on December 5. For those
three weeks, it will be your mission to kill without getting
killed. Do what you must to disguise yourself: dye your hair, wear
a fat suit, cross-dress if you must. If you're a successful
sniper, your next target becomes that of your dead victim.

There are neutral grounds: your office (and the surrounding
one-block radius), public transportation (BART and MUNI have
enough to deal with), and bars (there must be some place of rest,
people).

The reward? Cold, hard cash.

Your objective? To kick butt and collect. Just like any good
bounty hunter.

Deadline for registration is November 9. For more information or
to sign up, go to http://streetwars.net/

S.O.S.

So last night was the usual West Hollywood halloween street fair...This is the annual event where Santa Monica Blvd is shut down and all the queens (plus some regular folk) dress up in crazy costumes and parade through the streets.

The usual suspects include gays dressed up as the Fanta Girls and Tina Turner, Priests with huge boners, slutty cops etc. I didn't go, b/c i'm a loser and ignored halloween this year, but my coworker did, which produced the greatest costume idea of 2005. it's completely insensitive and tasteless....and i love it.

Yep, it's a KATRINA VICTIM. reminds me of a couple years back during the DC Sniper incident when i wanted to dress up like white vans and snipers.