Web DOS Attack

A hash collision vulnerability exists in a number of frameworks, including PHP, Ruby, and ASP.NET.  Microsoft has released a patch to fix ASP.NET.

Rafael Rivera criticizes the relatively short amount of time before full disclosure and links to a cutesy Microsoft video on the topic.  My problem with the video is that, although some companies are in fact responsive to security vulnerabilities (and Microsoft has become that way, after its years in the embarrassing security flaw wilderness), there are enough developers and organizations which will simply ignore a problem until the press gets bad enough or the flaw gets exposed in the wild through exploitation.  Full disclosure is a shotgun-blast approach, but that doesn’t necessarily make it wrong, especially when the company basically ignores you after you make your report.

Final Score: U-S-A! 1, USSR 0

20 years of Winning.

EPD: Duels And Ordeals

There are two chapters remaining in Extraordinary Popular Delusions and the Madness of Crowds.  This one is a relatively long chapter, and pertains to duels and ordeals.  Mackay, naturally, is opposed to dueling as a way of solving problems, considering it something animals do but civilized people don’t.

A while back, I brought up Pete Leeson’s paper on why trial by battle isn’t quite as crazy as it seems.  In addition, we should look at his defense of ordeals.  I rather doubt Mackay would have agreed with Leeson on the fundamental sanity of these practices, given legal codes and the difficulty of bring enough evidence to prove a case legitimately.  However, Mackay does agree with Leeson regarding a biased priesthood (which probably led to more justice than the alternative):  regarding one form of ordeal, Mackay writes, “Many true judgments were doubtless given, and, in all probability, most conscientiously; for we cannot but believe that the priests endeavoured beforehand to convince themselves by strict inquiry and a strict examination of the circumstances, whether the appellant were innocent or guilty, and that they took up the crossed or uncrossed stick accordingly” (650-651).

To sum up a relatively long chapter:  duelling is cruel and stupid; ordeals were pretty silly, and an obvious way for the Catholic Church to become arbiter of the law.  Noblemen didn’t like this, so they stuck to duels.  Thankfully, we’re a bit past both.

More On Government Motors

So the Cruze is not selling that well anymore.  Good thing we weren’t coerced into financing a flop of a company.  Oh, wait…

Top 10 Games I’ve Played for the First Time in 2011

Honorable mentions: Heavy Rain, God of War III, Uncharted 2, Magic: the Gathering: Duels of the Planeswalkers (PS 3), Hearts of Iron: Semper Fi and For the Motherland (PC)

10. Mass Effect (PC)

If I’d played this more — I got it as a birthday gift along with Mass Effect 2 — it would probably be higher, but it’s unfair to really judge a game without having played it more.

9. Supreme Ruler: Cold War (PC)

I’ve played it more than Mass Effect, but I’m still not comfortable moving it higher without playing more.

8. Portal (PC)

One of the very best PC games of all time. The puzzles are excellent, the AI is pretty entertaining.

7. Madden NFL ’12 (PS 3)

One of the best football games I’ve ever played. It’s still got a lot of room to grow, but it’s definitely a worthy addition to this list.

6. Spore (PC)

It’s, in reality, five games that are C+, B- at best (with the space stage a solid B), but they’re integrated in clever ways. I’d enjoy this more if not for crippling crashes from time to time.

5. WWE ’12 (PS 3)

I’m addicted to this game. The Road to Wrestlemania Mode is sub-par (particularly the second of the three stories), but everything else is so crisp and entertaining that it’s just amazing. WWE Universe Mode is pretty sweet, as always.

4. Sword of the Stars: Complete Collection (PC) 

I’ve received three free games this year, from winning contests and GameFly. This is not only the best of those three (the others being Dead Rising 2 and Darkest Hour), but it’s one of the most fun games I’ve ever played. I’ll include a proper review at some point once I’m a bit more familiar with the game.

3. Batman: Arkham City (PS 3)

Any other year, this is an easy #1. If I made it “Games that were developed in 2011″, it would be #2. Still, it’s an amazing game. It’s much, much better than Arkham Asylum, which is scary, because that game was hardly chopped liver. The open world format works really well; the actual world is a good bit smaller than, say, a GTA or Red Dead Redemption, but that makes sense. Batman is on foot (or on cape) most of the time, so he can’t be going too far.

2. Deus Ex: Human Revolution (PC)

I’ve called Deus Ex the best PC game of all time on a number of occasions. Human Revolution is a much better game, as far as controls, difficulty, etc., although the story isn’t quite as intriguing as the first one. I really can’t find a real fault with the game, apart from the tutorial videos having really bad audio (which was allegedly fixed). I’ve heard the DLC is somewhat underwhelming; I can’t confirm or deny that properly, but this game is so good that I’ll probably get it anyway.

And the #1 game of 2011 (that I played for the first time):

(more…)

The Volt: Low-Wattage

An analysis is out stating that the Chevy Volt costs taxpayers a quarter million dollars per vehicle sold thus far.  That number is a little misleading in that they’re amortizing one-time expenditures, so it would go down over time as more vehicles are sold.  But then again, considering that the total number sold is well under 10,000, practically nothing short of a government mandate to purchase one of these would suffice.

This is why I expect Obamacare 2:  Electric Boogaloo to have a provision slipped in stating that every American be forced to purchase a Volt.  This is one of the advantages to a corporatist state:  at least you don’t need to make any of your own decisions; you can simply let our benevolent overlords do that for you.

The secret plan of the GOP: stop students from voting?

From the NY Times (got it from a Facebook link).

This is one of the stupidest articles I’ve ever read. First of all, they make it sound like getting a state issued ID is impossible. It isn’t! Hell, I had a passport before I had a driver’s license.

Second, they’ve made one of the dumbest logical errors you can possibly make: correlation does not imply causation! Compared to the rest of the population, students do tend to vote liberal, because most professors are liberal. That’s no secret and never has been. Yes, stricter ID laws would also make it slightly harder for some students to vote. Why? Because students are fundamentally lazy and many wouldn’t vote without getting paid or at least free beer as part of deal.

You know who I bet the real target of the legislation is? People for whom it’s much harder (or it should be) to get a state-issued ID: illegal immigrants. Remember, you can’t vote if you’re not an American citizen.

Thoughts On The State Of The Republican Primary Thus Far

My proviso here is that there haven’t actually been any primaries yet, and given how up-and-down this thing has been, pretty much anything I say will get overruled by events.

The news that Rick Perry and Newt Gingrich failed to get enough votes to get on the Virginia ballot was shocking enough to cause me to want to put a few words down on the topic.  So far, the Republican field has been interesting, in a schizophrenic way.  You can very easily make the argument that this is a strong field (despite the fact that most Republican A-listers stayed out), or the counter-argument that this is a weak field (because this group includes also-rans and shouldn’t-have-runs).  I’m not even sure which side I subscribe to, though I will say that I really wish Tim Pawlenty hadn’t given up so quickly.

Because a brokered convention is unlikely, what you see is what you get.  I still figure that Romney will pull it off.  He is, after all, the culmination of decades of work by Republican scientists working in the breeding vats to develop the perfect-looking Presidential candidate.  They still have to work out the bugs in the personality module, but I’m sure they’ll have that down within a few decades.

The main problem a number of primary-going Republicans have with Romney is a fear that he won’t be conservative enough.  This same fear was held by opponents of Chris Christie (the more left-leaning Republican candidate in his primary), who has done pretty well as governor of New Jersey.  Of course, a lot of Christie’s appeal to Republican voters has been his personality and hold-the-line attitude on government spending, allowing him a free pass on his social liberalism.  Romney probably would not fare as well, as that just isn’t his persona.

Because Romney’s basically running as the plodding, “I can beat Obama” candidate, he’s able to project himself as statesman-like, above the fray, and secure a center-right position.  Most of the people trying to situate themselves to his right have either failed to draw much support in the first place (Pawlenty, Santorum), or have flamed out spectacularly (Perry, Bachmann).  Herman Cain is finding out that sexual harassment is only endearing if you’re a Democrat, and people are remembering just why it is that Newt Gingrich was forced out of the party spotlight.  My guess is that the disaffected set of Republicans who really want somebody other than Romney will probably split between Ron Paul and Michelle Bachmann.  Bachmann got an unfair rap for being a crazy woman, and a very fair rap for taking a stupid line on vaccines, which limits her potential ceiling.  I could see her and Paul remaining around as protest votes from mainline Republicans further to the right than Romney, but the main consideration is that most of these people would still pull the lever for Romney.  As a candidate, this actually does speak well to Romney:  it means that in a general election, he should be able to pull in centrist voters without losing voters on the right.  This is not a situation like 2008 and John McCain, with a conservative base loathing their candidate.  Instead of loathing, it’s more “Meh.”  And right now, conservatives are going to go to vote even for “Meh,” considering that the alternative is four more years of Barack Obama.

As a PS, Jim Geraghty has what I would consider to be an excellent primary schedule.

Security Notes, Part 1

• Who knows what you have downloaded?  The Internet knows.  This tracks Bit Torrent downloads by IP address, so it’s not perfect, but it does give you an idea of just how public your activities online are.
• Security Theater now provides free sno-cones.
• Good news:  another CA has been compromised.  But don’t worry:  nothing bad came from it, no-siree.  The days of trusting certificate authorities is coming mercifully to an end.  The main problem will be determining what comes next.  I trust government-run certificate authorities even less than private CAs—at least the private CAs have a profit motive and competition to keep them somewhat-clean.
• Carlos Perez is the man.  I’m still definitely in the “learning Metasploit” as opposed to “automating Metasploit” phase, but every bit helps, as the saying goes.

Curmudgeonly Notes

While everybody else is off swapping gifts, here are some notes of varying degrees of curmudgeonliness:

• If one graph could scream out “We are doomed!” it would probably be this one.  Entitlements are a structural problem, and the main problem is just how broad-based the most dangerous ones are.  Neither Republicans nor Democrats are going to do anything about this trainwreck, because Democrats want the big spending and Republicans have been drawing larger percentages of retirees the last couple of elections.
• I’m interested in seeing how North Korea shakes down.  Lara Crouch at AEI points out a few potential destabilizers of the status quo.  It sounds like it’s unlikely that the Commie-Nazi regime will collapse soon enough for my tastes, but I’m looking forward to its eventual demise.  Unfortunately, knowing that it has taken decades for the eastern part of Germany to recover to within spitting distance of much of western Germany (and even then, there exists an in-between generation of people who essentially are permanently unemployable), imagine how much longer it will take to integrate a large population, most of whose technology and infrastructure tends closer to Zululand than South Korea.
• “[T]he job of schools is NOT to provide education to children.”  This is true.
• Sheila Jackson Lee is a moron.