Lufthansa Business Class

Friday, February 27, 2015

I’ve occasionally had to buy business on poorly planned Lufthansa intra-Europe flights. While Lufthansa long-haul premium seats are possibly the best in the business, on short-haul/intra-Europe flights, LH business class seats would seam a little mean in most carrier’s coach sections.

There is no difference between coach seats and business class, none at all. In business all middle seats are blocked out, but that isn’t that hard to find in coach. It is efficient to scale business, it involves only moving a rack-mounted divider that is the only obvious differentiation in the classes.

In both the seats are substandard to the amenities one usually expects, especially on a long haul flight:

– little padding on the seats
– cramped seat pitch (worse than econ +)
– typical economy seat width
– no in seat power (not even a usb port)
– no personalized IFE

Such limitations would be cheap in economy, but in business they are, perhaps we should say “disappointing.” Neither the economy nor the business class zone is going to leave the passenger well-rested (IST-FRA is a long enough flight that rest matters); such a flight is a grim endurance test for everyone. But it is very egalitarian in shared suffering, though not particularly egalitarian in pricing. And were LH business not priced competitively with other carrier’s business, the disparity in services wouldn’t seem quite so jarring.

LH is, of course, efficient and well organized, but every other airline I’ve flown that has a business class has far, far better business class, even those that can’t really manage the basics.

Posted at 17:01:05 GMT-0700

Category: Planes • Travel

Superfish proves certs are useless for identification

Saturday, February 21, 2015

Can we please, please stop with the stupid certificate verification warnings?

Dear security developers, your model is broken. It never worked. Stop warning people about certificate errors. Now. Forever.

Certificate errors serve two purposes:

They make developers uncomfortable with using perfectly secure self-signed certs, and since commercial certs cost money, much of the web that could be encrypted remains unencrypted. That’s harm done to the public. Thanks.
They happen so often, so relentlessly, for such trivial reasons (not even Google can keep their certs up to date) that users learn to ignore them, which makes an actual man-in-the-middle attack almost certain to succeed with most people, despite the warnings.

The Certificate Authority system is predicated on the idea that Certificate Authorities are flawless and trustworthy. They are neither. The Lenovo/Superfish problem shows another obvious flaw: hardware vendors (and actually any trusted software installer) has to be trustworthy too or client-side MITM is easy. And CA’s simply can’t verify against that.

This whole idiocy creates massive problems for something so basic as LAN administration. Even before wireless became pervasive, LAN coms should always be encrypted when passwords or any meaningful data is moving. Current security settings create a massive avalanche of useless errors for “untrustworthy certs” on one’s own network (the obvious fix is to automatically trust all certs on private networks, duh).

This is an issue that bothers me a lot. It gets in my way constantly and makes real security and encrypted communications way harder and way more complicated than it needs to be and the only beneficiaries at all are the certificate Mafiosi. This is just stupid. Superfish proves, again, how broken it is. Can we stop pretending now?

Also, this most recent of many certificate flaws comes with a bonus feature: the MITM cert Superfish uses is apparently really pathetically insecure, aside from using broken crypto, their software had their passwords in it, making it easy for crackers to develop tools to harvest additional data from the victims of the Superfish/Lenovo attack.It probably hurts more to find out your vendor hacked you, but the penalty is that the hack also destroyed the security of all of your communications. Thanks. This is why we can’t have nice things. It is also why any back door, no matter what the motive, compromises security.

Update: Superfish is, apparently, out of business. While that sucks for the people at the company, who were probably very happy with their Lenovo OEM deal and instead got a big sock of coal, one might naively hope for an upside that companies considering a model based on stealing people’s data might take notice of the cautionary tale of superfish.

Unfortunately – that won’t happen, not in the current valley climate. While it is economically advantageous to hire cheap kids who have no life and will work long hours for meagre pay, they come with a downside: they are all ignorant idiots. I don’t mean they’re not smart or capable (though the smart barrel was long ago drained and the vast majority of brogrammers sauntering around SF really are stupid), rather that they are foolish as in the opposite of ‘wise.” Wisdom comes from experience, and experience only comes with time, an immutable dimension. This superfish debacle was only from Feb 2015, but this year’s batch of idiot brogrammers weren’t around to see it and as they gather in self-congratulatory clusters in posh, VC-funded collaborative spaces, company barrista-brewed latte in one hand and social-media-distraction feeding portable device in the other, they’ll be high-fiveing and fist-bumping the brilliance of their brand-new idea for getting around SSL so they can collect marketing data and better target advertising. Yay.

How to fix Superfish:

Install Perspectives. And support them.

Also, this bugs the crap out of me:

Overthrow the Cert Mafia!

SSL for Authentication Sucks

Unbreaking Firefox SSL Behavior

The CA System is Intractably Broken

Posted at 02:45:41 GMT-0700

Category: Security • Technology

Better Cabling May Fix The Internet

Sunday, February 8, 2015

Do you find that the internet seems harsh? Do you find Facebook unclear and that it lacks dynamic contrast? Is there less detail than there should be? Do you notice a loss of energy from the Internet?

It might all come down to the network cables themselves.

Well designed cables like these have perfect-surface extreme-purity silver conductors minimizing distortion caused by grain boundaries in inferior OFHC, OCC, or 8N conductors for better clarity and reduced harshness. Explanations and arguments will be both more clearly constructed and less confrontational.

Noise and other distractions are reduced by a 3-layer noise dissipation system, not just shielding your data but preventing modulation of your ground plane by noisy RFI. Even more problematically for those doing research on the web, the untested orientation of standard network cables results in inferior data quality.

Standard network cables either don’t enforce orientation of the pairs at all (Cat 5e and below) or merely segregate pairs with a flexible spacer (Cat 6 and above). These cables use solid polyethylene insulation to ensure critical geometry is preserved to minimize phase errors. Phase errors can easily result in Doppler shifts manifest in either an unnaturally shrill tone or affected bass (sometimes manifest as “mansplaining”).

Most remarkably, the dielectric bias system puts a 72V bias on the insulation and thus organizes the molecules of the insulation to minimize energy loss which creates a surprisingly black background, more essential than ever in the wake of Ferguson.

Only $10,521 for a 12m cable. Now that the internet has become our primary source of information, understanding, and personal communication this is a tiny price to pay for clear, undistorted data.

Posted at 19:24:18 GMT-0700

Category: Odd • Technology

Basra Snow Storm

Sunday, February 8, 2015

I was feeling a little left out, reading posts by people digging out of snow storms and here I am in Basra where it gets down to 10C at night sometimes and usually hits the mid 20’s during the day. Rough. But the weather here came through with our own sort of snow storm.