David Gessel
On The Media
One of my favorite radio shows is On The Media; one of the best shows on the radio. As good as it is every week, the first segment of the January 16th show stands out as amazing. It is a wonderful summary of some of the almost previous administration’s absolutely abhorrent behavior and abject lying. If you’ve forgotten the history of what pathetic scum they were, the first few minutes of the show will remind you of the highlights from Cheney’s disastrous energy commission to the fable of Jessica Lynch and all the rest of the lies and fabrications and constitutional subversions they subjected us to.
Cheney may have used “fuck” in his dismissal of Patrick Lehey, but the weight of that flippant obscenity pales compared to the very deliberate use of “thank.”
Thank you, George Bush. Thank you, everyone who voted for him.
Near riot at Hz office
As is typical late at night at the Hz office in YYZ there were no cars. Nothing like telling people to wait just a few more minutes a dozen time at 1 am to get em wound up.
One would think that a reservation system would prevent this sort of thing, but no. Not even for the special “president’s circle” people.
Oh well, all resolved and off to Guelph again.
Investment in porn?
Perhaps it is a sign of the times, but a book I bought from Amazon a few years back of pictures of naked people has appreciated about 10x since I bought it. That makes porn a better investment than anything contemporary and matches the best historical return I’ve ever managed: buying APPL at $11 way back during the last crash.
Canada = Snow
My nice Buick rental car covered in snow.
It was quiet but underpowered.
Automatic flush sensors suck
If not in all circumstances at least for anyone who wears a black shirt and doesn’t enjoy having their ass randomly sprayed with toilet water.
cannot connect to saslauthd
I recently ran some updates on my FreeBSD server and ran into a problem that resulted in the following error in /var/log/maillog
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
The update process tends to kill saslauthd which will generally restart itself properly on reboot, but if you’re in the middle of a long rebuild and need to restore mail service quickly some or all of the following may help:
/etc/rc.d/inetd restart
/usr/local/libexec/courier-imap/imapd-ssl.rc stop
/usr/local/libexec/courier-imap/imapd-ssl.rc start
/usr/local/etc/rc.d/saslauthd stop
/usr/local/etc/rc.d/saslauthd start
In the years since, I’ve moved to Dovecot.
MD5 Crack: Does It Matter?
Some very clever people have figured out how to create an exploitable real world MD5 hash collision. It is interesting work and suggests that the value of an MD5 signature to verify a certificate is lower than intended. In the end the work shows it is possible to spoof a web site in such a way that a browser’s normal security features for detecting false websites are defeated. But does it really matter?
That presumption, that a CA would be meaningful in preventing phishing or redirection or whatever by uniquely identifying a site as belonging to the entity in question because the user trusts the domain name, is prima facia absurd. Would you even think about going to www.bofa.com instead of www.bankofamerica.com or whatever? I wouldn’t; most banks would buy every variation of their name including common misspellings (www.bnkofamerica.com?), so that a misspelling seems to work wouldn’t surprise me at all. That a misspelling gets a cert thus means nothing either.
Further, what do you do when a cert fails, for example if the CA can’t be identified or the cert is expired or whatever? Do you back out of the transaction and call the bank to find out what’s going on? Do you think you could ever reach anyone at the bank who knew? Send them an email? (which would probably go to the fake bank anyway). I just accept the cert and move on.
Since CAs and certs are already a complete failure as a proof of identity mechanism, MD5 signature spoofing is also irrelevant for the vast majority of users.
HTTPS is useful for encrypting traffic. It shouldn’t be used for anything else. The whole signed CA/Cert thing is an impediment to this useful function for a useless feature that is merely cryptographically entertaining. Google’s and various browser mechanisms to identify malicious sites are far more effective, although a few users are likely to get scammed before the fraud is identified.
Flag disposal unit
Dispose of your flag legally and conveniently.
