Cross-posted from Jeran's Den: permalink.

It was announced last night that Osama bin Laden is confirmed dead.

Net effect on the national situation: a lot of lobbyists spent a sleepless night and will be laboring today to come up with explanations why this doesn't change anything and the government money flowing to their agencies and companies in the name of national security shouldn't be reduced.

Net effect on the world situation: pretty much zip. The Middle East's already in an uproar, the increased uproar won't even be noticeable. Al Qaeda will rattle some sabers, but if they could hit the US itself with anything they'd've done it before this. Suicide bombings... will continue in the usual places at about the rate they've been for the last few years, because that's all the extremists have left.

Cross-posted from Jeran's Den: permalink.

http://kriswrites.com/2011/04/13/the-business-rusch-royalty-statements/

http://kriswrites.com/2011/04/20/the-business-rusch-royalty-statements-update/

This could be bad for publishers. What she's found is that the major publishers who handle her books are consistently under-reporting sales on her royalty statements, both e-book and print editions. I suspect she's right: technology has changed, but publishers have stuck with old methods that estimate sales and those methods are inaccurate. The big tech change is Bookscan, the system that tracks sales of books at the register. In the 80s and before it didn't exist, so there wasn't any way for an author to double-check the sales figures. When it did start, authors didn't have ready access to it's data so they still had no way to audit the publisher's numbers. But now any author can get Bookscan data. It's not a complete check, since Bookscan only covers about 50-70% of book sales. But it does provide one check: it should be physically impossible for the sales reported on a royalty statement (adjusted for reserves) to be less than what Bookscan reports. If an author's royalty statement shows sales less than what Bookscan reports for a title, the royalty statement is simply incorrect.

If authors start checking sales and demanding audits, things could get very sticky for the major publishers.

Cross-posted from Jeran's Den: permalink.

http://www.truecrimereport.com/2011/04/teen_taylor_petz_receives_2000.php

So, the kid cuts himself. And happens to drip a few drops of blood on the sidewalk while waiting for the ambulance. The city attorney decides, on his own, to call in a hazmat team from another city to clean it up, and sends the resulting $2000 bill to the kid. Talk about asshattery. Kemp's head's so far up his gastrointestinal tract, he's got to open his mouth to see his own colon. I mean, really. Yeah, it's blood, there's possible contamination issues. A gallon jug of Clorox bleach and a push-brush will deal with that, then wash the sidewalk off with a garden hose. Should take 1 janitor, 15 minutes of time and no more than $50 worth of materials (assuming you've got to buy a new brush, bucket and jug of Clorox).

Cross-posted from Jeran's Den: permalink.

On the 18th I've got another appointment with the neurologist, followed by another IVIg session. I've got to set up an appointment with my primary physician, too. The feet are improving, but the improvement means they hurt more. Now it's not the pins-and-needles neurological pain, more and more it's just plain bruised-and-battered physical pain. The pins-and-needles mostly comes from shifts in the weather making things act up.

I need to talk to the doc about 2 things mostly. One is the fact my feet and calves are just stiff. I'm starting to get movement even in the right foot, but everything's so stiff it's not funny. And my toes aren't bending right. I think I need to go back to the physical therapist to have them have a look and see what I can do about this. The other is my weight. Mostly I need to get my primary to stop harping about it. I know it's been going up, and I know it's higher than it should be. Low activity levels do that. I've got the eliptical, I'm working on increasing the workout time as much as my knees will allow, and I'm going to get some light dumbbells and a simple bench ordered soonish to help with the arms, sit-ups and such.

Cross-posted from Silverglass Technical: permalink.

A ruling came down from the California Supreme Court that's eminently sensible: your ZIP code constitutes personally identifiable information that can be used in conjunction with your name to determine where you live and exactly who you are, and California merchants aren't allowed to keep it on file. To me this is eminently sensible.

Now, the reporting on CNN is a bit hysterical. The reporting says retailers can't ask for your ZIP code. The ruling, OTOH, says explicitly that retailers can ask for it and use it in conjunction with authorizing your credit card, and notes that this is what the law explicitly says and not their interpretation. It's the recording of the ZIP code for uses other than authorizing a credit-card transaction that the law and this ruling prohibit. This ruling doesn't do a thing to compromise transaction security or identify verification. All it does is remind retailers (and the lower courts) that yes the law really does prohibit a retailer from building a database of consumers and their buying habits without the explicit consent of the consumer. I know retailers don't like that, but them's the breaks. Consumers don't like retailers doing it, and there's no particular reason businesses should always get their way regardless of how their customers feel. Businesses always say that if consumers don't like practices they always have the option of not patronizing those businesses. Well, if businesses don't like California's practices they always have the option of not doing business in California, no? Sauce for the goose is sauce for the gander.

Cross-posted from Jeran's Den: permalink.

Went to see the neurologist yesterday. The good news is it's not just my imagination, he's seeing tangible improvement in my feet over last time (before the start of the IVIg therapy). He's going to continue the therapy and have me come back in 3 months to see how we're progressing. I'm hoping the IVIg keeps things improving, because the next step up is immunosuppressant drugs and I really don't want to go there if I don't have to.

Things to look at: more PT, X-rays of my toes to see if they're really dislocated, massage, check on the spa and pool down at the Mission Valley YMCA (their pool's heated, nice when it's too cold for the one in the complex), weight bench and dumbbells to help with strength and exercise in general.

Cross-posted from Silverglass Technical: permalink.

Apparently GeoHot has found and published the root key used by the Playstation 3 to sign and verify games. Not just the public key used for verification, mind you, which is the easy part. They've published the private key used to sign the game executables. With the private key, you can sign your own executables and they'll be accepted by the PS3 without needing any hacks, kludges or bug exploits. This is a big deal because the key's pretty firmly embedded in the hardware itself. A simple new firmware update can't change it. And if new hardware doesn't accept the old key, then all existing games simply won't play on the new hardware.

Frankly I don't see why the console makers are so bent on keeping anything but their approved software from running on the consoles. It makes no sense. Someone who wants to run, say, Linux on the PS3 still has to buy the full-blown PS3 console, there's no way around paying Sony for that. They may not buy any games if all they're interested in is running Linux, but then if they couldn't run Linux they wouldn't be buying those games either, nor would they be buying the PS3. They might use this ability to cheat at single-player games, but what's that hurt? They're still buying the PS3 and still buying the games, and there's nobody else to be affected by their cheating. Multi-player games... hacked games might be an issue, except that those games already have lots of ways of detecting cheating on the server side where it's safe from user intervention. For instance, to prevent target hacks simply don't send the client information about objects it can't see. Not even the best hack can target what doesn't exist.

Cross-posted from Silverglass Technical: permalink.

We're down to just seven /8 netblocks left. Those are the blocks assigned to the Regional Internet Registries (RIRs) who hand out blocks of addresses to entities needing to connect to the Internet. That means we've got effectively 2 blocks left, since when it hits 5 unallocated blocks each of the 5 RIRs will automatically get one of those 5. That'll exhaust the pool of addresses ICANN can allocate to RIRs.

That won't mean too much immediately. The RIRs have unassigned space they can keep handing out. But they won't be able to go to ICANN to get more blocks. That means that when they assign their last space, that's it. Finished. No more. You want on the Internet? Sorry, no addresses left the RIR can give you. It won't be a big cliff, but gradually there'll be more and more problems. Hosting centers won't be able to add more machines because they don't have addresses to give them and can't get any. Consumer ISPs will have problems signing up subscribers because all the addresses available in that area are in use and the ISP can't get more address space. I figure it'll take about 6 months to a year to really come to a head.

Me, I'm going to finish prepping my LAN and gateway for full IPv6 capability and setting things up to run IPv6 internally in parallel with IPv4. That way I'll be ready for the inevitable switch to IPv6 by Cox. And I'm going to make sure any routers I buy will handle IPv6.

And I really ought to work out how to load custom firmware into Netgear routers and access points. I've things I want to do with them.

Cross-posted from Silverglass Technical: permalink.

Apparently the OS on Windows Phone 7 permanently modifies SD cards. Now, bear in mind that the card slot involved isn't an externally-accessible one, it's under the battery like the socket for the SIM card and you can't readily swap SD cards in and out of it. I suspect it's meant to offer carriers expanded storage for stuff that the user can't mess with or replace/upgrade themselves (if the carrier does things right). But it does bring up one point: Windows Phone 7 devices won't have an SD card slot users can swap cards in. No more dumping your files onto a card and reading them into another phone. No taking the card with phone files over to the computer and reading them in. No external backup of data. No external swappable storage period. To me that's a good reason to avoid those phones. I'd stick with an Android or other smartphone, where I've got the option of external storage.

Cross-posted from Jeran's Den: permalink.

Mark Hurlbert is a classic example of why I distrust Republicans, beyond the Religious-Right/Teaparty aspects. He's the District Attorney for the 5th Judicial District in Colorado. He's run for US Senate in his district as a Republican. To quote from his biography on the DA's Web site:

"As an experienced prosecutor, Mark knows it is important not to simply secure convictions, but to seek justice. He makes victims a priority and is dedicated to providing victims a strong voice in the justice system."

To quote from the About Mark section of his Web site (which starts to give hints as to his real positions:):

"It is through his time as the District Attorney that he solidified his belief in a small, efficient government and working with various interests to reach effective solutions."

He's quite happy to charge bicycle racers with fraud when one who was injured lets another one user her registration materials to get into a race.

But what happens when someone rear-ends a bicyclist, leaving them with major and permanent injuries including to the brain and spinal column? Well, apparently they get off with misdemeanor charges instead of felony. The reason? To quote Mr. Hurlbert, "Felony convictions have some pretty serious job implications for someone in Mr. Erzinger's profession, and that entered into it.".

Hence why I distrust Republicans. When push comes to shove, they're quite willing to put business and money above almost everything else.

Cross-posted from Jeran's Den: permalink.

I predict that Republican control of the House will, in 2012, produce the same result as it did the last time the Republicans took control of the House under a Democratic President: remind people why they voted the Republicans out.

Fiscal sanity? Yeah, right, remember exactly which party not only initiated handing out billions of dollars to banks to bail them out of their own bad stupid utterly insane lending decisions, but also vehemently opposed attaching any sort of restrictions to those bail-outs on the grounds that those banks, not the government, knew best how to apply the money.

Cross-posted from Jeran's Den: permalink.

Well, I had my appointment with the neurologist this morning to go over the test results. He called it "profound sensory and motor nerve loss" in the lower legs. No duh. He also said it's got to be more than just atrophy from the ICU stay, that should've shown more improvement by now than it has. Indications are an autoimmune response, basically my immune system got triggered by something during the hospital stay and hasn't backed off, and it's attacking the nerves themselves (eg. CIDP). He's going to recommend IVIG therapy, and see if the insurance will approve it. I'm hoping they do, the side effects there are fairly mild. The alternatives are some fairly nasty drugs like prednisone, whose side-effects give face-huggers nightmares. So, more blood tests next week and we'll see what the insurance says.

Cross-posted from Silverglass Technical: permalink.

If you use Twitter, you're probably familiar with the bit.ly URL shortener service. Even if you don't, you're probably familiar with TinyURL, bit.ly, vb.ly or other URL shortener services. They seem convenient. No more having to type or remember long URLs, just create a short one. No problem.

Until vb.ly went off the air. The domain was siezed by the Libyan registrar that controls the .ly hierarchy, because content at the locations pointed to by vb.ly violated Libyan morality laws.

This is why URL shorteners are a bad idea. They create URLs that are under the control of a third party and which can be disrupted at any time. Since there's no direct mention of where the shortened URL points, once disruption happens it's impossible to locate the original destination. If you use the actual full URL, disruption can only occur if the actual site referred to is taken off-line.

Note also that this is why you should make your own copy of content if you really care about having it available. If you merely link to it, it's vulnerable to the destination taking it down or just changing what it says. Only when you control the copy can you insure that it doesn't change or become unavailable in the future. This may annoy copyright holders, however I feel that if I'm writing commentary on what someone said then making a copy to insure I can prove they did in fact say what I claim they said falls under fair use, and making a complete copy is neccesary to show that I'm not merely cherry-picking and taking bits out of context to misrepresent what was actually said and so also falls under fair use.

Cross-posted from Jeran's Den: permalink.

Looks like it's trying to still be summer, despite being the end of September. It's in the mid-90s here and looks to be getting a bit warmer this afternoon. We've been on the cool side most of the year, I should've been expecting a late hot spell.

Cross-posted from Jeran's Den: permalink.

I was in for an EMG (electromyography) test and nerve conduction study today. Preliminary results are mixed. Good news: in my left leg the nerves are talking to the muscles and the muscles are reacting, and while the right leg's not showing reaction there's no sign it's got any more neurological problems than the left. Bad news: the muscle reaction's weak (and practically non-existent in the right leg) and there's little strength and no stamina in the muscles. That isn't really uncommon, but it means recovery's going to be slow. All I can do is work on trying to move my feet around, get the muscles to start moving so they can build strength, and wait it out.

Cross-posted from Jeran's Den: permalink.

I look around at the Tea Party, the birthers, the Sovereign Citizen movement, the Proposition 8 folks, and I have to wonder: Is it just me, or are we seeing more batshit-insane people these days? It's like certain folks just can't handle the idea that someone out there disagrees with them. And it's getting to the point where I just want to slap them. Faugh.

Cross-posted from Jeran's Den: permalink.

AUUUUGH!

Back from FanFaire in Vegas. I'm a day late, and far later in the evening than I'd've liked. Cause: cascade failure leading to a blown coolant line. More later, I'm too tired right now.

Cross-posted from Jeran's Den: permalink.

[Originally a note on Facebook.]

I think the EQ2:X idea's going to be a train wreck for one reason: the need for Platinum membership to get T9 combined with the one-way wall that allows movement from regular to F2P servers but not the other way. New players aren't going to level up to 80 and then decide to start over on the regular servers, not when they can't move their 80 over. And existing players are likely to migrate to F2P as new people they introduce and want to play with start there.

How to fix things? Remove the wall and apply EQ2:X to the regular servers with just a few tweaks:

1. Remove all stat gear equal to or better than Mastercrafted gear from the SC Marketplace on the regular servers. Appearance items, fluff items, mounts, XP/AA potions, those can all stay, but gear and equipment that affects gameplay can only be bought for money on the EQ2:X servers. Race and gear-quality unlocks, extra character and bank slots also remain available.
2. An active retail or digital-download key and standard or Station Access subscription net you Gold access with all races unlocked and all levels and content unlocked that your keys would unlock and all the character slots you'd normally be entitled to available. This would apply to both regular and EQ2:X servers. So for existing players nothing would change, except you can pony up cash for more character and bank slots if you want them.
3. Transfers are possible between EQ2:X and regular servers. This would be in addition to the proposed one-way character-copy service, which would remain unchanged. Moving characters to an EQ2:X server would move your entire inventory including coin and items, but wouldn't move anything in the shared bank. Moving from EQ2:X to a regular server, any items bought from the SC Marketplace that aren't available at the destination would be removed from your character and destroyed.

In addition, I'd reduce the cost of character transfers from the current $35 to something like $10.

Cross-posted from Silverglass Technical: permalink.

The DNS root zone is now signed via DNSSEC. The idea behind DNSSEC is that the owner of a zone (roughly a domain) generates a public key and their DNS servers will digitally sign the records they serve up. Intermediate DNS servers will preserve those signatures, allowing querying machines to determine whether the records have been altered from what the authoritative nameserver sent. This makes it a lot harder to do a man-in-the-middle attack against DNS, hijacking a caching nameserver (say one belonging to an ISP) in order to re-route traffic to an attacker's servers. Not impossible, but it's a lot more involved. That's because the public key needed to verify a signature is returned from the zone above the signed zone and is signed by that zone, eg. the public key for silverglass.org's records is returned from the .org zone's server and the key for the .org zone is returned by the root nameservers. So for an attacker to forge silverglass.org records, he has to subvert the entire chain back to the root. Each verifying machine has the single key for the root zone pre-loaded (and presumably verified out-of-band to make sure it's valid), so it's infeasible to fake signatures on records for the TLDs (eg. .com, .org, .us). If I can control the records returned for .org queries I can substitute my key for silverglass.org's, allowing me to forge signatures on silverglass.org records. But since I can't substitute my key for the root key I can't fake signatures of the .org records containing the silverglass.org key, and any verifying server will detect my forgery.

That's great for security, but it poses a problem for some (IMO unethical) ISPs and DNS providers like Network Solutions. That's because they've been playing a game: when someone asks for a domain that doesn't exist, instead of returning NXDOMAIN (non-existent domain) for the query they've returned a valid result for the name pointing at their servers which serve up advertising, search results and the like. Essentially they take ownership of every single invalid domain and slap their advertisements on it. But as soon as downstream DNS servers (eg. the ones in every home router) start verifying DNSSEC signatures, the gravy train ends because those ISPs and DNS providers have no way of forging valid signatures. The only exception is that the registry operator can forge results for completely unowned domains within it's scope, and the most common DNS software around has a flag to stop that (TLD servers are expected to only delegate to 2LD servers, they should never return actual results so any results they try to return must be faked and should be treated as NXDOMAIN).

Cross-posted from Silverglass Technical: permalink.

Triggered by an article by Phil Jaenke.

You probably saw the announcement about EMC's Atmos Online shutting down. ArsTechnica had an article about it too. The short and sweet: if you were using Atmos Online directly, they aren't guaranteeing anything (including you being able to get your data back out). If you're an enterprise thinking about cloud storage as an alternative to maintaining expensive disk and/or tape in-house to hold all your archival data, this gives you something to think about.

Now, frankly, you should've been thinking about this anyway from the moment you started thinking about contracting with a vendor to store your data. Putting the magic word "cloud" in the name doesn't change the basic fact: you're putting your data in someone else's hands. When you do that you always, always account for things like "How do I get my data back from them?", "What happens if their facilities suffer damage?" and "What happens if they decide to shut down?". And you don't depend entirely on contract terms and penalties. Knowing that you can take your vendor to court and force them to pay up eventually, maybe, assuming they haven't declared bankruptcy, doesn't get you the archival data you need, and the IRS and the financial auditors and the rest won't really care whose fault it is that you can't get at data you're legally required to have available because it's your responsibility regardless.

There's also another question: how about security and privacy? Yes, against hackers attacking your supplier's network, but not just against them. What happens when your supplier gets served with a court order demanding they turn over your data to the other party in a lawsuit you're involved in? Some of that data might be e-mails between you and your legal department or outside attorneys, and reasonably subject to attorney-client privilege. But your attorneys won't get a chance to review anything before it's turned over, because you won't know it's been turned over until after the fact. How does your supplier handle this kind of situation? What steps are you taking to insure that you can't be bypassed when it comes to getting at your data?

So when IT or management asks about cloud storage, make them answer those sorts of questions first. Or at least make them think about those sorts of questions.

Oh, and the service Phil wrote about? Notice that it uses standard NAS protocols to talk to it's device, and standard formats for the stored data. That makes the question of "How do I get my data back?" a lot easier to answer.