October 2004

Winer's wrath

Dave Winer is not happy that Adam Curry is being credited with creating the art and technology for podcasting. Winer points out that his earlier audio blog posts should now be considered the foundation of pod-casting. He further claims that the fact that he previously wrote software capable of doing with Curry did means they should share credit. Curry has given ample credit to Winer already for RSS which is an integral part of the podcasting flow, but it is Curry who wrote the scripts that started the flow of podcasting. Indeed there have been audio blog posts for quite some time. There have been audio series on the internet such as interviews and conference programs. It's been possible for some time to download these and put them on portable music devices.

How dumb do they think we are?

In the just how dumb do you think we are category comes this factoid from xxxchurch.com. "The primary pornography consumer group is boys between ages 12-17." What?

Let's pretend for a moment this has the least bit of credibility. About half of the sources on the page of factoids are credited to a source, this one is not. So a product that is not available for sale to minors has it's primary audience in the 12-17 year old range? Huh?

Perhaps it's all the 12 year-olds in the local adult video store who drive this statistic. Oh, you say they aren't allowed. Then perhaps they have been ordering it via mailorder. Given the billions spent on this material each year then they must be ordering at least half a million dollars. It is most likely just delivered to their houses and their parents hand it to them... No wait all of these are stupid arguments. It's amazing that with all the problems in the world a group of religious fanatics is so focused on making sure others can't do as they wish. But the same fanatics will continue to support a culture that promotes violence.

When customer service fails

It is sad. It has happened again. What is it? The failure of customer service. I see it happen all the time in all sorts of organizations. Companies start out as small organizations. They will do anything for customers and build a loyal following. Then the organization grows and starts to put policies and procedures in place. This is absolutely necessary. Without these measures the organization will collapse inwards and no one will be served.

Down the line the organization grows and what was a team of ten becomes fifteen and even twenty. The original people who felt they company was a part of their flesh and blood leave. Replacements are hired. Employees start going to the job instead of going to their careers. And you end up with a situation like I once again encountered yesterday.

Of web policy and foreign policy

Today the news comes that the campaign website for George W. Bush is blocking traffic from outside the US. The change means that for "security reasons" those outside the United States cannot view the site. So the short version of the story is that the man wishing to be elected by the American people to lead (and defend) our country, cannot get security experts who can secure their websites.

But is it journalism?

Many a discussion recently has been held on whether blogs are journalism and their authors journalists. At the same time we hear from our new audio blogging, er podcasting compadres that it was wonderful that Jon Stewart gave the entertainers at Crossfire what for and called their bluff. In less than a half hour Stewart pointed out the problem. The entertainers on Crossfire are no more journalists that most bloggers.

Somewhere along the line it all broke down. There is an aspiration that many bloggers have to be recognized as journalists. They want to be a part of the club, to call the fourth estate home. But journalism is so much more than just telling the story one wants to tell. It's more than a collection of press releases and spun yarns. Dave Winer has been a poster boy for the power of blogs (and there are multitudes of ways in which blogs are very powerful). Those who say blogs aren't journalism often draw out comments on his weblog about how the writer "doesn't get it." Today Winer said:

Are taxpayers being duped into paying for George Bush's reelection?

As the Internet has grown (into multiple internets according to a recent presidential malaprop) the White House has always had a site. Not surprisingly this is a site paid for by the citizens of the country. There are collections of information on the site. One of those documents includes this March 2002 press release in which President George W. Bush says about Osama Bin Laden, "I don't know where he is.  I  --  I'll repeat what I said.  I truly am not that concerned about him."

One might be tempted to look this up after the recent debate where the same President lied to the people once again and said that he'd never said such a thing. The problem is you would have a tough time finding it if you went to look at the March 2002 press releases. Here are three images from February, March and April 2002's Press Release pages on the website.

So it all boils down to a government official trying to change the story on what they did in the past.

OS X Rootkit - includes Opener script

There is a discussion going on over at Macintouch about what they are calling "Opener" Malware. I sent a comment but unfortunately it was below the threshold of what was published. The discussion is focused on the Opener script but mostly misses the critical point - that it is a part of the OSXRK - OS X Root Kit. All of the comments I read at Macintouch are at best mis-informed. While the Opener script itself does not "infect" computers as a part of the OSXRK it can be used to exploit machines. From the readme file:

# osxrk : OS X - Rookit
# the burning man - Public Release 0.2.1
# Sept. 2004
# by g@pple
# greets and thanks to Dim Bulb, Dr. Springfield, Jawn Doh!, B-r00t!,
# the fbsdrk & fbsdrootkit teams for inspiration.

This is the initial Public Release of the OS X RootKit. This type of rootkit should be easy to defend against if you really care about your computer. Keep your system up to date and patched.

Less lethal???

The Boston police department says they take full responsibility for the death of a 21 year-old college student who died after being shot in the face by a police officer. At the same time they are vowing to bring to justice the hooligans who they say are created the situation. People should be reminded what happened here. A police officer, charged with keeping the peace, aimed a gun at someone's head and pulled the trigger. Everyone should be outraged by the continuing use of misnomers like non-leathal projectiles. The police in our police state have run amok by a false sense that less discrimination needs to be used when using these modern projectiles.

Opener - OS X Rootkit

There is a note on Macintouch today about somebody being hit by the opener rootkit on OS X. The rootkit is available for download from a .mac account as osxrk. This kit has been in the 'wild' for over a month now. The opener file says it will move itself to /System/Library/StartupItems. The script is aware of LittleSnitch and kills it before making network connections to download tools for wiping out logs and gathering of passwords.

From the readme "rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more."

Allow root to SSH in? No.

By default OS X ships with the root user set so you can't login. Many people know that you assign a password to the root user and viola you can now login. What is disappointing is that Apple by default does not configure SSH to prevent REMOTE login by root. It's a simple configuration change to the /etc/sshd_config file. There are two ways to do it. I prefer to add the following line:

AllowUsers      username

There is also the possibility of using DenyUsers and putting root in that list, but by using AllowUsers you further limit who has access.