1 Comment

Security.

So this morning Apple released a security update for their latest version of macOS, called High Sierra. Earlier this year, macOS High Sierra was touted as being a new version of the operating system on Macs that would bring stability and a whole bunch of enhancements under the hood. The focus of High Sierra was to make its predecessor, macOS Sierra, better.

The purpose of today’s Security Update was to correct an issue that was announced throughout Social Media yesterday: that a user with physical access to a Mac was able to get to root user privileges, otherwise known as “Administrator” without using a password. Entering root as a username and then skipping the password prompt with a carriage return granted full access to the Mac. No password necessary. From there, anyone could do ANYTHING they wanted on the Mac: change usernames, delete everything, send out email, anything and everything is possible with root access to a Unix based machine.

To say that this was a security concern is a vast understatement. You wouldn’t be too far out of the realm of reality if you were to say that this was probably one of the biggest security blunders of the computer age.

The fact that this was pushed to production as part of the official version of macOS is mind boggling to me. Absolutely mind boggling.

Look, mistakes are made. I get that. As a software developer by trade I make mistakes all the time. My code is far from picture perfect and I’ve caused more than one user to scratch their head as software I’ve written has gone way off into the weeds due to simple bugs that I later squashed. The thing is, a lot of my bugs are found and corrected long before the software is released. That’s why we have things like UAT, or User Acceptance Testing. That’s why I spend hours testing and retesting my software before it even gets to UAT. To think that this sort of thing was missed by the macOS team at Apple, which one would presume is a large team at one of the largest corporations in the world, is mind boggling to me.

I’m impressed with how fast Apple pushed a patch to users. But honestly, I want more. I want to know how it happened, how secure the patch is and what the macOS team is going to do to avoid making a blunder of this magnitude again. This isn’t a matter of holding the Mac wrong or dropping a Mac from a ridiculous height and then claiming it can’t withstand the pressure, this is Security 101 on what is touted to be one of the strongest operating systems in the industry.

Apple dinged my faith and my trust in their software with this latest gaff. How do I know that my text messages aren’t going to start broadcasting to the wrong person? Where’s my guarantee that my data will always be encrypted and secure when bugs of this magnitude are starting to appear in their oldest operating system?

When a user pays a premium price for Apple’s products and services, they should never be expected to Expect Less. Mediocrity is not an option. Apple used to do better.

They need to prove that they can do better once again.

2 Comments

What Is Net Neutrality?

Since I’m the “go to” IT guy in the family, here’s how I explain Net Neutrality, and why it’s important for us to keep it around.

Think of Net Neutrality like this. Right now you can use your Internet connection for anything it’s capable of. Now let’s liken this to electricity. If Net Neutrality was repealed on your power connection, your power or hydro company could charge more for what you use your power for. Basic package? Lights only. Want to add heat or an electric stove? Well that’s a different tier. Want to use your electric dryer? If you buy it from us you can go to a new tier. If you buy it from someone else, you only get 110V instead of 220V. The power company objects to personal massagers and whirlpool tubs, so they don’t get any power at all.

See the problem here?

Net Neutrality protects your use of the internet to use it how you want to use it with equal access to everything available. The big telecoms say they won’t change a thing, but why would we want to repeal that guarantee? Do you trust your cell phone company? Do you believe your cable company has your best interest at heart?

Do you want to make a difference? I lifted this from a friend’s post about Net Neutrality. Make the call today.

Only five people at the FCC get to vote on Net Neutrality: Ajit Pai, Mignon Clyburn, Michael O’Rielly, Brendan Carr, and Jessica Rosenworcel. Clyburn and Rosenworcel plan to vote to keep it. Call the other three!

  • Ajit Pai: 202-518-7399
  • Michael O’Rielly: 301-657-9092
  • Brendan Carr: 202-719-7305

Brawling.

Nothing embraces both the spirit of the Thanksgiving Holiday and the celebration of the birth of Jesus like beating the crap out of fellow consumers during a festive holiday shopping experience. Onward Christian Soldiers. There are deals to be had.

From the Washington Examiner.

Black Friday fight in Alabama causes mall to close early
by Steven Nelson | Nov 24, 2017, 10:26 AM

A group of fist-flinging young women forced an Alabama mall to close earlier than expected Thursday night.

The Riverchase Galleria near Birmingham planned to remain open until midnight ahead of the popular Black Friday shopping day.

But a fight involving at least two women forced the mall to close early at 11:20 p.m., Al.com reports.

Footage shared on social media shows pairs of jeans on the ground and a table flipping over as police move to detain the women. A widely shared video doesn’t show what started the fight, but shows its resolution.

The video shows one police officer grab an uncooperative woman in an attempt to detain her while two other women remain seated, watched over by police and a security guard.

“Go to jail!” a male voice says in the video, as many shoppers watch the altercation’s aftermath.

WBRC-TV reporter Clare Huddleston reported on Twitter that the incident occurred at the entrance of the Buckle clothing retailer.

Huddleston reported hours after the encounter that local police told her nobody was arrested for the fight.

Police “say this fight was personal between two females. Had nothing to do with Black Friday sales,” Huddleston reported. “Thankfully no injuries. No arrests made.”

Uber’s Data Breach.

This is another reason I stick with Lyft. Uber is convenient, but it’s a wicked creepy company.

From the New York Times.

SAN FRANCISCO — Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.

The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private.

The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board.

The two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data, the employees said.

Uber acquiesced to the demands, and then went further. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter. To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.

The details of the attack remained hidden until Tuesday. The ride-hailing company said it had discovered the breach as part of a board investigation into Uber’s business practices.

The breach at Uber is far from the most serious exposure of sensitive customer information. The two breaches that Yahoo announced in 2016 eclipse Uber’s in size, and an attack disclosed in September by Equifax, the consumer credit reporting agency, exposed a far deeper trove of personal information for a far larger group of people.

But the handling of the breach underscores the extent to which Uber executives were willing to go to protect the $70 billion ride-hailing giant’s reputation and business, even at the potential cost of breaking users’ trust and, perhaps more important, state and federal laws. The New York attorney general’s office said on Tuesday that it had opened an investigation into the matter.

Dara Khosrowshahi, who was chosen to be chief executive of Uber in late August, said he had only recently learned of the breach.

“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi said in a company blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

A spokeswoman for Mr. Kalanick declined to comment.

The revelation of the breach and the way it was kept quiet renewed questions about the tenure of Mr. Kalanick, who has faced criticism over his management style and practices after Uber came under scrutiny for its workplace culture this year. The New York Times also reported on a secret program called Greyball that had been undertaken on Mr. Kalanick’s watch, in which Uber staff members surveilled law enforcement officials in order to evade them. Since his exit as chief executive, he has been sued by one of Uber’s earlier investors for fraud.

The breach is also a black mark for Mr. Sullivan, who was a prominent figure in the information security industry. Mr. Sullivan joined Uber as the company’s first chief security officer in 2015, after serving as the head of security at Facebook for seven years.

Unlike many cybersecurity executives, Mr. Sullivan was previously a lawyer and had studied cyberlaw at the University of Miami. He began his career in the technology industry as a federal prosecutor during the tech boom of the late 1990s, working at companies including eBay in 2002, where he was head of trust and safety.

Mr. Sullivan’s decision to join Uber was seen as a win for the company. As Uber’s ranks of drivers and riders had grown, people in and outside the company became worried about privacy and security. Uber had faced complaints about driver and rider assaults, as well as allegations that it was not doing enough to protect rider data. Mr. Sullivan was tasked with keeping drivers and riders safe.

The other Uber employee who was fired alongside Mr. Sullivan was Craig Clark, the company’s legal director of security and law enforcement. Neither Mr. Sullivan nor Mr. Clark responded to requests for comment.

The company’s decision to conceal the breach and pay the ransom quickly raised questions among security experts. Many have repeatedly warned companies against paying hackers a ransom to cover up breaches or return stolen data, advice that was included in a 2016 statement from the F.B.I. And several states including California have laws mandating that companies disclose when they are breached by hackers.

“Companies are funding organized crime, an industry of criminals is being created,” said Kevin Beaumont, a cybersecurity expert based in Britain. “The good guys are creating a market for the bad guys. We’re enabling them to monetize what years ago would have been teenagers in bedrooms breaching companies for fun.”

Uber has experienced breaches before. The company was hit with a data breach in May 2014, an event Uber discovered later that year and disclosed in February 2015. In that attack, the names and driver’s licenses of more than 50,000 of the company’s drivers were compromised.

This latest breach puts Uber in another difficult situation just as the company is working to repair its battered image and preparing to seek an initial public offering in 2019. Mr. Khosrowshahi has characterized his tenure at the company as “Uber 2.0.” As part of that, he has tossed out the aggressive corporate values that were prized by Mr. Kalanick and given the ride-hailing service a new list of values that includes “doing the right thing. Period.”

Uber has hired Matt Olsen, former general counsel at the National Security Agency, as an adviser, and has retained Mandiant, a security firm, to conduct an independent investigation of the security breach. Uber said Mr. Olsen planned to reorganize the company’s security team.

But the damage has already been done, and Uber officials are aware of the long road back to good standing with the public.

While it is not illegal to pay money to hackers, Uber may have violated several laws in its interaction with them.

By demanding that the hackers destroy the stolen data, Uber may have violated a Federal Trade Commission rule on breach disclosure that prohibits companies from destroying any forensic evidence in the course of their investigation.

The company may have also violated state breach disclosure laws by not disclosing the theft of Uber drivers’ stolen data. If the data stolen was not encrypted, Uber would have been required by California state law to disclose that driver’s license data from its drivers had been stolen in the course of the hacking.

An Uber spokesman declined to comment.

The Star-Spangled Banner.

The Star Spangled Banner is not a waltz. It’s not a pop tune peppered with screaming and “runs”, it’s not a ballad and it’s not some smaltzy jazz tune. You will not find it in any hymnal. To be honest, it’s a reworking of an English drinking song about alcohol and sex called “To Anacreon in Heaven”. It is meant to be sung at a fairly lively tempo and military bands still play it this way. Stop behaving like it’s gospel. It’s not. A performance of “The Star Spangled Banner” is not a religious experience in any way. Performers didn’t really start smaltzing out on it until Whitney Houston turned it into a hit record during the first Gulf War. The song, and what we do during its performance, is a symbol of pride. And for a country that prides itself on Freedom of Expression, we must remember that people express pride in different ways and for different reasons. The cool thing about the good ol’ USA is that no one has the right to dictate how we express ourselves. We bang our chests about our freedom, so it’s important that we respect the freedom of expression of every citizen. No president has the power to contradict that, not even an Orange-Tinted Julius Caesar wannabe that wants to control the masses down to a very narrow scope of what we should all be. Honestly, I grit my teeth through every hackneyed “jazzed-up” performance of the song but I still tear up. I find the meaning. I tear up because of what we have, what we had and what we’ve become. Not all these tears are of pride. We can do better. Anyone that thinks these are the greatest days of the USA must suffer from the Opioid Epidemic. Get help. But more importantly, make the country, and more importantly the WORLD, a better place. Skin color, race, sexual orientation, religious choices, abilities, disabilities: they’re all insignificant. It’s not difficult: work hard, give more to the community than you receive, love and do good things. No citizen of the United States is a dictator. And no true patriot would ever aspire to be.

1 Comment

Slam.

Our local Mariano’s (supermarket) has a grand piano near the checkout lanes. When I first heard the piano music on our way into the store, I assumed it was some automated thing plunking out the holiday music the weekend before Thanksgiving, which in itself is an irksome thing because the hordes of people at Mariano’s at the time were clearly there purchasing food for their upcoming Thanksgiving Feast, not items for the frenetic exercise we call “The Christmas Holiday”.

I tuned out the piano.

As Earl and I made our way to register six, I noticed that the grand piano actually had an elderly gentleman installed on the bench and while he appeared to be three months away from becoming a Disney Animatronic Amusement, he was actually playing the piano and had apparently been hired to do so by the fine folks at Mariano’s. By the way, Mariano’s is nice but it ain’t Wegmans. Just sayin’.

So as we are standing there in line at register six, the guy is playing lively Christmas tunes on this grand piano, while I’m staring at our impending Thanksgiving dinner and hauling it out of the cart and up onto the conveyor belt. I’m not a fan of Christmas music to begin with but it makes me especially surly before the Thanksgiving holiday. Honestly, early Christmas music is a constant reminder that the joyous time of the year is now force fed to the masses through ads, sales, and constant reminders that you are a bad Christian if you don’t abandon your family at 6:00 PM on Thanksgiving to head out to the mall to buy lots and lots of idiotic things for your loved ones.

As we waited our turn for our impending Thanksgiving dinner to be whipped across laser beams and into bags, the elderly Billy Joel then crossed a line, a very deep line in the white sand, because we don’t have snow yet. He started playing “My Favorite Things” from “The Sound of Music”.

I nearly leaped over registers six through ten and slammed the grand piano cover on his bony little fingers. “My Favorite Things” Is. Not. A. Christmas. Song. Yes, it has been performed as a holiday treasure (not buried, but it should be) for the past couple of decades because it talks about woolen mittens and brown paper packages. Yes, Barbra Streisand croaked it out on a holiday album. Yes, Julie Andrews sang it once with a Christmas Tree in the background on a kinescope black and white variety show in the early 1960s. But the fact of the matter is, everyone knows the song from the movie version of “The Sound of Music” and it’s used to calm a bunch a sea urchins down during a thunderstorm, which is wild in itself because I doubt that thunderstorm was the first thunderstorm to pass through Austria in the 1940s.

It irks me enough to make quote the Reverend Mother, “What is it, you cuntface”.

Do people really enjoy listening to holiday music before its time? I guess I shouldn’t expect anything less, after all, the National Anthem that we are all so worked up about lately is actually a drinking song called “To Anacreon In Heaven”. Said song is about consuming alcohol and sex. I’ve seen brides and grooms slow dance to Whitney Houston warbling out “I Will Always Love You”, a song about ending a relationship. “Born In The U.S.A.” is about the Vietnam War.

A song about calming down during a thunderstorm repurposed to be about the birth of Jesus? Why not.

2 Comments

Comfort.

I have no doubt that there’s an “other side” when it comes to what happens when we die. I believe that we see only a small portion of the total picture of the Universe, that there are many stages of life, even before we are born and after we die, and this knowledge gives me peace. When it’s my time, I won’t be afraid.

Some religions want us to believe that there is judgement and that if we screw up our life we are sent to eternal damnation in hell and we are surrounded by flames and torture and screaming and the like. It’s hot. Eternity is a long time. Why would an all loving Deity do that to one of his creations? No, that sort of hell is a human construct perpetuated to keep us in line and to control our thinking. Don’t be afraid to think outside the box.

I remember asking my mom in the late 1970s about hell and her thoughts on the subject. She said that she thinks we don’t get damned to eternal torture but that maybe we come back and learn again. I asked her if that meant this was hell and she said, “maybe”. But it was a learning place, not a mean place.

Last night I had a family reunion in my sleep. A dream, a premonition, contact with the other side, I don’t know. My gut says it was more than a dream. Perhaps my dreams are just quite organized. But many of my relatives that have passed on were there and lending their comfort and support to address some things that have been bothering me of late. Now, I’m not troubled nor unhappy (quite the contrary), but my analytical ways have had me in hyper-evaluation mode over the past few days, especially surrounding my pilot career. This has happened once before, where I felt a little down about flying and the circumstances surrounding being able to fly as frequently as I’d like to. Like the last time, my Dad, a private pilot that passed away nearly six years ago in a crash of his second home built, came to me in a dream and gave me a pep talk. Last night the whole family was there. He said he liked flying “low and slow”. I asked him why he didn’t like flying the Tomahawk back in the day, he said it didn’t give him enough view and “it could be slippery”. “You need to fly the airplane you want to fly.” I asked him if he’d fly in the right seat in “the Cherokee” if I flew as PIC (Pilot In Command). In the dream or the vision or the premonition I had last night, he said “absolutely. Go buy one.” We talked about some other things that are too personal to share in a public forum. They were all right on the money. Things started making sense.

My godmother was also there. She told me she’d break the alarm clock so we could talk. We talked about some spiritual stuff and about some of the other things that have been bothering me a little bit and she said I needed to calm down. Stop analyzing. Get out of my head. “You have a good head on your shoulders, you’ll know when you’re really in trouble. Stop worrying.” Have fun. Enjoy life. Again, we talked about more personal things.

Dream? More? All I know is that it felt incredibly real and that I feel amazing this morning. My head feels clear. And when I awoke, my Amazon Echo Dot, which I use as my alarm clock, was flashing but not making any noise. Normally it’d be playing some soothing sounds to awake me, but not so much as a peep this morning. It was 6:17 and my alarm had been flashing for 17 minutes.

Those 17 minutes were worth it.

Inhibition.

Raj on “The Big Bang” theory, at least in the early seasons, couldn’t talk to Penny unless he was drinking alcohol. I get that. Back in my club DJing days, I was always isolated from the crowd by playing music in a DJ booth removed from the action. I controlled the tempo of the bar, but I didn’t participate in that tempo. I never had great social skills in that situation; I indicated my attraction to my husband by shining a light in his face from the DJ booth. Sexy times.

Earl has not been feeling well the past couple of weeks; his back has been hurting him and he’s had a lot of down time. When I told him that I was in the mood to go out for a drink tonight he encouraged me to do so alone. There’s a gay bar not too far from our home, it’s a 10 minute walk or one ride up the Brown Line to the next stop. The clientele is older. The music is from a jukebox. The faces are friendly. I decided to venture out alone.

I’m still not good in these social situations. I tend to get a beer and park myself on the perimeter. I’m fascinated with the people watching. I love watching the cliques do their thing and finally mingle. I enjoy watching who goes home with whom. I like trying a different beer. I was content. A man approached me and asked why I was standing in the corner. I replied, “I’m flying solo tonight and just watching the crowd.” He invited me over to their corner of the bar and said that they were friendly.

I thanked him but continued to do my own thing.

Another man invited me to dance to “Life In A Northern Town” by The Dream Academy. He was about my age, incredibly handsome and although there was no dance floor, the bar area magically cleared when he decided he wanted to dance. I couldn’t find a danceable rhythm in the song so I made a few strides and smiled in an awkward manner. He thanked me and moved on to someone that could find rhythm where there was none.

Apparently when I stand in the corner, drinking a beer by myself and enjoying the people watching, I can be a little intimidating. There’s a million things that I could use to strike up a conversation but I’m worried that I’ll misstep and say something awkward and people will then tweet about me and I’ll have some sort of dark sticker on my identity and my lack of social convention will go on my permanent record. I can chat with the best of them, but only after the conversation has started. I’m not good at meeting new people and I’m not good at striking up a non-dork conversation. I need to get better at this sort of thing.

I tested the bar by playing a fairly obscure Mariah Carey song on the jukebox. The track was “Prisoner” from her first album. I’m not a Mariah Carey fan in any way, but this song was a drag favorite back in 1991 so I wanted to see if the crowd knew the song. A couple of folks at the bar sang along so I apparently wasn’t completely out of my element. I finished my beer and left, nodding a smile at a few people along the way as I made my way out the door.

I had a quiet walk home. Maybe next time I’ll actually interact with the crowd instead of just observing it.