I’d write a long blog post of why the FCC’s vote to repeal Net Neutrality is one of the more idiotic things to happen in D.C. in, oh, the past week, but I don’t want to use up my Internet access rations just yet.
Geek
Security.
So this morning Apple released a security update for their latest version of macOS, called High Sierra. Earlier this year, macOS High Sierra was touted as being a new version of the operating system on Macs that would bring stability and a whole bunch of enhancements under the hood. The focus of High Sierra was to make its predecessor, macOS Sierra, better.
The purpose of today’s Security Update was to correct an issue that was announced throughout Social Media yesterday: that a user with physical access to a Mac was able to get to root user privileges, otherwise known as “Administrator” without using a password. Entering root as a username and then skipping the password prompt with a carriage return granted full access to the Mac. No password necessary. From there, anyone could do ANYTHING they wanted on the Mac: change usernames, delete everything, send out email, anything and everything is possible with root access to a Unix based machine.
To say that this was a security concern is a vast understatement. You wouldn’t be too far out of the realm of reality if you were to say that this was probably one of the biggest security blunders of the computer age.
The fact that this was pushed to production as part of the official version of macOS is mind boggling to me. Absolutely mind boggling.
Look, mistakes are made. I get that. As a software developer by trade I make mistakes all the time. My code is far from picture perfect and I’ve caused more than one user to scratch their head as software I’ve written has gone way off into the weeds due to simple bugs that I later squashed. The thing is, a lot of my bugs are found and corrected long before the software is released. That’s why we have things like UAT, or User Acceptance Testing. That’s why I spend hours testing and retesting my software before it even gets to UAT. To think that this sort of thing was missed by the macOS team at Apple, which one would presume is a large team at one of the largest corporations in the world, is mind boggling to me.
I’m impressed with how fast Apple pushed a patch to users. But honestly, I want more. I want to know how it happened, how secure the patch is and what the macOS team is going to do to avoid making a blunder of this magnitude again. This isn’t a matter of holding the Mac wrong or dropping a Mac from a ridiculous height and then claiming it can’t withstand the pressure, this is Security 101 on what is touted to be one of the strongest operating systems in the industry.
Apple dinged my faith and my trust in their software with this latest gaff. How do I know that my text messages aren’t going to start broadcasting to the wrong person? Where’s my guarantee that my data will always be encrypted and secure when bugs of this magnitude are starting to appear in their oldest operating system?
When a user pays a premium price for Apple’s products and services, they should never be expected to Expect Less. Mediocrity is not an option. Apple used to do better.
They need to prove that they can do better once again.
What Is Net Neutrality?
Since I’m the “go to” IT guy in the family, here’s how I explain Net Neutrality, and why it’s important for us to keep it around.
Think of Net Neutrality like this. Right now you can use your Internet connection for anything it’s capable of. Now let’s liken this to electricity. If Net Neutrality was repealed on your power connection, your power or hydro company could charge more for what you use your power for. Basic package? Lights only. Want to add heat or an electric stove? Well that’s a different tier. Want to use your electric dryer? If you buy it from us you can go to a new tier. If you buy it from someone else, you only get 110V instead of 220V. The power company objects to personal massagers and whirlpool tubs, so they don’t get any power at all.
See the problem here?
Net Neutrality protects your use of the internet to use it how you want to use it with equal access to everything available. The big telecoms say they won’t change a thing, but why would we want to repeal that guarantee? Do you trust your cell phone company? Do you believe your cable company has your best interest at heart?
Do you want to make a difference? I lifted this from a friend’s post about Net Neutrality. Make the call today.
Only five people at the FCC get to vote on Net Neutrality: Ajit Pai, Mignon Clyburn, Michael O’Rielly, Brendan Carr, and Jessica Rosenworcel. Clyburn and Rosenworcel plan to vote to keep it. Call the other three!
- Ajit Pai: 202-518-7399
- Michael O’Rielly: 301-657-9092
- Brendan Carr: 202-719-7305
Uber’s Data Breach.
This is another reason I stick with Lyft. Uber is convenient, but it’s a wicked creepy company.
From the New York Times.
SAN FRANCISCO — Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private.
The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board.
The two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data, the employees said.
Uber acquiesced to the demands, and then went further. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter. To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.
The details of the attack remained hidden until Tuesday. The ride-hailing company said it had discovered the breach as part of a board investigation into Uber’s business practices.
The breach at Uber is far from the most serious exposure of sensitive customer information. The two breaches that Yahoo announced in 2016 eclipse Uber’s in size, and an attack disclosed in September by Equifax, the consumer credit reporting agency, exposed a far deeper trove of personal information for a far larger group of people.
But the handling of the breach underscores the extent to which Uber executives were willing to go to protect the $70 billion ride-hailing giant’s reputation and business, even at the potential cost of breaking users’ trust and, perhaps more important, state and federal laws. The New York attorney general’s office said on Tuesday that it had opened an investigation into the matter.
Dara Khosrowshahi, who was chosen to be chief executive of Uber in late August, said he had only recently learned of the breach.
“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi said in a company blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
A spokeswoman for Mr. Kalanick declined to comment.
The revelation of the breach and the way it was kept quiet renewed questions about the tenure of Mr. Kalanick, who has faced criticism over his management style and practices after Uber came under scrutiny for its workplace culture this year. The New York Times also reported on a secret program called Greyball that had been undertaken on Mr. Kalanick’s watch, in which Uber staff members surveilled law enforcement officials in order to evade them. Since his exit as chief executive, he has been sued by one of Uber’s earlier investors for fraud.
The breach is also a black mark for Mr. Sullivan, who was a prominent figure in the information security industry. Mr. Sullivan joined Uber as the company’s first chief security officer in 2015, after serving as the head of security at Facebook for seven years.
Unlike many cybersecurity executives, Mr. Sullivan was previously a lawyer and had studied cyberlaw at the University of Miami. He began his career in the technology industry as a federal prosecutor during the tech boom of the late 1990s, working at companies including eBay in 2002, where he was head of trust and safety.
Mr. Sullivan’s decision to join Uber was seen as a win for the company. As Uber’s ranks of drivers and riders had grown, people in and outside the company became worried about privacy and security. Uber had faced complaints about driver and rider assaults, as well as allegations that it was not doing enough to protect rider data. Mr. Sullivan was tasked with keeping drivers and riders safe.
The other Uber employee who was fired alongside Mr. Sullivan was Craig Clark, the company’s legal director of security and law enforcement. Neither Mr. Sullivan nor Mr. Clark responded to requests for comment.
The company’s decision to conceal the breach and pay the ransom quickly raised questions among security experts. Many have repeatedly warned companies against paying hackers a ransom to cover up breaches or return stolen data, advice that was included in a 2016 statement from the F.B.I. And several states including California have laws mandating that companies disclose when they are breached by hackers.
“Companies are funding organized crime, an industry of criminals is being created,” said Kevin Beaumont, a cybersecurity expert based in Britain. “The good guys are creating a market for the bad guys. We’re enabling them to monetize what years ago would have been teenagers in bedrooms breaching companies for fun.”
Uber has experienced breaches before. The company was hit with a data breach in May 2014, an event Uber discovered later that year and disclosed in February 2015. In that attack, the names and driver’s licenses of more than 50,000 of the company’s drivers were compromised.
This latest breach puts Uber in another difficult situation just as the company is working to repair its battered image and preparing to seek an initial public offering in 2019. Mr. Khosrowshahi has characterized his tenure at the company as “Uber 2.0.” As part of that, he has tossed out the aggressive corporate values that were prized by Mr. Kalanick and given the ride-hailing service a new list of values that includes “doing the right thing. Period.”
Uber has hired Matt Olsen, former general counsel at the National Security Agency, as an adviser, and has retained Mandiant, a security firm, to conduct an independent investigation of the security breach. Uber said Mr. Olsen planned to reorganize the company’s security team.
But the damage has already been done, and Uber officials are aware of the long road back to good standing with the public.
While it is not illegal to pay money to hackers, Uber may have violated several laws in its interaction with them.
By demanding that the hackers destroy the stolen data, Uber may have violated a Federal Trade Commission rule on breach disclosure that prohibits companies from destroying any forensic evidence in the course of their investigation.
The company may have also violated state breach disclosure laws by not disclosing the theft of Uber drivers’ stolen data. If the data stolen was not encrypted, Uber would have been required by California state law to disclose that driver’s license data from its drivers had been stolen in the course of the hacking.
An Uber spokesman declined to comment.
Memory.
So yesterday my friend Matt in Williamsport, Pa and I were catching up on the phone. Text messages can take a conversation only so far, it’s best when during those times when you can’t meet in person that you can at least talk on the phone. We got to talking about our shared OCD tendencies, as we both tend to eat our food one thing at a time. For example, all the meat, all the potatoes and then all the vegetables, or whatever. We both agreed that our food can touch, that’s just fine, we just eat one thing at a time. Apparently I’m further up the spectrum than he is because I will disassemble hot subs or sandwiches and salads. It drives Earl crazy. When presented with a meatball sub, I eat all the meatballs first then I eat the bread. When eating a salad I eat all the tomatoes, then all the cucumbers, then all the peppers, then I finally get to the lettuce. It’s just the way I eat and I’ve always eaten this way. I’m not finicky, I’m just organized. Matt has labels on his light switches, so there’s our OCD trade-off.
This got me to thinking about some of my idiocyncracies that I’m aware of (I’m sure there are more that I don’t even realize that I’m doing) and then wondering about my steel-trap memory and observational powers. I notice things. I notice patterns, I notice changes in rhythm, I notice changes in appearance and I can easily follow a process. I think this has helped my computer-based career over the years as I can easily spot abnormalities. For example, if a pre-programmed routine is suppose to run every day at a certain time, I will instantly notice if something is amiss. I’ve been telling our Database Administrators that a completion email for a daily routine has been arriving 12-15 minutes late for the past two weeks. They say don’t worry about it. I tell them that something has to be off because the emails are arriving later. Computers don’t get lazy, something is impeding normal progress. Today the process finally failed. Something changed. They’re looking into it.
The process and consistency of computing devices, especially vintage devices, fascinate me. My initial interest in computing was sparked by the slow conversion of mechanical to electronic cash registers at grocery and department stores over the 1970s. I remember being fascinated by the space-age looking Singer-Friden cash registers at Sears and Roebuck (the first of their kind, by the way). When our local grocery store, the P&C converted to electronic cash registers in 1978 I was blown away. They were so cool. I watched cashiers do their thing and I learned the process of how the cash registers worked, even at 10 years old. In 1980, P&C hosted a “Food Fiesta” at the New York State Fairgrounds in Syracuse. The Center of Progress building was populated with food vendors giving tasting samples. There were cooking classes. And in one aisle, there was a display of the checkouts at your local P&C Food Store and the public could stand behind the counter, spin the counter belt and try ringing up items. It was 1980. I was 12 years old. I watched a couple of adults try to keep running the cash register and they couldn’t make it work. The “ERROR >” light kept lighting up on the display. The problem was easily apparent, the man was pushing the decimal key when he was trying to enter an item for 99 cents (this was before scanning was popular). He said the cash register was broken. A P&C representative started walking over to the register but I beat them to the cash register. I then hit CLEAR and promptly rang up about 75 items at rapid speed, using advanced functions such as split pricing, multiple departments, food stamp exceptions, taxable items and the like. I even added a few store coupons and double vendor coupons to the order before punching in split tender – so much in cash and so much in a personal check. The order completed, the receipt was ejected from the top and the cash drawer popped open. I kept the receipt as a souvenir. The P&C representative and the few adults around me all asked, “how in the world do you know how to do that”? I just shrugged my shoulders and moved on.
My steel trap memory and my ability to observe. I should have put that super power to good use.
As I was formulating this blog entry in my head earlier today, I got to doodling on my work notebook and sure enough, I was able to draw this, and several other like it, out. From memory.
This is the layout of a Data Terminal Systems Series 400 (actually model 440) cash register keyboard in 1980 in a grocery store configuration. There’s only one button I can’t remember.
I probably should use my powers for something useful someday.
Inspiration.
Steve Jobs died six years ago today. The man was a visionary, a genius, and an inspiration for many. I believe the DNA of his vision lives on today at Apple.
They took away my Mac at work this week in an effort to remove all Macs from the work network. Honestly, I feel a little let down. My new laptop works but it brings me little joy. I’ve gone from a luxury car to a bus. I feel like I’m typing with my elbows.
I needed to feel inspired again. Knowing the genius thinking behind the vision that Steve had of the future, I visited the site of the newest Apple flagship store which opens in two weeks. It will be a destination. It will being a sense of community. Senior VP of Retail, Angela Ahrendts, is an inspiration to me as well. I love her energy.
Inspiration. Pass it on. #applefanboy
Star Trek: Used.
So Earl and I watched the first two episodes of “Star Trek: Discovery” this evening. I signed up for the trial of CBS All Access, the streaming service required to see the latest Star Trek television series in the United States, as the series won’t be shown on regular TV and it isn’t available on the other streaming services everyone else uses.
There may be a few spoilers in the rest of this entry, so if you’re interested but haven’t seen the episodes yet, you may want to stop reading now.
You have been warned.
You have been warned.
I’m not going to get into a heavy dialog about the plot details of the first two episodes of the series but rather just make some observations. As a life-long Trekker, I’ve enjoyed every iteration of the Trek franchise, aside from the latest Star Trek Movie. I feel connected to Star Trek. The vibe of Star Trek, especially Star Trek: Next Generation, has always given me hope that someday humanity would find our place amongst the stars.
The first two episodes of Star Trek: Discovery take place on the U.S.S. Shenzhou, with Captain Philippa Georgiou, played by Michelle Yeoh. First Officer Michael Burnham, played by Sonequa Martin-Green is at her side. She is Captain Georgiou’s Number One. Her protege. Her friend. I found myself connecting very easily to Captain Georgiou. I liked her commanding style, I liked her balance of ingenuity and diplomacy. As a viewer I found myself invested in the character. I was thinking, “yeah, she’s as cool as Janeway!”.
There were elements of the first two episodes that helped cement that we were in the Star Trek universe. The communicators sounded the same as The Original Series. The doors “whooshed” with the same sound effect. The transporter, when energized, sounded familiar. But the show does fail my Star Trek Transporter Effect test in that the special effects used are very Harry Potter looking. There’s glittering gold and wispy fairy dust going on. It’s illogical that a device used to transporter matter from point A to point Z as an energy beam would have wispy fairy dust sparkling about. How do we not know that wispy pixie dust isn’t part of a toe or an arm or some vital internal organ? It doesn’t go with the rest of the person being beamed in or out. And Federation transporter beams are white, Klingon transporter beams are orange.
And thankfully Discovery opened up with the word “Klingon” on the bottom of the screen because these aliens looked nothing like Klingons. They also sounded nothing like Klingons. They spoke Klingon, at length in episode two, but the Klingons are not the Klingons we’ve known from before. I could live with that, because Captain Georgiou was handling the situation quite well. I found First Office Burnham getting on my nerves by the second episode. She was a little too know-it-all, her upbringing on Vulcan notwithstanding. I just found her grating. I felt no investment in the character.
Then in the last five minutes there’s a huge twist and my investment, or lack thereof, in the characters on the U.S.S. Shenzhou was for naught. In the last five minutes of the show “Star Trek: Discovery” slides into “Star Trek: Millenial Strife” and the screen goes to black. After a few mandatory commercials, because after all, we’re suppose to PAY for CBS: All Access, an extended trailer ensues showing more Millenial Strife with the annoying Michael Burnham, a new ship, a new captain and lots and lots of battle scenes and talk about war.
The most Star Trek moments of the first two episodes: walking on a desert planet learning and discovering, attempts at negotiation, a seemingly true bond between a very capable Captain and her First Officer, are all just part of an extended back story. Episode three is apparently “like watching a new pilot”, per the show runner. The only way you’ll see it is if you absolutely pay for CBS: All Access.
Which I absolutely will not do.
I have no interest in watching a “Star Trek” series loaded up with extended space battles, dark cutaways, and lots and lots of Millenial Strife. It’s not my thing.
I’m sorry, Captain Georgiou, I was really liking the idea of an Asian female captain at the helm of a Federation starship. I wanted to watch you find your groove. I wanted to see where you would boldly go. And I think Michelle Yeoh was the biggest asset to the show to date. Her character was worth my investment.
And that investment has been cashed out.
Space.
With all the problems we have in our own country, the United States doesn’t seem as excited about space exploration as we were when I was kid, or even when the Space Shuttle Program was running. I am thoroughly fascinated by it and I follow many astronauts on Twitter and read up on the International Space Station when I have a few moments.
One of the best vacations Earl and I had together was when we visited the Space Center in Houston. I’ve been watching tours of the International Space Station ever since, here’s one from 2016.
I really think man’s future is in space. I want to see a “Star Trek” (Gene Roddenberry’s vision, not “millennial strife in space”) reality come to fruition.
I hope at least a few of us always remember to reach for the stars.
Day 3.
Earl and I have been sleeping on an air mattress since closing on the condo on Wednesday morning. Our new mattress doesn’t arrive until Monday; the other pieces arrived yesterday but the mattress is trailing along. It’s fine and sleeping on the air mattress isn’t as bad as I thought it would be.
It was about 10:30 PM of the night we moved in when we discovered that the washing machine in our condo has some really bad bearings. The washer works fine but it sounds much like the Space Shuttle at take-off when it’s spinning. Earl and I walked the length of the building during the spin cycle and you can hear our washing spinning from one end of the building to the other.
What a great way to impress our new neighbors.
Tonight we ordered a new washer and matching dryer at The Home Depot. The units will be delivered on Thursday; we’ll limit our laundry activities to daylight hours in the meanwhile.
We have been living the “big city life” since starting the move in on Wednesday and every minute has been pure bliss. I love being able to walk where I need to go. I love having things to do within walking distance. Earl and I are slowly exploring the nooks and crannies of our neighborhood and we’ve been visiting some places in nearby neighborhoods as well. Yesterday we experienced Illinois’ version of the DMV. The Jeeps have new license plates but the driver licenses will have to wait until our next attempt of such an adventure, which will probably take place in a couple of weeks. Luckily, Illinois gives us 90 days to transfer our driver’s license.
Three days in Chicago has taken me away from social media a bit and honestly that’s a wonderful thing. When living in Central New York we often turned to social media for entertainment. There’s just so much to do in The Windy City that I’m finding that I don’t turn to Twitter to see what chaos is happening in the world. I’ve been keeping friends and family updated on Facebook with an update here and there. I’m still not a fan of Facebook but because so many folks are using it, it’s the easiest way to reach out to family and friends. I keep trying to drive them to the blog but having a blog seems so 2001.
By the way, this blog turned 16 years old this week. I’ve been updating this blog since 2001, when I first wrote about flying with my Dad in his Acrosport II for the first time and going to the Field Days (town carnival) in my hometown.
My blog was on the leading edge in 2001. In 2017 it definitely feels like it’s on the trailing edge. Why march in step with the crowd when you hear a completely different song?