Sunday, October 22, 2017

The classical music influence on Rock and Roll: Sergei Rachmaninoff and Muse - Butterflies and Hurricanes

Rachmaninoff is perhaps the greatest composer for Piano, excepting only Chopin himself.  He was perhaps the apex of the romantic movement, which made him a natural influence for Rock Opera.  Listen to the piano interlude at around 3:30 into their song, Butterflies And Hurricanes:



Compare with Rachmaninoff's Piano Concerto No. 1, around 2:45 into the performance:

Saturday, October 21, 2017

QOTD

From New Jovian Thunderbolt comes the quote of the day. It's part of a larger post pointing out that when the Dems were castigating Trump for talking about women in a boorish manner, everyone apparently knew that Weinstein was all hands on rapey and said nothing. In the midst of that was this bit of internet gold.

Yeah.  I don't care about Trump.  I don't much like the guy.  He's exceeding my expectations a hair, but those were low to start with.  And he's not Hillary.  Doing great at that second part.

Friday, October 20, 2017

Stevie Ray Vaughan And The Fabulous Thunderbirds--What I Say

Because it's Friday.



Party on, Garth.

And I would have got away with it, except for that meddling Zuhl


Something is very strange in the neighborhood ...

"An Empty Barrel makes the most noise"

If you haven't watched or listened to this statement from Gen. Kelly, it's well worth your time.



His comments on the loss of the sense of the sacred is very powerful.  His choice to only call on members of the Press who know a Gold Star family was a pointed comment.  It was nice to see that several members did know one (or claimed to, at least), and asked good questions.

The post title is how he described the current controversy, but he expanded his remarks to talk about other experiences he had where clueless politicians inserted their ego into what should have been a solemn memorial occasion.  It's probably too much to hope for that this Republic will take a step back from the Abyss of Madness which is staring into us, but this might be a start.


So let it be written, so let it be done.

Children's "Smart" watches are unsafe for children

New security analysis about "Smart" watches being marketed to children.  It seems that they're totally secure, other than:

  • Critical security vulnerabilities
  • "A false sense of security"
  • "Lack of respect for consumer rights"
Other than that, the security is awesome.

Since the holidays are coming up, you might want to rethink getting these for your kids or grandkids.


Bear's Den

Watched the sunset at Bear's Den on the Appalachian Trail yesterday. Only had a few days on the trail, but they were perfect.


Thursday, October 19, 2017

People to See, Deliveries to Make - A Brigid Guest Post

I'm taking Dad's holiday gifts out to him in person and will hang out with him for a while during which time Partner in Grime finishes up some construction on our house.  I'll be back in a week or so as Dad has no internet and I have a flip phone (stubbornly clinging to my luddite status).

Until then, I leave you with Abby Normal the Lab anxiously awaiting trick or treating. Cheers! - Brigid

Wednesday, October 18, 2017

There's a reason that so much science is crap

Peter calls out attention to tens of thousands of scientific papers that are possibly (likely? who knows?) invalid.  This is not a surprise to anyone who is paying attention.  It comes from two very simple principles:

1. Success in a scientific career is determined by how frequently the scientist publishes papers in scientific journals.

2. Scientific journals are interested in novelty - new results that have not been published before.  It's pretty rare to see a paper published confirming the results of a prior paper.

In short, there's absolutely no need for results confirming other papers - these will never get published anyway.  Since there's no need for confirmation, a scientist can focus all his efforts on novelty.  Because novel results sometimes must skirt the edge of what is seemly, we can expect spillover into the unseemly.

So how much spillover do we get?  We don't know.  And quite frankly, neither does anyone who is engaged in "Science".  We've known for a long time that something is very wrong in the state of Science™, with the rate of major advances slowing noticeably.  It could very well be that the reason is that there is so much bogus science being done, that distracts young scientists from other more significant areas of study.  It may be that with no need to get reproducibility, it's just easier to put out novel garbage than it is to do more significant work.  And when you think about which of those two patch will be better for a young scientist's career, it's no surprise that we swim is a sea of scientific crap.

None of this has to be deliberate, or fraudulent.  It's just the way that the scientific game is played.

Science that is repeatable is called "Engineering" anyway.  Strange how you don't seem to hear about lots of retractions from engineering journals.  Science is like the stereotypical aging starlet still trying to get drinks in bars off of her old good looks and fame.

Veteran's Day weekend NFL protest

I'm all in on this:
MARK YOUR CALENDARS – National boycott of the NFL forSunday November 12th, Veterans Day Weekend. Boycott all football telecast, all fans, all ticket holders, stay away from attending any games, let them play to empty stadiums. Pass this post along to all your friends and family. Honor our military, some of whom come home with the American Flag draped over their coffin.

Tuesday, October 17, 2017

Stand firm, ye boys of Maine

Not once in a century are men permitted to bear such responsibilities for freedom and justice ...


Three roofers in Waterville, Maine stand at attention when the National Anthem is played at a neighboring football field.

The quote, of course, is from Joshua Lawrence Chamberson to the boys of the 20th Maine on Little Round Top at the battle of Gettysburg.  He knew that the battle was to be fought - and won or lost - there on that day.  The stubbornness of those boys has been preserved, at least in Waterville.

Hat tip: Rick, via email.

The most important security action you can take today

WiFi security is in the news (including here), but remember that an attacker has to be physically close to you to attack you with this new technique.  So keep calm and focus on a real security risk where someone can attack you from afar.

Flash is the first major internet video technology.  It is also a sewer of security vulnerabilities, and the single biggest attach vector used by the Bad Guys.  These days, Flash has been replaced by other more secure technologies, so you really don't want it on your computer.

Here are instructions on how to uninstall Flash.  This is without doubt the single most important security step you can take.

Monday, October 16, 2017

It's not just the roots of Gun Control are racist

Well, they are, but that's not my point.

The real problem is not the roots, but the vine:
A.J. Burgess, a 2-year-old boy born without functional kidneys, is in desperate need of a transplant. His father, Anthony Dickerson, a perfect match, was prepared to undergo transplant surgery until he was arrested for violating his parole.
Dickerson was "in possession of a firearm or knife during the commission of or attempt to commit certain felonies," according to WGCL-TV. He's been released from prison, but the hospital won't perform surgery until his parole officer gives the okay.
That could take three to four months—the hospital wants to revisit the issue in January. Of course, there's no guarantee Burgess will live that long. He has to undergo dialysis every day. His body is failing. He has to have bladder surgery. He needs a kidney now, and a highly motivated donor—his father—is willing to give him one.
But a little black kid needs to maybe die, sacrificed on the altar of gun control laws:
Not to put too fine a point on this, because there's plenty else going on—it sounds like Dickerson was involved in criminal activity, independent of his illegal gun possession—but I suspect liberals like to imagine stricter gun control means a peaceful and voluntary gradual disarmament of a gun-weary citizenry.
Maybe that's gun control in theory. In practice, stricter gun control means giving the government more reasons to interfere in the lives of black and brown people who are already wary of the police.
This is actually a great situation for a Black Lives Matter movement.  I won't hold my breath.

Different mindsets


Spotted by The Queen Of The World.

Oh great. WiFi security is pretty broken

This seems pretty bad:
This is my interpretation of the KRACK attacks paper that describes a way of decrypting encrypted WiFi traffic with an active attack.

tl;dr: Wow. Everyone needs to be afraid. It means in practice, attackers can decrypt a lot of wifi traffic, with varying levels of difficulty depending on your precise network setup. My post last July about the DEF CON network being safe was in error.

Details

This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug).

When a client connects to the network, the access-point will at some point send a random key to use for encryption. Because this packet may be lost in transmission, it can be repeated many times.

What the hacker does is just repeatedly sends this packet, potentially hours later. Each time it does so, it resets the "keystream" back to the starting conditions. The obvious patch that device vendors will make is to only accept the first such packet it receives, ignore all the duplicates.
This effects everything that has WiFi, which these days means just about everything.  There is a tool in circulation to exploit this.

The punchline is that I haven't heard of any patches being available for this.  I will let y'all know when they start coming out.

UPDATE 16 October 2017: 09:58: There's a great deal of practical information here:
  • www.krackattacks.com is now up!
  • Attacks against Android Phones are very easy! Oh dear 🙁 Best to turn off wifi on these devices until fixes are applied.
  • Windows and Mac OS users are much safer. Updates for other OSes will come quite quickly, the big problem is embedded devices for whom updates are slow / never coming
  • For the very technical, the CVE list is at the bottom of this post.
  • The main attack is against clients, not access points. So, updating your router may or may not be necessary: updating your client devices absolutely is! Keep your laptops patched, and particularly get your Android phone updated
Android phones get patched more slowly than iPhones do.  You should probably turn off WiFi on your Android phone until you get a patch.