It just keeps getting better.

Mr. Christoforo appears to have just crossed the line into extortion.

At least all those steroids will make him popular in jail.

Paul Christoforo, Amateur Extortionist, Tempts Jail

So if you missed it, yesterday someone set new standards for Massively Pissing Away Your Career By Being An Ass. Check the news blog on Penny-Arcade for the details, and if you're not aware of them the Forbes article won't make as much sense.

Suffice it to say that from the interview with Forbes, this guy hasn't learned a goddamn thing. Everyone and their brother read the emails and knows what went down--except, apparently Mr. Christoforo, who appears to be both delusional and incredibly naive in thinking he can tell a reporter lies about what happened without most of the readers (of the millions who read the email exchange) knowing exactly how full of crap he is. ...and now they've got confirmation he's full of crap and that it wasn't just a one-time lapse of judgement made in the "heat of the moment".

If he had any sense he would be doing the following things:

1. Checking into a detox clinic for that steroid problem.
2. Writing a detailed apology letter to everyone, everywhere, for everything.
3. Hiring a lawyer to help with the details of moving to a new city and legally changing his name.

...because he's sure as hell not working in the gaming industry again unless he learns how to out-shoot people with a controller.

Paul Christoforo, Douchebag, Interviewed by Forbes

So, there's really no news article to this. I'm sort of thinking out loud because someone I know recently sent me a Powershell script to get them back auto-run functionality for thumb drives.

Now, while the autorun functionality that removable media brings to the table is useful, it's problematic in that it is too trusting. Honestly, without some kind of verifiable trust relationship, pretty much anything can/will get launched from those things, and it's not like thumbdrives aren't a common vector for infection or anything. Actually, now that I think of it... *adds a vaguely-related URL*.

Let me say right now that I would consider this post to be prior art. I am not rushing out to try and scribble up a patent because I believe strongly that restrictive patent controls should never be applied to something like this. If someone reads this, goes and writes something up and sells it, you owe me a soda or a strippergram or something. Subsequently suing other people writing their own code to do the same thing makes you a craven bastard who murders defenseless kittens and orphans.

In short, there probably should be an autorun facility for removable media, just because of it's utility. In practice, this is dodgy as hell because media get tampered with. The proper solution, IMHO, is as follows:

1. Detect insertion of removable media.
2. Upon insertion, OS should examine filesystem looking for instruction as to what should be executed or read (in the case of HTML files or Flash media that can not be said to be "executed") from the drive.
3. Optionally generate some sort of unique identifier based on various parts of the filesystem when the type of filesystem is not strictly data, as with CDs and DVDs.
4. OS should then generate cryptographic data based on the contents of the files referenced from #2. This may include, but should not be limited to:
__a. Multiple, disparate checksums
__b. Fully-fledged cryptographic signatures based on public/private keys
5. Using either the index in #3 or the results from #4 the machine should then consult a local trust database on the (or network share, or even a freaking LDAP directory if you like) and look for record of a pre-existing trust relationship indicated by the actual user.
6. The data should then be executed/displayed/played if and only if a pre-established trust relationship has been recorded. If no such relationship has been recorded, you've basically got a few options depending on your relative level of caution.
__I. Do nothing.
__II. Warn the user of the possible execution (probably ideal), and require a trust relationship (either temporary or permanent) be recorded before going further.
__III. Disallow further interaction with the media.

Post Scriptum: There's a reason for both A and B above, and an appropriate time/mode for using each.
Post Post Scriptum: No I don't care that this is relatively "obvious". There are plenty of people craven enough to file for a patent on such things anyway. If they didn't already do it, too f'ing bad.

Trust and thumbdrives

Good reading.

Education

So I finally came across somewhere with the collected videos of what was going on this weekend in New York.

For over a week, the Wall Street protests have taken place peacefully, and then over the weekend, it appears the police decided they needed to try and provoke things... with some brutal beatings and bogus arrests.

They're still currently claiming none of the officers did anything wrong.

...so if NYC erupts into chaos later this week, at least you'll know what caused it.

Oppression of the People.

New York Police Are Shit

OKay so perhaps my summary is slightly histrionic, but...

I have been saying for months and months now that I refuse to have a smartphone because the carriers force you to take a data plan... which means my phone would be on their network 24/7, subject to whatever things they've failed to keep in check, and compounded by that they don't want me to have the level of control necessary to firewall that shit out and are willing to enforce that by contract.

Well, it's nice to see that someone else agrees with me and that cell phone networks are about as nasty as the typical cablemodem netblock or college campus network of the 90's.

Cell Phone Networks Are A Hive Of Filth And Contagion

App Inventor is utterly ridiculous. I'm still poking at it, but at the moment it looks like one might actually construct non-trivial applications with it. Nothing incredibly advanced, mind you, but it's a definite start. With http://amerkashi.wordpress.com/ in the picture it looks one might be able to unravel them back to something like source for further modification.

Not only is it somewhere between VB and LOGO in how you use it to construct an app, when you're messing around with the layouts, instead of merely putting the buttons and so forth on your computer's screen, it can go ahead and put them on your target device's screen as well.

Sadly, the Xoom's browser doesn't seem to just up and run it (that might end the world)--works fine with FF tho'.

App Inventor

Okay, so there's no great social significance to this news article--I just love the headline:

Time Warner says "Buy more porno"

I probably shouldn't be singling out any particular reporter for this, but Declan McCullagh should really know better by now.

The title of the article in question is "Street View cars grabbed locations of phones, PCs" but it could easily be retitled "Tech reporter clearly surprised by the obvious" or possibly "Old news to cater to the clueless".

Some details to point out:
1. This is actually yet another silly article that seems to be designed just to spread fear to the clueless about Google Street View cars.
2. The program in question ended in May of last year, which makes this old news and anyone who took this long to figure it out slow-witted.

Simple facts overlooked by most reporters:
* Wi-Fi uses public spectrum which means it's completely legal for anyone to listen to what's broadcast... even if they're in a slowly moving car. There's nothing "debateable" or "arguable" about it--it's fucking 100% legal. The only "grey area" here is whether or not it's legal when you are Up To Something Else and that Something Else is criminal and it still doesn't make merely listening to that spectrum illegal. If it weren't 100% legal you couldn't really even begin to use the "browse" functionality in your wi-fi drivers to find your own access point.

* Every bloody wireless ethernet ("Wi-Fi") device out there has a MAC address because it's required by the standard. Not suprisingly, this doesn't mean only access points but yes, PDAs with wi-fi, cellular phones with wi-fi, fancy home alarm clocks with wi-fi, baby monitors with wi-fi, SUVs with wi-fi, home surveillance cameras with wi-fi, refridgerators with wi-fi, and countless delivery service vehicles with wi-fi.

* There is no reasonable way to filter out one "type" of device from another at collection time, nor, with what Google was planning in mind, would it even be something you'd want to do. The first three bytes of a MAC address specify what manufacturer made the chipset in question, and the rest of the bytes after that are pretty much up to the manufacturer to do with as they wish. Who made the device tells you absolutely nothing authoritatives about what it's doing.

* Google now can't go and delete that data because you dumbasses keep trying to "raise questions" about it, which keeps leading to politicians and law-enforcement people who have even less of a clue having to ask questions about it, which technically makes all that crap potentially evidence and they could much more easily wind up in a big pile of shit over "deleting evidence" than "collecting wireless confetti". ...so stop asking questions about whether or not Google has plans to permanently delete that information, because you're the reason they can't, dumbass.

* If Google's people are recalcitrant about reciting details of who they've told what when what they said and ... [ Read More (0.2k in body) ]

Dear Reporters, STFU already.

Not that I'm even a little suprised that Fox News has things terribly wrong, but if you needed yet another item of evidence to show people that Fox News has about the same grasp of reality as the average advanced Alzheimer's sufferer, look no further.

They actually believe a 15-year-old kid to be a "Leading member of Lulzsec".

Fox News Makes Things Up, Again