cat slave diary

Blog

  • Be careful for what you wish for

    Well, the Emissions Trading Scheme is dead – for now. Yay! I do a little dance on its grave. We’ll have to fight it when the double dissolution election comes up sooner than later.

    However, I wasn’t expecting the mad monk, Tony Abbot, to gain the Liberal leadership. That was a surprise, as I bet it was to the majority of the Liberal party MPs.

    With such a right wing, homophobic, anti-abortion, anti-pretty much anything we’ve achieved over the last forty years to several centuries, and top of that a truly hard core Catholic elected leader by the thinnest of margins (1 vote – a donkey vote *), the Libs will be in electoral wasteland for at least one and probably two more elections. Either the Libs will have to split into the electable bit and the unelectable’s, or they will have to try again in a few years after they get rid of Abbot.

    Abbot is simply unelectable – even my wife who leans in the Libs direction doesn’t like him. Sure, Abbot will make the hard core religious and climate deniers happy, but they’re a tiny minority here – and they already vote Liberal. All the moderate swinging voters – they who elect our governments – will abandon ship once they realize just how backward Abbot is on so many things.

    With Abbot being the mental giant that he is, he’s going to oppose pretty much all Government bills. I bet he opposes a really stupid little bill and that’ll be the trigger. KRudd could phone it in and win.

    Bring it on – maybe enough of the disaffected voters will move to the Greens and we can get some real carbon reduction instead of the reward-the-polluters ETS.

    * I bet the idiot ^H^H^H^H^H Member of Parliament who cast the deciding donkey vote (‘no’) is regretting their ineptitude tonight. The silly thing is that the vote was almost certainly cast by a moderate Liberal. That moron has ensured they stay unelected for at least another four and most likely seven years.

  • Emissions trading scheme – epic fail

    Unlike the deniers in the Liberal party, I understand climate science well enough to know that we should give our only planet the benefit of the (very little) doubt. It’s time to act. But not with an ETS. I hope that the Liberals (== conservatives, for my US readers) defeat the ETS a.k.a Carbon Pollution Reduction Scheme (CPRS).

    The heart of the problem is that the Emissions Trading Scheme doesn’t help to reduce pollution. Why? ETS Traders have no skin in the game – you don’t have to be a polluter or seller to participate. Why would those traders be interested in carbon reduction. Over time, the value of the market will go up due to speculation and moves by the traders, making it more expensive for the Australian Government to buy back emissions credits to reduce the total emissions pool, or even worse, short changing the folks who need to acquire those credits. The folks who buy these credits on the open market will need to pay more, and we pay double through increased taxation and higher bills for pretty much everything even if you’re doing the right thing.

    The Coalition have introduced a bunch of get of jail free cards to the heaviest polluters to provide their denying colleagues some carrots.

    • Coal fired power plants are largely exempt, despite emitting about 50% of Australia’s total CO2 emissions
    • Heavy users of power have tax credits to help pay for their credits, often up to 90% of the value of them or even free in the case of aluminium producers. Where’s my 90% reduction in my electricity bill? This is corporate welfare at the worst
    • Agriculture has a wide range of exemptions, despite many inefficient processes that could benefit from better alternatives. They also get money for carbon offsetting, so in reality, they can be paid for sequestration activities, but have no economic harm from releasing that captured carbon. Way to go to buy the rural vote, Rudd.

    So no matter what I do to reduce my carbon footprint, it will have little impact, as the largest polluters can simply keep on going on doing exactly what they’re doing today. I – and all Australians, even if you’re off the grid, grow your own food and don’t drive or fly will end up paying for this dumb scheme.

    The Government should not distort an entirely new unproven market. Let it distort the current market:

    • Announce the Government will only buy electricity from renewable sources as of 2015 or so
    • Announce no more coal fired power stations will be built and approve nuclear power stations
    • Set power consumption targets for the heaviest power users in the average business and house (computers, lights, fridges, ovens, aircons, etc)
    • Require standby to be < 0.1 W (or it’s off), and prohibit clocks on things that don’t need them (like microwaves, fridges, ovens and toasters) so they can turn off when not used
    • Ban crappy computer PSUs and require 80-Plus only PSUs. Make rackable servers like Google’s – no PSU in the device, and the power supply is > 90% efficient.
    • Ban non-LED downlights (also have a positive impact on # of house fires from cheap iron core transformers setting fire to insulation)
    • Fund or provide serious rebates for solar hot water for everyone with an electric water heater.
    • Fund or provide serious rebates for passive solar cooling for every home, rented or owned.
    • Continue the serious rebates for solar panels, and extended it to rented and owned properties.
    • Required states to tax the hell out of cars that chew more than 7.5 l/100km
    • Only buy cars with average fuel consumption of less than 7.5 l/100km from now on – there’s hundreds of thousands of cars in the government car fleet
    • Mandate employers allow telecommuting where possible. This would eliminate hundreds of thousands of wasteful trips every day, and free up freeways for freight and necessary journeys. I enjoy my ten second commute and I don’t have to start the car most days.
    • Provide incentives to get road freight back onto rail
    • … anything other than an ETS

    Trading schemes (like NEMMCO) have a proven history of epic failure. In California, traders caused widespread blackouts and damage not to mentioned sky high electricity bills. There is no incentive for an ETS to reduce carbon pollution. The market relies upon carbon being emitted. It will fail, not reduce CO2 emissions as the largest polluters don’t have to participate properly, and cost us billions.

    ETS == Epic fail with our future. Bring on a double dissolution election.

  • How not to answer secret questions and answers

    This one is not quite safe for work, but it’s very funny:

    Live Chat Help

    Currently experiencing network delays, one moment please….
    Network connection re-established.
    Adam Brooke: Do you work for the IRS?
    Kamyar: Thank you for waiting Sir. Unfortunately we cannot access your password, however we can reset it, which enables you to access your account change the password right away.
    Kamyar: Would that be acceptible?
    Adam Brooke: Thanks, that would be great
    Kamyar: Very well Sir. In order to process your request, please provide us with the answer to your secret question :
    “How long is you cock?”. This is for authentication purposes and is part of our security policy.
    Adam Brooke: Very or long
    Currently experiencing network delays, one moment please….
    Network connection re-established.
    Kamyar: Thank you. I will accept that. The exact answer we have on file is “Very!”. Your temporary password is reset to “brooke”.
    Kamyar: Please try to sign in again and kindly confirm once you are signed in.
    Adam Brooke: I really hope you are laughing too. Thanks for being so professional.

    http://www.fixfactory.co.uk/airline-chat/

    p.s. I use random security questions (if possible) and random answers stored in a password manager. It’s the only safe way to avoid being pwned. Good luck trying to answer “What’s your mother’s maiden name” with me! It could be n,;Ug~RolDE0?RP>A{Y/ or worse.

  • The OLPCs are here

    Wow –  that was quick.

    I have three OLPCs in my office. I need to go sort out some US power plugs for them so I can charge them, but they’re here! 🙂

  • Proto GaiaBB runs fine in Browse

    Phew.

    Screen shot 2009-10-21 at 11.33.00 PM

    Obviously, the default theme fails a bit when you see only two rows of topic activity. Will really need to make that work a whole lot better. However, the actual rendering is perfect. Yay! One less task to be done.

  • GaiaBB and OLPC

    Peter Quodling. an old friend, e-mailed out of the blue last week. I have a lot of time for Peter as he’s one of the few Australian IT architects that really knows his stuff, plus he’s a really nice guy. He is involved in OLPC in the PNG region. Last Christmas, I nearly bought an XO under the Buy One, Give One program so Mackenzie could have a cool first laptop … and somewhat more honestly, so I could play with the OLPC until she’s old enough to type let alone talk. However, circumstances prevented toy purchases of that magnitude, and I forgot all about the XO until this week.

    I thought through my various abandoned projects (for I have many), trying to work out which would help the OLPC project and kids all over the world. I’ve had an itch for a while to do something for the One Laptop Per Child project (OLPC), but never really had a substantial idea that would help transform kids’ lives rather than my own. But now I think I have just the project.

    So I put in a proposal for two laptops to help develop GaiaBB (which is UltimaBB++ (sic gloria transit), which is XMB++, which is awful) into a OLPC specific product.

    My current plans are:

    • Get GaiaBB.com back up and make it OLPC centric. Revitalize the Sourceforge project.
    • Finish OWASP ESAPI for PHP. I need it for this project.
    • Port GaiaBB to the OLPC, porting the database to sql lite, and probably using LightHTTPd. I could use Apache + MySQL as per now, but these are huge compared to SQL Lite and LightHTTPd, and on a device with limited NAND memory, every byte counts.
    • Ensure GaiaBB works properly with Browse, the XO browser. I might need to turn the nested tables into CSS templates a bit sooner than I intended
    • Beg, borrow or steal a graphic designer to come up with a GaiaBB theme that works well with the dual color display (it’s both black and white and color and more wide than tall), and possibly work out how to detect the XO’s current screen state from the web page so I can dynamically choose a grey scale or a color theme.
    • Simplify the product so that it’s more manageable by young ‘uns without dumbing down too much or removing some of the depth and surprise features of the product
    • Write an installer that makes it easy to install on the OLPC. I want kids to be able to create their own social communities and for them to easily share their forums with their friends.
    • And this is where it gets fancy… write a web service that allows authorized folks to replicate their version of the forum with other versions of the forum … without causing major security issues. That way when you’re at home and have no Internet service, you can still read the forum and write new posts and then sync when you’re at school. This is where I will have to significantly change the way GaiaBB works as right now, it’s a single database deal and assumes that there are trusted administrators.
    • Go through the code with a fine tooth comb, replacing all the crappy security bits with ESAPI for PHP. Some parts are truly ancient (circa 2000) and need refactoring. As part of this, I will ensure the code is easily modifiable. I learnt how to code by changing other folks’ code and then starting to write my own, and I want kids to modify the heck out of this forum so as to create a new generation of coders excited about programming and IT in general.
    • Lastly, possibly write a OLPC School Server centralized GaiaBB hub for schools to run “their” forum which students can sync with in a safe fashion.

    The proposal has been approved, and the laptops are on their way. They are sending me three XO’s! Awesome. Better get cracking!

  • Dang expired credit cards

    Well, that’s been a rotten few days…

    • My friend TJ, 43, passed away from diabetic related complications and worse than third world access to basic health care in a first world country – the USA.
    • My USA credit card expired.
    • This domain expired and failed to auto-renew using my USA credit card.
    • Tanya had to go to hospital twice after a fall in the back room… on my birthday.

    Some of these things are important, others not so much. So apologies all who might have tried to mail me and for this site to be down for more than 24 hours, but I had other things on my mind. Please re-mail anything if you haven’t heard back from me.

    TJ – rest in peace mang. I just wished you could have migrated to any other first world nation and gotten the basic meds and help you needed instead of dying so, so young from completely and utterly preventable and manageable diseases. I’ll miss you and remember you.

  • “Protect the Data” Idiot! Redux

    Richard Bejtlich at his TaoSecurity Blog makes a very strong assertion that we’re all idiots for wanting to protect data, rather than the container.

    I’m not going to play a semantic game about protecting data versus the thing the data is in at the moment, but honestly, I think he misses a really strong point as to why we’ve moving away from the failed network-centric strong border / soft center protection racket to a more secure data-centric protection scheme.

    I will not disagree with Richard that we secure the containers, not the data, but we secure the containers BECAUSE of the data, not the other way around. For far too long, we’ve thought about the enemy outside the gates, when its actually the folks inside that cause many breaches.

    The weakest link in any protection scheme is the humans.

    • They have weak passwords
    • They (rightfully) share information about themeselves to their friends and (not so rightfully) to the Internet at large, making password resets untenable.
    • Folks accidentally disclose data assets all the time. Laptops, backup tapes, USB sticks, brief cases containing the data.

    Should we care if I lose my phone? It contains my address book, which I can sync again to the next phone, and little else. But to a CEO with e-mails, internal VPN access, browse history, contacts, calendars and more. What differentiates my container (my iPhone) from the CEO of Apple’s container (Steve Jobs’ iPhone)? In a Richard world, nothing – they should be protected equally. But it’s really about the data the container holds and what data the container has access to.

    Data in and of itself is intangible, and generally cannot be secured if it wants to get out (see WikiLeaks for an incontrovertible example). I think Richard and I agree with this bit. Where I stray from Richard is to ignore the data is to miss the point of information security entirely, which is why I take umbrage at his ad hominem attack.

    • If you have backups, you’re changing the data’s container, but you’re protecting the asset (the data) and not the container by doing backups. We’re planning for a complete loss of the container.
    • If you have a DR site, protecting the container is secondary to protecting the data
    • If you have a distributed cloud, protecting the container is nigh on impossible as you don’t control them.
    • If you’ve printed previously encrypted data, the container and its protection controls have changed. The need for protection hasn’t changed, just how those controls work.

    Lastly, it comes down to classification. If we ignored the data, we would protect the most expensive containers, rather than the business critical data.

    • The CEO’s high-end home desktop would get more protection than a USB stick containing next quarter’s results. I bet I know which the company would fret about more.
    • The WAF would get more protection and monitoring than the HR server as the WAF costs 10x as much as any one commodity server
    • The SAP system would probably gain some attention as it would consume a chunk of change from the IT budget, but would you put it in a data center or in a closet?

    We’re not idiots for promoting protection of the data. The containers and pipes BECOME valuable and we protect them because of the data sitting in or passing through that containers and pipes. We only protect those tangible assets because we pay enough attention to the data’s classification and its various requirements for the data’s protection.

    Really, we don’t need to call each other names to try and bring us back to the failed border centric fold. We can disagree with each other as gentlefolks and not call each other names. I’m amazed that Richard has gone down the attack path as I normally agree with 99% of all his blog posts.

  • Google: Don’t be evil

    I work on an open source project, ESAPI for PHP. Well, “work” might be too strong a word for it, but I try to prod its lifeless carcass from time to time. That’s not the reason I write today. I write because of stupidity, and evil being conducted in the name of a “law”.

    I have a fellow open sourcer, who wants to contribute to ESAPI for PHP. He’s actually completed a MVC framework for PHP (jFramework). Due to Google blocking Iran, this gentleman can’t easily contribute to our project, which hosts its repository on code.google.com. ESAPI for PHP will not help build a nuke. It does no crypto of its own. It will make PHP applications safer and more secure – but you can do that anyway if you read half a dozen pages on PHP’s website.

    This is madness. ITAR is about blocking the EXPORT of sensitive MUNITIONS (i.e. weapons) TO Iran and other “hostile” countries. ITAR is NOT about blocking the GIFT of intellectual property and valuable developer cycles FROM Iran, helping everyone all over the world, including those folks in Iran (as well as Australia and the USA). This is stupidity on a scale I’ve not seen in a while.

    Google: you are doing evil.

    Stop this madness, now! Call in your tame congress critters and tell them how stupid and harmful this particular nonsense is and get it repealed. Grow a spine and take a chance. Unless someone open sources a command and control system for a warship, a missile guidance program, or puts Nuclear Reactors For Dummies up as a project, all of the projects should be available for download worldwide. Those one or two mythical and nonsensical projects should not block an entire library of human knowledge to the entire Iranian people just because of some imaginary evil open source project might help Iran’s nuclear program or military. The stuff we do is not rocket science.

    Stupid and outdated laws / treaties like ITAR make us disrespectful of all the other laws and treaties, and make us lose all respect for those who abuse their positions of power in the name of “security”. The way to improving relations between countries is not to block them (how’s that Cuba policy going, anyway?) but to engage with them and stop the evil ignoramuses on both sides stopping everyone being happy and free, or just contributing to an open source project.

  • 40 years ago today, humanity landed somewhere else than Earth

    40 years ago today, three brave folks and a huge team at NASA (and indeed the entire industrial military might of the USA) travelled to the moon, and two landed somewhere else other than Earth. Neil Armstrong and Buzz Aldrin stepped out for two and a half hours, slept for a bit, ate a meal, and nearly 22 hours later came back to Earth.

    It was an amazing achievement, one that brought all of humanity closer together.

    Once you see the photo of the entire Earth from Apollo 8, national borders become irrelevant, nationalities are irrelevant, and petty politics and hateful people are irrelevant. We’re on this one small blue globe together, and we have to look after it together. Stupid shows like “Border Security” show the small minded at work. One day, and I hope it will be soon, such petty and silly concerns will be as quaint as the feudal towns who were as countries unto themselves not even 600 years ago. We breathe the same air, we’re all related together, we eat the same food. We’re all doomed if we continue to think like four year old children who refuse to share the sand pit because “it’s mine”. Nations, borders and immigration controls cannot be demolished soon enough.

    However, space exploration is best left to robotic missions. They are cheaper, safer, and they can do more. The only manned moon mission that achieved decent science outcomes was Apollo 17, and that was because for the first time, they sent a geek instead of flying jocks. You can teach geeks how to fly, but you can’t teach jocks to be geeks.

    The shuttle has been a total disaster. It has locked us into low earth orbit, does almost no science, costs zillions, killed two crews, and by the time it retires, it will have delivered only a very small number of scientists to a completed ISS, which will hamper ISS’s ability to do science. There’s a good chance after the shuttle retires, science at ISS will stop. This means about $1T has been wasted building a nonsensical space outpost. It has provided a large number of contractors with awesome corporate welfare for over 30 years, but that’s not an “achievement”. It doesn’t get us all thinking how great we are as a species, nor fosters good will amongst all peoples. Boondoggles are like that. We’ve squandered enough life and money on such frivolities.

    Robotic missions like Pioneer, Voyager, Hubble, Galileo, Cassini, Deep Space One, SOHO, Messenger, Mariner, Viking, Pathfinder, Spirit and Opportunity and now the new Herschel mission provide far more science for the buck. Indeed, Hubble has provided more papers than any other observatory and confirmed some of the most intriguing basic properties of the Universe.

    All publicly funded space missions should be robotic missions. Let’s leave people in space to commercial interests as there’s no scientific reason for them to be there. We need to have people in space, but not by public funds. If human space exploration was funded privately, the funds required to put them there will be optimized rather than being solely about corporate welfare to the military industrial complex. Such space ventures should be regulated for sure, because we don’t want another disaster like the Shuttle killing off an exciting new path for humanity, but it should not be publicly funded. We need to dream big and think about how to get there faster. The nearest star is at least 160,000 years away travelling at Helios speeds (which is currently the fastest thing we have ever launched). That’s far too long for an interstellar mission. We’ve got so far to go, and yet we’ve wasted 30 years doing nothing of any real lasting value in low earth orbit. That has to stop. We must move on.

    Don’t get me wrong, I’m all for more space faring activities. One day we will need to get off this planet, and developing those technologies may as well start now. Just not in the failed ISS or back to the future moon missions (Orion / Ares).