Nothing is Black and White

So as I was browsing through my RSS reader I say a story posted on Says Uncle. Lance Corporal Matthew Snyder was tragically killed while in Iraq. As is standard protocol his body was brought back and his funeral was help. Not surprisingly Dipshit Fred Phelps and his merry band of fuckwits in the Westboro Baptist “Church” decided to throw decency to the wind and protest Lance Corporal Snyder’s funeral.

The father of Matthew Snyder sued Phelps for their actions. Well judgement has been passed down and Mr. Snyder lost and the judge decided to make him pay for Dipshit Phelps’ legal expenditures. The legal fees ended up coming to $16,510 which the family is going to have troubles paying. They’ve set up a donations page if you would like to help with the legal fee.

Of course with the title of this post you are probably expecting something else to be posted and that most certainly is the case. Needless to say by the terms and titles I’ve used in this post you know how I personally feel about the people involved. Now it’s time for me to explain what I think about this case.

As much as I despise those pricks in the Westboro Baptist “Church” I also believe they have a right to say what they’re saying. Yes it’s the unpopular route to take but the first amendment is there to protect all speech not just popular speech. As much as I hate what they’re doing they have a right to do it. I feel any lawsuit brought against an organization to prevent them for freely using their Constitutional right is wrong and the party bringing forth the suit should be made to pay for the legal fees of those they are trying to silence. From everything I’ve been able to gather I believe the purpose behind Mr. Snyder’s lawsuit was simply to silence those fuckwits claiming to be a church.

I know this is an unpopular position to take but I can not turn against my principals and beliefs. Personally I find disruption of any funeral to be distasteful. Let the friends and family of the deceased grieve in peace even if the guest of honor is your worst enemy. After all that person is dead and therefore is no longer a problem to you. But as it often happens my personal feelings collide directly with my principals. I am a man who practices what he preaches and therefore can not make an exception for something I hold to dear (the Bill of Rights) just because a I despise the person(s) using it.

Daemon by Daniel Suarez

I mentioned a few days ago that I’ve been reading Daemon by Daniel Suarez (Once again not an affiliate link) and that I would write up a review of it after I finished. Well I finished it so here’s your review.

Although this is listed under the science fiction section Daemon is more of a techno-thriller. Think Michael Crichton in that Mr. Suarez takes a technology concept and expands it into a story. In Mr. Suarez’s case he actually takes multiple technologies and uses them in this book. Fortunately he also provides information on the technologies he brings up on his website.

Before even rolling into the story I want to bring up one of my favorite parts about this book. Mr. Suarez is a computer consultant writing a book involving computers. That means most of the stuff in the book are technically correct (although not highly detailed in any manner) or plausible. There are a lot of malicious hackers in this book and it’s refreshing to actually read a book where the hacks they are performing are believable and no centered around navigation through a 3-dimensional space where they have to align virtual cubes together to create a computer virus that can break firewalls through some kind of techno-magic.

But enough about that let’s get on with the story. I’ll try to do this without any major spoilers but it’s going to be bloody difficult. Daemon follows a series of different people who are all connected by the same thing, the death of Mathew Sobol. Mr. Sobol was one of the greatest computer game programmers in the world (think John Carmack of id Software only smarter) and was the man who brainstormed several of the most popular computer games of his time. Until his death he headed CyberStorm Entertainment which was the most famous computer gaming company out there due to the aforementioned titles. Well in his death he left behind a little present, a daemon.

As you can guess a rather broad type of characters are presented. One of CyberStorm’s other programmers is killed and the local police force are brought in to investigate. Likewise the story also involves a few identity thieves, new reporters, and even a man spending time in prison. It’s a nice assortment of characters and all of them are given enough time in the book to flesh them out. That time is well spent since given the wide assortment of characters they are all interesting and actually do provide something to the story.

But back to the daemon. The little bugger was programmer to perform a large assortment of different tasks that it slowly executes throughout the book. In essence it reads online news articles and looks for key words that trigger it’s next event. For instance it was originally activated after reading Mr. Sobol’s obituary. I would like to expand on this but honestly the best part of the book is following the progress of what the daemon does and I really don’t want to spoil that part. Let’s just say the author does a good job of keeping it a mystery through the beginning of the book and when its purpose finally revealed the book gets very exciting.

I’ve mentioned before that one of the biggest things I look for in a book is pacing. I don’t like boring parts where nothing of consequence is happening. Daemon thankfully is well paced where each chapter advances the story. Nowhere in the book did I get bored and wish I could skip ahead. I do have to say though the ending is kind of abrupt but does make headway for its sequel Freedom (TM) (a review of which will be posted after I complete reading it).

I’m going to go into a little more detail here which may present itself as spoilers. If you don’t like to have any element of the story revealed stop reading here. I’ll try to keep the spoilers vague as to not reveal much about the story itself but you have been warned.

One of the concepts that begins to be explored in Daemon on the idea of a distributed society. What does that mean? Well it means it a society where there is no central authority and large centralized governments aren’t able to evolve fast enough to keep in pace with ever expanding technology. More or less it’s a libertarians dream come true. The book revolves around the ever expanding daemon. Due to its purpose the NSA, FBI, CIA, several private corporations, and even DARPA are brought in to investigate it. On the other hand various groups of geeks are working against the government entities’ purposes. As you can imagine the geeks use every technological trick in the book to accomplish their goals. They also do it in a decentralized manner which the government agencies find difficult to counteract. I don’t think I can expand on this any further without revealing key plot items though.

This is honestly a hard book to write much about because most of the good parts require revealing important story elements. The bottom line though is that it’s a damned good read. It’s interesting even for the non-geek although I wouldn’t hand this title to your grandmother as she’ll probably be in even more fear of computers. But if you have an interest in computers, a good story, and some ideas libertarians would love (although I’m in no way implying the author meant to include libertarian ideals, they just fit with what is happening in the book) grab this book.

Also for your big time geeks out there that will inevitably complain about the impossibility of the technology involved, shut up. It’s a work of fiction, read it as such.

Large Hadron Collider Begins Experimentation

Good news for your science folks and bad news for your conspiracy folks, the Large Hadron Collider has experimentation. There isn’t much I can say about this thing since I don’t understand most of the principals behind it nor what it hopes to accomplish. But unlike most people who don’t understand a technology I don’t see this thing causing the end of the civilization/Earth/Sol System/Milky Way/Universe/Multiverse. I just think it’s cool that after all these years and failures the damned this is actually running.

LET THE SCIENCING BEGIN!

I Never Thought I’d Say This But Go Iowa

Good news citizens of the state south of Minnesota. It seems that the shall-issue concealed carry bill is moving through your legislation. According to the NRA-ILA all that is left is for your governor to sign it. So get on the horn and tell him to sign it when it comes across his desk. It’s about time another state gains shall-issue status instead of “politically-well-connected-issue” status.

Update on Generation 4 Glock 17

Well I was able to do some more troubleshooting on my Glock 17 and it’s inability to feed ammunition without holding it extremely firm (In other words having enough body mass to ensure reliable operation). Well I can say the problem can be fixed by using hot ammunition. I took the gun to the range again this weekend with the same person that had troubles with the gun when shooting it. After loading the gun with some hotter ammunition the gun cycled perfectly.

So I’m going update my recommendation on the Generation 4 Glock 17. If you’re a person of small stature you may want to ensure you either hand load ammunition yourself or buy ammunition that’s loaded up hotter. Most of the cheap 9mm ammunition may cause failures to feed as it’s loaded down.

Wait You Don’t Need a Gun To Kill People

Holy shit! According to Days of our Trailers it’s actually possible to commit mass murder in places that ban guns. No I’m not talking through the usual mechanism of illegally obtained guns but through the mechanism of other weapons. A man in Beijing murdered eight children with a knife.

I thought the anti-gunners said this kind of thing is only possible because of easy access to firearms.

Interesting Windows Security Issue

Note that I didn’t say security hole nor security flaw, that was intentional. The nerd part of my brain has been working in overdrive as of late which means I’ve been looking into geeky things. One thing that always intrigues me is the field of security. Well I found the following story on Wired that talks about a security issue in SSL/TLS (The security mechanisms used prominently by web browsers to secure web pages). The article leads to a “no duh” paper that shows how government entities can use their power to subvert SSL/TLS security by cohering certificate authorities into issuing valid certificates (Anybody who knows how SSL/TLS work already knew this was a possibility).

The part that interested me most was an exert from one of the sited sources in the paper. See back in the day there was some kerfuffle over the fact that Microsoft included a couple hundred trusted root certificates in their operating system. Root certificates are what ultimately get used to validate a certificate issued to a website. Thus root certificates are the ultimate “authority” in determine if a website you are visiting is valid or not. The more root certificates you have the large the possibility of a malicious certificate being certified as trusted (Statistically speaking of course. This assumes that with more root certificates the possibility of one of those root certificate “authorities” being corruptible increases). Anyways Microsoft eventually trimmed down the number of root certificates included in their operating system. But they didn’t actually cut down the number of certificates because according to their own developer documentation:

Root certificates are updated on Windows Vista automatically. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it downloads it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

Microsoft just pulled a security theater here. They didn’t cut down the number of trusted certificates, they just moved them somewhere people wouldn’t see them. If you connect to a web page that has a certificate that can’t be validated against a root certificate Windows will automatically go out to Microsoft’s servers and see if a root certificate there will validate the web site’s certificate. If one of those root certificates will validate the web site certificate it is downloaded onto your machine automatically and the site is listed as trusted. In essence Windows trusts more root certificates than it lets on.

So what does this mean? Well it means the window for having corrupted root certificate authorities is larger. With the exception of Firefox all major web browsers depend on the underlying operating system’s root certificate store to validate web pages (Firefox actually ships with it’s trusted root certificates and uses it’s own store as opposed to the underlying operating system’s). This also gives two potential locations to place a malicious root certificate. If an attacker was able to gain access to Microsoft’s online root certificate store and upload their own root certificate any SSL/TLS page they created using that root certificate for validation would show as trusted in all versions of Windows (Firefox still would show the site as untrusted). Granted the window for this attack would be small as Microsoft would most likely find it almost immediately and remove it. Likewise the likelihood of such an attack occurring a very small considering the short time frame it would be valid for. But it’s interesting thing to ponder regardless. Additionally the same attack could create a binary of Firefox with the same malicious root certificate included and make it available for download causing the same problem for Firefox users.

No matter what operating system or browser you use the validity of SSL/TLS connections eventually requires that you trust somebody (Which goes against the trust no one security motto). The question here is who are you willing to trust. Only you can determine that but knowing how a security system works and how it’s implemented are important in making that decision. Anyways I just thought that was interesting.