Archive for April, 2014

“Things are not what they seem”

“And also,” the driver said, facing the mirror, “please remember: things are not what they seem.”

Things are not what they seem, Aomame repeated mentally. “What do you mean by that?” she asked with knitted brows.

The driver chose his words carefully: “It’s just that you’re about to do something out of the ordinary. Am I right? People do not ordinarily climb down the emergency stairs of the Metropolitan Expressway in the middle of the day –especially women.”

“I suppose you’re right.”

“Right. And after you do something like that, the everyday look of things might seem to change a little. Things may look different to you than they did before. I’ve had that experience myself. But don’t let appearances fool you. There’s always only one reality.”

Aomame thought about what he was saying, and in the course of her thinking, the Janáček ended and the audience broke into immediate applause. This was obviously a live recording. The applause was long and enthusiastic. There were even occasional calls of “Bravo!” She imagine the smiling conductor bowing repeatedly to the standing audience. He would then raise his head, raise his arms, shake hands with the concertmaster, turn away from the audience, raise his arms again in praise of the orchestra, face front, and take another deep bow. As she listened to the long recorded applause, it sounded less like applause and more like an endless Martian sandstorm.

“There is always, as I said, only one reality,” the driver repeated slowly, as if underlining an important passage in a book.

“Of course,” Aomame said. He was right. A physical object could only be in one place at one time. Einstein proved that. Reality was utterly coolheaded and utterly lonely.

Aomame pointed toward the car stereo. “Great sound.”

The driver nodded. “What was the name of that composer again?”

“Janáček.”

“Janáček,” the driver repeated, as if committing an important password to memory. Then he pulled the lever that opened the passenger door. “Be careful,” he said. “I hope you get to your appointment on time.”

Haruki Murakami, 1Q84

“God save Tudor houses, antique shops, and billiards”

Kate Rusby, “The Village Green Preservation Society” (The Kinks cover). I’m infinitely charmed by her accent and her guileless cover of my second favorite Kinks song.

“The world that you need is wrapped in gold silver sleeves”

The Dresden Dolls covering “Two-Headed Boy” by Neutral Milk Hotel

Heartbleed for the Laity

As you may have heard, there’s a new security vulnerability currently effecting the Internet. It’s a damn big deal, so I wanted to write a quick overview, aimed at non-tech people, to explain what the exploit is, who can be effected, and what the potential impact will be.

Overview

Heartbleed is an exploit that effects secure websites on the Internet. Many sites that use a technology called SSL to keep customer information private and to prevent attackers from intercepting or stealing customer data. Heartbleed is a bug in the most common version of SSL, a library called OpenSSL. It allows attackers to read the memory of the effected website, potentially stealing information about other users who are using the website at the same time. Randall Munroe provides an excellent analogy to help you understand how the attack works in this XKCD comic.

The technical details are beside the point for this post, and are well covered elsewhere, but you can think of it like a hidden window that allows anyone to see what’s going on inside a website’s server, including any data it might be processing at the time.

How bad is it really?

Literally the worst security exploit the Internet has ever seen.

And worse than most people, even a lot of tech folks, realize. This exploit allows an attacker to steal information about the computer that runs a web site and also about every other user using the website at the same time. It also potentially opens up other, more targeted attacks against individual users or specific sites. It is currently undetectable and therefore largely untraceable. It is trivial to pull off. It potentially effects millions of sites.

There is a common assessment matrix, DREAD, used to assess the threat posed by a particular security vulnerability. DREAD is an mnemonic representing Damage, Reproducibility , Exploitability, Affected Users, and Discoverability. Heartbleed is the highest possible rating in all five categories and, for a few of them, is the worst bug to ever effect the web.

What can I do to stay safe?

Assume that any information you send to a website can be seen by an attacker unless and until you get confirmation from the owner of the website that the exploit is fixed. At this point a majority of sites appear to be patched and, thus, safe to use, but you shouldn’t assume that a site is safe until you confirm with the owner. When in doubt, call their customer service or tech support lines and inquire directly about Heartbleed.

DO NOT send any information you wouldn’t want to be known by the entire world to a website unless you have confirmed that the website is fixed.

Please note, this exploit effects sites that use HTTPS to secure traffic (that little lock icon you seen in the address bar of some browsers). It so severely damages the security of these websites that it makes them WORSE than normal, non-secure sites.

I used an effected website before it was patched. How fucked am I?

Unfortunately, it’s impossible to tell. It could be that no one was using the exploit at the time you were using the site. Or that they didn’t happen to read memory containing your private information. Or the server may not have had any of your information in memory at the time the attacker was using the exploit. You might be fine.

Or you might be completely hosed. The attacker might have every piece of information you’ve ever given that website, including SSN, credit card details, addresses, the contents of your middle school diary, etc.

It’s literally impossible to tell, which is part of what makes Heartbleed so insidious.

What now?

As I mentioned, a fix is available for Heartbleed and most site owners are working as fast as they can to patch their systems. Some, however, don’t really understand just how urgent this exploit is. If you don’t know if a website is safe, assume it isn’t until you hear from the site owner that they’ve fixed their systems. Don’t hesitate to call their tech support or customer service numbers. Once a website is once again safe to use, it might be a good idea to change your password.

I have more questions!

There’s tons of good info on the web about the bug. Unfortunately a lot of it is intended for a highly technical audience. If you have questions that you can’t find answers for via Google, feel free to post them to the comments and I’ll try to post non-tech answers to them to the best of my ability.

Update #1 – 2014.4.11

BDaddy in comments makes the excellent point that one way to limit damage from bugs like this is to use a different password for every website. That way, if an attacker manages to get your password for one website, they can’t use it to access your accounts on other websites. There are a number of tools and services that can help with this. I personally like LastPass, but there are a number of other solutions as well.

Additionally, I forgot to mention that it’s probably a good idea to change your passwords for websites that you use after you’ve determined that they’re patched against Heartbleed. I’ve updated the “What now?” section accordingly.

I’ve also updated the “Overview” section with a link to this excellent XKCD comic explaining the attack by analogy.

“Salvation will come and break our hearts”

MØ, “Dust Is Gone (Night Version)” from her excellent No Mythologies to Follow album.

Pace and Spin

There are certain essays that I keep coming back to time and again. I’m not usually one to reread novels or short stories, but I have a stable of essays that I read yearly, if not more often. I reread them to savor the text, but also to glean more of what they have to teach. I read them both as devotion and as education.

It will surprise no one who knows me that many of these recurrent essays are by David Foster Wallace.

One of them is his 2006 essay, “Federer Both Flesh and Not”. On the surface, it’s about Federer’s win at the 2006 Wimbledon Men’s tournament. It’s also about beauty, experience, and the impossibility of understanding ourselves or others. It’s the closest I’ve read in a long time to an operative proof of the divine.

More concretely, the essay is a wonderful crash course in many things, of which these five struck me most keenly on my most recent re-reading.

First is Tennis. Despite being the subject of the essay, though, Tennis is both the least interesting and least important thing about it.

Second is how to appreciate the beauty in a thing you may not, yourself, even really like. Despite two ill-fated years in Tennis myself in High School, I can’t claim to be a fan of the sport. But Wallace speaks with such glowing grace about Federer’s skill and strategy that one can’t help but marvel at the beauty of the man’s game. If you don’t like sports, this essay probably won’t change your mind, but it might make you more tolerant of those that do. It can, if nothing else, give incandescent expression to the passion they possess, but you lack. Wallace, here, plays the role of the fiery Baptist preacher, hypnotizing even the unbeliever.

Third is how to craft an impeccable essay from the materials at hand. Every word, notion, comment, and footnote is in exactly the right place. Even seemingly cast aside details turn out to be of critical importance. And in the end, even the oblique commentary about the sick child flipping a coin to decide first serve ends up driving home the critical point.

Fourth, it is the single finest lesson in phenomenology available. No essay articulates the role and scope of human experience in our daily lives better than this. Being and Time might be a brilliant work, but a careful study of “Federer Both Flesh and Not” is almost as complete, equally as true, and vastly more compelling. Wallace’s discussion of three perspectives of pace alone is worth the first three weeks of any graduate seminar on the topic. Wallace’s description of Federer’s effortless drives and unconscious, intuitive play; his exegesis on the micrometer, microsecond decisions that go into making the right shot; and his thorough analysis of the experience of a hissing power drive, do more than two hundred pages of Husserl or Heidegger to tell you about the singular importance of perception.

Finally, Wallace’s awe at the being of light that is Federer well encapsulates the majesty of the rare mutant creatures that mankind sometimes produces. Federer is a species unto himself, just as Paul Erdős, Hunter S Thompson, or Juan Manuel Fangio were. Just as, in his own tragic way, David Foster Wallace was. The capstone of the essays sets Federer off against poor little William Caines, the coin tosser and survivor of liver cancer. This dichotomy neatly sums an ontology, metaphysics, and theosophy that underlies the rest of the essay. Namely, whatever you think of God, he created both cancer-wracked little boys, and the flesh-and-light glory of Roger Federer.

In a way, that dichotomy could only have been articulated by someone like Wallace. Someone who, we would come to learn two years later, lamentably embodied both extremes.

Return top

Magic Blue Smoke

House Rules:

1.) Carry out your own dead.
2.) No opium smoking in the elevators.
3.) In Competitions, during gunfire or while bombs are falling, players may take cover without penalty for ceasing play.
4.) A player whose stroke is affected by the simultaneous explosion of a bomb may play another ball from the same place.
4a.) Penalty one stroke.
5.) Pilsner should be in Roman type, and begin with a capital.
6.) Keep Calm and Kill It with Fire.
7.) Spammers will be fed to the Crabipede.