Mama Luna had four beautiful baby kittens today. ZOMG! And the little black one is funny!

I think I’ve learned more about painting from watching others paint than I have by experimentation alone. This cat has mad technique.

I’ve registered the domain name hillbillygenius.com. As self agrandising as that may sound, it’s not about me.

I’m often spellbound by the world that I live in, and it’s the people who make it really interesting. For instance, tonight I met Santa Claus. Not the mythical North Pole variety, but a real down-to-Earth Santa Claus. He was touring the neighborhood on his custom painted red Segway scooter, chatting up my neighbor, Doug.

Seeing this, I had to jump in the fray. I’d just pulled in the driveway after work, and the two were talking in front of Doug’s garage. I reacquainted with Doug, and Mr. Claus was entirely charming.

Continue Reading »

I first heard about this statement yesterday, and it registered, but I wasn’t angry. I’ve had a chance to think about it, and now I’m downright pissed.

This is a multi-part agrument, so bear with me. Economically, the one entity that can pay for massive natural disaster assistance is the federal goverment due to it’s fiat power. It should be, in effect, the insurer of last resort, much like it is the lender of last resort for banks. Morally, helping one’s fellow human in time of need should be one of the defining characteristics of our species; this should be obvious, as enshrined in the Golden Rule. An in ordinate number of deaths and injuries are caused by inappropriate building codes: trailer parks should have mandatory storm shelters (ditto slab foundation buildings, in general). It would be trivial to make a mandatory weather alert app for all cellphones, I’ll admit, that nothing beats the nose of a dog for finding certain things, but some drones doing thermal (and other) scans would be nice – you can do it over a war zone, why not Missouri? Dogs are all we’ve got.

According to this calculator the State of Missouri is on the hook for $6.2 billion in Afghanistan alone (one moderately sized state out of 50). The total cost of the whole war-on-terror-shebang would cause a fatal cring, so I’ll spare you. The fact is though, that the federal government spends more each week, on ordinance alone, than what it would cost to build two Joplins,

And yet we wonder why the federal debt is out of control….

I have been finding many technological gewgaws that have made my jaw drop lately (I’m looking at you, various Android augmented reality apps). But this hack takes the friggin’ cake:

French developer Fabrice Bellard has built a JavaScript-based x86 PC emulator capable of running Linux inside a web browser.

Just.wow. Real, honest to God Linux. You need Chrome 11+ or Firefox 4+ to make it go, but damn.

…found on Wired.

From today’s Financial Times…

The rain beats down on a small Irish town. The streets are deserted. Times are tough. Everyone is in debt and living on credit. A rich German arrives at the local hotel, asks to view its rooms, and puts on the desk a €100 note. The owner gives him a bunch of keys and he goes off for an inspection.As soon as he has gone upstairs, the hotelier grabs the note and runs next door to pay his debt to the butcher. The butcher hurries down the street to pay what he owes to his feed merchant. The merchant heads for the pub and uses the note to pay his bar bill. The publican slips the note to the local hooker who’s been offering her services on credit. She rushes to the hotel to pay what she owes for room hire. As she puts the €100 note on the counter, the German appears, says the rooms are unsuitable, picks up his €100 note and leaves town.No one did any work. No one earned anything. Everyone is out of debt. Everyone is feeling better. And that is how a bail-out works.

ed: This post needs cleaning up, but I’d rather publish and iterate, than not publish at all.Full disclosure: I’m supposed to be the marketing guy. They call me a Business Development Officer. Someone found out I had some geek skills, and I’m getting pressed more and more into IT security.For marketing reasons I created some Google Alerts for all the banks in our holding company, you know, to monitor reputational risk. I want to head off and deal with any loudmouth ranting on the Internet, and if it’s a customer with a legitimate beef, I want to make it right.So daily I receive a half dozen emails from Google with a bunch of random links: news sites, blog posts, etc.Yesterday I got one with something interesting.That looks like a link to our customer service page on our web site, but the URL is wrong. [OMG, WTF]I click the link and this comes up:Even at first blush it’s pretty shady looking, but they are treading on our good brand. So, the next question is, how do I shut this thing down? I had no clue, because it’s never come up before.The most obvious first step is to check the “whois” data in the DNS system. If you Google “whois”, there’s a lot of folks who provide this lookup service free over the Web. I found that I like http://whois.domaintools.com/ This site provides more detail than average, and has some extra goodies to boot (which I’ll get to soon).The “whois” data was pretty frustrating, because the owner was hiding behind a front company out of Luxemburg that specializes in obscuring such information.{insert whois output}

Side rant: this type of shit really pisses me off. I certainly believe in strong controls on privacy (see my Facebook page – largely abandoned), but if you’ve got something to say -publish on the World Wide Web- don’t hide. State your case. You wanna be a thief? Do so openly and honestly. You wanna stick it to the “man”? Tell me why, and I’ll try to work it out. Wanna get rich? Become a legitimate entrepreneur.

That’s were the previously mentioned site’s tools get cool. There’s a reverse DNS lookup feature that tells you the IP address of the site. It also tells you the other sites hosted on that IP address. The owner of this IP is/was engaging in a diverse phishing scheme. 16 spoofs, all crudely executed, hoping to benefit from random typing errors of unsuspecting online banking customers.My next concern: how many potential customers are affected? The phishing site has two forms: an online banking login, and a new account set-up form. I focused on those pages. So what do these pages do? Right click _ View source.I first looked at the online banking log-in form, because that seemed to carry the highest initial risk. Guessed that one wrong. Let’s look at the Javascript that controls this page’s behavior. It’s easy to find because the script is embedded in the page:{source}And that’s what”s funny. It doesn’t “do” anything! It looks for username/password combinations it knows and returns a pre-set page. It doesn’t log anything. If you enter legitimate online banking credentials, it fails.The Phisher isn’t a complete idiot because the site does have the capability to collect some information from prospective customers. There is a page that offers to open a new account.Here’s where the View _ source trick comes in handy again. The form is hosted by a third party, and the code to do so is embedded in the page.{insert code here. Or look at it yourself, because I mirrored the site at http://casa.kaektech.com/phish/}Response-o-matic.com is a site that allows one to create a form to collect information, and log it for their patrons. It’s actually kind of a cool tool, but in this usage it abets a crime. Luckily, for the form to work it needs a user ID and form ID, helpfully disclosed in the page source. A quick email to the provider quickly killed the capability.But the phishing site is still up, even if it is crippled.Remember the IP address from the reverse DNS lookup? We can use that to determine what company is ultimately hosting this site. It turns out it is one of the largest hosting companies in America, based in Scranton, PA: Burst.netI got a quick response from {NOCPA}, but they are selling capacity to a reseller, who really hosts the phisher. As of 8:49 P.M. CDT, the phish is still on the line, but hasn’t been landed. I have mirrored the site locally though, because the site, based on the <head> information, was built with MS Frontpage. I hope to do some file metadata forensics that might yield a name, and hopefully more…

I don’t know what the fascination with Jager bongs is, but 54,478 people, at the time of this writing, have viewed this clip. It further amuses me that I made an acquaintence with the gentleman performing this feat last night. Nice guy…