Smart State Trooper Captures Fugitive Polygamist

31 Aug 2006

CNN published this story about the capture of Warren Jeffs. It’s an interesting read. However, what I think is a more important part might go unnoticed by most people.

A paper license tag, a salad and stories that didn’t make sense pricked the suspicions of a state trooper who stopped the car of a wanted fugitive polygamist in Las Vegas.

But it was the pumping carotid artery in the neck of Warren Steed Jeffs that convinced Nevada Highway Patrolman Eddie Dutchover that he had cornered someone big.

This is an excellent example of security “Done Right”. Dutchover correctly applied behavioral profiling. It takes a smart person with the right training to be able to correctly do behavioral profiling without it degrading into racial profiling or some other mostly ineffectual form of profiling.

Eddie Dutchover, I take my hat off to you and your expert application of such effective techniques. Bravo!

Also, in the same CNN story, you can read about how Utah is getting first crack at prosecuting Jeffs.

There are also a couple of interesting video clips linked within the article. They are linked via a JavaScript thingy, so I’ll refer you to the CNN article to view them (I could work out URLs to give you some direct links here, but I’m not going to take the time to do that, tonight).



Blog SPAM as Phishing Bait

30 Aug 2006

Today, I decided to take a look at a couple of the links that blog spammers have been trying to put up in my blogs’ comments. Most of it actually led to “anti-spam” websites that are actually spam list phishers. This is, of course, very clever of the spammers.

First, they put spam up that includes links to their phishing sites on blogs they troll the net for. This part is very easy, thanks to services like Technorati and Blogger.

Next, “young” bloggers (i.e., those who are still fairly new to the “sport” of blogging), see comments. Either they naively authorize the spam comment, don’t moderate at all or decide to follow the links and check it out before authorizing the comment. If the comment gets posted to the blog, then others who read the blog can fall into the trap. If the blogger decides to visit the pages, they could get sucked in to all kinds of things.

But as I looked at a few of the links, they turned out to cause redirects to either www.abusepost.com or www.spamcop.net (I didn’t make those into links on purpose; DISCLAIMER: GO TO THOSE SITES AT YOUR OWN RISK, I’M NOT RESPONSIBLE FOR YOUR CHOICES). Of course, the vast majority of bloggers, both experienced and just getting started might think that those sites are providing a pretty good service. Looking a little more closely at the form and at the HTML itself reveals that these sites look suspicious. They require your name, email address and website address (which will be the blog that they hooked you at in the first place, for most people).

Were you paying close attention? They require you to provide the exact information spammers want in order to “report” a site that they are already “about to shut down”? Doesn’t make much sense to me.

Do you smell phish or am I the only one?

A word to the wise: Just Say No.

Here are some simple rules for Internet safety, though, they apply (with proper contextual edits) to any online communication:

  1. Moderate — Whether it’s comments on your blog(s), forums (which I hate, BTW) or mailing lists. Moderation is currently the most consistently effective way to defeat all forms of SPAM.
  2. Never give out your information if you don’t have to — Just because a particular website’s “form” says that it requires your information, doesn’t mean they should be given any. We all know not to publish our credit card numbers online, but it’s amazing how many people don’t understand that your name, email address, street address, phone numbers, websites, employer’s name, favorite color, mother’s maiden name, etc. are not needed by most websites. When in doubt, don’t give it out.
  3. The only stupid questions are the ones you do not ask — In other words, ask someone you know who has lots of experience with the Internet, email, spam, security, etc., any questions about specific websites or other items in general. Keeping yourself safe is hard enough to do, but keep trying to do it without the right information and you just might make things much worse.
  4. Don’t open HTML emails — If someone sends me an HTML email (and I think it’s worth this effort), I send it back to them with a simple, polite note explaining that for security reasons, I do not accept nor read emails that are not in plain text. Too many people are using stupid email programs like Microsoft Outlook and Outlook Express that have hundreds of severe security flaws when it comes to processing HTML email, alone.
  5. Don’t Panic — It can be easy to let fear take over at this point and abandon your dreams of blogging and the “Internet lifestyle”. Don’t worry, it’s not that hard to keep yourself safe. Once you know how to recognize the dangers, it’s easy to avoid them.
  6. Think — (OK, this one could sound kinda mean, but it’s not; it’s just a sad truth, so don’t take it too personally) The spammers and the Phishers keep doing what they do because it works. There are just too many people on the Internet who do not think for themselves. You have a brain and I’m sure it functions at least well enough to read this far. I’m sure you have a lot more capacity to figure things out than you might be giving yourself credit for. Being able to think is not enough on it’s own, but with a little bit of knowledge, your brain can be used to help keep yourself, and your loved ones, safe on the Internet.
  7. If in doubt, bail out — You don’t have to go any further than you already have when visiting any website or continuing a discussion on IM in a chat room or on a mailing list. You can pull the rip-cord at any time.

I’m sure there are other things that we could put in that list. Perhaps some commenters will try to help me out in that regard. But I think these basics should be enough to get you started.

This is one of my favorite Turkish proverbs:

No matter how far you have gone down the wrong road, turn back.



More Security by Overreaction

28 Aug 2006

Wow. This story even includes a WoW reference. Yet another example of security by overreaction.

Although I’m not a lawyer in Canada or anywhere else, but it sure feels like this guys rights were ignored. It is especially disturbing to me that his notebook was riffled after he was already cleared; after the authorities decided that it was a complete false alarm.

I also think that it’s both good and bad that these kinds of overreactions are being ignored by the mainstream media. It’s good because they’re not fearmongering as much as they did. It’s bad because they are not showing how the recent fearmongering is still affecting us and they are missing out on the civil rights/anti-privacy story. Then again, it would seem that the mainstream media doesn’t understand privacy. Perhaps it’s not in the “journalist’s Glossary”?

Thanks again go to Bruce Schneier for bringing this example to our attention.



What the Terrorists Want

24 Aug 2006

I’m going to provide a couple of quotes from one of Bruce Schneier‘s latest blog articles titled, “What the Terrorists Want.”

The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics. The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act.

And we’re doing exactly what the terrorists want.

Did you catch all that? If you’re not sure, then go back and read it again before continuing on here.

Terrorists do not attack their real targets. Terrorist attacks are designed to cause as much fear and disruption as possible amongst those who were not directly targeted by the tactic used.

Our politicians help the terrorists every time they use fear as a campaign tactic. The press helps every time it writes scare stories about the plot and the threat. And if we’re terrified, and we share that fear, we help. All of these actions intensify and repeat the terrorists’ actions, and increase the effects of their terror.

(I am not saying that the politicians and press are terrorists, or that they share any of the blame for terrorist attacks. I’m not that stupid. But the subject of terrorism is more complex than it appears, and understanding its various causes and effects are vital for understanding how to best deal with it.)

I completely agree. It is an unfortunate reality of our societies that many feel they must use whatever opportunity they can squeeze out of disastrous and painful events for their own personal gain. In one small way, I can understand how this happens; as events beyond their control unfold around them, some people seek to exert a measure of good into the outcome so they will feel better about having been through it. I’ll call this the “Silver Lining Syndrome” of disaster reaction.

Another thought experiment: Imagine for a moment that the British government arrested the 23 suspects without fanfare. Imagine that the TSA and its European counterparts didn’t engage in pointless airline-security measures like banning liquids. And imagine that the press didn’t write about it endlessly, and that the politicians didn’t use the event to remind us all how scared we should be. If we’d reacted that way, then the terrorists would have truly failed.

Look, it’s this simple: Yes, we deserve to know what is going on in the world, however, we need to be responsible with that information. We need to temper our reactions with uncommon sense.

It’s time we calm down and fight terror with antiterror. This does not mean that we simply roll over and accept terrorism. There are things our government can and should do to fight terrorism, most of them involving intelligence and investigation — and not focusing on specific plots.

Intelligence and investigation provide real security. What’s going on with TSA and friends at America’s airports today is little more than security theater. The sooner we stop wasting resources on that, the sooner we can spend some of those billions in places that will really work.

Remember how much criticism the Bush Administration received (mostly from the mainstream press, by the way) shortly following 9/11 when the stories broke about how much money was being poured into beefing up the CIA, NSA and other U.S. intelligence community members?

Bad security often looks good, good security works and great security does it without you realizing it’s there even though you can see it.

Here are a few more snippets from Bruce’s article, though I highly recommend you read the whole thing, yourself:

… our job is to remain steadfast in the face of terror, to refuse to be terrorized.

The surest defense against terrorism is to refuse to be terrorized.

… our job is to fight those politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money [without making] us any safer.

What we all really need to do is take DNA‘s advice from The Hitchhiker’s Guide to the Galaxy:

Don’t Panic.



Too Many Checked Bags

24 Aug 2006

In today’s issue of USA Today, there is a story about how the surge in quantity of checked lunggage to be processed in U.S. airports is overwhelming the TSA baggage screening systems.

I am not the least bit surprised; I (and many others) predicted that this overload would result from the rule changes “prohibiting an entire state of matter” (liquids) and prohibitting gels in carry-on luggage. For me, I have to now check my suitcase instead of just carrying it on because of toothpaste and the particular deodorant I was traveling with when these new rules were put into effect (I’ve since switched back to my usual traveling solid).

I don’t want to leave my toothpaste at home, but if these new and useless rules stick for long, I may just ditch it, instead making sure that all of my hotels can provide me with some. That way, I would again be able to take my suitcase carry-on and skip the check-in and baggage carousel entirely. However, when I travel, I prefer to have everything I need with me.



New Hard Drive: R.I.P.

14 Aug 2006

It hasn’t been very long since I upgraded the storage on my home file server. One evening last week while I was in Los Angeles, my wife told me that there was a “funny” sound coming from the “server room”. Her description made me think it was a fan. Oh, how I wish that had been the case.

Saturday, after I was home I had tried to access some files on the file server and couldn’t. I tried to log into it via SSH and that hung. I logged in as root on it’s console without problems. A df worked fine, but trying to access anything mounted from the new drive’s LVs failed, hanging the command indefinitely. Trying to shutdown the box also failed as it hung on trying to unmount those volumes. I used the good-ol-power-switch to kill it, waited for everything to stop spinning and tried to start it up. The drive controller can’t even make sense of the drive. I simply powered the box down and left it that way for the weekend.

Tonight, I’ll be pulling the new drive out. I’ll hook it up to my home workstation (only other SATA box I currently have) and see if the drive will run. If so, I’m still not putting it back in the server. Instead, I’ll verify everything, wipe it and run it hard to try to fail it again. Even if I can’t get it to fail again, I’m still going to get an RMA and have it replaced. I think I’ll grab 1 or 2 more while I’m at it and set up either RAID 1 or RAID 5.

Let the hard drive games begin, I guess.



Travel Challenges

12 Aug 2006

As I am sure everyone has heard by now, on Monday, Brittish authorities arrested nearly 2 dozen suspected terrorists and raided their homes. It is believed that this action foiled an Al Qaeda plot to blow up as many as 6-12 trans-Atlantic airliners as they reached U.S. soil.

Because of the methods these individuals planned to use for smuggling explosives aboard, security restrictions on what passengers may carry-on commercial airlines in England are very stringent. Basically, you get to keep your wallet, keys, some money and the clothes you are wearing. No cell phones, computers, DVD players, audio devices or any other electrical apparatus are allowed.

I happened to be in Los Angeles at the time this happened. As the week wore on, I read and heard that some U.S. airports had adopted the same extra security restrictions now found at London Heathrow & Gatwick. On Thursday & Friday, I was told by several people that they had heard that LAX (Los Angeles International Airport) was not permitting any carry-on luggage at all. This worried me only because I have no desire to find out just how well this notebook would survive the tender, caring baggage handlers’ grasp. In other words, I never check my computer bag or the computer.

However, there was nothing to fear. When I arrived at the airport, it turned out to take longer to walk from the ticket counter to the security checkpoint leading to my gate than it took to get my boarding pass, check my 1 bag (suitcase with a week’s worth of clothes) and get through security, combined. I’m sure the fact that I have nearly three hundred thousand miles of flights with Delta didn’t hurt either. As it turned out, if I had been willing to throw away my deodorant and the little traveling tube of toothpaste I was carrying in my suitcase, I wouldn’t have had to check that bag, either.

For me, the “extra” security measures only amounted to my having to wait for my bag when I got to Salt Lake.

As I was at the airport at 3:45pm for a 6:08pm flight, I ended up standing around at my gate for just over 2 hours before boarding. I try to not spend too much time sitting in airports, since I’m going to be spending so much time sitting on the planes.

But that wasn’t the worst part.

The worst part was that there was a 4:50pm flight and they “couldn’t” put me on it. Was I there in plenty of time to switch to the earlier flight? Yes. Were there seats available? Yes. But only in First Class, there were no Coach seats left, so she couldn’t switch me to that flight. Given as much as I travel, I almost always get upgraded for free to First Class. In fact, I was upgraded for the flight there this trip. The agent was kind, she said they really should have a way to let me take one of those seats, which I would have gotten anyway (she could already tell by looking at her screen that no one else was going to get upgraded).

How ironic is that? Oh, well; I made it home that night and to me, that’s the most important part of these travels.



X and Your Hostname

9 Aug 2006

Recently, Migueal de Icazza wrote this as part of a blog post:

X applications do not open sometimes: this is caused because DHCP is set to “change hostname on DHCP” requests. For some reason X applications are not happy with changes in the hostname. I have no idea why. I personally have not experienced this, but I guessed that it was DHCP changing the host name.

Solution: Make sure that your network setting does not change the hostname. I have no idea why this happens, but this is what happens. Just do not let DHCP change your hostname.

He was right. The X server uses the machine name of the box it’s running on as part of the filename for some socket files (in /tmp/) that allow local apps to connect to the X server. If you change the systems hostname during a running X session, any X apps you launch thereafter will use the new hostname to look for an appropriate socket and not find one.

The fix for getting into this situation is easy; just kill the X session and log in again. Trying to “gracefully” log out of such an X session will probably fail, as the logout dialog box applet can’t be launched. Press <ctrl>+<alt>+<backspace> (all together) to kill your current X session. A new display manager should be started in it’s place.



Lazy Travels

6 Aug 2006

This morning, I flew from Salt Lake City (SLC) to Los Angeles (LAX). I arrived before 9am PDT and was driving off in my rental car by 9:30. It only took me about 12 minutes to drive to my hotel in Manhattan Beach, California. Unfortunately, 9:45am is a little early for checking in (officially, this hotel’s check-in time is 3pm). They didn’t have any rooms cleaned, yet.

I knew that I was very close to the beaches and the ocean, though I hadn’t seen them on the flight in (I was sleeping until just before we pulled into our gate) or during my drive to the hotel. But, hey, all I had to do was head west, right? So, I did.

At about 11:45am I finally found a parking place. It turns out that there are two local events going on at Manhattan Beach this weekend, so all the street parking was full. I simply slipped off my Mephisto sandals, walked 1 block west and I was on the sand. By the way, for those of you reading this from Utah, that’s not 1 Utah block (6-8/mile), it’s 1 block like most of the rest of world has them (12-13/mile).

I walked slowly north along the water’s edge, letting the inbound tide lap over my feet & around my ankles, listening to the sounds of the surf and wind. It was only about 73 degrees Faranheit (approximately 22 degrees Centigrade) with a lightly filtered Sun playing it’s light over the land and sea. The water felt as though it were only 5 or 6 degrees cooler. There were very few people among the sands in this direction, affording a peaceful, easy stroll with little distraction.

After about a mile of almost pristine beach, I turned back south, retracing my already vanished footprints. The tide continued to lull it’s way in, a little further with every other attempt. I walked a little faster on the return trip, as I had no sunscreen on and I do not wish to inflict a lobster impression on my students this week. The whole walk took merely 45 well-spent minutes. It was really quite relaxing.

I drove off to head back to the hotel and see if I could check-in, yet. However, a Fry’s Electronics caught me, instead. I spent about an hour perusing through all the wonderful treasures (and even more stuff I don’t really want). This has to be the smallest Fry’s there is. From there, I made it to the hotel, got into my room, unpacked my suitcase for the week and this notebook. A moment before I began writing this post, I awoke from a quick nap. This room is basically a studio apartment, with a full kitchen. I think I’ll have to do a little grocery shopping and cook all (well, at least most of) my meals for the week.

Though it occasionally happens, ’tis not often I have time for relaxation in my business travels.

Ah … lazy days.



Start of the Second Baby Boom?

4 Aug 2006

My youngest sister and her husband, Garry & Kayla Perza, phoned and told us that she is pregnant. She has not been to her first doctor’s appointment, yet, so she doesn’t have a “firm” due date, however, it should probably be somewhere in the later half of April, 2007.

We’re not the first in the family to have children. My sister Monica’s little boy, Ammon, was born December 2, 1999. The “middle” sister, Janine, has a son (Steven, born June 23, 2001) & a daughter (Robyn, born September 16, 2002), and my youngest brother, Lance, already has a son (Joseph, born May 28, 2002). So, the first little baby boom was in 2001-2002.

In case you haven’t been keeping score, there are 3 boys and 3 girls in my family (my siblings and I). I’m the eldest of the six and our parents now have 4 grandchildren (3 boys, 1 girl) with 2 more on the way (1 girl, 1 unknown).

Recently, my mother and I decided that a “baby boom” has begun in the family, starting with our first child. Kayla’s is the second in the new boom. We think it will not be very long before both of my brothers (with their wives, of course) start having kids, too.