Satan’s Garden

This article is scary in so many ways, that it gives one pause to even browse the Web anymore.

The gist of it all, is that the FBI put up some faked URL’s on a message board which they thought was being used for trading child pornography and then recorded the Internet Protocol (IP) number of any system which connected to their fake site. They made no distinction of how a person got the link, however. This means that someone could email the links in question to a person they want to damage, using misleading names on the links and cause a completely innocent person to find the FBI’s honeypot!

The FBI then took the IP information and traced it down to the supposed owner and used this to obtain a warrant for each location for dawn raids.

Let’s be blunt about this: when the FBI made no distinction on how someone got to the site, they engaged in utterly shoddy police work.

One of the most disturbing lines in the article is as follows:

Vosburgh faced four charges: clicking on an illegal hyperlink; knowingly destroying a hard drive and a thumb drive by physically damaging them when the FBI agents were outside his home; obstructing an FBI investigation by destroying the devices; and possessing a hard drive with two grainy thumbnail images of naked female minors (the youths weren’t having sex, but their genitalia were visible).

The obstruction and possession charges seem legitimate, but I have to ask, what the hell is an illegal hyperlink? What is the definition being used for this? If the hyperlink is illegal, can’t the FBI be charged for creating an illegal hyperlink?

Between this kind of questionable police tactics and the ongoing construction and use of data fusion centers, we’ve entered a whole new age of Orwellian existence. I would recommend to everyone to start encrypting everything, whether it is sensitive material or not. Make them waste time on trying to decrypt chocolate chip cookie recipes and text files that only have quotes of the Framers in them. Make them expend effort for nothing, so much effort that they become mired down under the weight of it all.

Following are links to various encryption tools.

http://www.gnupg.org/
http://www.truecrypt.org/
http://www.arg0.net/encfs
http://www.freeotfe.org/

And a page covering many drive encryption systems.

This has to be one of the most concise and clear articles I’ve read on our current economic position and how we got there. Stop reading my drivel and start reading this article at whatreallyhappened.com.

I’m currently appearing as a witness for the defense in a case here in Utah, which for obvious reasons I won’t go into any detail about, until it’s all over and the hearings, trial and verdict have passed.

As this is my first time acting in such a capacity in a court of law, I honestly felt that I was in a completely alien environment. I don’t know all the rules, having to observe or ask. For example, I had no idea what the wording was for the oath when sworn in and had to ask, being reassured by fortune of being one of the last on the stand in the hearing procedure, that there was no oath to what I view as a fictional deity. Surprisingly to me, there was no wording involving supernatural entities at all, which I would assume to be in place in a state like Utah.

It was interesting to see the two legal teams present their cases. Both were struggling to understand the computer technology involved in the case, concerning Email and how it works (I can say this much, as it’s been covered in the local papers already) and watching them attempt to grasp the information “on the fly” as it were and make a logical argument from it was quiet fascinating to witness. (Sorry, I won’t hand out grades yet.) It was like watching a chess game in process, each trying to react to the other’s questioning of witnesses on the stand. It wasn’t a pretty chess game, with strict rules of movement in place, but it was certainly an exercise in adaptive strategy. At one point during the cross examination of me, the prosecution stopped questioning technical aspects and instead went to attempted character assassination. One can’t get angry with the lawyer for doing so, it’s their job, but it reminded me of how much of this grand drama relies on swaying opinions of people emotionally, rather than following logical process alone. I don’t fall for such ploys and I think that those like myself, who value logic over emotion in decision making, might be the lawyer’s worst nightmare if our kind were to end up on a jury.

The little fits that erupted during breaks were even more interesting to see. A couple of supposed victims in this case refused to shake the hand of the defense attorney during introductions before the hearing started, as if doing so they would be touching evil itself. At one point during the break just after I had testified, one of the prosecution’s team made a disparaging comment over the quality of the witnesses the defense was calling. Since I was the only witness specifically for the defense, it didn’t take any guesswork to figure out who she was talking about, in a loud enough voice to ensure I heard It from across the room. I just smiled at her. Sorry girl, but you’re going to have to try a lot harder than that. I worked for years in telephone technical support. I’d suggest hanging around street gangs and drunkard perverts to get a good grasp of ugly language, couple that with intense study of Dennis Miller’s barbing wit, and aim the vicious diatribe at my wife - then you might get a dirty look from me.

I was shocked during the whole process on just how exacting and attentive the judge involved was. To say that I was impressed would be an understatement. While others in the court were trying hard not to fall asleep, she was on top of every point with utmost tenacity. I don’t know if this is normal among judges, having seen few of them in action, but she seemed much more attuned than the few other judges I’ve witnessed.

I also came to have a greater respect for the poor bailiff. I say “poor” here not to disparage him, but in light of what that man (in this case) has to endure. With very little to do during the course of the proceedings, he had to somehow keep his sanity and attention on the court during over 8 hours of this dry and grueling process. I don’t know how these people do it. I think I’d loose my mind about day three.

Overall, I find the legal process to be one of long, extracted misery. It is vitally important to the structure of our government and society, but I can’t claim to enjoy any of it in action. Much like the old saying that those who enjoy politics and sausage should not watch either being made, I wouldn’t recommend viewing the court process if you are currently enamored with it. It’s not pretty, elegant or concise. It’s unattractive, slow and dreadfully boring. If you have romantic notions of the courts, I’d suggest sticking with nighttime court drama television.

A friend of mine likes to say that the definition of insanity is doing the same thing over and over, and expecting a different result each time.

By that definition, Microsoft is the quintessential model for insanity.

I made the mistake of taking on Windows systems administration a few years ago where I work, as I thought the challenge of learning the intricacies of a previously unfamiliar OS would give me a more rounded experience with systems administration in general and allow me to learn to appreciate why Windows admins seemed to love the environment they worked with. Coming from a solid Unix background, I figured that I would find similarities in function and implementation, to the point that course work would not be needed to learn the ropes. I was correct in that aspect and learned quickly via a couple of incidents where I was able to resolve issues that long time Windows admins could not, that having my previous systems administration experience was a boon in general and very much a keystone to ability that only required study of freely available documentation to attain.

What I was also to learn, however, was that many of the paradigms I was used to would have to be ignored and the replacements that Microsoft had implemented, just plain suck. Consistency of methodology is damn near non-existent. Graphical User Interface (GUI) tools got in the way more times than they helped and their interfaces were inconsistent from each other. To get at the real functionality of the GUI tools, half the time you have to right-click on unexpected places to pull up hidden options. Even the simple structure of system settings are inconsistent and stupidly designed.

A perfect example of the nonsense I ran into can be found in the local security settings of any Windows box. You can find sensible settings, such as, “Domain member: Require strong (Windows 2000 or later) session key” with the options of “Enabled” or “Disabled”.  Just below it, however, are “Interactive logon: Do not display last user name” and “Interactive logon: Do not require CTRL+ALT+DEL” with the same options, “Enabled” or “Disabled”. This double negative verbiage is simply ridiculous.

Or how about the fact that even though you’ve setup your Active Directory (AD) domain when you promoted the first Windows server to be a Domain Controller, with clients logging in on your domain and the forest setup with trusts to other domains, et cetera, the name of the Domain Name System (DNS) domain is still “default_domain_name” (or something like that, memory serving,) until you open up the Microsoft Management Console (MMC), run the Active Directory Sites and Services plugin and right click on the entry to chose “Rename” from the popup menu. This is in spite of the fact that you have to enter the DNS name as part of the AD promotion process. I discovered this when I refused to base our entire network’s DNS service to Microsoft’s implementation and had to copy all the SRV records in the netlogon.dns file to the Unix DNS server. After digging around for an hour or so, I finally found out what was up. Of course, if I had enabled DNS and auto-updates of DNS on the AD controller, the information would have been setup correctly then. Most Windows administrators would have simply setup DNS on the AD controller and been done with it. I’ve even read articles advising doing so, no matter what you’ve been using for DNS before, just in case something breaks later with a change suddenly instigated through an update from Microsoft!

Like I said, inconsistency reigns.

The task set before me this week was a new one. The primary Active Directory controller is old and needs to retire. New hardware was ready to go and was tested, so it was time to replace the old with the new. Yes, Microsoft claims that there is no such thing as a Primary Domain Controller (PDC) anymore, but it is only a half truth - as you still have Flexible Single Master Operations (FSMO) server roles, limiting edits of various services to specific systems. You can (limitedly) spread them out among multiple machines, but that doesn’t change the fact that the FSMO roles exist on specific systems and do not have an order of precedence to roll over to another server, should the FSMO server go down. So, even if you spread out your five FSMO roles among different machines, now you have multiple points of failure instead of one. Net gain: nothing.

In my case, our AD domain is tiny. We support about 30 Windows machines anymore, so we had two AD controllers, with the first one setup as the FSMO role server for all five rolls. (This happens automatically the first time an AD controller is setup in an AD forest.) The process to transfer the FSMO roles can be done in one of two ways: right-clicking on a bunch of clumsy GUI menus through three different MMC plugins or running the ntdsutil on the command line and suffering through what is the most abysmal modal command line interface I’ve ever seen.

ntdsutil sucks - it really, really sucks, but it was better than flopping around in three different MMC plugins. So, I started the process of transferring all five FSMO roles from the old server to the new with the command line tool. The PDC Emulator and RID Master roles transferred without a hitch. But try as I might, the Schema Master, Domain Naming Master and Infrastructure Master roles would not transfer, giving a generic error that multiple searches on Google could not elucidate.

So, I decided to make the new server seize the roles which would not transfer. This worked - to an extent. All five roles were reported by the new server to be handled by the new server, but the two old domain controllers now believed that the old FSMO server was still serving all five roles. How the two which had previously transferred correctly were now on the old machine again, was yet another mystery. At this point I didn’t want conflict, so I tried to transfer the roles back from the new machine to the old, all of which failed without even an error message to tell me something was amiss. I now had two AD controllers in the same AD domain of the same AD forest, who both thought that they were the FSMO role master for all five roles.

I left it this way over the weekend, just to see if things would work out or whether additional error messages might tell me something of what was going on. No change came. No new information was revealed.

I tried demoting the new server to stop acting as an AD controller, but it would not allow me to demote the system, giving yet another seemingly random numbered error message. That was enough for me. In desperation, I did what many Windows administrators do at times like these: start over from scratch and do that exact damn thing all over again. I powered the new machine off, re-installed Windows 2003 Enterprise Server, put on anti-virus software and updated with all patches, promoted it to an AD domain controller and kicked up ntdsutil on the old machine and transferred the FSMO roles in the same order I had during the first attempt. Everything worked perfectly. A quick check with the netdom command showed that all three machines now understood that the new server handled all FSMO roles and the whole process was done in just a few seconds time. I had done everything the second time around as I had the first, each step was in the exact order as I had written down. Nothing different was done and everything suddenly worked.

A friend of mine likes to say that the definition of insanity is doing the same thing over and over, and expecting a different result each time.

I understand now that this is why so many people cannot understand that computers are not supposed to crash or otherwise fail in stupid and unpredictable ways. They keep doing things the Microsoft way and insanity prevails and becomes the norm. They can’t understand that things should work the same way every time and that system up time can be measured in years instead of days on a stable operating system. I’m half convinced that Microsoft went to their once a month “Patch Tuesday” methodology for updates, just to make sure that all Windows machines would have to be rebooted once a month, in order to keep the systems appearing stable. I have also come to realize that many people have been fooled into believing that a boondoggled GUI is “more advanced” or otherwise “better” than editing simple text files for system settings - that somehow editing a text file is primitive in comparison - overlooking the fact that cumbersome GUI’s are often simply doing that very task.

If my varied and insane experiences over the last eight years with Windows has taught me anything, it is that whenever possible, no matter how difficult the transition may be at first - if you can run the service on Unix instead, do so. If you leave it up to Windows, you leave it up to sporadic behavior, inane tools and retarded, clumsy and often secretive GUI interfaces. You seemingly leave it up to pure chance.

To me, that is insane.

There has been a general outrage over the last couple of days, over a video showing a US Marine throwing a puppy off a cliff, somewhere presumably in the Middle East.

At least one veterinarian has come out with the belief that the video shows a real animal being hurled.

“If this is something legitimate, it’s one of the most egregious acts of animal cruelty I have ever seen, if not the most,” said Dr. Matt Mickas, chief of Community Practice Services at WSU’s veterinary college.

He said it did not appear fake to him, because of the way the animal went slack by being held from the neck.

“To me, the sound on the YouTube clip sounded like a puppy in distress — the same sound we hear when the puppies come into the hospital,” Mickas said.

The Marine Corp is looking into the video and hopefully their investigation will come up with some answers. In the meantime, real or fake, the video is producing quite an outcry from many.

My feelings are myriad. We take young men and women and throw them into a grinder, and some of these people are not very stable to begin with. Should we be shocked when they loose basic morality? How can the average person cope with the fact that they’re killing people all the time? If one is in a constant state of killing humans, how can we expect them to treat dogs any better? Yet, how can we be expected to turn a blind eye to such heinous actions, by using such rationalizations?

What it all boils down to is that killing other people is not a natural state for humans to commit effort to. Even once is Earth shaking. Multiple times, over years of service - I can’t see how that can’t scar one for life. As a society, we’re going to have to deal with these traumatized individuals returning home to try to lead a normal life.

That’s where my real worry resides. Someone who has been desensitized to death to such a level that animal life is something to extinguish as a joke, is not someone I want walking around on the streets - not without having had some serious therapy to help them recover from the Hell they’ve been living through. However, the military has not received proper funding for such psychological care to date. In short, we’re going to have a lot of traumatized soldiers returning home, without the mental tools needed to help them make the transition back to day to day civilian life.

If real, this video shows a young man who is willing to kill baby animals for a joke. It shows a mindset that is dangerous to everything around him. People are rightfully outraged when babies and animals are hurt, more than with adult humans - because they are essentially helpless. A mindset that allows someone to torture or kill helpless beings, is not a mindset any civilized society wants. Furthermore, it indicates a generally dangerous trend of thinking, that has more often than not been precursor to vile actions against other people, even people that the sociopath claims to love.

This soldier needs real help, not empty promises or a small military pension and a slap on the back. I fear he won’t get that help and consequently someone in his life back here at home, is going to follow that puppy’s fate. Our casualties in this war, like all wars before it, will not end when the war ends. The final toll may take decades after to determine.

Many Americans seem to have a star-struck attitude concerning the Democratic Party’s golden boy, Barak Obama. I’ve seen video of emotional crowds, whipped into a frenzy and acting generally like 13 year old girls at an American Idle set.

Obama has never impressed me, however. First and foremost, is his voting record. Secondly, he just seems smarmy to me - a far too well oiled political machine to trust. Last, but not least, I can’t support the Democratic Party’s ideals of socialism, hidden under the “democracy” label and therefor can’t trust anyone in the party in general.

Along these lines it was interesting to find this commentary. Matt Gonzalez does a beautiful job of summing up Obama’s positions using his voting record as a standard. That Gonzalez is a self admitted “progressive”, makes it more interesting.

His conclusion says it all:

Once I started looking at the votes Obama actually cast, I began to hear his rhetoric differently. The principal conclusion I draw about “change” and Barack Obama is that Obama needs to change his voting habits and stop pandering to win votes. If he does this he might someday make a decent candidate who could earn my support. For now Obama has fallen into a dangerous pattern of capitulation that he cannot reconcile with his growing popularity as an agent of change.