Satan’s Garden

So that I’m not accused of being unfairly biased against Microsoft (I am biased against Microsoft, but I don’t believe I’m being unfair about it. ) I have to comment on the latest fiasco from the Debian Linux team.

This one hit me head on and caused me a few hours of unwanted work, as well as a general feeling of unease, as the two workstations and three servers I own personally are using Ubuntu’s OpenSSL and OpenSSH packages (Ubuntu is a derivative of Debian.)

The problem is a simple one.  The package maintainer of OpenSSL of the Debian project decided that because Valgrind and IBM’s Rational Purify were having issues with error messages when linked against OpenSSL, that he’d ‘fix’ OpenSSL and OpenSSH (and everything else using libssl) by removing the code needed to generate truly random numbers for key generation.  This limited keys to being seeded by a short INT: 1 to 32,768.  Well, you don’t have to be a security expert to know that if you are limited to 32,768 “random” numbers, it won’t take long to brute force attack such keys.

Hence, the problem.  All versions of OpenSSL and OpenSSH used by Debian since Sept. 17th, 2006 up to the recent Debian updates, use this retarded random number scheme and generated easily broken security keys, for otherwise secure standards.

What this meant for me was a general feeling of insecurity and now a distrust of the Debian distribution, not to mention a few of hours of my life I would have rather spent doing anything but replacing keys.  This isn’t just an innocent mistake, this is moronic maneuver beyond belief.  Gergely Risko, sums it up nicely.

The whole mess was caused by one person, Kurt Roeckx.  He took a shortcut rather than a valid fix for a simple problem. To make it worse, he somewhat tried to cover up his mistake by releasing the real fix (putting the code back in) in the “unstable” release code, and not saying a word about it for a full week.

I’d almost be willing to forgive him for the initial mistake, if it weren’t for the fact that even a non-expert in security code (aka, me) could tell at a glance that this was a very bad thing to do.  That he tried to silently re-introduce the code back in without letting people know of the dangers, is even less forgivable.

If the Debian team has any integrity, they’ll move Kurt over to something that he can better handle, something which is not essential to security.  No sense in throwing out the maintainer with the bath water, as it were.

In the meantime, I don’t think I’m going to have a lot of trust in ‘fakechroot’ doing the right thing, either.  (Kurt maintains that package as well.)

Bill likes to think that he’s the solid, immovable journalist, keeping a sharp and focused eye on the world. Whatever… I guess you shouldn’t mess with his teleprompter, though.

May 1, 2008 (Computerworld) Microsoft Corp. confirmed on Wednesday that it delayed the rollout of Windows XP Service Pack 3 (SP3) because changes to the operating system can corrupt data in the company’s retail point-of-sale and store management software.

I hate to laugh, but I have to.  If it was some bizarre interaction with a third party software package, I might be able to forgive it as an oversight.  But to create two different service packs, for two different OS’s that both corrupt data in one of Microsoft’s own, rather expensive, software packages?  How pathetic can you get?

Certainly it is within the best interest of every systems administrator out there, to test all service packs and updates with the software they run, to ensure that their mission critical applications don’t explode on them.  It falls on their shoulders, ultimately.  However, you would hope that Microsoft, as large as they are, would test their own software against their own OS roll outs.

I know that Microsoft is the 800 pound gorilla in the software cage, which makes them a natural target, but with their recent mistakes in judgment and poor software offerings (Vista simply sucks, the Windows Genuine Advantage is anything but and has screwed up several times now telling valid customers that they’re software thieves, Windows Home Server still corrupts any data you save directly to it across the network, and the last two service packs weren’t released to paying Microsoft Developer Network customers, etc.) I have to wonder if they’re not starting to collapse under their own weight.

Once more, clear and concise proof comes down the line, showing that our computer climate models are as bogus as the incomplete data they are fed.

The IPCC has been making shrill predictions for the changes to come, calling for drastic action on our part in order to help combat a century and a half of major CO² emissions, all based on computer models showing that the world average temperature was on a one-way path of rising.

Only, the last decade there hasn’t been a rise, in spite of an increase in CO² emissions.  This last winter was such a cooling event, that it pretty much negated the last 100 years of warming.  It’s hard to even come to a conclusion as to when the highest temperature was in the 20th century.

Now a new study is coming out saying that global warming is going to pause for another seven years, then get around to rising again.

This would mean that the 0.3°C global average temperature rise which has been predicted for the next decade by the UN’s Intergovernmental Panel on Climate Change may not happen, according to the paper published in the scientific journal Nature.

However, the effect of rising fossil fuel emissions will mean that warming will accelerate again after 2015 when natural trends in the oceans veer back towards warming, according to the computer model.

Let’s boil down what is being said here.  The previous model was wrong.  Real data is showing that the previous predictions for the last decade were wrong.  Now a new model says there will be a pause, then temperature will start climbing again.

So why are we supposed to believe that the new model is any more acurate than the others?

It’s also odd that “natural climate variations” can cause cooling, but can never be responsible for warming trends.

This all plays like every other doomsday prediction, from Nostradamus to the Bible - complete fiction.

Data from the Aqua satellite project show that the tropospheric “heat island” that is required for the feedback mechanism of anthropogenic global warming to occur, simply doesn’t exist.  Without this mechanism, CO² can only push warming so far, then it fails to have further affect.

Hopefully, real science, like the Aqua Project - which are examining actual data and not just playing with computer driven assumptions - will give us a better understand of what is going on and calm the retarded Green political seas of global warming.

Albert Hoffman, inventor of LSD, died of a heart attack on April 30th, in his home in Basel, Switzerland.  He was 102 years old.

Dr. Hoffman was working with various extractions or Ergot fungus alkaloids, in attempts to find a medicine which would aid in childbirth by dilating the cervix. Though the rats he experimented on with LSD-25 did show some dilation of the cervix, they also seemed to behave listlessly, so he shelved that particular formula and tried other extractions. Roughly six years later he decided to work with it again and accidentally dosed himself. The rest is history.

Although there have been many accounts of the event, the most accurate has to be Hoffman’s. In his publication, My Problem Child, he details not only the event of his accidental usage, but the history leading up to the event and subsequent events which followed after.