Rubenerd

Last Thursday I wrote about Brian Krebs’s report on fake law enforcement requests for user data, and Bruce Schneier connecting the dots over back doors. It made for some grim, if not altogether surprising reading.

Many of you emailed with what seems like an obvious connection in retrospect: these were classic phishing attacks, or at least social engineering. The only difference is the target were people who were trained and should have known better, instead of your parents logging in and thinking an email attachment has some juicy information.

It reminds me of that PayPal email I got last year that has to rank among the least professional I’ve ever received from a company I do (did?) business with. It’s hard to feel like we’re making ground or winning against fraudsters when even the professionals can’t do things properly.

This is a big release from the OpenBSD project. Alongside a new quantum-resistant key exchange method and several important portability improvements and bug fies, probably the biggest change is the way scp(1) is handled. From the release notes:

This release switches scp(1) from using the legacy scp/rcp protocol to using the SFTP protocol by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. “scp host:* .”) through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote paths relative to other user’s home directories, for example - “scp host:~user/file /tmp”. The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension “expand-path@openssh.com” to support this.

In case of incompatibility, the scp(1) client may be instructed to use the legacy scp/rcp using the -O flag.

If you use SSH, and that includes practically every Linux user and modern Windows Server admin now, please consider donating to the OpenBSD Foundation.

I talk about some of the machines I grew up with, but I don’t think I’ve ever compiled an actual list of them. It was a bit of a bittersweet exercise, given most of these no longer exist. My parents probably saved me from hoarding a ton of this stuff, though I miss it.

I’m sure you’ve got your own list; contact me if you compile one :).

The 1990s

1. A whitebox 486-SX. I think it ran MS-DOS 5.x, then Windows 3.0, then MS-DOS 6.0 with 3.1. Was recycled when the hard drive died (much to my chagrin), but I did harvest the 5.25-inch floppy drive and ISA Sound Blaster 32 card.

2. A whitebox Pentium 133 when we moved to Singapore. Was the first computer I used the Internet on, thanks to its external K56Flex modem. Was recycled when a power surge took it out. Years later I found someone on eBay selling the same bezel for the otherwise unremarkable chassis this machine was built in. No idea what I’ll use it for, but naturally I bought it.

3. A DIY Pentium 200 MHz tower. This was the first computer I ever built myself from parts as a kid, and she still runs to this day! She now even includes the aforementioned parts from that first machine.

4. An HP Brio BAx. 450 MHz Pentium III. This was our first “branded” computer we got at a tradeshow in Singapore. First ATX machine with PS/2 ports and USB… and the first I bricked with a BIOS update. Long taken to recycling.

5. A Blueberry iMac DV. The recording studio my sister and I worked had them, and I’d been fascinated by Mac OS from the computers at school. Such an icon of the 1990s. I still have her, but she doesn’t boot.

The 2000s

1. NTSC Commodore 16, 64, and Plus/4, parents bought from eBay for my 18th birthday. The 64 was sent to the Geekorium after he generously donated his PAL Commodore 128 to me a few years ago.

2. An AMD Athlon XP tower I built from parts to play PC games on, mostly Age of Empires, Worms II, and Need For Speed. Didn’t know much about graphics, so don’t even remember what GPU I bought for her. My first experience with a burntout CPU when I realised I didn’t attach the heatsink properly. Was recycled.

3. A Sony Vaio PCG-C1VM [sic] subnotebook. While attempting to upgrade her hard drive, I slipped with a knife (long story) and sliced a part of my hand open. I still have the scar! Needless to say, I recycled her and shouted good riddance, you piece of schmidt!

4. An iBook G3, dual-USB port version. Probably my favourite laptop ever. Mac OS X barely ran on the iMac DV, but was beautiful on this machine. I did all my high school library studies on it. Also the first computer I booted NetBSD and FreeBSD on.

5. PowerMac G5, parents bought for my graduation and when I started uni. Produced the first episodes of my silly, long-running podcast on her. Was such a fun machine to tinker with. Ended up selling her on eBay to fund my first MacBook Pro.

6. ThinkPad X40 and X61, picked up from eBay for peanuts. I ran Fedora on them, because Wi-Fi was a bit flaky on FreeBSD. These were my coffee shop and library study computers. Absolute tanks. Ended up donating them, but I miss them.

7. MacBook Pro 1,1, the first Intel Mac released. People forget that this generation used the 32-bit Core Duo CPU. Was a beta tester for the first Parallels Desktop virtualisation software on her, and was also set to triple-boot Solaris and FreeBSD.

8. Toshiba Libretto 70CT, a tiny laptop I’d always wanted as a kid, picked up on eBay for peanuts.

I can’t remember where I read that question, but it’s stuck with me like so much electronic velcro.

No, I didn’t bully the weird kids. Probably because I was one of them. I’ll bet you answered the same if you read blogs like this!

Kids can be cruel. But even with all my family issues and anxiety, at no point did I consider it fun or socially expedient to bully, harass, intimidate, spread rumours, or otherwise make someone else feel miserable. Maybe because I knew how it felt being on the receiving end. Or I just wasn’t a cruel kid, who knows? I was too busy being awkward!

Every now and then, a well-adjusted person I knew from my school days will cross my radar, and I’ll remember how horrible they used to be. One of them emailed me a few years ago apologising for her abuse, which I appreciate wouldn’t have been easy to do.

Being an adult makes a ton of things easier. It’s amazing that anyone gets through school with all those pressures, hormones, and energy, let alone the demons everyone has in some form or another! The galaxy brain realisation is that everyone was the weird kid.

I have derived so much strength and comfort from this Mastodon account. You can follow them from your instance, or even with RSS in your blog reader.

Here are some of my recent favourites:

Turn off a few notifications. #

What makes you laugh? Go do it, watch it, read it, if you can. #

Consider unfollowing that person that always leaves you feeling worse about things. #

It’s not just you. You’re not alone. #

Clara and I decided the time was right for a new fridge. We’d been using the same glorified bar fridge from our first studio apartment we lived in together, which didn’t have a freezer so much as a drawer that got a bit colder. There was a lot of nostalgia tied up in that tiny little box, but it hadn’t been serving us well for a while.

We did some quick research—whoops!—and decided a Westinghouse WTB3400WH fit our requirements and budget. Did I mention whoops? We had it delivered, and the Appliances Online team carted away the old fridge for free.

The fun started within minutes of turning it on. This fridge was loud… easily the noisiest I’ve ever used. The compressor rattled each time it kicked in, and its shrill, high-pitched whine managed to travel to all corners of our tiny apartment. As I complained on social media at the time, the tone hit just the right frequency to make any headache much, much worse. We could even hear it when we tried to sleep.

Conventional wisdom is to leave fridges for a few days while they settle after shipment, but after four days it was only getting louder. The food inside was still cold, so I didn’t think the compressor was broken, it was just… if I can use the technical terminology… rubbish.

After a few days of this, we started unplugging it when we were at home, defeating its entire purpose! I began documenting when the compressor would kick in by filming it on my phone, and using a decibel meter on the phone to roughly compare ambient noise to what the fridge was putting out. I expected to be told that it’s functional if it still cools things, so I wanted as much evidence as I could to make a case.

I called up Appliances Online the following Monday and described the problems, and they were happy to ship us a new one without any questions. I agree with Gamers Nexus, how a company handles returns and RMAs makes a big impression on who I’ll buy from in the future. They were excellent!

We paid the extra price and got an LG delivered. The difference in built quality was stark; the shelves didn’t rattle in place, the door seals were noticeably stronger, and it was rigid when moving it around. It was also rated as being more energy efficient, which will pay off long term.

The biggest life improvement though was how whisper quiet it is. I was worried it wasn’t working until I opened the door and was hit in the face with cool air. Not once have I heard its compressor kick in, even when standing right next to us in our tiny kitchen.

I’ve since done more research into this, and online reviews for Westinghouse units regularly mention how noisy their modern fridges are. That might not be a problem if you have a large house or a separate kitchen, but spare yourself and your ears if you live in a small space.

My coffee-fuelled retrocomputing adventures have reached the point where I’ve realised these machines are not only older than people at school now, or at university, but even people I meet professionally. I then realise the 1990s weren’t “a decade ago”, and suddenly it makes sense why finding parts for these things is becoming more difficult.

I’m in my mid-thirties, so I wasn’t alive when the Commodore computers I tinker with were first brought into the world; and certainly not this stack of core memory, or this PDP-11 clone! But my Pentium 1 tower has been with me since I learned Visual Basic, partitions, and networking as a kid. I can account for every scratch on her otherwise unremarkable beige bezel, every dent in her metal frame, and why there’s a small drilled out hole in the back from a failed drive experiment many moons ago!

Om Malik had a similar experience recently by looking at his hands:

Sometimes, when sitting quietly, enjoying a cooling cup of perfectly crafted pour-over coffee, I find myself staring at the back of my hand. In front of my eyes lies a landscape akin to the red sand of the American Southwest that lay baking under the scorching sun after a week of rain. You can see the time crisscrossing the skin, which has been losing a battle with the vanishing collagen. What was unseen slowly becomes more visible, crack by crack—a slow creep of the wrinkles. You can run, but you can’t hide from time.

Weirdly, this doesn’t make me feel melancholic like so many other reminders of mortality. I’ve been in a less than stellar mental place lately, but somehow these computers have been a reassuring presence… even if their eccentric behaviour drives me up the wall at times. What do you mean I’ve used up all my upper-memory blocks!?

It’s less that I feel bad about getting older, and more feeling thankful that I’ve been given the opportunity to. Having the income to keep living a day or so a week in “the good ol’ days” with some great coffee sure doesn’t hurt either.

Brian Krebs reported a growing trend of fake law enforcement requests to hand over user data, which companies are falling for:

[…] some hackers have figured out there is no quick and easy way for a company that receives one of these [Emergency Data Requests] to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.

Bruce Schnier connects the logical dots with a related issue we’ve been warning about ever since former prime minister Malcolm Turnbull said the “laws of maths don’t trump the laws of Australia”:

The “credentials” are even more insecure than we could have imagined: access to an email address. And the data, of course, isn’t very secure. But imagine how this kind of thing could be abused with a law enforcement encryption backdoor.

You know the online refrain facts over feelings? Aside from unintentionally belying a lack of emotional intelligence, it posits that a perfectly logical world without human affordances is possible, expected, or desirable. The first two are false; we’re not robots. The latter belongs in the purview of psychopaths and handsome fictional detectives.

These considerations are only becoming more important as we delegate more decisions to machines. I’m relieved to see more discussion surrounding how such systems were programmed, what datasets they were trained on, and the overt and subconscious views of their developers, regardless of intentions or motives.

As the industry is starting to realise (albeit at a glacial pace!), algorithms don’t remove biases, they entrench them. Anyone who’s left not recognising that either hasn’t dealt with someone on the receiving end of such automated decisions, or needs to broaden their professional horizons. The same goes for those pushing so-called smart contracts, which are neither.

You can probably tell I’ve been thinking about this a lot lately! A perfect example came up in a newspaper last weekend; an article about a horrific road accident included an inline advertisement for a car company. I’m sure you could think of plenty of other examples where boilerplate and automated systems conflict with visceral human emotions like this.

For those in the back, or who have emailed me obtuse comments in the past: you don’t want to be told about cars if your loved one has just died in one.

An online advertising insider (“adtech”) once told me that such systems include “brand safety” mechanisms… the name of which speaks volumes about the industry’s priorities, but that’s for another post! But it at least acknowledges these facts:

• Ads are based on keywords.
• A negative article will still mention cars.
• Ads are bid on, and can be considered pseudorandom.
• People shouldn’t let advertisements affect their emotions.

Which conflict with these feelings:

• Negative associations between car fatalities and cars.
• Ill will against the publisher, writer, and advertiser.
• A backfire effect, where shoppers won’t want to buy from them.

Time was newspapers would have editors who’d see unfortunate associations, and exercise their discretion to ensure they didn’t go to print. This hasn’t been true online for a long time now.

I’m not sure how we scale empathy and human oversight into automated systems… part of me fears the horse has long since bolted. But we should spend much more time thinking about how these affect people in the real world. Sometimes it’s worth reminding ourselves that the computers aren’t a means to an end; they’re supposed to be serving us!

Like an economy, now that I think about it.

Not a day goes by now without an embassy closing, or visas being denied, or goods and services being blocked. We’re partitioning and closing ourselves off from each other again. It’s not another Iron Curtain yet, but it’s sure starting to look like one.

It was necessary when Covid first hit, but this time it’s entirely the preventable fault of a small man in Russia. His countrypeople are being removed from the modern world because his government is doing unspeakable things. He wasn’t the first to, nor is he the only one, and he won’t be the last.

I don’t like when the world closes. We’re one big family on this planet, and politics is a ridiculous reason to separate families and lives. I have Russian friends, and friends in Eastern Europe. It sucks knowing their lives are being turned upside down through no fault of their own, to say nothing of those who’s lives and livelihoods are at risk.

If there’s a silver lining to any of this, it’s that people are rediscovering and embracing who their friends really are. A healthy, happy world will depend on these bonds when we start to open back up again after this latest fuckery.