UEFI "Secure boot" feature

Read these and you're up to speed
http://mjg59.dreamwidth.org/5552.html
http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx


The PR department at Microsoft is lulling people to their happy places again?

There obviously isn't any real benefit for the end user in "secure boot" so why beat around the bush. This is a feature, the purpose of which is to allow commercial entities to have greater power over what can and what cannot run on computer hardware. It's an "update" like so many we've seen that doesn't really fix any problem but only makes it more difficult for the end users to have freedom over their devices.

People can't really be so gullible that they can't see past the fact that this writing does nothing to clarify anything but only drops words and phrases like secure, enforcing, strong protection, ensure, growing threat. To me this writing gives a strong impression of trying to seed fear and then sooth with a miraculous salvation. When the threats are great we forgive the trespassess right? At least in the US as recent history has shown.

Keep updated, follow @mjg59 on Twitter.

Censorship

I'm fucking pissed off by censorship. There's no point other than to annoy people, there can't be. When I first heard censoring of swearwords as a kid I thought it was kind of funny. If someone somewhere really thinks they can protect for example children from hearing swearwords by censoring TV, they gotta be kidding. Do you know what kind of parrots kids are. Kids talk to other kids who talk to other kids who talk to someone else and so forth. As long as we have language kids will be hearing swearwords and repeating them to their friends like there's nothing else to do in this world. Especially if you forbid them or try to "protect them" from this. It's rather ridiculous when some people think it's  ok to show blood spilling and heads literally rolling, but swearwords are a big oh no.

Censoring draws unnecessary attention towards the fact that someone just swore. It also makes it very difficult to understand what was being said when it is not obvious what the word was. When it is obvious what the person is saying you're just making people say the word themselves in their minds, you chickenshits... Swearwords convey mood and meaning. It's a fact that people swear.(I'm not quoting a source, go find out for yourself) You can relate to things when swearwords are used in proper context. That means you have to balance the amount of swearing so that whatever story is being told is believable. It just sounds stupid when swearwords are out of context or there's nothing else than them. You start thinking tourettes or lack of things to say.

After a while the censoring itself starts to deliver the same effect that the swearword did. Eventually what is being said will become devoid of meaning. I'ts like telling all the painters in the world to suddenly start painting only happy pictures.

Censorship is control over people in all it's forms. Censorship is evil. Censorship is burning books. Censorship is suppression of speech. Censorship is unnatural.

Censorship is being done only when someone is feeling of loss of control and then instead of reflecting on the real matter they do something fun like turn off your country's communication networks.

ps. This is so fraking lame no matter how big a fan of BSG you are
pps. I swear too much, but it's ok, I'm aware of it.

The day the christians left earth

Sometimes out of the blue happens something so hilarious it's just insane. I thought it was the last episode of Futurama's sixth season (Reincarnation) But then this happened today when I was on Twitter.

I didn't confirm this by going out and checking out by myself, but I'm preeetty sure the religious nuts called christians are sadly all still here.


Have You Been Left Behind? from Rem Lezar on Vimeo.

Lucky Luke - Faster than his own shadow

Ever since I saw this as a kid, I have been fascinated by this image. I think it warrants some explanation.

So this guy is pretty fast with he's gun, that much is obvious. Let's say for the sake of argument that Lucky Luke is instead of being a two dimensional character on paper, a multidimensional being and can appear to move faster than light. The amount of time it takes for the light to travel from Lucky Luke to the viewer is slightly less than the amount of time it takes for the light to travel from the wall to the viewer. This means that if we would imagine someone taking a picture of this the exposure time should be equal to or less than the time difference. In other words this is an image that can never be captured with a modern camera because it wouldn't be able to capture enough photons in the allotted time. It is an illustration of the phenomenon how we can today see a star that went supernova over 21 million years ago.

So lets speculate that it's bullets he's shooting. The bullet should travel the distance instantly in order to be able to pierce the wall before the light travels from the wall to the viewer. How do you pierce something instantly? That must not be a normal gun then either. Maybe that's the reason there's a trajectory drawn in the image? It's a virtual trajectory. The gun passes the bullet through a wormhole but it doesn't travel the whole distance there. That doesn't sound very plausible. Another possibility is that the bullet is propelled by an alcubierre drive. This is still not making much sense. Or maybe he's shooting tachyons? A ray gun of sorts. That would make sense. At least it would if tachyons could affect objects. Maybe there was a hole in the wall to begin with?

As for the smoke, the guy must have exhaled and the smoke conveniently moved in front of the gun to make this image more challenging to figure out. At this point I can admit this guy can do pretty awesome things so it doesn't seem too odd that he has a levitating hat. Even I could do that.

Please leave a comment below if you have any ideas of you own. I'd love to hear any idea no matter how silly.

Next generation of website traffic analysis

Times change and open source software diversifies even more. It wasn't that long ago when Awstats was the only thing I could imagine using in order to monitor the vital signs of websites. At the present day some content management systems have internal traffic monitoring and some have options in their backends where one can connect to monitoring services like Google Analytics.

Awstats' main view

I liked Awstats in that sense that it didn't require any extra code embedded in the documents it was intended to monitor unless you wanted to gather information like screen resolutions used. It also felt quite futuristic to be able to know geographically the source of traffic with plugins like geoip. Version 1.0 of Awstats  was released in 2000. I started using it around 2002 and to this day it has served it's purpose well. There is however one thing I don't like about it. It's the fact that it always gets hits from accesslog with usually a cron-based data retrieval(yes you can refresh it on the page too, but I don't like that). This might have been okay back in the day when there wasn't anything more sophisticated available, but I like my statistics live, thank you very much.

Piwik visitors overview

Awstats has been around for over ten years now and the amount of code produced by the open source community is surely substantial enough to offer us some decent alternatives by now. As it happens there's one neat application called Piwik. Application like Piwik could not have been possible at the time Awstats was released. Browsers were buggier and things like jQuery(released in 2006) were a distant dream. It must be aknowlidged that there are certain limiting factors in any application that is developed and one great factor is the technology available at the time.

Installing Piwik is breeze. It's like installing any other application that uses Mysql and resides on your server. A hated setting up multiuser environments with Awstats (lots of htaccess-hassle). Piwik has a stylish user interface with a login system that supports multiple users. With Awstats you couldn't really navigate your way through site stats. You had to type in the config parameter in the address bar for other than the default host. At one time I had access logs sent to my imap-box and a custom made script to get them processed by awstats and deleted from my mailbox after success. It wasn't very pleasant. Piwik uses a code snipplet to monitor traffic like Google Analytics does and the results are immediately viewable. For importing logs there is a tool called Apache2Piwik that works well.

Piwik has an API that can be used in various web applications like Joomla, Codeigniter, etc. To understate, the list of software and cms you can integrate with is impressive. I don't think Piwik has mail-monitoring capabilities yet, but I hope it will in the future. Awstats already knows how to go through your mail.log.

Piwik also provides stylish statistics widgets that you can embed like you can do with YouTube videos. I strongly recommend it for anyone who wants to monitor their traffic.

Insecure

Sometimes I'm quite puzzled when it comes to security. Not because it's hard to implement but because of the unimaginable things people do regarding various security implementations. I mean things like leaving the default password on a company wireless network or having plaintext medical data travel trough a WEP-encrypted(takes maybe a minute or little more crack) network in a hospital. Things like patient history or banking keys should never be allowed to be transmitted without a strong encryption. There are policies forbidding passwords over 8 characters long in a system that holds patient data.

Every time I have questioned the safety of such systems the response has been somewhat the same: "I'ts secure" as if just saying those magic words makes it so. Apparently people just have this tendency to blindly trust people who have made these systems and forward the message of everything being secure down the chain until it reaches the end-user who is so convinced at that point that he/she could believe the sky was falling before there was anything wrong with the security of their systems.

I believe that when people have been using proprietary systems that they have never seen into or do not understand they don't really have a chance to know whether anything wrong. They just "have to trust". What open source has taught me is that I can see the lines of code of the entire program and see for myself if it is secure or not. And so do everyone else. I once belonged to that group of people who "had no choice" because I had no skills to check these things. With much wisdom comes much sorrow, that is the case if you don't change how you do things. And you don't actually have to be an expert in everything in order to be skeptical. There's nothing wrong in questioning things other people take for granted. It is however a sign of a mental condition to blindly believe anything without having at least some process of source criticism.

I know it might sound scary to your life by automatically not trusting anything before verification, but you learn to live with it.

I think it's not politically incorrect to ask does anyone know any skeptic organization in a country with Islam as its main religion?

Unwanted email, also known as spam

Does this look like I'm interested in getting mail?

I use email a lot and I check my inbox a couple of times a day. I've been trying to keep my incoming mail to a minimum. For example opting out from mailing lists and going trough email notification settings in various services that send mail(facebook, linkedin, netposti, twitter, xda-developers, fedoraforum etc.) I also manage the mail server that my box is on so I have a pretty good control over what mail I and other mail users on the same server do receive. Greylisting, blacklisting, whitelisting, honeypotting and a spam learning imap folder have kept spam to a minimum(I have not received actual spam other than from a misconfigured backup MX that is no longer in use).

Basically only mail I should receive is mail that is directed to me personally and requires some sort of direct action from me. Keeping that in mind I'm pretty pissed off now after getting yet another spam from LinkedIn. If I fail to find whatever hidden setting there is that allows me to opt out of unsolicited mail I think I'm just going to remove my account and see if that works.

I can't really understand what's the point in all that unnecessary mail sending anyway. What it does is repel people who might otherwise enjoy being a user of some service X. Is there truly a person who really reads all those "weekly updates"? And what about Facebook notifications? With default settings I'd probably have 4 times the amount of mail in my box for stuff that I already read while on Facebook. And that's Facebook alone.

I like Google's policy of letting the user opt in to get mail notifications. I actually had mail notifications for events I've marked in my Google Calendar come in one day in advance +SMS reminders 2 hours before. This was before current happy relationship with my HTC Hero(which does the reminding nowdays)

Now playing: Jippu - Kii