There's a couple of random thoughts rumbling around my head... Rather than writing a blog entry on each, I decided to just mention them here.
Oiling The Machinery
Everyone is complaining about the oil gusher in the Gulf of Mexico. And everyone seems to have their own solutions. Use hair, use hay, construct a man-made barrier island, send down sludge, and more. British Petroleum has a couple of solutions lined up -- if one fails, then they will try the next. One of their solutions won't be ready until August! Some people think the government should take over the capping processes, but our government can't even pave roads without months of debate.
A few people are blaming Obama for this problem. (These are probably the same people who are upset that the Republicans lost the election and still watch
Glenn Beck.) Frankly, we can't blame Obama for this one. Blame Bush? Sure -- he caused it by
easing governmental regulatory oversight between 2006 and 2008. Obama only inherited this mess. And given other messes like Health Reform, Financial Reform, Immigration Reform, and Lobbying Reform... Regulatory Oversight Reform is just another item in the to-do list.
Anyway, I think I know the solution to quickly stopping the oil gusher. Congress should pass a resolution preventing BP from collecting any revenue until the gusher is capped and the cleanup is completed. Until both of those happen, any revenue received by BP should either go toward capping and cleanup, or be forfeited to the government and impacted states. If we cut off their revenue, then they will have an incentive for achieving a faster solution.
Google and SSL
Google recently released a beta of an SSL solution for their search engine. (
https://www.google.com) They claim that this will
improve privacy:
This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.
There's a few problems here. First, SSL is a placebo. From a security perspective, it does not add very much security or privacy. To gain security and privacy, you really need SSL with client-side certificates -- but Google isn't offering that.
Second, I find it ironic that Google is offering a security and privacy solution. I mean, they store every search, associate searches with user accounts, and cache personal information. So for them to be concerned about search privacy is just... funny.
Summer's Here
Summer vacation has clearly started. The number of malware and attackers scanning my web site for vulnerabilities has increased 10x compared to last month. Looks like the k1dd13z are out of school.
The uptick includes a significant increase in scans for WordPress vulnerabilities. Sample initial scans look like this:
2010-05-03 11:10:10 | 72.46.136.130 | GET /wp-login.php
2010-05-09 17:43:28 | 188.40.73.239 | POST /wp-admin
2010-05-24 17:52:37 | 213.231.27.46 | GET /blog/wp-includes/js/tinymce/wp-mce-help.php
2010-05-24 17:52:40 | 213.231.27.46 | GET /blog/wp-admin/upgrade.php
2010-05-24 23:24:35 | 69.245.165.224 | GET /blog/wp-login.php
Of these scans, it is the
tinymce one that bothers me the most. This is a WYSIWYG editor and it has a
history of
remote access vulnerabilities. If you don't need it, consider removing it or locking down your
htaccess file and web pages.
Arizona State Lottery
Arizona recently passed
Senate Bill 1070. The law basically says that people suspected of being illegal aliens will be asked to provide proof that they are permitted to be in the USA. Failure to provide proof can lead to incarceration and/or deportation.
I'm not going take a side on whether this law is racial profiling or justified. (Let's leave that debate to the pundits and citizens of Arizona.) Rather, I'm looking at this from the hacker point of view. The first US Citizen that is arrested and/or deported under this law will have a heck of a lawsuit. Most likely, the victim will receive an out-of-court settlement as an apology because the case won't have legs to stand on if a provable citizen goes to court. Anyway, this law should be called the
Arizona State Lottery because you too can become a millionaire overnight!
Of course Google has logs of my searches. That doesn't mean I want the hax0r with whom I'm sharing the Starbucks hotspot to see them.
I know it doesn't do a ton, but as long as you realize it just prevents MITM attacks (which in my experience, are generally not a huge vector) it works fine. Doesn't it?
Also, had to RFOL on the Arizona Senate Bill 1070.
I've seen an odd reaction to this disaster on various US sites: because it's British Petroleum, Stateside condemnation seems a little stronger and more punitive than perhaps if it was Texaco, for example.
Because BP are losing oil, face and profit with every hour the leak continues, I see no reason to believe that they're not currently doing everything they can, as fast as they can, to fix the problem. Their future oil, face and profit rely on how well they do this and how good they look coming out of it. "Cutting off all their revenue until it's all over" smacks of knee-jerk over-punishment that is more likely to lead to rapid bankruptcy - which will then remove any financial incentive for anyone to clean the mess up, or at least mean federal or international money is required to fund the effort.
For a blog that I usually read as the excellent utterings of an informed expert, the third paragraph of this entry seems uncommonly tabloid in style.
I can honestly say I've never tried to plug a leak a mile underwater and hundreds of miles from land, so I have no idea how difficult it is or how long it takes. They're not doing it as fast as I would like and, like everyone else, I think they should pay to clean it up.
But all I can do is critically evaluate the various press statements, opinions and news coverage of the matter.
Incidentally, yesterday's Newsweek has a useful article on who's representing whose interest in this matter:
http://www.newsweek.com/2010/05/26/oil-spill-spin-who-can-you-trust.html