The BFC Computing Weblog: Category Politics

Cyber Alert System Failure

Bill McGonigle — Thu, 18 Dec 2008 18:28:00 -0500

I got a National Cyber Alert System alert today about the Microsoft Internet Explorer security vulnerability, now that Microsoft has a patch out. The trouble is, everybody has known about this since last week, and anybody finding out about it today is already hopelessly in trouble.

There's nothing wrong with a notification, "hey, you should ensure this patch is applied," but that's not the purported purpose of the Cyber Alert System.

Thank goodness for the ISC which is group of volunteers doing a much better job than the large government bureaucracy charged with the task.

Presidential Debate to mp3 HOWTO

Bill McGonigle — Thu, 16 Oct 2008 20:33:00 -0400

To get the presidential debates as mp3’s:

go to the [CSPAN YouTube channel](www.youtube.com/cspan)
Play the debate (before you go home, e.g.)
Pull the debate .flv file from your cache (e.g. FlashTmp0)
run it through ffmpeg to extract the mp3

To get the file from your cache, figure out where the flash cache is and run an rsync job like so (OSX paths here):

#!/bin/tcsh
while (1)
#make this flashcopy directory first
rsync -av --partial /private/var/tmp/folders.$UID/TemporaryItems/FlashTmp* flashcopy 
sleep 1
end

To convert with ffmpeg:

ffmpeg -i debate.flv -acodec copy debate.mp3

The file’s sound track is already mp3 so ffmpeg simply extracts and containerizes it for you.

And no doubt you can do something easy like download it from iTunes or PBS instead.

NH Broadband Action Plan

Bill McGonigle — Tue, 02 Sep 2008 08:57:00 -0400

DRED has published its ’Broadband Action Plan’ with recommendations on how to improve the penetration of high speed Internet service in NH. I attended a session in Plymouth last year to provide input on the plan.

Overall it’s a good report. I’m especially impressed with its recommendations to get State out of the way for access to land and towers, permitting, etc. Also, predictable, uniform, and competitive access to utility poles is a very important issue. They recommend the creation of a government office to oversee this work, but don’t set a recommendation for when that would would be finished. It may be necessary but this issue ought not be used to grow government in a permanent manner. This kind of communications infrastructure has the potential to really streamline government, so it’s probably a net-win to have the office. They’re asking for $100,000 for each of the next two years to fund the office, so it’s necessarily limited as currently proposed. A citizen of NH might expect to pay a dollar over the next few years to fund it.

I’ve noticed that Burlington Telecomm has been having revenue shortfalls and the ECFiberNet project, which I had high hopes for, has apparently abandoned the core attribute that made it exciting - that it would be self-funded, and has gone asking for bond money instead. That was always the uncreative option, but the private model made ECFiberNet free of coercion. That is to say, government-run models don’t appear to be very healthy, but where the government can act to get out of industry’s way or improve its monopoly grants we should welcome its action.

BFC Computing Launches McCain-Palin 2008 News Website

Bill McGonigle — Mon, 01 Sep 2008 00:19:00 -0400

LEBANON, NH, September 1, 2008 – BFC Computing, a computer consulting firm based in Lebanon, NH, has launched McCainPalin2008.us, a website dedicated to news about the McCain-Palin Presidential Campaign. The site is updated with the latest headlines and videos gathered from thousands of news sources around the globe. McCainPalin2008.us provides a single location for news readers to find updates on the presidential campaign. Rather than having to sift through other news sites to find information that may or may not be relevant, McCainPalin2008.us gathers all of that information into one place.

Bill McGonigle, owner of BFC Computing, says, “McCainPalin2008.us is based on a technology we’ve been developing called NewsMaker, a tool for rapid deployment of specialized news websites. We recognized the likelihood of this ticket in July and began work on the site then. We realize many folks are political news junkies who want to focus on specific topics, and for them we hope this site is helpful and enjoyable. Expect improvements through Inauguration Day.”

For up-to-the-minute coverage of the McCain-Palin campaign, visit http://McCainPalin2008.us . BFC Computing works with clients to develop computing solutions that exceed their expectations. Open Source allows BFC Computing to deliver solutions that are ideally customized to clients needs, protects against obsolescence, and delivers top-notch security. For more information on BFC Computing and its services, visit http://bfccomputing.com or call (603) 448-4440.

Anti-Virus on Voting Machines

Bill McGonigle — Mon, 25 Aug 2008 21:10:00 -0400

There’s been much made of the revelation that Diebold voting machines run an install of McAfee Anti-Virus, and that it’s caused trouble with the voting software.

The arguments against it typically boil down to:

Your voting machines shouldn’t be use for anything else
Your voting machines should be secured against anybody installing software on it
You can’t verify the operation of MAV so it could possibly tamper with votes
You should be running an operating system which is not so easily infected

Those arguments all have merit, but skip the fundamentals - the software image on a voting machine should not be running on read/write media, that is hard drives. If that basic criteria isn’t met, AV software might actually be a good idea, but missing the fundamentals is no excuse for dirty hacks.

I build my first appliance computer that could run from a CD in a CD-ROM drive in 2002. It’s neither new nor a difficult concept. When you need things to be secure, in that case under HIPAA regs, in this case for votes, you mount your media device (hard drive, flash memory, etc) with the ‘noexec’ flag, and then no software installed on the read/write media can be run from that media. Since you can’t write to the CD, software can’t be run from there either. You provide a stripped down OS image to make doing any more than the minimum very difficult, certainly requiring physical access to the machine.

This isn’t to say your machine shouldn’t be kept secure - of course it should, and the BIOS needs to be correctly configured (many of you know the security problems with certain BIOS configurations) - but read-only media and a good Q/A process obviates the need for anti-virus software. Certainly some software selection choices can make this difficult, but any good architecture starts with the requirements and works towards software selection, not the other way around. Assuming good security is a requirement.

FCC Rules on Conflict of Interest at Comcast

Bill McGonigle — Fri, 22 Aug 2008 01:53:00 -0400

Following up on my March 2007 article Conflict of Interest at Comcast, in excerpt:

Odds are those high-traffic users are downloading video. … This is directly in competition with Comcast’s other, main, business, providing video services. The amount of traffic they’re killing at (~250GB/mo) is probably just about what you need to replace a Comcast video service.

the FCC yesterday ruled:

Comcast had an “anticompetitive motive” because it delayed and blocked peer-to-peer files through applications such as BitTorrent. Such files often are high-quality video that might otherwise be watched and paid for on cable television.

and ordered Comcast to behave. As I noted earlier, this mirrors a previous decision about DSL companies monkeying with VOIP traffic.

The Great Geek Takeover

Bill McGonigle — Thu, 19 Jun 2008 17:33:00 -0400

The geeks are taking over society, re-making it in their own image.

“How’s this then?” you may ask.

Consider that reality is what you perceive. What you perceive is based on what you know.

So then, what is it that we know? It’s either what we’ve derived ourselves or what we’ve been told or read. Most of us learn far more from others than we figure out on our own.

These days, if an average person wants to know something, where do they turn? Some people go to the library, but most go to Google, or someplace more specific, like Wikipedia.

Now, to add to Wikipedia, you need to learn MediaWiki markup. Most people don’t want to learn this. Geeks have no problem diving in, so they do it. They build an encyclopedia based on their perceptions and biases. Consumers of Wikipedia believe it to be true. Not that Wikipedia is usually incorrect, but perceptions are formed based on what is included or not included.

How about Google? Google tells you what’s out there, and it’s ranked primarily by how many links are pointing to a particular article. Who makes links? The geeks do. Google is a ranking of what geeks think is important, to a large degree.

And, again, users of Google generally accept its rankings to be ‘good enough’ for their needs. They don’t usually ask, “but what else is true that Google hasn’t told me?”

From the blogosphere to major media, to presidential campaigns, much of what “true” is based on what is found online. And what is found online is what the geeks feel like putting there.

If the industrialists shaped the last century, the geeks are going to shape this one. Sit back, enjoy, and go have a look at what’s popular on YouTube today.

See, it really is the Russians

Bill McGonigle — Wed, 30 Jan 2008 14:49:00 -0500

Here’s a Washington Post piece about the Storm worm, and it being traced to St. Petersburg, and the international relations around that.

This is largely posted to have for future reference for when I get the ‘conspiracy nut’ look when I explain that Windows security problems are largely Russian-mafia related.

Vermont Confuses Me (specifically re: Fairpoint)

Bill McGonigle — Mon, 31 Dec 2007 14:11:00 -0500

The first half of that title could apply to so many things, but regarding the Fairpoint proposal, Vermont’s PSB found this:

In rejecting the application, Vermont’s Public Service Board said in a statement that FairPoint failed to demonstrate that the company would be financially sound after completing the transaction… “Significantly, the Board noted that its review did not consider a recent settlement in Maine that had the effect of lowering the purchase price of the merger,” the Vermont Public Service Board said in its statement.

And the article adds this:

The companies settled objections from Maine regulators on December 13 and revised its transaction proposal that lowered the price by about $200 million. The new reworked proposal, has not yet been submitted to Vermont regulators.

So, the Vermont PSB knows about the altered terms of the deal but decided to issue a ruling based on what it knows is inaccurate data? Why would they do such a thing?

Possibilities:

They were under a deadline
They can only cast a reject/accept under such a deadline
There wasn’t a deadline but they wanted to make the news and/or color perceptions
They’re clueless.

So, the menu as presented is: incompetence, malice, or bureaucracy. What other possibilities are there (I’m asking, not being rhetorical)? What does Hanlon have to say about government?

[Thanks to Steve for the link]

Is Net Neutrality a Waiting Regulatory Disaster?

Bill McGonigle — Sun, 28 Oct 2007 21:47:00 -0400

Ed Felten voices his concerns that asking for net neutrality is a regulatory disaster in the making. I left this response to his post:

There’s some level of reasonableness that can be achieved in any regulatory system, and, of course, room for abuse. That’s not unique to net neutrality, yet some regulation seems to help some markets. When I first wrote about Comcast’s conflict of interest in throttling heavy bandwidth users as video competition, I linked to an FCC ruling about DSL providers being forbidden to interfere with VOIP traffic. To me, there are some no-brainers that regulators can do like that without hosing the Internet forever. As far as folks here complaining about the bandwidth hogs - imagine if electricity usage were flat-rate. That’s what we have with bandwidth packages now. In the case of the natural monopoly, such as an ISP with xTTH, history has shown that metered usage with public oversight of rates is the model that is least-bad given the forces involved. All these issues of TCP resets, port filtering, SPAM zombies, bloated websites, torrent seeding, illegal p2p usage, etc. would work themselves out with a reasonable per-GB fee (20 cents, perhaps) and a minimal connection fee ($10 per mo, maybe). I suspect that those on the $15/mo package now would still pay a similar rate, and those on the $80/mo package would also still pay a similar rate. But there’d be none of this hassle of offering and ‘managing’ free, because ‘free’ doesn’t exist.

What I forgot to add is that this model also would drive the providers to increase speeds to the user, which the US is sorely lagging in. Obviously prices would have to decrease over time, compared with the overall economic environment.

One counterpoint would be all-you-can-talk phone plans. While these are technically ‘unlimited’, nobody actually talks all the time (even teenage girls need to go to school), as that takes labor, whereas a bittorrent client can run 24/7 with no real effort.