Pure Defect

Firstly I apologize in advance for pushing out like three different posts in less than an hour of each other and on such random topics, however when I get the urge to write its best that I just get it out and don't stop until its completely finished, which is exactly what I'm doing.

Nerdcore

I'm a little late on this one because I didn't notice the RELEASE DATE on the bottom of the new Ultraklystron cover art because I simply wasn't paying close enough attention, but according to the man himself the new album OpenSource Lyricist is due out the 27th of this month, meaning there are just six days left till it releases and sadly I don't have the money for it yet, however I'm working on that as we speak actually. From what I've heard of the few tracks hes released to the internet so far the album will be a leap and a bound for Ultraklystron in terms of sound, style, and production. So to shout even more support for one of my favorite nerdcore artists I suggest anybody with some spare cash (like thats happening with the holidays looming) invest in this album, its pretty much assured to be another kick-ass offering from UltraK as well as a potential gift for that nerdy friend who may or may not be aware of the vast world of music out there that speaks to the nerd in all of us!

Software

First I wan't to say that Songbird is total and utter crap. So many seem to have hailed it as the killer app to replace iTunes for those of us shackled up to iPods, but my experience in a single evening pointed to otherwise. Firstly its slow, I mean painfully slow; even switching from one playlist to another was measured in quarter minute increments even with only a 6k song collection. Secondly is the fact that it hangs miserably when trying to update the iPod itself, during this hang it managed to fudge my collection currently on the iPod to the point neither Songbird nor iTunes would do jack shit with it; I wound up having to blast it back to manufacturer defaults and start from scratch. Having to restore my entire collection was enough to get me to sulk back to the cumbersome beast that is iTunes, if only Songbird was half of what they claimed it to be, however considering its not even into a stable release yet I shouldn't be so surprised.

Next up is my experience with the Firefox 3 Beta 1 release, which so far (I'm using it to post now) has been a vast improvement over the current 2.0.0.9 version which sucks in terms of resource consumption and speed. I can notice a certain snap when loading pages, even things that aren't in the cache already though after so many quick loads it kind of fades into the background. None of the previous snags that made FF spazz out seem to have affected this release, at least not yet. To attest to the vast amount of changes that must have taken place in the code not a single one of my 2.0.0.9 compatible extensions worked with 3.0 Beta 1. Here is to hoping that the current speed increases and overall sturdiness remains when the 3.0 line is ready for stable release!

Blog News

And finally I want to mention to any of the regular readers out there that now there is a second contributor to Pure Defect, namely my good friend Paz_Rax who happens to be another geek like myself except that he gets paid to be one! His schedule won't permit for anywhere near the frequency of updates that I manage, so don't be surprised if you have to actually search around through the older posts to find something he has added.

Labels: Firefox, iTunes, nerdcore, Songbird, ultraklystron

Dual_EC_DRBG uses a seemingly arbitrary series of specific fixed numbers which are published in the standard to define the elliptic curve used for the algorithm. The origin of those numbers has not been revealed or explained but it is possible to use other numbers instead. The researchers realized that the fixed set of numbers used in Dual_EC_DRBG could have a mathematical relationship to a secret second set of numbers, which could then be used as a master key to decrypt content.

arstechnica.com

What I've gotten from this article is that there possibly exists a set of numbers that are linked to the set defined in this random number generator that would permit the person knowing the complimenting set to decrypt any message that was protected using this method. And the NSA is involved in this?!? Seeing as how they still are caught up in a horrid debacle with their wholesale eavesdropping on the people of the United States with the collusion of major ISPs, I don't think for a split second we should let this issue rest until they come up with a real answer as to why these particular numbers were chosen and what the risk is of someone else finding out these numbers, hell they shouldn't even know these numbers if its going to ever make it into a consumer product someday.

This is after all the same agency that offered us the Clipper Chip, which thankfully for privacy's sake failed to take off at all. The fact that Bruce Schneier (of Applied Cryptography fame) is concerned about this makes me all the more worried, if its enough to keep a seasoned professional such as him from touching this particular piece then it should serve as a warning to us all to shy away from it until the NSA comes clean with their motives in pushing so hard for this vulnerable system to become part of a NIST standard.

Labels: bruce schneier, cryptography, NIST, NSA

Well it seems that a long-time supporter of online music distribution, namely Prince, has turned his back abruptly on so many fans that supported his move to embrace the new frontier of music. Not only has he given up apparently on online distribution models but he has gone over to the dark side founded by Lars Ulrich of Metallica fame. So far Prince has lodged cease and desist notices against The Pirate Bay, YouTube, eBay, and even the mother who posted a short video clip of her baby dancing to one of Prince's songs! So it seems that now for whatever reason (see also: probably no good reason) he is now taking filesharing groups such as TPB as well as individuals and media sites owned by behemoths such as Google to task. It almost seems like hes enjoying the RIAA-brand kool-aid a little too much lately, maybe his next move should be to sue a dead person or someone who has never owned a computer for 'violating his copyright'. Prince just because you aren't the top dog anymore doesn't mean you have to be a prick about it, grow a set and deal with the fact that your time to shine is over with and other are taking your place!

tech.msn.com

Labels: filesharing, p2p, prince, the pirate bay

The fact that shopping can make or break a relationship — and that a relationship can make or break shopping expeditions — is one that retailers are paying attention to.

Glasgow's Braehead Mall recently offered women a "shopping boyfriend," a guy who "takes a girl around, helps her pick her outfits, stands outside the change rooms — does all the things men don't like about shopping," in the words of organizer Pauline Shaw.

Several dozen women checked their regular boyfriends into a "recharge zone," complete with video games, music and lad magazines, to take advantage of "the novelty that someone actually enjoyed shopping with them."
—Jessica Johnson, "Walking down the aisle: how shopping tests your relationship," The Globe and Mail, April 12, 2003

If people can't come to terms with such things like this and have to resort to a 'stand-in' then they shouldn't be together in the first fucking place, end of story. This kind of setup is just more proof that people are so fucked in the head that they don't deserve to be happy, let alone procreate! Thank you society for once again reassuring my distaste for the world and the people in it!

Labels: rant, relationships

Today we experimented with the new hotness in password cracking: Ophcrack. We slapped windows XP pro, service pack 2 on an old clunker and DWORD started creating the accounts. While he did this, I made myself useful and started looking for some good XP service pack 2 exploits. Only problem with this is I forgot I was running the same thing. Needless to say, it didn’t end well. I knew I was excited about the release of Fedora Core 8 for a reason.

Now I can’t let a live boot distro of Linux go without some type of complaint and here it is: HOW CAN YOU MAKE A LINUX PROGRAM THAT CAN’T BE RUN FROM THE COMMAND LINE!? Yes, that’s right, version 2 of Ophcrack can not be run from the command line, although version 1.1 apparently can. How do you sleep at night?

Once we got the GUI up and running, all we had to do was insert the CD and watch. The easy password, MONKEY, was guessed right away. After two minutes the medium password, abw7192, was cracked. After ten whole minutes of eating pizza and plotting world destruction the hard password, x18G7Qk48Y, was cracked. Only one would remain, the insane password that contained special characters such as: $, [, ‘,.

All in all not a bad program and sure to be a script kiddie favorite; just don’t expect any magic from the command line.

-Paz

Labels: Linux, Live boot, Ophcrack, Password, Password cracking

Well it seems that with the huge windfall to the war chest of Ron Paul comes the increased barrage of fans jumping up and down and chanting his name like monks. Sure its good to see that people are excited about politics, however those who have been claiming that he is the panacea for our problems need a reality check, so get those torches ready RP'ers!

• Voted NO on granting Washington DC an Electoral vote & vote in Congress.
• Voted NO on campaign finance reform banning soft-money contributions.
• Voted NO on establishing "network neutrality" (non-tiered Internet).

So lets stop and look at these four items and what they spell out about Ron Paul. First and foremost it seems he doesn't agree that the District of Columbia has a right to representation in federal government, even though they are taxed by it just the same. I don't even live there but that is just outright wrong to say they have no right to a voice in government that directly effects them. Again a No vote this time for campaign finance reform; given his recent windfall in campaign money this move doesn't surprise me. He also doesn't support keeping the internet fair and square, which given his popularity among supposedly internet-savvy people I find very alarming to say the least.

• Voted NO on prohibiting product misuse lawsuits on gun manufacturers.
• Voted NO on prohibiting suing gun makers & sellers for gun misuse.
• Voted YES on restricting frivolous lawsuits.

Now this is the part I really don't understand; he stands against frivolous lawsuits yet did not vote to block just that by those who would bring such suits against gun manufacturers or retailers. Interestingly enough his stance on this is not mentioned anywhere on his website, though I would hope people have enough drive to at least pull up voting records on him and see what is really up. Part of his reasoning I believe for some of these voting choices is because of hi insistence on a powerless central government, basically putting all the power in the hands of the states. That is all well and good for things that can be deal with on the state level, however what are states going to do when it comes to network neutrality? Will there be some states that have protections for consumers while others where ISPs have enough power will permit any manner of traffic discrimination? That's not a world I want so excuse me while I add him to the list of candidates not getting my vote this coming election.

Labels: politics, ron paul