thewayne: (Default)
I'd never heard nor I think seen a Buckle Store, though theoretically they have locations at two malls that I occasionally visit. Anyway, same old story: malware in POS terminals, unknown number of cards have information compromised. Terminals were hacked for about six months, from late October last year to mid April '17.

It is important to note two things. All Buckle Stores have EMV readers: they can read the electronic chips in most, BUT NOT ALL, cards. Not all banks have adopted chips in cards. But worse yet, not all EMV readers HAVE THE READER TURNED ON! For example, the Walmart store in my area does not: you still have to swipe your card, which means that my card is vulnerable to compromise.

The reason for this is vendors got greedy: they convinced merchants that they MUST upgrade their card readers to EMV compatibility! So the merchants did. But the vendors didn't tell them that to enable the EMV reader was an additional software upgrade, so many merchants didn't do the second bit.

These hacks target magnetic stripe information because that info is really easy to clone and copy on to new blank cards, then use those cards for online purchases. The fraudsters make their money by making big dollar value online purchases, like iPhones and Xboxes, having them shipped to money mules (those "make big dollars working from home" ads) who return them to physical stores, convert the money to money orders while taking a percentage, then wiring the money overseas. The mules are committing a felony by doing so, and every year many of them go to prison while the overseas contacts just vanish.

KMart was AGAIN recently compromised, which made me pause for some reflection. On the negative side, we get my wife's meds there every few weeks. But on the positive side, they implemented EMV, and we always use that, so our info was probably secure. And probably on the mega-negative side, the store is closing, so lots of jobs are going to be lost locally.

When stores have implemented EMV, and your card has an EMV chip, you usually cannot swipe it. So that's good.

So take a look at your wallet. Do any, and I mean ANY, of your cards not have chips? If they do not, complain to the issuing institution. The USA is the last country in the G20 to NOT REQUIRE EMV chips. And we have to put up with shitty hackers like this CONSTANTLY compromising our information. Banks really need to step up. Every time this happens it costs the banks money to reissue cards. And that means increased fees for bank customers.

https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/
thewayne: (Default)
I knew I read Cixin Liu's Three-Body Problem last year, but I couldn't find a record of it! What's worse, I couldn't find a copy of it on my computer! The reason why I was looking for it is that I'm reading the Hugo Finalists for the Worldcon voting and his third book in the series is nominated, unfortunately I haven't read the second, but I think there's a considerable time lapse between the subsequent books.

Fortunately I found email evidence of when I read it (9/26), so here's an abbreviated mention of it.

This book, the first of Cixin's Remembrance of Earth's Past trilogy, revolves around a strange and immersive video game that runs multiple generations resulting in total destruction of the game environment because of three suns have unpredictable and unstable orbits. It's actually a four-body problem because you also have the world that the game takes place upon: eleven other worlds in the system have been consumed by the suns. The culture survives incineration by dehydrating themselves and the husks being stored in deep underground vaults, waiting to be rehydrated some day when society has recovered.

It's a strange book that ties China's cultural revolution to modern times to extraterrestrial contact. Cixin Liu is an amazing writer with something on the order of eight Chinese Hugo awards to his credit. This and the third book of this series, Death's End, are translated by Ken Liu. The second book, The Dark Forest, was translated by Joel Martinsen. To cite Wikipedia, "The work was serialized in Science Fiction World in 2006, published as a book in 2008 and became one of the most popular science fiction novels in China. It received the Chinese Science Fiction Galaxy Award in 2006. A film adaptation of the same name is scheduled for release in 2017. ... It won the 2015 Hugo Award for Best Novel and was nominated for the 2014 Nebula Award for Best Novel."

And that brings my 2016 total to 48 books read recreationally.
thewayne: (Default)
We had a monsoon storm system parked over the mountain for the last two weeks, and yesterday it finally broke! I was at the observatory until about 1:30am and am very happy with the results.


This first photo contains something interesting: the International Space Station! It was pure luck. I was testing everything before I told it to start shooting 30 second exposures forever (299 was the final image count) and it just so happened to catch the ISS! My wife pulled up a web site that maps your location over what satellites will be overhead on a specific date and time and we matched the time of the exposure and BINGO! I couldn't have caught that if I had tried.



This is a composition of 299 images. The little jag that you see at the beginning or end of a trace is the first two images of the ISS track. They were taken before I told the timer to have at it.

I was pleased to find that Photoshop CS6 had no problem accepting 299 layers in one PSD file, but it didn't like a file size greater than 2 gig. Once I flattened them, the file size dropped to 41 meg or so, well within Photoshop's capacity.



And finally, a video that I composed from the 299 still images. It's fun watching the dome of the 3.5 meter spin like a dervish. I showed it to my wife this afternoon and she said that she knew which slews those were. She was working with a group of on-site Chinese astronomers on a visiting instrument, so she was the one choosing targets for them in an attempt to keep the dome slit out of the wind: their instrument was very sensitive to the slightest breeze.


And I'll tell you, I LOVE MY NEW IMAC! It's not the utmost latest which just came out this week, it's a Late 2015 with a 4 GHz i7, and this thing handled sucking those 299 images and turning them in to a movie or making them in to Photoshop layers or flatening them with absolute zero difficulty.
thewayne: (Default)
Back in March, Brian Krebs posted an article titled Why I Always Tug On The ATM. It boils down to there being a limited number of ways that your credit card information can be stolen:

1. Financial institution is hacked
2. Malware is implanted on a merchant's network, possibly on point of sale (POS) card scanners
3. Hardware is covertly installed on or in POS card scanners

You can't do anything about #1. The first time my banking information was compromised was about seven years ago. I was at my parent's house in Phoenix, heading to Las Vegas to a convention when I saw a charge on my checking account for $80ish at a truck stop in North Carolina, a state where I hadn't been in five years. Turns out that a check processing company in Albuquerque had been hacked and they managed to create a bank card from that info. That hack never hit the news.

#2 is the classic Target hack, though that was an extreme example where the criminals managed complete subversion of their cash register system. They could have done what North Korea did to Sony over the release of The Interview. Arby's, Wendy's, CiCi's, you name it. And you can't do anything about this, either.

#3 is something that you can attempt a bit of defense with.

Skimming comes in two flavors, an overlay or an insert. The overlays are easy. The criminals somehow manufacture a flimsy plastic module containing electronics, generally a card reader for capturing card information, a camera for capturing PINs, and a Bluetooth radio for transmitting the info. The whole thing can be quickly slipped over a card reader at a cashier station. It's a two or three man job: distract the cashier, obscure the overhead security camera, slip the shell over the reader. The shell is precisely made for specific models of card readers and will only fit on those models. There are a few 'tells' that help identify an overlay. The colors will be slightly off. It will feel like thin plastic. The graphics won't look quite right. The dimensions will be slightly off. If you pay attention to the card terminals that you use, you might notice these.

But the best way to notice is to tug. Give the terminal a squeeze and a pull. It should feel solid and it should be solidly anchored to the pedestal that it's secured to.

Gas stations are a slightly different problem. These will sometimes have overlays, so a visual inspection and a tug test is good, but they also may have internal skimmers. These are tiny circuit boards that are actually slipped in to the card slot that read the inserted card and store the info. They don't collect as much information as an overlay, but it's still enough to cause you problems with card theft, and it's not easy to spot these.

Gas stations have taken some defensive measures. You'll notice there are security tape seals where the panels open on the pumps to show they haven't been tampered with, but let's face it, it wouldn't be hard to make fakes of those. But they've also improved the design of the pump faces to try and make it harder for skimmers to be installed, ATM makers have also tried defensive design with varying success.

Brian Krebs' suggestion is that the best defense is to never use a debit card at a terminal that you don't have absolute confidence in, only use a credit card. The reason for this is that credit cards have legal limits for fraud protection, debit cards do not. Your bank may limit your liability if your debit card is compromised, but they are not REQUIRED to by law. So you can trust your bank if you like, but you need to know that they don't have to back you.

Another way to defend yourself, if you have a fairly recent smartphone with Near Field Communications (NFC) and your merchant supports it, is to use Apple Pay or Google Pay. Microsoft tried to set up a wallet system, but it never gained traction and has been relegated to the dustbin of history. BE WARNED: these payment systems take a little getting used to! I set up Apple Pay last week: I've used it four times, I've been successful ONCE. I know how I failed the first time, and I suspect how I failed the other two times, so I think I have it figured out, but still, be prepared for a learning curve.

Apple has an exhaustive explanation of how their system works, and it is really elegant. From what I understand, even if the POS terminal has malware installed, if you use Apple Pay the criminals will get nothing usable. The information is not just encrypted, it's done with a one-way encryption that cannot be reversed after it's transmitted, so no card information can be recovered by an intercepting criminal. The merchant identifier and transaction amount is appended, the packet is sent to your financial org, which authorizes it, and the bill is paid. Your information is never exposed.

I'm sure Google's system works in a similar fashion, but the info that I easily found didn't go in to nearly as much detail as what I found with a casual search for Apple's system.

And I have to tell you, the Apple method for registering a card was amazingly cool: take a picture of your credit card. I was sitting in my partially demolished computer area, in somewhat poor lighting, and it said to take a picture of your card. So I pulled out my personal debit card, and it read it perfectly. Done. Pulled out the debit card in my name for my wife's checking account. For some reason, within about a month of receiving it the gold paint on the letters is completely gone. There was no strong side lighting to provide contrast for the lettering, yet my iPhone 6S had no trouble reading the card! I was VERY impressed. The third card that I registered was my credit card, and that one also registered fine, except it got the expiration date wrong, and that was easy to correct.

You can also manually enter the card information.

You can also use Apple Wallet for concert tickets! I used them for Jethro Tull, which was convenient because I forgot to take the printouts. It looked to me like 75% of the people in line were using smart phones for their tickets.

iPhone 6 series and later, which includes the SE, have NFC. Apple Wallet can be configured to use a fingerprint to authorize rather than the phone's password, regardless of whether you use a password to unlock the phone. Androids that run version 4.4 of the OS or later should have NFC. I saw that sometimes Android updates can cause headaches for Wallet users.

Anyway, that's enough blathering. The best defense, of course, is to always pay in cash. But that brings up two problems: carrying large sums of cash, and do you get the cash from the bank, which may involve lots of inconvenience, or do you trust the ATM to not have been compromised?

It seems to be never-ending.

https://krebsonsecurity.com/2017/03/why-i-always-tug-on-the-atm/
thewayne: (Default)
We had a stragedy to see these two movies. Our theater shows new releases Thursday night, so we figured we'd go to the last showing of Pirates because everyone would be seeing Wonder Woman. But when we got there, the showing of WW was only about half-sold, so we went ahead and saw it.

And it was good. It had an overwhelmingly good score and it was mostly well-earned. I thought the story was pretty good. They nicely developed the origins of the Amazons, got her in to World War I. I thought there were a couple of continuity errors that I wish they had fixed, I don't know if they had problems between the shoot and edit, or what, but it was kind of jarring for me. Still, lots of fun. My wife commented on all of the names of women in the credits which was really cool.

There is no teaser of a future movie in the credits, so if you're desperate for the bathroom when the movie ends, go for it.


For Pirates of the Caribbean: Dead Men Tell No Tales, we watched the first Pirates movie on DVD Wednesday night as a prep to see the new one this weekend, and it was lots of fun, it's been ages since we've seen it. We saw the subsequent movies, and I have not been impressed and won't waste the time, space, and money owning them. I've also heard about the scores for the new Pirates movie on Rotten Tomatoes, and the studio complaints about Rotten Tomatoes, and I've seen the trailers, so I did not have high expectations. And I was surprised, it was much better than I was expecting. To me, they caught the light tone of the first movie along with the scary aspects and melded them well. We got back stories which made sense and nicely tied Salazar to Jack. It, too, had a couple of continuity problems that just didn't make sense. You'd think that when you're looking at 120-135 minutes that you'd be able to trim down some needlessly long sequences which would give you time to fix the problems. Which to me implies that they had script problems that no one caught and they had no choice but to release the movie with issues.

There is a teaser at the very end of PotC: DMTNT, but it is at the VERY end of the credits. I'm not sure which of the movies it refers to, it really didn't excite me. So there will be more Pirates as these movies make lots of bucks in Asia.


My wife had a major problem with Pirates: Dead Men -- they abused astronomy. This is a problem being married to a woman who has a PhD in astronomy. I have similar problems when people abuse what computers can do, but I think I might have a slightly higher willing suspension of disbelief when it comes to my field being abused on-screen than she does.
thewayne: (Default)
First, Kmart has once again found malware in their store point of sale systems. This is not a first for Kmart, and apparently does not affect online sales or their stores of their partner, Sears. Kmart is my wife's pharmacy, so I expect we'll be getting new cards from our bank in a month or two, which will mean Amazon resets and all the joy that entails.

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/


The OneLogin breech is bad. This is a password vault company where you can store logins and passwords for everybody that you do business with online, so with this one violation everyone that you have an online account with is potentially compromised. Bad news. Very bad news for a lot of people and companies.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/


Now, when it comes to knowing whether or not an online identity has been compromised, it's not easy to know. We use email addresses as logins to numerous web sites, but what gets compromised when a site gets hacked? The valuable information is the login identity and password information. While password information is frequently encrypted, sometimes it's not and it's stored as plain text. And a lot of people commonly use the same password on lots of sites. Thus, a password that was used on Site A might work on Site B.

Even if the password is encrypted, sometimes they don't use what is known as a salt value. In this case, something called a Rainbow Table can be run against the encrypted password list to try and decode passwords. A rainbow table is lists of dictionaries of known words, random words, words in Klingon, phrases from Shakespeare, etc. that are commonly used in passwords. If one of these words matches against an encrypted password, they now know what that password was and can try that matching email address against an Amazon account or bank or whatever.

Salting a password is adding a hidden value to it. For example, if I append the value '123' to your password, the encrypted value is much harder to match against a rainbow table, because the encrypted value of MyPassword vs MyPassword123 are different values. And if you use the password MyPassword, DON'T. It's a ridiculously easy password to hack. But I'm not going to talk about strong passwords right now.

When a web site is compromised, such as OneLogin, frequently the accounts will appear on a web site as a 'dump file'. There are characteristics that let security analysts trace back a dump file to know that File X was taken from Site Y. And there's a web site that will tell you if your email address has ever appeared in a dump - https://haveibeenpwned.com/.

The operator of Have I Been Pwned took it upon himself to collect dumps and suck them in to a cloud-based edition of SQL Server. He doesn't store any passwords, just an email address and information on what dump that address has appeared in. You go to the web site, enter your email address, and you'll learn where your address may have been compromised. It's not a bad idea to check occasionally.

Myself, I have two primary email addresses. My main one has been compromised a number of times, and I don't really care because it's used mainly for email. My more sensitive account has only been compromised once, and that was an Adobe hack. My Paypal email account has never been found in a dump, which is nice. But what I found interesting was that my main email address has been found in lists that "was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password." I'm not concerned because I never reuse passwords on systems where I have credit cards tied. I do reuse passwords on low-value systems OCCASIONALLY, like some message boards that I don't often revisit, but that's slowly coming to an end.

Anyway, you might want to check out this site, it's interesting.

https://haveibeenpwned.com/
thewayne: (Default)
Finally it has been decided. A long time ago in this galaxy, Lexmark filed a suit against a company called Impression who not only refilled Lexmark-brand toner cartridges, but Impression also jiggered with a chip that Lexmark built in to the cartridge. Lexmark claimed that this was a DMCA violation. Impression said that Lexmark lost its patent rights once the cartridge was sold as part of first sale doctrine, and finally the highest court in the land agreed.

The basic issue has been that all printer manufacturers have been selling printers at cut-rate prices, expecting to make huge profits on ink cartridges. To ensure this, they followed Lexmark's and HP's leads by putting microchips in the ink cartridges that told the printer that these were "Genuine" cartridges - accept no substitutes. Or if a substitute were to be found, bitch endlessly that a substitute was present and that a complete meltdown was imminent and that it was all the printer owner's fault for not using Genuine Ink or Toner Cartridges! And it was illegal, or at least a violation of the Digital Millennium Copyright Act, to break the code in the chip and spoof that the third-party refilled cartridges were original. Sometimes the printer would lie and say the third-party cartridge would exhaust quicker.

So it's all over, barring printer manufacturers buying more congressmen to change the laws to make it illegal again. We can not only legally get ink cartridges refilled, we can legally get the chips reset.

https://hothardware.com/news/us-supreme-court-protects-consumers-right-to-refill-ink-cartridges

https://hardware.slashdot.org/story/17/05/30/171253/us-supreme-court-protects-consumers-right-to-refill-ink-cartridges-in-precedent-setting-lexmark-vs-impression-case
thewayne: (Default)
We drove up to Albuquerque yesterday for the show, leaving home at 2pm and getting home about 3am! A long day and lots of driving, but well worth it. We both hate casinos because we both have bad lungs and asthma. The poodle was with us, so Russet gave him a stroll while I went in to the casino and found the theater so we could get to it as rapidly as possible, and that worked well.

Here's the set list: Living in the Past Nothing is Easy Heavy Horses Thick as a Brick Jack-in-the-Green Bourrée Farm on the Freeway Songs from the Wood Pastime with Good Company/Henry VIII Sweet Dream Dharma For One A New Day Yesterday Toccata and Fugue in D Minor ? Aqualung Locomotive Breath

The opening was both awesome and sad: for some reason they pointed Ian's microphone too high, and he was having problems singing in to it, making it sound like he had almost no voice. So that song was almost wasted. But let's face it, much of Tull's music is a third vocals and two thirds instruments. While they were playing Nothing Is Easy, you'd see Ian playing, then on the projection screen behind them, they'd show Ian from the '70s playing the same piece! It was very interesting, seeing the massively shaggy hair, compared to the almost 70 year old almost bald Ian. Same process for Florian, the lead guitarist. Very cool effect.

When they performed Heavy Horses, they synced a projected video performance with Icelander Unnur Birna Björnsdóttir(?), singer and violinist, which was really cool - that's one way to make up for a small stage! Very good use of back projection throughout the show.

Dharma For One was a very funny intro. Ian was talking about how (IIRC) Clive Bunker would go in to this ridiculously long drum solos that would last hours, days, weeks! He then says something about respectfully dedicating this next song to Clive, respectful clapping follows. Ian then says "Oh, he's not dead! He was quite well the last I spoke with him on the phone!" They then go in to play Dharma to give their touring drummer, Scott Hammond, a solo. And he did a very good solo. Which gave the rest of the band five minutes to nip off the stage for a drink and a sit.

Throughout the show, aside from the flute, Ian also played guitar and harmonica. And gamboled around the stage with his left leg bent and keeping time.

Here's what I don't understand. People paid probably $100 or more for a pair of tickets, came in late, and left early. One couple ahead of us the girl wouldn't stop yapping at her man for a song or two. A couple arrived late for the seats next to ours, the guy clearly already drunk and stinking of beer, yelling what an honor it was to see Ian Anderson. Gee, what a respectful way to be honored: showing up late, drunk, and leaving early. Why would you pay $100 to hear five or six songs then leave? I just don't get it. Is it just to be able to say "I saw Tull, dude!"

This is the banner for the tour. It'll probably break eventually as I'm linking it directly from what I thought was the Tull web site, but it's something else.

Left to right that's John O'Hara on keyboards, Scott Hammond on drums, Ian Anderson who plays the flute or something, Florian Ophale on lead guitar, and David Goodier on bass.


In other Ian Anderson news, he has a new album which released in March called Jethro Tull - The String Quartets. He got together with the Carducci String Quartet, conducted by John O'Hara, his keyboardist. It released complete with a factory defect! For some reason on the first pressing the track list on the back of the box does not match what is on the disc, so they slapped a sticker on top of the shrinkwrap, which doesn't do you much good after you remove the shrinkwrap! But once you rip it to MP3 or whatever, you're OK.

The album is quite good, but one track strikes me as kind of odd: Living In The Past. It's already practically a chamber piece: I think it would have been better to put a violin in a high register playing the vocal and put Ian on the flute in to playing trills, I think that would have been more interesting. But what do I know.

Here's the album cover. Definitely recommended.

I expect that eventually there will be an album/DVD released of this tour, which I will probably buy. Saturday night was their third USA stop: Friday night was in Colorado at Red Rock with a full symphony orchestra, and a night or two before was in Utah. If you pull up the tour schedule from the JethroTull.com web site, you'll see that they tour like mad men!

EDIT: for some reason paragraph breaks appeared when I previewed it, but not when I posted it. Odd.
thewayne: (Default)
There's a "freeware" utility called iBookCopy that strips DRM from iBooks, turning them in to standard ePubs. It's currently on sale via MacUpdate for the next five days, then it's back to $30.

It's listed as shareware, but the trial version only converts the first third of the book. I think it'd be more legitimate shareware if it would only convert 5-10 books before locking itself up.

I just had it convert my current library: 410 books consisting of 6.7 gig (after conversion), took about 42 minutes on my late 2015 i7 iMac with 16 gig of RAM. So it's pretty quick. The way that iBooks stores purchases makes it VERY hard to back up your books to a different media when your library gets big, and I had no idea mine was over 6 gig! A lot of those books are not purchases from Apple, they're from Humble Bundle or ebooks that I've made using Stanza. Regardless, a purchase ends up with a file name that is a numeric ID that you don't know what the heck it is. After iBookCopy is done, the file name is the title of the book plus an epub extension. Very clean.

https://www.macupdate.com/app/mac/56123/tuneskit-ibook-copy
thewayne: (Default)
so if you've transitioned over to DW, I'm dropping you from that side to shorten up my reading page over there. No changes on the DW side.
thewayne: (Default)
I haven't posted it on YouTube yet, I'm not really in a hurry to. Anyway, this semester I took a Civic Involvement in Library Science class. It's a somewhat unstructured class: you sign up for 1-3 credit hours, and you're expected to do 60 hours of work per credit hour that you sign up for in some form of civic involvement or outreach sort of thing: you choose the library, you write up a proposal that the library and the teacher agree to. We have five local libraries: I contacted three, and two of them don't have any outreach programs. The third, Alamogordo (NM) Public Library, I met with and I ended up making this video for them.

And boy, I definitely made my 60 hours, there ain't no doubt about that! My goal with my six minute video is to increase awareness and patronage so that the next time they have a bond election they have a much better chance of getting a new library -- they've been in the current building for 50 years! They're stuffed to the gills, and they have no external warehouse or storage, so if a new book comes in there's an excellent chance that another book gets weeded and goes out for sale.

And it might work. But what would have really helped didn't happen: no footage of library workers helping patrons. And why? Because none of the library employees wanted to appear in the video. And I didn't find that out until late last week! I was able to Photoshop one photo and remove a physically distinctive employee from one photo, and I reshot another photo yesterday, but the big trouble came yesterday when I discovered something that I should have learned a few weeks ago: the narrator made a mistake! He left one word out and it completely changed the meaning of a phrase!

I didn't want to email him and get him to re-record that one segment because there was no telling how long it would take to get a new recording back. He'd done the recording twice: the first time that he recorded it he used an old copy of the script as he hadn't contacted me and told me he was about to record and the script was still being fine-tuned at that time. But he re-recorded the whole thing and did a much better job the second time. Still, I had a problem.

Fortunately, I had the first copy of the audio still in my email. And even more fortunatelyer, I found my copy of Adobe CS6! This gave me their professional audio editor/mixer, Audition. I was able to do an actual copy/paste of the phrase from the first gen recording in to the second gen recording, paste it in to the video, re-export it, and done.

W00t!

I actually did the entire video in iMovie on my laptop, a 2011 MacBook Pro with 16 gig of RAM. I took a class and know Adobe Premiere (made a 10 minute video of a lunar laser ranging program that my wife operates), but with everything that happened with my iMac being stolen last year and my copy of Premiere disappearing, I had no choice but to fall back on iMovie. I bought O'Reilly's The Missing Manual book for iMovie and used Google A LOT and got through the project, but given my druthers, I'd rather use Premiere. It's kinda like being used to doing fine adjustments to photos in RAW mode and only being allowed to use JPEGs: you just want to hit yourself in the head with a bat (cricket or baseball, whichever). And now that I've found my copy of my Adobe suite (discovered it on an old backup a few weeks ago), I don't have to worry about not having that option again!

https://www.dropbox.com/sh/g7pl3a7w6stdxlr/AAC-Spk_FkZsk-9YN2V-4-PUa?dl=0
thewayne: (Default)
This looks really good. Galaxy Quest ramped up a few notches with more Star Trek. I'm guessing that this is slated for Fall '17.

"We need no longer fear the banana!"

thewayne: (Default)
On an extremely rare occasion we didn't zip through commercials on our DVR and caught an ad for "JETHRO TULL performed by Ian Anderson" performing at the Route 66 Casino in Albuquerque. Naturally it's a week from tonight when my wife would be working. ABQ is almost 4 hours from here. She's a huge Ian Anderson fan. She pulled up the tour info and they were performing the following night in El Paso, which is only two hours from here, unfortunately not only was she working, she was running a special program that she couldn't skip.

Yesterday she bought tickets for the Route 66 Casino so we're driving up next Saturday to see Tull!

I think the last full-on concert that I saw was 1994's The Division Bell by Pink Floyd. I honestly didn't want to see it as I'd heard poor reviews of the album, and I'd seen the tour for Momentary Lapse of Reason just a few years before. But my brother had bought the tix and wanted to do brotherly things with me, so we went. And frankly, I was not impressed.

Still, this should be interesting. I'm curious exactly what the name implies. Normally tours are named like that when there's horrible breakups and lawsuits, I'm curious what's going on here.
thewayne: (Default)
Sunday I ordered a right angle viewfinder and a remote timer for my Canon. The viewfinder I went non-Canon to save money, I hope it works out. I thought with magnification that I might be able to focus my 6D at night. Here's to hope!

The timer is Canon, though used. It arrived about 24 hours ago, and I was disappointed by what I thought was a dead battery. There's no way to get a CR2032 up here, and I didn't want to drive down to Alamogordo for one thing. Fortunately my wife was amenable to go down to dinner, and Home Depot had the battery in stock. Getting it at HD also let us look at storm doors, so it was an excellent twofer.

I get home, replace the battery, and it's still dead.

ARGH!

And they're closed on Saturday for the Sabbath. But at least that means they're open on Sunday, so I can call them tomorrow to see what we can do. I'm hoping they'll send me a replacement promptly, I might have to buy another and then have them refund the dud.

The only good thing is that the timer also works as a remote release with a lock, so I can do long exposures with it and just time it with my watch, but without the timer function, I can't do a series of shorter intervals. I know that the star trails work at ISO 800, f2.8 and 30 seconds, but long exposures don't mathematically scale at this low of light levels as you'd like.

I NEED THAT TIMER! I wonder if they'll test the new unit (still going to be used) before they send it? Also need to dig out my multimeter and confirm that the original battery and my replacements are good: CR2032s are used in lots of things and should have enough turnover to ensure fresh stock.
thewayne: (Default)
They got hit. HARD. Indications were that crooks were accessing W-2 information and filing fraudulent tax returns between April 17, 2016 and March 29, 2017 -- all but a full year. The records were protected by a four digit pin, which is pretty trivial to get past, and then by knowledge-based questions, which sadly, most people answer truthfully and are thus fairly easy to Google. Where did you attend high school? What was your first car? What is your mother's maiden name? My answers would be Atlantis, Ferrari, and Ozymandius. I then log the answers in an encrypted note program on my iPhone called MSecure, I'm certain there are similar programs for the Android ecosystem. Each site gets different answers as the moment strikes me.

https://krebsonsecurity.com/2017/05/fraudsters-exploited-lax-security-at-equifaxs-talx-payroll-division/
thewayne: (Default)
I was wondering what Roger had been up to since the end of the election. It had been rumored that Trump was planning a conservative news channel and that Ailes would head it up, but then Trump made the mistake of winning the election and look at where we are now. Well, it turns out that Ailes had hemophilia. Apparently in '12 he said that actuaries said he had 6-12 years left, I guess he didn't make the odds. Still, to make it to 77 with that condition is an achievement.

Aside from heading up Fox and exploiting his position of authority to sexually exploit women, he previously was the chief media advisor to Richard Nixon, Ronald Reagan, and George H.W. Bush. He also helped create the Merv Griffon Show and several other TV programs.

I can't say that I'm too sorry to see him gone. It would have been nice to see him have a reformation and make some amends for his past behavior, but it would be so totally out of character as to be all but an impossibility.

http://www.npr.org/sections/thetwo-way/2017/05/18/528925119/roger-ailes-former-fox-news-ceo-dies-at-77
thewayne: (Default)
A request has been made to turn one of her Rivers of London stories into a fic podcast! I thought she'd had one or two other stories turned into podcasts, but apparently they were translated to Russian or some other language.


In other Rivers of London news, do you watch the Doctor Who spinoff, Class? Did you catch the third episode, Nightvisiting? My wife recognized the voice of Puddle's father, the actor Kobna Holdbrook-Smith, as the man who narrates the audiobooks for Rivers of London! He's also appeared in Father Brown, Midsomer, Doctor Strange, and in the upcoming Mary Poppins Returns.

Personally, I've been enjoying Class, I'm sad that it was cancelled after one season.
thewayne: (Default)
And we don't know what it is! This is a screen grab from Photoshop with the original zoomed 100%, the artifact is about 10" over and about half an inch down. While almost everything else is streaking in an ascending to the upper right direction, this one is descending to the lower right, or SE direction.

There's a web site called heavens-above.com that will tell you satellite orbits above you based on your location, and nothing really matches what is in the picture. My wife, who only has a PhD in astronomy and astrophysics and works as a professional astronomer, thinks it's a reflection off a power line. Notice those dark streaks in the photo? Those are power lines. But there's a slight breeze, and considering the length of exposure, I think that would distort the image.

Based on the timing of the exposure, i.e. knowing that the length of one trail represents about 15 minutes, and that the anomaly is at pretty much a right angle to the celestial equator, she thinks it might be a satellite in a geosynchronous orbit but much further out.

So here's the image, at 100%:


We might go out again tonight and repeat the exposures twice from both ends of the observing pier to try to counter where the power lines appear. We'll see what happens.
thewayne: (Default)
I spent another two hours in the cold last night and have one photo to show for it. Fortunately my jacket had my best ski cap and the perfect thin gloves for working with the camera! It didn't work with my phone for reading a book on my phone, so my right hand kinda froze, but I'm willing to sacrifice for my art. :-)

This was shot from the Cloudcroft Trestle overlook facing east, about half an hour or so before moonrise. It's 15 shots of 30 second exposures from a Panasonic Lumix DMC-LX7, ISO 800. The camera will do 30 second bursts, unfortunately it does a 30 second 'dark' exposure as part of noise reduction between frames, so the dots are unavoidable and streaks are thus pretty much impossible with this camera. I do like the 16x9 aspect ratio, I kinda wish my Canon did that. Yes, I could mask down to that in Photoshop, but I like composing that way in the first place.

At least now I know.


The glow in the lower left is from cars going in to Cloudcroft - not too much traffic at 1am on a Monday night, the glow in the middle is from the imminent moonrise.

But in other star streak news, Sunday I ordered a Canon intervalometer and a right angle viewfinder eyepiece and they should arrive Friday! So I'll be doing some more experimenting over the weekend.... Unfortunately we're pretty much at the end of this lunar cycle, so while I'll still be doing some star streak photos, I don't know if I'll be able to do much with foreground illumination.
thewayne: (Default)
Recently, hackers stole the first ten episodes of the new season of Orange is the New Black from Netflix and demanded a ransom in bitcoin or they'd post the episodes on Pirate Bay. Netflix didn't pay, the hackers were true to their word, the episodes were posted.

Now Disney has been hit. Hackers have demanded a "large" ransom or an unnamed film will be released, the name of the film is unknown but the two big named upcoming releases are the new Cars and the Pirates of the Caribbean movies, neither of which am I particularly interested in seeing. Bob Iger, CEO of The Mouse, is refusing to pay and is working with Federal investigators.

What I'm wondering: (A) is this the same same group that hit Netflix, demonstrating some pretty good skills to hit deep in two different megacorps, and (B) is this a new business model for the criminal hacking community? It could certainly be profitable, I wonder if it could also encourage entertainment megacorps to create a consortium to build a big network of bitcoin mining machines so they have a ready supply available if they decide that they need to start paying. Of course, the better solution is to beef up their IT infrastructure and rid themselves of the mindset that it's cheaper to absorb the cost of the occasional hack than to maintain up to date security postures.

http://www.hollywoodreporter.com/news/disney-chief-bob-iger-says-hackers-claim-have-stolen-a-disney-movie-1003949

July 2017

S M T W T F S
       1
23 4567 8
910 11 1213 14 15
16 17 18 19 202122
232425 26 272829
3031     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 27th, 2017 12:37 pm
Powered by Dreamwidth Studios