Linkstew

I rely on this thing way too much, and it being just a command line script, I can just keep rerunning it until it gives me the answer I want... But hey, I guess if it makes me feel better about something, then it's worth something, yeah?

#!/usr/bin/perl

my @eightball = ("Yes", "No Doubt", "I'm Sure of It", 
                 "Certainly", "Without a Doubt",
                 "No", "No Way in Hell", "Not likely", 
                 "Keep Dreaming", "Ask Later", 
                 "Try Again");

print "$eightball[rand(@eightball)]\n";

While I was taking my final tonight, I noticed my shirt was a little wet. I looked down, and saw a tear, and a red stain forming, and realized that the test had "ripped me a new one" when I wasn't looking. I touched the stain and then tasted my finger, and I wondered to myself, "Why does blood taste so sweet?"

It's irony.

Well, it didn't quite go like that, and the final wasn't actually that bad. But you see, I tend to take breaks to amuse myself during long tests, and during my final tonight, I ended up coming up with this jokeless punchline that I'm absolutely in love with: "It's irony." As in, employ some nice freestyle english footwork to arrive at the adjective irony, meaning "Of or pertaining to iron."

The best joke I've got for it so far (which, to give credit where credit is due, was offered up by Jan) is the above referenced "Why does blood taste so sweet?," which hopefully explains that whole little story above. But the problem with that joke is that it's just not... ironic enough for the punchline.

So, I'm still mulling over other possible jokes for the punch-line, and enjoyably, by the nature of folklore, a punch-line can have as many jokes as it wants. So, offer up suggestions! Try them out on your friends, family and co-workers! And most importantly, um... I can't think of a most importantly.

Oh, well, finally, it's perfectly possible that this punch line already exists in the wild (Hm, are punch-lines a form of joke parasites?), and that I just happened to have coincidentally bred a related strain during my final. And if that's the case, and I am just ripping off some clever person, please grind my ego down to a stump, and crush the filings into my foot. And then, when I ask if you can see anything stuck in my foot, you, can tell me "It's irony."

So I just got this email forward, and I'm not exactly complaining, I'm just curious in a folkloristic kind of way. So below is the forward, and here's what I want from you: If you get a copy of this forward, please post in the comments or email to me any differences between the copy of the forward I got and the copy of the forward you got, along with your email address, so that I might ask you some other questions about the forward later. I may or may not use this for my folklore class, but even if I don't use it, I'll still post anything interesting anyone shares. Thanks!

TEN PROPOSED NEW LAWS FOR THIS CRISIS:
1. To buy an American flag, you must present proof you have voted at least once in the last three elections (yes, local and state elections count).
2. To display an American flag in any form, you must present proof of voter registration.
3. To wave an American flag in public, you must be able to name at least one of the following:
   1. One of your U.S. Senators
   2. Your U.S. Representative
   3. Your President ("George Bush" does not count; ambiguous)
4. To sell any product with an American flag on it, you must answer the following question correctly: The Bill of Rights is part of:
   1. The Declaration of Independence.
   2. The Constitution;
   3. The Magna Carta;
5. Those heard singing patriotic songs in public may be asked to show their voter registration cards.
6. To be permitted to scream "Nuke Afghanistan!" you must be able to correctly locate Afghanistan on a map or globe.
7. To be permitted to scream "Arabs go home!" you must list and correctly locate ten Arab homelands.
8. Those who wish to express opinions about Arabs and Arab-Americans must pass the following test:
   1. Those who follow the religion of Islam are called:
      1. Muslims
      2. Muslins
      3. Fanatics
   2. The holy book of Islam is called:
      1. The Koran
      2. The Koram
      3. The Bible
   3. In Arabic, God is called:
      1. Ali
      2. Allah
      3. Jehovah
9. Priority for purchase of American flags will be given to those whose ancestors lived on American soil the longest. When all American Indians who wish to display the red, white and blue are satisfied, other applicants will be accepted.
10. A call for war on any radio talk-show will be construed as a public declaration of willingness to enlist in the US Army; callers will have 24 hours to complete the paperwork.

I've been eagerly reading previews of Mac OS X 10.1, and reading comments in forums by users who "acquired" a copy of a beta build, and I've noticed this really annoying bit of security folk wisdom that has now engrained itself in the mac community. (I'd link to examples, but it's not worth it -- if you read Mac news sites at all, you've seen what I'm talking about)

The story goes something like this: "The new login screen, which optionally displays a list of users on the system, reduces the security of the system by an exponential factor, because instead of having to guess a login and password, a cracker only has to guess a password thanks to this list of user names."

Hooey! For starters, <deadpan>Microsoft is doing the same sort of login welcome screen in Windows XP, and Microsoft knows how to make a secure operating system.<deadpan>

But seriously, this isn't a "gaping security flaw that must be addressed before 10.1 ships," as so many wanna-be security experts like to tell naive readers to make themselves sound smarter in the eyes of untrained Mac users. The first reason is simply that it's a necessarilly optional feature, as it would be inefficient for a computer lab with hundreds or thousands of users to have an list of users. So if you're that worried about it, turn it off, and then nothing I say below applies anyway.

In such a multi-user lab environment is exactly where a list of logins might be a security problem. But in that environment, most would-be attackers will already have an account, and a would be attacker will have one of two targets -- either the system, or another user's private files. Taking the system automatically gets him another user's data, but it's also more likely to be noticed, and will probably be harder. So as far as getting private data (or gaining access to another account as the launching point of another attack, or what have you) -- well, if he's got an account on the system, it's trivially easy for the attacker to find out the names other accounts on the system. Further, if he's after someone's private files, he probably has a specific target in mind, in which case he already knows the target login.

And so the one case in which an attacker might use the login list (aka, the "security hole") to crack a system is when the attacker does not already have an account. And in that case, trying to brute force passwords is not the most effective way of gaining access, mainly because brute forcing passwords will almost certainly be noticed (assuming attentive admins). A determined attacker in a multi-user lab environment is going to be able to get access to an account with a trivial amount of social hacking, because users are dumb.

Admittedly, if users weren't stupid, the social hacking wouldn't procure an account as easilly. But of course, if users weren't stupid, they would have better passwords in the first place, and brute forcing a password would be harder, and the utility of a list of logins would go back down just as quickly as it went up.

Why did I focus so much on the case of the multi-user lab environment? Because to see the list of logins, an attacker will need to physically see the machine. And it's mostly beside the point, but most remote system exploits don't even need to know about any particular user other than root, or otherwise default logins, and so the login-screen serves no utility to a remote-attacker.

So the more subtle reason that the login screen listing account names isn't actually a showstopping security flaw is becuase to see the list of logins, an attacker need to be physically in front of the machine, and once an attacker has got physical access to a machine, the show's over and the monkey's dead.

I had my first classes today, and one of them was Anthro 160, "Forms of Folklore." And after just one lecture, I'm really looking forward to it. I feel an itching at the back of my brain telling me that this is something that I'm going to enjoy, and I haven't seen anything to disprove that yet.

I've heard three things about this class: Good professor, interesting material, bad bad evil term project. And yes, the project is a little insidious, but it doesn't seem that bad...

The project? Collect (at least) 40 pieces of folklore from friends and family and whoever you can find, and gather information about where the informant learned that lore, and what the informant (and others) thinks it means, and so on. Each item is a separate entity, and is supposed to be prepared individually. Analysis of one piece is not supposed to cross-reference the analysis of another piece. Basically, the project is collect 40 pieces of folklore, and then write 40 short reports about all that folklore. And for seven of those pieces, find a printed parallel of that piece of folklore, and examine the parallels and differences. And yes, there's a shear bulk of work to do there, but I think it will be interesting.

If I could get my ducks in a row and didn't have a project to finish for work, Fray Day would be the perfect place for me to start this project. But that's probably not going to happen. My folklore archive isn't due until December 7th, though, so I've got all kinds of time... so I say now.

For the curious, one of the most integral characteristics of folklore is apparently multiple realization. That is, different versions of the story are known all over the place. If someone says "The way I heard it...", you're dealing with folklore.

And in case you can't tell, I'm feeling very drawn in already, and I'm not quite sure what to make of that. I'm vaguely thinking about what a blog version of a folklore archive would be like, but I guess I should wait and see how my folklore archive itself turns out. Well, it would be kind of like In Passing, only more focused and with more detail and analysis and categorization.