Standard Mischief

Rather, to go with the earlier post, this is a list of the part of my feed list where the feeds are full text, and comments are allowed, and it’s not too much of a pain in the ass to post a comment. I also prefer places that don’t hold every single comment until it’s blessed by the pope. I find crap like that tends to choke the discussion. Anyway, here you go, with the feeds in plain text:

Standard Mischief
http://standardmischief.com/feed/

Of course I keep tabs on my own feed. How else do I tell if something’s broke?

SayUncle
http://www.saysuncle.com/feed/

I probably pump more content into the comments here than in my own blog.

View From The Porch
http://booksbikesboomsticks.blogspot.com/atom.xml

Usually something good and/or funny daily

Jacqueline Mackie Paisley Passey
http://jacquelinepassey.blogs.com/blog/atom.xml

There use to be considerable libertarian chatter here, but recently has tended to be more personal and gambling related. Some SpecFic chatter. Recently she has been voted ?most stuck-up bitch in teh blogsphere?. The people who hate her and just have to tell her that are even more amusing. Much more entertaining than non-Libertarian non-Girl.

The Countertop Chronicles
http://countertop-chronicles.blogspot.com/atom.xml

I stuck him here near JMPP just because.

Ravenwood’s Universe
http://www.ravnwood.com/index_20.rdf

Not as prolific as he once was, when he blogs, it’s good.

ladyada’s ranting
http://www.ladyada.net/rant/?feed=atom

If you can’t tell by now, I have a thing for women who can drive a stickshift, shoot straight, speak the truth, have their financial shit together, or own there own handtools.

In this case, among other things, she knows what end of a soldering iron to hold. Not a lot of blog here.

the IDIOT
http://www.saltypig.com/blog/atom.xml

The potty-mouthed poster child for the armed and polite libertopian society we all want. He was actually my first commenter and didn’t really like my ?mutant-libertarian? leanings.

Hmmm, was it something I said or is this another quirk of Blogspot? I notice the Blogspot blogs most of all flip-flop their feeds. Anyway the damn feed is broke now.

sheer potentiality
http://philwelch.net/atom.xml

Phil pumps a lot of insightful comments into JMPP, not so much here. Infrequent blogger, but when he does post it’s about half insightful, and about half personal.

The Gun Blogs - Online community for gun bloggers
http://www.thegunblogs.com/node/feed

SU’s place for everyone who wants to try their own gun blogging, for free.

Dr. StrangeGun, or how I learned to love the odd…
http://drstrangegun.blogspot.com/atom.xml

Not a lot of content, but insightful.

Tinotopia
http://www.tinotopia.com/fulltext.xml

Not a lot of people blogroll him, which is surprising. ?Knee-jerk? libertarian, but he doesn’t exactly splash that all over his banner. He’s had an online presence for forever, so Tino probably already got there firstest with the mostest. Cranky consumer.

Curiouser and Curiouser
http://www.memestreams.net/users/acidus/?type=rss

Whitehat Hacker. Memestreams feeds are annoying because whenever another memstreamer comments on the original post, the feed is updated like it’s a fresh post in my feed aggravator.

Fish Or Man
http://fishorman.blogspot.com/atom.xml

Insightful commenter from SU’s blog. Not a lot of content.

Lean Left
http://leanleft.com/feed/

My attempt at ?balance?. So far it’s pretty good.

the munchkin wrangler.
http://munchkinwrangler.blogspot.com/atom.xml

Not a lot of content, but when this breeder isn’t talking about his kid, it’s always good.

McAdamSandwich’s Quest For Knowledge
http://mcadamsandwich.blogspot.com/atom.xml

not a lot of content, but it’s usually funny or interesting.

PawPaw’s House
http://pawpawshouse.blogspot.com/atom.xml
Ex-tanker, LEO, Republican. We don’t always see eye to eye but he’s always worth reading. He has a camp follower named Junior, who has a good website or two but needs to blog by himself.

TriggerFinger
http://triggerfinger.org/weblog/servlet/export/rss

Another commenter from SU. Good stuff.

Penn
http://penn.typepad.com/penn/rss.xml

Leah Penn, an interesting commenter from JMPP. The blog is 25% insightful, 75% used as a personal file cabinet. Fairly regular blogger.

Since we are talking about revising laws…

…What happens when “We the People” take a stab at it?

I mean, it can’t get any worst then our crummy Rep-o-crats and the damn Dem-o-publcans, can it?

Wikocracy is a experiment in free-for-all law revisions. Everything is up for grabs here, laws, regulations, judgments, legislation from the bench, from the executive branch, or from congress. Even the very mother documents that birthed this great county are up for revisions. Nothing is sacred.

This is a test…

To see what happens when everyone can write and revise the law. It may sound like a free-for-all. But that’s exactly the point– to make the process of law-making free for all.

On this platform, you can freely edit the USA PATRIOT Act, The Digital Millennium Copyright Act, your State’s law on gay marriage, your city’s zoning ordinances. If you’d like to change a law that is not yet on this platform, you can easily create a page and import the text you want to change. You can also write your own laws, post blogs, collaborate and spar with other users. Check out our FAQ if you have specific questions.

Although there are some suggested guidelines and tips that will facilitate this experiment, there are no rules. Nothing on this platform is legally binding. One person’s changes can be revised or reversed by the next. Over time, this platform could reflect a collaborative statement of what we think the law should be. Or it could reflect a moment-by-moment statement of the most recent editor’s views. This will be as bloody or as civil as you make it…

This is only a test.

I predict this will get ugly real fast. Might be fun to watch though.

(Thanks Claire)

For March 31, the “Button Guy” over at http://www.biggiantbutton.com/ (which is a big flash app which every day links to a new site) linked to my blog buddy, Jacqueline Mackie Paisley Passey. To tell you the truth, I think the idea is pretty silly, and I said so over there, but he has done something cool to earn himself a linkback. What follows is some basic standard *nix mischief.

I grabbed the flash file off his server using cURL and saved myself a copy:


standardmischief $ curl http://www.biggiantbutton.com/button.swf -o button.swf

Then I used a program called flasm to peek inside it:

standardmischief $ flasm -d button.swf|less

That should give you an idea of what’s inside that little app. I think it looks on your local system for the day of the month and then sends you somewhere based on a table inside the app. You can see it if you do something like this:

standardmischief $ flasm -d button.swf|grep -o ‘http:[-a-zA-Z0-9/\._]*’|head -n31

Did you follow that? Good, OK, then I got this obvious “sock puppet” comment here:

?Hey there, stumbled onto your blog via the blog linked from the Big Giant Button today.

…?

Umm, OK, Hi Jay Button Guy. You do know that nowhere in the world is it April 1st yet, so that big button should not have sent you here yet unless your clock is off.

Suspecting a joke, I grabbed his flash file again, naming it differently this time:

standardmischief $ curl http://www.biggiantbutton.com/button.swf -o button2.swf

This is where he earned the linkback. Using the flasm line above, I got the same output as before, but the original files are different:

standardmischief $ md5sum button.swf
23fbd93380ce9dcd7ce7455abe605842 button.swf

standardmischief $ md5sum button2.swf
fbb59a2e1792dd06cd3940cf0b7d07f6 button2.swf

There’s an extra 220 bytes too:

standardmischief $ la button*
-rw-r–r– 1 standard mischief 35348 2006-03-31 20:10 button2.swf
-rw-r–r– 1 standard mischief 35128 2006-03-31 10:02 button.swf

So I assumed that he spoofed my regex expression [-a-zA-Z0-9/\._]* with something like this:

http://www.joecartoon.com@standardmischief.com

Which should send you back here. But that does not seem to be the case. I’m also not 100% sure that he really did link to me, or that is further is part of the joke.

Really gives that old gray matter a workout.

Because the decompiler output matches exactly (except for the filename):

standardmischief $ flasm -d button.swf> button.txt
standardmischief $ flasm -d button2.swf> button2.txt
standardmischief $ diff button.txt button2.txt
1c1
< movie 'button.swf' compressed // flash 7, total frames: 1, frame rate: 12 fps, 550x400 px
---
> movie ‘button2.swf’ compressed // flash 7, total frames: 1, frame rate: 12 fps, 550×400 px

I’m guessing that he threw in some kind of junk that breaks the Flash standard, but that’s just a Wild Ass Guess right now. Updates, if any, to follow.

Update: Sorry about the crappy whitespace around the code examples. I can’t figure out the style sheet right now to fix it. Bash can ignore extra whitespace, I hope you can too.

Update: What a letdown! See the comments.

I overpaid for this can, I think it was 11-something bux at a gun show, but if it saves you half an hour under the greasy metal beast it’s totally worth it.

I don’t know what’s in this stuff, or why its not sold everywhere on the planet, or why people keep telling me that they no longer make the stuff because of EPA regulations, but it works. It seems to dissolve rust. It’s fully an order of magnitude better at penetrating than olde water displacing number forty.

Once I had to move a lot of studs off of an engine block to transfer them over to another block. I’m not exactly sure why the rebuilt block didn’t come with the whole 10 bux extra worth of studs. I would have even ordered and paid for them if I had the documentation that told me what I needed. If you ever do an engine swap, you will burn up an amazing amount of time running around to pick up this or that, but it’s not like I could have ran out and bought new studs at the local, convenient, 24 hour, metric weird hardware emporium. So I either had to reuse the studs I had, or overnight them from someplace like MSC (also recommended, a mecca of pure unobtainum).

I used the Kroil, let them sit for 30 minutes, and then put on double nuts locked together so I could back the stud out. The short story was that I got every single stud out intact for reuse.

Tonight, I tackled Toyota half shaft number 4. I should have tried the Kroil first, but I thought I had my magic mojo in the silver slapper I had rented. About to give up in frustration, I gave it the holy sprinkle drenching of Kroil, and stepped out for a brainstorming half mile hike. I attacked with the prybar when I got back and actually made some progress. I reattached the silver slapper and finally got the damn thing out. The bearing was rusted pretty well to the steel casting it was mounted to.

Besides hardware stores, lots of shooting supply mail order places carry it too. I’ve used both the liquid and the spraybomb cans and they work equaly well. Try Froogle.

–
Extra tags, for Google’s sake: driveshaft, half-shaft, camry, repair

–

Although it’s not a complete step-by-step, the driver’s side half-shaft was covered in my blog here.

Ok, so I snagged a copy of Spychips from a local bookseller, a one day before it’s official release date. Just checking Amazon right now, it’s ranked at #61 for non-fiction, probably from pre-orders. I’m finding that very surprising, but that’s exactly what we want. Despite the alarmist tone set throughout the book, RFID tags and related technology really are a threat to our privacy and freedom. I can only hope this book sets off a firestorm. RFID stands for Radio Frequency Identification, and they are little transmitters with unique numbers that can be hidden in all kinds of things.

My own experience trying to relate basic info about RFID tags to others have pretty lackluster. Their eyes glaze over. They nod and switch the subject. They are not alarmed as long as its only used on the “violent felons and child molesters”. You do want to protect our kids from them, right? You ain’t one of those “mark of the beast” holy rollers, are you?

This book does a very thorough job at explaining the potential for the abuse of RFID technology. I’m sure the authors sat around many a brainstorming session to think of every creepy scenario. The book is heavily footnoted, in part, I think, to prevent it from being dismissed as fringe literature and being grouped in with the HAARP weather control gunk, and the flat-earthers.

If you are looking for technical details, this is the wrong place. “Megahertz” is only briefly mentions once, in a sidebar. They only gloss over the difference between “passive” (unpowered) and “active” (contains a battery or other power source, can be read from further away) tags. Perhaps this is for the best.

One disappointment was the lack of a lexicon. I think that the next level of discussion should include language to distinguish the difference between different types of tags.

For example: in chapter 10, there is a discussion of Speedpass, a RFID embedded keyfob, linked to your credit or debit card, that lets you pay for gas and snacks at Exxon-Mobil gas stations. It has already been cracked. I would like this tag to be described as “unpowered” (instead of “passive“). Furthermore, I would also say this tag was “promiscuous” (when activated, it will power up and identify itself to anyone), “silent” (does not let the owner know when it is communicating), and it’s only security is a weak “challenge-response“.

Details of the exploit are on the above linked site, discussion is here, (duplcated from here) but briefly, the fob was brute-forced attacked. The attacker would slide up to the victim and simulate a speedpass reader terminal with a laptop. The attacker would query the speedpass with multiple requests and record the response. The results were crunched to find the internal key of the speedpass, and then the fob was simulated with a laptop at the pump. Because the speedpass is “silent“, it failed to inform its owner, (with a beep or flashing light), that it was being accessed. Because the tag was “promiscuous“, it could be brute-forced anywhere. A simple pushbutton switch added to the speedpass would be a highly effective security countermeasure, and attacker would have to physically hold the button down, while brute-forcing the fob, and if going through all that trouble it’s likely easier for the attacker to just steal the fob at that point. A stronger encryption scheme would help also.

Despite the lack of technical jargon (or perhaps because if it) I’m still recommending this book, especially for the novice. It’s thought provoking and easy to understand.

–
An additonal review by Bruce Sterling, who wrote the book’s preface.

spychips
RFID