-
Peter Holsapple talks about the difference between cutting demos for the dBs in the early 80s and doing it with ProTools today.
-
Precedent setting move that interprets “free licenses” as setting conditions on the use of copyrighted work–if you violate the conditions, you’re guilty of infringement. Clear and unambiguous and very important.
-
That’s a sad day.
-
The confidential recommendations to the MBTA made public. If there were any doubt of the MIT students’ intentions, this paper should clearly show that they were trying to help.
-
Not only does the MBTA not understand security or the First Amendment, they published the secret that the MIT researchers were trying to help them to keep.
-
An interesting alternative to grilled pizza.
-
“The idea of there being these two separate things has to be forced away from our thinking. They are one team, which produce one product. Stick their desks together and see what happens.”
-
I wonder what the looming prospect of “real” cyberwar does to responsible disclosure and other cherished security research principles.
The return of Shannon Worrell
Shannon Worrell, an artist whom I developed a serious musical crush on in Charlottesville in the early ’90s, is recording again after an eight year hiatus and has a new album, The Honey Guide, coming out later this year. This is big news; her last album, released after the breakup of her band September 67, came out in 2000 into a critical vacuum. I liked The Moviegoer but it was too polished for my taste, and her new song (“Driving in the Dark”) has an edge to it that brings back what I liked best about Shannon, the honeyed whiskey voice and sharp eye and lyrical left hook that combined for an unsettlingly brilliant listen.
I had a perpetual cold and perpetual insomnia during my third and fourth year, the spring and summer and fall of 1993, and so used to hang out in a long-forgotten Charlottesville restaurant called the Corner Grill Main Street Grill. It didn’t do nearly the sort of business it needed to pay the rent on its fairly large footprint, which included a spacious upstairs room with a small stage, and it folded in late 1993. But my insomnia loved the coffee there, and my cold was nourished by the grilled cheese sandwiches and chicken soup. And the joint drew the kind of musicians that Charlottesville seemed to create out of the mud: Greg Howard and Tim Reynolds (playing as Sticks and Stones), Boyd Tinsley one memorable night (I dragged my fellow physics interns in the REU program there; he was guesting with Sticks and Stones, and it was a wild improvised set. I ended up peeing next to him in the tiny bathroom, shrinking from his immense height), and Shannon.
The first time I ever saw her, she played a solo set, her and an acoustic, then called up Kristin Asbury to do harmonies. I knew of Kristin from her work in one of the UVA a cappella groups (she was a Sil’hooette, I think) and somehow I felt that I was on stage with them. It was a weird out of body sort of moment that was reinforced by the wonderful Southern gothic strangeness of the songs.
Zalm and I saw her later that summer in another mostly solo show (I think that both Fred Boyce and the cellist who played on Three Wishes were there). There were quite a few funny notes about the songs on the first album, including one about an elderly couple who misheard the lyrics to “Witness” and thanked her very solemnly for her willingness to share personal details. It was a pretty incredible show. The CD came out the next spring; I embedded its tracks in mix tapes and spent the summer singing along to it, stretching out my high range for the first time. (I think that’s a big part of the reason that Reilly Lewis of the Cathedral Choral Society thought I was a first tenor.)
I next ran across her in Tower Records in 1997, when I found the September 67 release. We were both going places: I was doing well professionally, and she had signed a deal with the Enclave and was on the Lilith Fair tour. I played the crap out of Lucky Shoe, again putting it in mixes and sending it to friends. But not all good things last, and September 67 was dropped when EMI/Virgin merger went down. Her last record, The Moviegoer, crossed my path when I was just starting business school and it didn’t make as deep an impression. Then… silence for eight years.
So I’m pretty excited, obviously, about the new record, which is due in October. Along the way I noticed that Shannon didn’t have a Wikipedia entry, so I wrote one.
Real artists: ship, rip 78s, slow-cook beans. Pick one.
-
3,739 MP3s from 78s. Start grabbing ’em before the RIAA hits him. Oddly, “Aba Daba Honeymoon” was one of the songs my Aunt Marie requested in hospice, and we couldn’t find it except on Youtube.
-
A commercial company’s ability to innovate is inversely proportional to its proclivity to publicly release conceptual products–Kontra’s Law. AKA “Real artists ship.”
-
It makes sense. If you can predict hot products by watching search trends in cyberspace, you ought to be able to predict shooting wars by looking for politically motivated DDOS attacks.
-
An argument for soft-cooking green beans sounds pretty good to me.
-
A thorough review of McCain’s abortion voting record, public statements, and recollections of political acquaintances confirm his hardline pro-life stance.
VMWare critical licensing bug
According to Matthew Marlowe’s Blog, VMWare instances running ESX 3.5U2 in enterprise configurations have a license management bug that will prevent them from starting, beginning tomorrow.
The post has turned into a list of pretty helpful tips, including:
- A link to the VMWare KB article that has status updates
- Turn DRS off (or set sensitivity to 5)
- Avoid VMotion
- Avoid powering off VM’s
While the licensing bug does not appear to be related to security issues, this is a pretty good reminder of how mission critical hypervisor software is. It should be held to the same standards as operating systems.
Security: information, MBTA, geopolitical
-
Russia vs. Georgia = The return of military geopoliticism.
-
More Black Hat/Defcon fruit–spoofing HTTP 301/302 to force a customer to downgrade an HTTPS session for the purpose of stealing cookies.
-
Chandler makes it to 1.0. Dreaming in code no longer?
-
Orwell’s six rules for clean, strong English: avoid stale figures of speech; favor short words where possible; cut words where possible; prefer the active voice; English over loanwords and jargon; and break these rules to avoid outright barbarism.
-
“What this talk is not: Evidence in court (hopefully).” MIT students talk about security problems in the MBTA, including Charlie Cards; media howls OMG MIT HAXXORS. How about OMG MBTA SUXXORS??
Isaac Hayes, RIP
I was two or three years out of college when I first listened to Isaac Hayes seriously. I had picked up Shaft in college but, aside from the title track, it didn’t speak to me. I mean, flutes? Really? I just couldn’t get past the instrumentation. I knew there was something funky there but it wasn’t finding me.
And then I picked up, for some unknown reason, the soundtrack to Stealing Beauty, which leads off with Hoover’s (later Hooverphonic’s) “2 Wicky.” I was never a big Hooverphonic fan, but “2 Wicky” set off all kinds of bells in my head, primarily because of the opening, which I knew had to be sampled from somewhere. I did some digging and found it had come from the lead off track on Isaac Hayes’s Hot Buttered Soul, an album I had always assumed was a goof like Shaft. But I was hooked on that opening guitar + backing vox riff, so I picked up Hot Buttered Soul.
And I couldn’t put it down.
That weekend I was driving around Raleigh, North Carolina, with some college friends–we were there for a wedding–and I couldn’t pull the disc out of my car player. I must have played “Walk On By” and “Hyperbolicsyllabicsesquedalymistic” about a hundred times that weekend. The album was so over the top, so drenched in drama and sound, but somehow it touched the same funky center, breathed the same groove, as the Parliament and James Brown that I had been marinating in for the previous four or five years. And it reached deeper than those cuts in some ways–Hayes projected a pain and vulnerability that you’d never hear from the Godfather of Soul.
I was smacked sideways when I heard yesterday about Isaac Hayes’s death. It seems like someone who touched the human condition so deeply shouldn’t be allowed to go so quickly.
Security, privacy, fatuity, and parody
-
Amanda Palmer meets Feist.
-
Man. I wish we had known about this option eight years ago in our first floor apartment at Worthington Place. Those privacy screens we ended up using were dangerous.
-
Ironic, isn’t it, that it’s the middle class self made man being painted as elitist by the wealthy man from a wealthy family who owns his own private jet and owns six houses.
-
Oh for God’s sake (redux).
-
Krugman’s take on the Republican strategy for the election: simple answers for complex problems, and to hell with the facts.
-
Getting around memory protection safeguards in Vista and Windows Server 2008 undoes a lot of the work that Microsoft did to guard against exploitable buffer overflows. This is A Big Deal, particularly if it’s as reusable as Dino Dai Zovi claims.
-
Followup to yesterday’s “killswitch” file. This is a list of applications that are forbidden to use Core Location, not a full-on killswitch. Still an interesting design decision, and one I wouldn’t want to explain to developers.
-
Here’s the list of 2.6.1 bugfixes. I don’t see anything about the nasty admin login cookie issues that bit all those of us who upgraded to 2.6.
Attack of the Living Dead Friday Random 10
It’s been a good long while–over a year? really??? where did time go?–since I posted one of these. In that time I finished my “listen through” of my music library, so I don’t have a large pool of unlistened to songs on my iPod. Instead, a good many of these are likely to be songs that are already on my playlists, and therefore a little less revelatory. Let’s see what happens.
- U2, “11 O’Clock Tick Tock.” 11 O’Clock Tick Tock (Single)
- Howard Jones, “No One Is to Blame,” Dream Into Action
- Sun Kil Moon, “Si Paloma,” Ghosts of the Great Highway
- PJ Harvey, “The Letter,” Uh Huh Her
- Maddy Prior, “Singing the Travels,” Silly Sisters
- Jamie Lidell, “What’s the Use”
- Sarah Blasko, “Don’t U Eva”
- Peter Gabriel, “In Your Eyes (special remix)”
- M.I.A., “Bamboo Banga,” Kala
- Big Star, “Give Me Another Chance,” #1 Record
New mix: “Blasphemous rumors”
I haven’t posted a new mix for a while, and there are a few reasons for that. So I’m jumpstarting by posting a largely unedited theme mix, based on Estaminet’s Sacrilicious mix of a while back. It’s called “Blasphemous Rumors,” and it hits songs with Old and New Testament themes as well as good old fashioned breaking of the third (or second, depending) commandment.
This will also be the last mix I post on Art of the Mix unless a few things change. The site has had some problems with SQL injection vulnerabilities, and the developer chose to fix the vulnerabilities by filtering input–which is fine, but it means that you can’t create a mix with the word “drop” in it, even in a song title (e.g. “Dropkick Me Jesus”). Tip to the developer: the best way to avoid SQL injection is by whitelisting input and parametrizing your queries, not by blacklisting.
So does anyone have a recommendation for a replacement for Art of the Mix? It should ideally support uploading playlists from iTunes.
Money, money, and security
-
The best lesson I ever learned from Ken Morse and his classes: Cash Flow Is More Important Than Your Mother.
-
What Microsoft thinks about possible security issues with WCF (and to an extent .NET by extension).
-
For all those people who miss the Swarovski crystals on their iPhone, this $999.99 iPhone app might do the trick.
Comprehensive security guide for Windows Communication Foundation
The developer challenge in developing secure code is two-pronged: first, understanding the threat landscape; second, coding defensively and following best practices to avoid creating security vulnerabilities in code. The WCF Security Guide, now available for download from Microsoft, is a pretty impressive document (600+ pages) that combines aspects of both threat landscape definition and specific coding practices, leveraging Microsoft’s Windows Communication Foundation (part of the .NET Framework in version 3 and later).
WCF is an impressive framework that allows the creation of applications that do everything from turnkey SOAP web services to custom communications channels, with tons of flexible configuration options. The downside of the flexibility of the framework is that a lot of the choices it offers have serious security considerations, and the tradeoffs aren’t necessarily clear at development time. For instance, WCF allows the definition of the security mechanism used to protect a communication stream–transport level, message level, or none; encryption, message signing, or both–and using some of the options can make deploying services more complex (must run the service as a user who belongs to a domain, for instance). The guide walks you through a lot of these decisions, as well as basic secure coding practices ranging from input and output sanitization to developing to survive a DoS attack.
Onegin reviews and other musings
-
A different sort of review, but how many pro reviewers get compliments on their hair from the diva at the end of the night?
-
“The virtues of Saturday’s extraordinary concert performance of “Eugene Onegin” by the Tanglewood Music Center Orchestra began with its cast. … The brilliant Tanglewood Festival Chorus gave voice to the opera’s various peasants, maidens, and partygoers. The ovation at the end was enthusiastic and long-lasting.” And Renée Fleming was pretty darned good too.
-
The free track from the new Eno/Byrne collaboration is up, sounding almost, but not completely, unlike “My Life in the Bush of Ghosts.”
-
I think this is the solution to my music library storage problem: rack a bunch of these together and label the doors. Now: table, wall, or on a stand?
-
“During some gossipy interjections, the Tanglewood Festival Chorus showed rare disunity.” ORLY? I would have said we were awfully unified, just without the precision of diction that we usually bring.
-
“There was a lot to relish in ‘Onegin.’ … Too bad this performance will never be heard again. It will live on in memory.”
-
“Sir Andrew Davis … stood in for Levine, earning thanks for a fine job. He doesn’t create the buzz and excitement that Levine does, but he’s only human, and it’s beginning to look as if Levine is something more.”
Upholding and reporting, bizarro style
-
On the Fourth Amendment and its "chilling effect" on government. Well, duh.
-
That ridiculous article about whether Obama wasn't fat enough to be electable, with all those interesting quotes from Hillary supporters? Turns out the reporter trolled for the quotes with a Yahoo! message board post.
Alone in the crowd
There are some days where my love of Tanglewood bumps up, hard, against some of the less ideal aspects of the place. I speak of the crowds.
I think part of the reason I love coming here with the chorus is those glorious early days of the residency, when we and the orchestra are almost the only people here. But come Friday night and a concert in the shed (in which I’m not performing) and I find it a bit… overwhelming. Call it agoraphobia, but partway through the search for friendly faces among the blankets and lawn chairs I’m invariably seized with the urge to flee. So it was that I couldn’t hack the crowds for last night’s concert.
But of course I still want to hear the music. So this residency I’m taking full advantage of that secret of the Tanglewood experience: the open rehearsal. While they can still be crowded, particularly this morning with Yo-Yo Ma, the crowd is not as dense, and one can sit inside the Shed and feel insulated from the worst of it. And the best part is how cheap the tickets are–I mean, they let the chorus in for free, in recompense for our services, but even for the general public an open seating ticket is less than $10.
Colic, anthrax, and presidential avoirdupois
-
It's incredible after all this research that the best medicine can tell us about colic is to teaach the baby to soothe itself.
-
Oh for God's sake.
-
Non-closure closure for the big post-9/11 mystery. If this is true, it suggests that fear itself was our worst domestic enemy after the 9/11 attacks.
-
Twitter had a cross site request forgery vuln.
-
And it's about damned time, too. Fixes both the DNS vulnerability and the AppleScript ARDAgent vulnerability, as well as a host of others. Apple: What took you so long????