https://buy-zithromax.online buy kamagra usa https://antibiotics.top buy stromectol online https://deutschland-doxycycline.com https://ivermectin-apotheke.com kaufen cialis https://2-pharmaceuticals.com buy antibiotics online Online Pharmacy vermectin apotheke buy stromectol europe buy zithromax online https://kaufen-cialis.com levitra usa https://stromectol-apotheke.com buy doxycycline online https://buy-ivermectin.online https://stromectol-europe.com stromectol apotheke https://buyamoxil24x7.online deutschland doxycycline https://buy-stromectol.online https://doxycycline365.online https://levitra-usa.com buy ivermectin online buy amoxil online https://buykamagrausa.net

Category: Computer Security

Im-mobilized

Being without a mobile phone for a week-plus sucks

So every year or so I see an eyerolling article on “I lived for a week without Google” or “I got rid of my Gameboy” or “I turned off my mobile phone and here’s how my life changed.”

Having been without a mobile phone for 9 days, I can tell you … it sucked.

(And, since I have a blog, I can kvetch about it at length. Feel free to ignore it.)

* * *

On Sunday the 9th, I found my phone — a Pixel 1 — was dead. Press a button, get a battery-and-lightning-bolt icon for a few moments. Plug it in, get the logo full-time, but no sign of charging.

Dammit.

Not my Pixel, but you get the idea

It took me a few days to go through all the diagnostics I could on my own. As it seemed to be a power problem, a lot of the recommendations for diagnosis and/or correction had to do with letting things fully discharge, letting things fully recharge (leave it on the charger for some hours), trying something, and, if that fails, try a full (dis)charge again.

By Tuesday, I had tried what I could, had scoured the Google for things to try, and starting to run into real problems with having a dead phone. So Tuesday night, I took it down to the local UBreakIFix where I had gotten a new battery installed back in May (which had been wonderful).  The guy there assured me he could take a look at it that evening and have some answers.

Fast forward a couple of days, and multiple calls to the shop to get a status (which was mostly prefaced with “Oh, I was just working on it, I need to do this one more thing”). By Thursday evening, they had given up hope and said the only thing left was a motherboard problem.

Now … I’ve had this phone some years (a 1st Gen Pixel, as I noted, which was introed in 2016, which is like forever ago in phone years). So I wasn’t completely outraged that it had given up the ghost with some mysterious ailment. And I’d done some research in the meantime, and decided I wanted to continue on with a Pixel 4.

The one I (eventually) got was black, not orange

(Yes, I’ve read about the problems with the Pixel 4, most of which have to do with battery life. I’ve also read some post-release review saying, hey, y’know, if you’re not running movies and playing chip-burning games 24×7, the battery life is actually perfectly reasonable. Which, since I’m not in that heavy use category, sounded good to me.)

So Thursday evening we picked up my brick, and went over to the Verizon store. We get good discounts through Margie’s employer (who has been working with Verizon so long the company agreement number is a preposterously low value compared to where they are now).

I wanted a Pixel 4XL. And I wanted the 128Gb version.

Oooh, sorry, we are all out of 128s in the 4 and the 4XL. But we can order it and have it shipped to you.

I have been without a mobile for five days, with various dire results. Okay, fine.

Okay, that will be 3-5 business days.

Dammit.

Or, for $13, you can get it delivered at home tomorrow night by 8pm.

Sold.

Until the next day, when we hadn’t gotten any shipping info on the phone (just a receipt for the bill). And, when I contacted Verizon, I was told the order went in too late on Thursday evening, so it would be another business day.

Monday, by 8pm.

Dammit.

I did get them to reverse the damned $13, so that was … mildly less infuriating.

Monday rolls around. FedEx notes it will be delivered by 8pm, but has no more details. Oh, wait, maybe I can get more details, but I have to create a FedEx account which …

… gets validated by a code texted to my mobile. Which I don’t have.

Margie has to take Mom off to the doctor on Monday morning, but, hey, phone is due that night, right?

Well, apparently FedEx believes that “by 8pm” also includes “or eight hours earlier than that,” as we get notification that they tried, really-truly they did, at 11:59 am, but nobody was there.

Dammit.

So I can either accept delivery “by 8pm” on Tuesday (someone stay home and don’t even dare go to the bathroom, by gad!), or go by the FedEx facility after 6:15pm, but no later than 7pm when they close.

Well, it’s been a long day for me, and a longer one for Margie, but we tromp to FedEx because, dammit, I want my phone.

We’re delayed a few minutes in dealing with the fact that the email FedEx sent us with the address of the facility, when the address is clicked, points to (in retrospect) the geographical center of the city it belongs to (complete with turn-by-turn directions), rather than, as Google kept trying to tell us, a facility over near the airport.

Fortunately, we listened to Google, otherwise there would have been violence.

As there almost was when we showed up at 6:30pm at the FedEx facility, and were told by the guy behind the counter that, oh, sorry, that truck isn’t back yet.

Don’t peeve off my wife on customer service matters. She gets frightening.

The guy behind the counter quickly scrambled off into the warehouse and, lo and behold!, the truck was there, it just hadn’t checked in yet. He returned with.

My Phone.

Which I got up and running over the course of the rest of the evening, despite some really annoying aspects to Googles two-factor-authentication which almost kept me from doing the restore because it really, truly, certainly wanted me to confirm my identity logging into the phone by sending a text … to the phone … which it wouldn’t accept … because I wasn’t logged in.

The one advantage to the delays in getting the phone was that it meant the accessories (case, etc.) had plenty of time to arrive.

Anyway, I have my phone and, aside from weirdness on the company security side of things (which took up waaaaay too much of my time today), it is so nice to have my mobile back.

And, yes, this is a classic #FirstWorldProblem, but personally aggravating, regardless.

* * *

So, what were the problems of being without mobile phone?

Here were a few I noted:

  1. All the security mavins recommend two-factor authentication for good security. I.e., not just a userid/password combo, but some physical thing you have that proves you are you, and not just some guy who stole a userid/password combo.

    Most of these involved either some fancy code generator like Google Authenticator, or else, more simply, “We’re going to text you with a code, so plug the code into this screen to prove you are you.”

    That’s all really awesome. Until the device that does all of that — the one you’ve installed an Authenticator on, or the one that has your pre-entered mobile number as the thing to text to — is kaput. Then all that happens is that you can’t get to the Authenticator, and you can’t receive texts …

    … and various services who want to prove you are really you, can’t. So they declare you an electronic non-person.

    This happened with some of my office application needs (where we use Okta authentication), but I also got picked up in a random check on reality by Twitter. Some applications allow for alternatives (“text you? call you? email you?”), but Twitter just have that one phone number it wants to text you at.

    You can change that phone number, of course, but they need to text you to confirm it …

    So that’s why I wasn’t on Twitter.

  2. It’s also why I went radio silent on texting. Which is the main way I chat in passing with my Mom, but is also how some folk tried to reach me over those nine days.

    Oh, yeah, no casual (or possibly life-saving) phone calls when not near a land line.

  3. No Google Maps when driving places. No Audible books while driving places, either. The latter is annoying. The former is … weirdly 1980ish, and surprisingly disconcerting. Not just “I don’t know how to get there, how do I do it,” but even, “Well, I remember how to get there, but WTF is the traffic like and should I go this way or that?”
  4. Okay, and, yes, a part of it was not being able to just look up stuff on the Internet, or check the news on the Internet, or take a photograph, or pull out data at will from my calendar or my contacts or my secure notes. This was annoying, but also made for weird times when it was, like, “Okay I am bored standing here waiting for the coffee to brew and what do I do aside from staring at the coffee as it brews?”

    Which is all the more awkward when there are five other people on the elevator, or huddled around the coffee machine, and all of them are on their phones.

None of this turned turned out to be horrible. No tales of being stuck in the wilderness or attacked by zombies without my mobile. No never-to-be-seen-again photos of my baby’s first steps lost because I didn’t have my mobile working.

But it was annoying, and cropped up as a further annoyance on an ongoing random basis. Way too many moments of, “Oh, let me grab my phone and–” cut short. Way too many “Oh, if we can’t text you a code for us to use to validate your authenticity, we are going to close your account and destroy your life” moments (or what felt like them).

Again, yes, I know, First World Problem.

It was illuminating the degree to which we (I, at least) are dependent on mobile phone access, without serious preparation to work around the inconveniences (e.g., when vacationing somewhere with extortionate roaming charges). There are probably some profound lessons there about reliance on technology, and how our tools shape us as much as we use them, and perhaps even a nostalgic call out to a simpler time.

I don’t know about that. I just know that being without a mobile phone for nine days really sucked.

All Secure

HTTPS ahoy!

Finally got around to fully implementing HTTPS on the blog. It was mostly in place, but various bits and bobs had to be cleaned up. Now visitors should get a neat little padlock up in the URL bar, rather than a scary warning of some sort.

If any of my legions of readers do run across something amiss, please do let me know.

Continued concerns about the F-35 and cyber-security

I love the smell of Massive, Innovative IT Projects in the morning.

The F-35’s promise — to be the single be-all and end-all of every combat mission that any service (of any nation) might want to fly — has always been terribly seductive, as has throwing every high-tech idea under the sun at the plane, from fully integrated data and networking systems, to the plane being able to tell ground-based logistics what sort of repairs and parts it needs.

But they look so cool!

But as anyone who has done any sort of large, innovative project, esp. one prone to scope creep (and where such creep profits the party doing the work), such efforts tend to be extremely expensive, as the F-35 has clearly demonstrated. It also has tended to create a complicated jet where a flaw over here can have unexpected consequences over there — and, as a fully networked combat system, something that may be vulnerable to cyber-attack.

Fortunately, we’re not building this to go against any enemies that can do cyber-attacks, are we?

Most worryingly, a report in October from the US government’s General Accountability Office found the Department of Defense had failed to protect the software used to control the F-35’s weapons systems. Testers could take control of weapons with “relatively simple tools and techniques.”

To give you an idea of how the interconnected nature of the F-35’s computer systems is a massive vulnerability in of itself: separate subsystems, such as the Active Electronically Scanned Array radar, Distributed Aperture System, and the Communications, Navigation, and Identification Avionics System, all share data. Thus, the GAO’s auditors warned, just compromising one of these components could bring down the others.

“A successful attack on one of the systems the weapon depends on can potentially limit the weapon’s effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life,” said the GAO team.

Of course, certainly the contractor and the government have been diligent about finding and plugging any security issues.

“As in previous years, cybersecurity testing shows that many previously confirmed F-35 vulnerabilities have not been fixed, meaning that enemy hackers could potentially shut down the ALIS network, steal secret data from the network and onboard computers, and perhaps prevent the F-35 from flying or from accomplishing its missions,” Grazier wrote.

As for penetration testing of the ALIS system, Uncle Sam dropped the ball, the independent watchdog suggested. Rather than unleash a DoD red team of hackers on the code, the US government paid F-35 manufacturer Lockheed Martin to do it, and just accepted the results. Such hands-off regulation didn’t work out so great for Boeing and America’s aviator regulator, the FAA.

Well, at the very least, I’m sure the Pentagon has no officers who feel their careers are caught up inextricably in the F-35’s success and would therefore push the plane forward before it’s ready for combat, and certainly they wouldn’t be already moving forward with retiring existing successful combat aircraft before the F-35 has demonstrated it can do the job, right?

Right?

Do you want to know more? Easy-to-hack combat systems, years-old flaws and a massive bill – yup, that’s America’s F-35 • The Register

The (In)Security of Mobile Phone numbers

As people use mobiles more and more for not just phone calls (wait, they do that, too?) but as their primary access to the Internet, more and more companies and sites are using your mobile number as not just your ID, but as your authenticator, too.

But increasingly that’s problematic. Combining ID and authentication (this is who I say I am; this is how I prove it) into a single value or point is always theoretically a security risk, and trusting in physical possession of a phone or that phone numbers themselves cannot be stolen is becoming less and less of a certainty.

I don’t have any advice here — not even anything I plan on doing myself aside from trying to be vigilant. But expect security issues around this to get worse before they get better.




Phone Numbers Were Never Meant as ID. Now We’re All At Risk | WIRED
Your phone number was never meant to be your identity. Now that it effectively is, we’re all at risk.

Original Post

So last year’s Equifax breach was even more awful than previously revealed

Largely because Equifax didn’t reveal a lot of the details because state laws didn’t require them to.

A certain amount of the data stolen for millions (tens of millions, hundreds of millions) of Americans is of vague concern because it’s private information that is now presumably available to any black hat who wants to buy it.

But the real impact is on identity theft — being able to claim to some entity, “Well, yes, of course I am Jason Quill — here, I know the last four digits of Jason Quill’s Social Security Number, his birthdate, and his drivers license number.” Because those bits of data were stolen from Equifax.

Aside from hitting Equifax with legal baseball bats for a while, the only other obvious solution is to stop treating these data as “secret” and “proof of identity.” If someone said, “Of course I’m Jason Quill, because I know my first name,” people would laugh. We need to treat SSN, DL, DoB, email address, credit card number, as similarly compromised.

That’s tough. And expensive. How does Internet commerce work if we assume that’s the case? But it is the case, and pretending otherwise is not going to solve the problem.




Equifax breach exposed millions of driver’s licenses, phone numbers, emails
17.6 million driver’s license numbers, thousands of ID images stolen in breach.

View on Google+

Because everyone really wanted to change their Twitter password

Twitter has no evidence that anyone’s passwords got stolen from an unhashed password file on their internal network that was there for a lengthy period of time … but they don’t know that none of them were.




Twitter urges all users to change passwords after glitch | Reuters
Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as “hashing”.

View on Google+

Credit card companies are dropping signature requirements

That’s all very interesting … but does that mean that basic physical possession of a credit card equates to being able to effectivley use it?

Well, yeah, I guess. That’s actually the rule now, given that most (live) merchants don’t actually pay much attention to signatures. If the banks / merchants are willing to live with that, I guess we consumers will have to go along.




Credit Card Signatures Are About to Become Extinct in the U.S.
The major credit card networks are ending a requirement that people sign for most card transactions — the latest blow to the signature.

View on Google+

Gmail’s new self-destructing confidential emails are … not a good idea

It sounds simple — when crafting an email, you can make it “confidential” (only for the recipient) and/or self-destructing (expiring after a given period and not readable after that). Instead of a normal SMTP email message wafting off into the ether, an email is sent with a link to a secret page where the recipient, once they prove who they are, can see the message (but not copy it!) until it expires and is taken down.

Sounds clever, but it’s really not.

First off, the idea that nobody will be able to copy or otherwise save the email is just plain false. It sounds like copy-paste is disabled, but not screen capture. Heck, just use your phone to take a picture of it. Silliness.

Second, the validation process (proving you are the intended recipient of the confidential email) sounds a bit onerous — responding to a text message, logging in, etc.

Lastly, this sound like a fabulous way of generating malware infections. Miscreants can send someone a message with a faked sender (easy), the standard confidential Gmail link text (easy), and a link that takes you somewhere bad (easy). How will you know it’s a trap until you’ve sprung it?

Not all that confidential, inconvenient, and possibly dangerous. Hmmm. Yeah, as it stands, I won’t be using this feature, and won’t be recommending it to any one else.




Google is testing self-destructing emails in new Gmail – TechCrunch

View on Google+

The IRS has hired Equifax to help verify your identity. Yes, really

Equifax’s CEO was just before congress testifying how the company’s ineptness allowed a prolonged series of hacks to unveil the names, SSNs, DoBs, and other key identifying data of 150 million Americans (and some Canadians and Brits). That data could be invaluable in, among other things, tax fraud.

Which is why it makes perfect sense for the IRS to award a no-bid, single-source contract to Equifax for over $7 million to help them “verify taxpayer identity” to combat, of course, tax fraud.

Nice work, if you can get it.

The IRS contract award — which was made weeks after news of the breach was made public (which was, in turn, months after the breach had been detected by Equifax and that months after the first hacks actually occurred) — at least partially clarifies the rationale for what seems an extremely goofy thing to do. Equifax is the only company that can do what the IRS wants (it says), and the functionality is critical for the agency (well, duh, yeah, with all those SSNs out the in the wild …). The IRS also says that Equifax has already been doing this service for them, that none of the data the hackers broke into was their data, and that they haven’t seen any tax fraud from the hacking (yet).

Apparently various Congressfolk are just as confused about the IRS doing this as, well, I am.

Reps. Suzan DelBene (D-Wash.) and Earl Blumenauer (D-Ore.) separately penned letters to IRS Commissioner John Koskinen demanding he explain the agency’s rationale for awarding the contract to Equifax and provide information on any alternatives the agency considered. “I was initially under the impression that my staff was sharing a copy of the Onion, until I realized this story was, in fact, true,” Blumenauer wrote.

I suspect the eventual answer from the IRS will be, “Um, there really is nobody else who can or will do this for us, so we’re stuck with them.” Which always seems to be the lament of companies everywhere who thought that outsourcing was a great idea …




IRS awards Equifax no-bid, $7.25 million contract after hack
“This is considered a critical service that cannot lapse.”

View on Google+

My Equifax Breach Round-Up

The news cycle on all of this has settled down finally, so I feel like I can determine some coherent recommendations of what to do. That’s different from what we need to do nationally (stop treating the SSN as a secret password and unique identifier, for one), but that’s a different kettle of fish.

In sum, given that 140-odd million American consumers (and some Brits and Canadians) have had their personal identification information stolen (name, address, birth date, Social Security Number, some Drivers Licenses, etc.), and companies are still treating those values as a way to identify who you are, you need to take steps to protect yourself.

1. Put a lock / freeze on your credit record at each of the major credit organizations. That will prevent new credit accounts and loans from being opened up in your name. It will also keep you from opening up new accounts, so take care of that first, and safely secure the PIN you get back from them.

This costs money (not a lot, but still …) each time you put it on or left it off.

Note that it takes a few days to lift a hold/freeze, so if you are going in for a car loan or home loan or something, you’ll need to lift it in advance (find out from the loaning company which agency they use).

2. Consensus seems to be to ignore the “credit monitoring” service that Equifax is offering (for now) for free, and that the other companies will charge for.

3. Keep an eye on your bills and statements for the next … well, forever. Remember, the info that was stolen isn’t going stale, and can be used against you this year, next year, or for decades to come (until the costs to banks and these credit agencies gets so high that someone comes up with another way to validate identity).

4. Periodically monitor your credit report to see if something is wonky there. Again, this is now a life-long responsibility. You can usually get a free copy once a year, so you can spread that out between the different firms and check it quarterly.

5. Because in theory someone with your name and SSN could file federal taxes for you and claim a big refund that they coincidentally forward to a new address, it’s recommended that you file your taxes quarterly or as soon as possible each year. Again, this is now a perpetual threat.

Here’s some run reading.

View on Google+

Social Security Numbers are broken. What is the alternative?

We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us.

But anyone who’s ever worked with a system that tries to reliably and consistently identify people knows that it’s a problem. What identifier is ever continuous or persistent? Names have a dozen variations and spellings, and can be changed (for legal, marital, or other personal reasons). Addresses are inconsistent, as are phone numbers (though mobile numbers are getting more portable and perpetual, anyone can still change them). State IDs like drivers licenses are … well, bounded by the state, so a person could have more than one over time.

The closest thing we have in the US to a national identification number is the Social Security Number — a unique identifier that used to be issued upon going to work, and now is obtained at birth, and stays with the person perpetually.

The SSN has some significant problems, though. It’s a unique identifier, but is also meant to be a secret (or at least confidential) one. Employers have to know it for tax reporting purposes, but are not allowed to use it as an employee number. People doing credit checks of you ask for it, but aren’t supposed to reveal it to anyone else. Knowledge of it is considered to be an essential part of personal security, such that someone knowing your SSN (even the last four digits!) can pretend to be you for a number of sensitive purposes.

That’s not only problematic in trying to actually identify you, but it’s increasingly untenable. The Equifax break-in put 134 million SSNs into the wild — but then we are told that we have to be careful monitoring our credit because companies (and the IRS!) will still treat knowledge of our SSN as proof that someone is us, even though they know that strangers now have that information.

Or, as the article says, an SSN is not just your userid, but still serves as your password. And that’s crazy from a security standpoint.

The article’s basic suggestion that the SSN needs to be retire from at least one of those functions it carries — userid or password — is spot-on. The question becomes which one, and what to replace it with, and how to make that work in terms of valid initial assignment (if we can’t get everyone registered to vote, how do we get them a new national ID?), in the face of fraud (though SSN-related fraud is largely due to it being a quasi-secret number), error (how do you correct erroneous data associated with your identity, and prove that you have the right to assert that it’s erroneous), and potential abuse (if all the facts about you are associated with a single number, someone in authority can find out anything about you) and paranoia (OMG IT’S THE NUMBER OF THE BEAST AIEEEEE!).

But those are implementation details to work out (if non-trivial ones). The current situation — SSNs are so “secret” that knowing them is “proof” that you are you, but so unsecret that tens of millions of them are known to hackers — is unworkable, and will only grow more so over time.

[h/t +John E. Bredehoft]




Time to Retire Social Security Numbers | RealClearPolicy
There’s no way to sugarcoat it: The hackers who breached the credit bureau Equifax scored big. They made off with the personal identities of 143 million Americans — names, Social Security…

View on Google+

The Equifax Debacle

Yeah, pretty much this.

I’m following along the news as the best “next” steps to take as a consumer. Things continue to change so fast in terms of (a) things Equifax is doing and (b) ways Equifax is being criticized for stuff they are doing, that taking any steps for the moment (aside from watching my credit card charges, etc.) seems premature.

Of course, I also keep thinking that the Federal Government might step in regarding something that has seriously compromised the financial privacy and security of most American adults. And then I realize who’s running the circus in DC, and just grind my teeth.

Originally shared by +Les Jenkins:




Don’t Hit Save – Comic: Equifax
The webcomic that dares to take on the gritty world of software, technology, and indie game development.

View on Google+

So basically consider this the worst personal identity data breach ever

Equifax is one of the three major consumer credit reporting agencies, with oodles of information about every American consumer and their finances.

And they got hacked, and about 143 million people’s data — addresses, SSNs, birth dates, even drivers license numbers — are in the wild.

They have a page to go to — https://www.equifaxsecurity2017.com/ — ostensibly to find out if you’re one of the unlucky hackees, but they are basically offering credit record protection for free for a year to everyone (and anticipating such a rush that they’re staggering the enrollment).

Yikes.

Just as a note — anyone in any sort of security capacity who is still treating SSN or DoB as a secure value or way to verify identity is a dolt and should be fired.




Equifax Says Cyberattack May Have Affected 143 Million Customers
Criminals gained access to certain files in the company’s system from mid-May to July, according to an investigation by Equifax.

View on Google+

Tweetizen Trump – 2016-12-16 "Deflectors On Full!"

Not a lot in the Donald's Twitter account since last time. A couple of Victory Tour posts about Pennsylvania and Mobile, and then …

Are we talking about the same cyberattack where it was revealed that head of the DNC illegally gave Hillary the questions to the debate?

Just a random thought bubbling to the surface. Nothing to see here. Move along.

Again, when denial doesn't work (or even if it does), Trump always pivots to an attack, to deflecting the matter toward another target, hopefully by changing the subject. Insult his restaurant? He doesn't reply to the criticisms, he notes the magazine they appeared in is failing. That sort of thing.

I mean, think about it. What would the normal Presidential response be to "US intelligence services all agree that Russia was behind hacking attempting to influence the election, and CIA analysis indicates it was an attempt to get X into the White House"? What would Obama, or B Clinton, or either Bush, or Reagan, have said if these sorts of charges were leveled about how they got into the White House?

I would imagine something like:

"I am deeply concerned over the charges that Russia was attempting to influence our election through unlawful cyberattacks on our nation. While I am fully confident that the American People have spoken in electing me to the Presidency, I fully support efforts by our intelligence and law enforcement agencies to investigate this matter thoroughly, as a question of national security, and I will take all measures necessary over the coming months to ensure that this nation is protected from such attacks."

Yeah, that sounds normal, even laudable. It doesn't admit to what happened, but it shows a desire to protect the nation and determine the truth. It's political, but it's also the right answer.

Versus:

"Nuh-uh! Didn't happen! Obvious fake news. And if it did, it made the Democrats look like poopyheads!"

Very presidential.

For the record, yes, info from the hacked emails Russia provided to WikiLeaks does indicate Donna Brazile was passing on some information about likely questions / questioners in some of the debates.¹ And, yes, that's wrong. And, no, that has nothing to do with the source of the leaks and whether they are something that we should be concerned about.

Indeed, by wrapping up a foreign power's intentional hacking to influence elections with a political kerfuffle, Trump is (intentionally?) trivializing the whole matter.

Also for the record, there's no basis in saying that this action was "illegal". Unethical, perhaps. In violation of contract, maybe. But nothing criminal about it. But nice throwing about of an attack term, Donald.

I will be curious to see how this method of operating works (or doesn't) during the actual presidential administration of Trump. How long can he pull off not addressing critiques and deflecting to an attack? Is there anyone who can really stop him from dealing with all his problems that way over the next four years?

—-

¹ As the Russians either failed to break into the RNC computers, or declined to leak anything they found there (reports are mixed), we have no idea whether the Trump campaign got any advance notice from, for example, its many contacts with Fox News. If they did, their candidate didn't seem to take much advantage of them. And if they did, that doesn't exonerate Brazile of shenanigans. Neither does it address the more important question at this point of Russian cyberattacks in the first place.

 

View on Google+

Tweetizen Trump – 2016-12-14 "Hackity-Hacks, Don't Talk Back"

Yesterday was kind of slow on the POETUS' Twitter account — tweets about Victory Tour events, a picture of Bill Gats and Jim Brown.

But this morning, Donald is on a roll!

===

Has anyone looked at the really poor numbers of @VanityFair Magazine. Way down, big trouble, dead! Graydon Carter, no talent, will be out!
[https://twitter.com/realDonaldTrump/status/809383989018497024]

Wow. The soon-to-be-Leader of the Free World, having a hissy fit about a magazine — and calling out its editor by name — that, presumably, said something mean to him.

Thin-skinned lack of impulse control? Or an effort to bully away journalistic dissent?

We know, at least, what GoodThinking magazines write about:

Thank you to Time Magazine and Financial Times for naming me "Person of the Year" – a great honor!
[https://twitter.com/realDonaldTrump/status/809384826193276928]

===

On the ongoing "conflict of interest" debate, just stop paying attention to the man behind the curtain!

The media tries so hard to make my move to the White House, as it pertains to my business, so complex – when actually it isn't!
[https://twitter.com/realDonaldTrump/status/809389774066814976]

If you say so, Donald. Still waiting to hear how you will avoid looking like, when you make global or national policy choices, one of the factors isn't whether it affects your global and national business interests.

Unless the lack of complexity is "I'm President, so I can't legally have any conflicts of interest." That does sort of simplify things, right? It's good to be the king!

===

If Russia, or some other entity, was hacking, why did the White House waite so long to act? Why did they only complain after Hillary lost?
[https://twitter.com/realDonaldTrump/status/809392491514527744]

If Russia, or some other entity, was hacking, why did the White House wait so long to act? Why did they only complain after Hillary lost?
[https://twitter.com/realDonaldTrump/status/809403760099422208]

Those two identical tweets are an hour apart (and one has since been deleted). So … is Trump getting to be forgetful? Did someone fumble finger entering messages into some sort of timed release system and end up with dupes? Who's writing (or transcribing) this stuff, anyway?

As to the substance of the tweets, this is classic gaslighting. Because the White House did talk about Russian interference and information was released before the election about Russian hacking efforts. Really, truly, you can Google it.

As to the specific "The Russians were trying to throw this election for Trump" accusation — that information was presented to senor Congressional leadership to form a bipartisan stand against the matter; instead, Mitch McConnell, who now supports a Senate accusation, then called it political shenanigans and refused to go along with it.

And, knowing that making an announcement like this without bipartisan support, so close to the election, would in fact look like official interference in the election process — and, perhaps, being too confident that Clinton was going to win anyway — Obama didn't release what was known, except, again, in vague, non-partisan terms.

This is documented. Again, this can be Googled. Setting up an alternate reality where all this "hacking" stuff only came up after Clinton lost, is to basically lie about it (but set up a new narrative that, no doubt, we will hear from Trump supporters from now until doomsday).

And so it goes.

 

View on Google+

Tweetizen Trump – 2016-12-12 "Budgets, Interviews, Spies"

A busy weekend for POETUS Trump, at least as far as Twitter is concerned.

===

October 2015 – thanks Chris Wallace @FoxNewsSunday!
[https://twitter.com/realDonaldTrump/status/807663477322027008]
(Linked to an interview that Trump had with Wallace back then.)

RT @FoxNewsSunday Sunday– our exclusive interview with President-elect @realDonaldTrump Watch on @FoxNews at 2p/10p ET Check your local listings.
[https://twitter.com/FoxNewsSunday/status/807655142682230784]
(Retweeted by Trump)

I will be interviewed today on Fox News Sunday with Chris Wallace at 10:00 (Eastern) Network. ENJOY!
[https://twitter.com/realDonaldTrump/status/807932020236124160, 4:56am]

Will be interviewed on @FoxNews at 10:00 P.M. Enjoy!
[https://twitter.com/realDonaldTrump/status/808107215492091904, 4:32pm]

I think he wanted us to watch something this weekend.

===

On Friday, Trump was on about his cabinet picks.

.@RudyGiuliani, one of the finest people I know and a former GREAT Mayor of N.Y.C., just took himself out of consideration for "State".
[https://twitter.com/realDonaldTrump/status/807545243608420352]

And we can all breathe easier. Giuliani was clearly one of Trump's loyalists, but tempermentally he's as far from "diplomat" material as one can imagine.

A few days later:

Whether I choose him or not for "State"- Rex Tillerson, the Chairman & CEO of ExxonMobil, is a world class player and dealmaker. Stay tuned!
[https://twitter.com/realDonaldTrump/status/807970490635743237]

He is certainly that. Whether that's what we really need as a Secretary of State is another question.

===

I have NOTHING to do with The Apprentice except for fact that I conceived it with Mark B & have a big stake in it. Will devote ZERO TIME!
[https://twitter.com/realDonaldTrump/status/807547249681166336, 3:27am]

Well, and you will have your name in the credits as "Executive Producer." Of course, that can mean as little as "I invested a lot of money in it up front," so you may be in the clear.

Still, doesn't it strike anyone as — well, not normal — to have a reality TV show on the air with the President's name as an executive producer, and with the knowledge that companies are buying commericial time on it, and that a media network (NBC, see below) is paying him to run it?

Three hours later, presumably after a hearty breakfast:

Reports by @CNN that I will be working on The Apprentice during my Presidency, even part time, are ridiculous & untrue – FAKE NEWS!
[https://twitter.com/realDonaldTrump/status/807588632877998081]

Funny, your spokesperson Kellyanne Conway said that it would be something you would do in your "spare time".¹

===

Trump was on a roll blasting Pentagon waste.

A very interesting read. Unfortunately, so much is true.
[https://twitter.com/realDonaldTrump/status/807589280071684096]

This was referring to a WaPo article² about a DoD report a year or two ago indicating that $125B could be saved over five years by fixing Pentagon inefficiencies.

So that raises the question of what Trump plans to do about it, even as he promises to throw money at the Pentagon to make our military great (again).

Two days later:

The F-35 program and cost is out of control. Billions of dollars can and will be saved on military (and other) purchases after January 20th.
[https://twitter.com/realDonaldTrump/status/808301935728230404]

Well, it should be highly entertaining to watch Trump butt heads with a major defense contractor (Lockheed Martin), the US Air Force, and the Congressfolk who have stuff going on in their district related to the F-35.

That said, Trump is correct that the costs on the program are "out of control." But it's not quite as simple as just stopping it, or saying "Don't spend so much money."

As I said, entertaining and interesting.

===

Donald chimed in last evening on the leaked CIA report that Russia tried to throw the election his way by hacking a variety of sources (which included the Republicans), and then leaking material that would be embarrassing to the Dems.

Just watched @NBCNightlyNews – So biased, inaccurate and bad, point after point. Just can't get much worse, although @CNN is right up there!
[https://twitter.com/realDonaldTrump/status/808114703922843649]

Which makes his Apprentice deal with NBC all the more interesting.

He then picked up the conversation without a break this morning.

Can you imagine if the election results were the opposite and WE tried to play the Russia/CIA card. It would be called conspiracy theory! Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election?
[https://twitter.com/realDonaldTrump/status/808299841147248640, https://twitter.com/realDonaldTrump/status/808300706914594816]

1. This from the guy who joked about how Russia probably already had the "missing" 30K emails from Clinton's server.

2. If you pulled the theory from out of your hat, yes, it would be Alex Jones-worthy drivel.⁴ If the CIA were reporting this to the White House and to major Congressional leaders … not so much. Certainly not something to simply dismiss.

3. You know nothing about either hacking or forensic investigations. As far as we know, you haven't attended any briefings on the subject. How do you know it's "very hard"?

4. It was brought up before the election. The White House, bending over backwards to avoid looking like it was cooking the books on the election,³ brought the report to a bipartisan group of Congressional leaders, looking for bipartisan support in publicizing it. Instead, some of the GOPers balked, thought it would call the elections into question, or simply denied that the evidence satisfied them. As a result of your new bestest bud Mitch McConnell's partisanship, it was decided to not go public except in vague statements.

Yeah, I know, nuance and political delicacy and concerns about the greater good are all weird concepts for a Big Boss. You might want to take notes.

===

Other tweets: two on attending the Army-Navy Game; a retweet from the Inauguration team; one on how he won the Louisiana Senate race for John Kennedy.

—-

¹ http://www.cnn.com/2016/12/09/politics/conway-defends-trump-apprentice/

² https://t.co/ER2BoM765M

³ And perhaps a bit overconfident about how the election was going to go.

⁴ See also the theory of how you won the popular vote because of the "millions" of illegal votes for Clinton.

 

View on Google+

Looking into the Russian election hacks

I'm glad to see Obama ordering an investigation into this — though not committing to a public report is irksome.

But not as irksome as Trump's continued dismissal of the issue: '“I don’t believe they interfered” in the election, he told Time magazine this week. The hacking, he said, “could be Russia. It could be China. And it could be some guy in New Jersey.”'

He's either being disingenuous, or exemplifying the "I don't want to believe the facts so I'll make some up that I want to believe in" attitude that seems to hold so many of this supporters in sway.




Obama orders review of Russian hacking during presidential campaign
The president says he wants the report before he leaves office, but it’s unclear if it will be made public.

View on Google+

Maybe they should have stuck with DOS 5.0

Just like bridges and highways and buildings, software infrastructure needs to be maintained, too. And, occasionally, upgraded. "If it ain't broke, don't fix it" is fine, unless you start losing the ability to fix it when it does break.




Failed Windows 3.1 system blamed for shutting down Paris airport | Ars Technica
And the people who understand the old operating system are all retiring.

View on Google+

The Insecurity State

I'm not sure the cases are directly analogous, but there is a least a vague irony that various high officials in the security / surveillance agencies of our nation have had their private online accounts hacked (through social engineering), even as they insist that their agencies need easier legal access to the private data of US citizens.




The CIA director was hacked by a 13-year-old, but he still wants your data | Trevor Timm
The Senate is currently debating a bill that would give the government huge amounts of your private information. But this would make hacks more likely

View on Google+

Ruh-roh — I hate it when something I like gets sold

I've been a huge fan of LastPass for years — it provides me with all sorts of internal tools to promote good password usage on websites I register at.

I am not at all happy that they are being bought, since, inevitably, that means a change in priorities. Here's hoping that the LogMeIn people realize the gem they have acquired , not for how they can squeeze extra money out of, but as something that will draw more people to them.

Originally shared by +Les Jenkins:

Not sure how I feel about this. I've never been a big fan of LogMeIn (it seems like paying for something you can already do with the OS). Will be keeping a close on eye on how this develops and maybe looking into a different password manager.




LogMeIn buys LastPass password manager for $110 million | Ars Technica
LogMeIn promises to preserve LastPass brand, with expanded capabilities.

View on Google+