John Boehner (R - Delusional) was on This Week with George Stephanopoulos. In the interview, he was asked about global warming in the following exchange:

BOEHNER: When it comes to the issue of climate change, George, it’s pretty clear that if we don’t work with other industrialized nations around the world, what’s going to happen is that we’re going to ship millions of American jobs overseas. We have to deal with this in a responsible way.

STEPHANOPOULOS: So what is the responsible way? That’s my question. What is the Republican plan to deal with carbon emissions, which every major scientific organization has said is contributing to climate change?

BOEHNER: George, the idea that carbon dioxide is a carcinogen that is harmful to our environment is almost comical. Every time we exhale, we exhale carbon dioxide. Every cow in the world, you know, when they do what they do, you’ve got more carbon dioxide. And so I think it’s clear…

STEPHANOPOULOS: So you don’t believe that greenhouse gases are a problem in creating climate change?

BOEHNER: … we’ve had climate change over the last 100 years — listen, it’s clear we’ve had change in our climate. The question is how much does man have to do with it, and what is the proper way to deal with this? We can’t do it alone as one nation. If we got India, China and other industrialized countries not working with us, all we’re going to do is ship millions of American jobs overseas.

The look on George’s face was indescribable. When John said that we put out carbon dioxide, so it can’t be bad, my first thought was that we also put out all sorts of bacteria out the other end that aren’t terribly healthy should they be ingested. On the subject of international cooperation, my statement was “Oh, you mean like the Kyoto Protocol, that thing we signed by never ratified?” A co-worker of mine made the comment that he doesn’t know whats worse: That Boehner believes what he’s saying or that he knows he’s lying and doing it anyway.

Norm Coleman - Pwned!

It looks like Norm Coleman may have a new challenge: Violating state laws related to breach notifications. Politico is reporting that his web site exposed credit card details, and he hasn’t notified folks that their financial information was exposed. While the breach happened back in January, it wasn’t until this past Wednesday that the campaign issued a statement on the matter. This was precipitated by lists of the donors (and their information) being made available online.

Wired is running an outstanding story about the 2003 Antwerp diamond heist. The story provides a lot of information about how the heist itself was carried out, from the high tech reconnaissance that was conducted with a stealthy camera, to the blindingly low-tech of using a plexiglass shield to hide a heat signature. My favorite was spraying the heat and motion detector in the vault with hairspray to temporarily blind it.

Like most criminals, they got sloppy. They dumped incriminating garbage in property abutting a highway. Unluckily for them, the property owner was one who would routinely call police whenever he found stray signs of people on his property. It’s no surprise that four days after one of the largest diamond robberies in history, police were very interested in trash that included envelopes from the Antwerp diamond center. There were also receipts for equipment used during the robbery, including the name of one of the robbers.

The thing I find most surprising is that someone implicated in a 20 to 100 million dollar (depending upon whose figures you use) theft only spent six years in prison. Each individual share is believed to have been at least three million dollars. That’s about $1370 per day in jail. How many people would spend six years in prison in exchange for three million dollars?

Within the security world, caller ID is widely known to be broken. Its use as an authenticator SHOULD be none, as it’s trivially easy to spoof the information. Whether you’re using it to call your friends (and make it appear as their boss’ phone), or you’re using it to call the police, making them believe there’s a hostage situation at someone’s home, people place way too much faith in caller ID.

While not the first such service, 123Spoof looks to be making it the easiest to use, for Blackberry users anyway. Their service, an application that integrates with the Blackberry address book, will allow people to call anyone with forged caller ID information, has many international access numbers to use, and even has a voice changer available as an option. While currently free, the only cost to users is listening to a ten second advertisement before their call is connected.

Although most use of this service is likely to be harmless pranks between friends, providers recognize the very real possibility that their services will be used maliciously, and have created an opt-out registry to allow people to block their numbers from receiving spoofed calls.

I sent a comment off to the FTC today, as it’s the last day they’re soliciting comments on DRM. They’ve got a workshop coming up next month, and they’re looking for public comments. Browsing through the comments, I was struck by the number of people who are focused on videogames. Below is my comment.

DRM is a first step towards striking a balance between the needs of consumers and the interests of content producers. Done properly, taking Valve’s Steam as an example, it is beneficial to both consumers and content producers. Unfortunately, due to wildly overstepping their boundaries, as Sony did with their rootkit, changing DRM standards, forcing a repurchase of already licensed materials, or simply pulling the plug on the authorization server, as MLB did with their licensed game replays, content producers have consistently shown that they cannot be trusted to use DRM in a manner that is consistent with a positive customer experience, let alone in the consumer’s interests.

Even when implemented well, there are still sometimes onerous limitations placed on consumers. With high definition video gear, some systems purposely degrade the quality output to analog devices. This forces consumers to needlessly spend money to replace functional equipment simply because the content producer doesn’t want their content played on analog devices.

Recently, Microsoft’s Gears of War video game ceased working. Because of the DRM in the product, put in to stop cheating, the product stopped working due to the expiration of a certificate. Companies have consistently (MLB, Wal-Mart, MSN, etc) shown they are unwilling to support authentication servers and existing applications after they have stopped making the company money, in spite of consumers desire to continue to use the media they’ve rightfully paid for. When the business decision is made to turn off the authentication servers, consumers may no longer be able to legally access their properly licensed content.

Circumventing DRM, in the United States, is illegal. There are some specific exemptions, but all are of limited use when it comes to works entering the public domain. If a work that enters the public domain is protected by DRM, it may be technically infeasible to access it. If an authentication server isn’t available or if the encryption is sufficiently strong, the public may never exercise their rights with the content.

Some DRM systems dramatically overstep the boundaries of what most consumers would expect. From Sony’s music CD rootkit debacle to Blu Ray players’ BD+ DRM system, content producers routinely interfere with consumers’ rights to use their legally purchased hardware. In the case of Sony, software was secretly installed, without the consumer’s consent or knowledge, that exposed consumers to being hacked. The BD+ DRM system modifies itself, based on commands embedded in BluRay media. If one of these modifications renders the hardware inoperable, is it reasonable to expect that the content provider who distributed the disc will accept responsibility and provide a new BluRay player to the consumer?

All of these measures also impede fair use. I’m working on a professional presentation that uses scenes from movies to illustrate computer security concepts as seen in the movies. While I am legally allowed to include brief clips to illustrate my points, I need to use some potentially illegal tools to access the audio and video, due to DRM restrictions placed on DVD’s.

Even with all of these restrictions, at best, DRM only keeps honest people honest. Nearly every DRM system out there, from Apple’s FairPlay to Microsoft’s WMA, from the AS Consortium’s AACS DRM (used by many Blu Ray content producers) to DVD CA’s CSS (used on DVD’s), even including VHS tape’s Macrovision, all have been successfully bypassed. What is an inconvenience to consumers is a challenge to hackers, one that they have roundly met and won in nearly every instance, bypassing most major DRM systems.

Simply put, DRM is an inconvenience. It is one that penalizes honest consumers, who have to deal with it, and content providers, who have to keep coming up with new and novel schemes. It does little to stop piracy, as it’s also merely an inconvenience to those who seek unauthorized access to media.

Apology after prisoners’ health info goes missing - Lancashire Evening Post.

So, is it not secure to encrypt stuff and leave the password attached to the encrypted item? This security stuff is soooo hard! Good thing prisoners are kept busy and don’t have lots of time on their hands to file frivolous lawsuits, let alone real ones with legitimate complaints.

According to the JREF (James Randi Educational Foundation), Penn & Teller will be on Fox’s “Don’t Forget the Lyrics” on Friday, January 16th. JREF is James Randi’s non-profit foundation, with the mission of raising public awareness regarding science, the scientific method, and skepticism towards the paranormal or pseudoscience.

With stuff like Jenny McCarthy running around saying that vaccines cause Autism, we need people like James Randi to teach people that science isn’t something you stop thinking about in high school.

Today, I’m taking a cue from Bruce Schneier, among many other security folks who blog, and devoting an entry to squid.

I recently came across an interesting post on the National Geographic site regarding squid and some of their unusual sexual practices. Among the weirdness, some squid cut open their partners with their beak before transferring the spermatophore, some have sperm that is capable of burrowing into the target’s skin, and in one species, some males have developed female characteristics, down to even having developed female sex glands.

I just got an MSI Wind U100, and am almost impossibly impressed with it. I’m a pretty good typist, somewhere in the 90 WPM range, and I have had little problem adjusting to the keyboard. The only things I’m having a bit of an issue with are that the left shift key is smaller than standard, and there’s a key that is too close to the period key, so I sometimes get a double key combination when I really am just trying to type a period.

I’m slowly assembling the pieces to create a truly portable Hackintosh. I’ve got the wireless card on order, as well as the 2GB stick of memory, replacing the built-in 1GB. This allows for more stable overclocking of the 1.6 GHz Atom processor. I have yet to decide if I’ll dual boot between OSX and XP, or just dive on in to OSX.

As far as out of the box performance, the unit is no slouch. No one will ever confuse it with a Core 2 Duo, but considering I’ve been on battery for 2.5 hours and am at 50 percent of battery remaining, I have no complaints.

The October 2008 release of the TFS power tools is now available. If you’re more advanced that code monkey, you’ll want this. TFS is now integrated with the Windows shell. You can right click a file or directory, get latest, add to source, merge, and everything else you used to need to do through the Visual Studio IDE.

TFPT has also been updated to allow searching of check-ins based on server path, committed date range, committed user, check-in comments and check-in notes. PowerShell is supported as well, for basic operations.

Within the Team Explorer, there’s a new node called “Team Members”. Prepopulated with your project’s team members, you have the ability to view an individual’s check-ins, pending changes, and shelvesets. You can, of course, populate with AD users or TFS groups.