"They'd never seen signal come that strong from a home appliance," said van Rossmann. "They were quite surprised. I think we all were."
Authorities had expected to find a boat or small plane with a malfunctioning transponder, the usual culprit in such incidents, emitting the 121.5 MHz frequency of the distress signal used internationally.
The other night there was some filming going on atop the ex-million dollar hotel, which is currently the Rosslyn. The film crew erected a giant glowing sphere which looked a bit like the moon balloon from AI. I took some shots of it from my loft window and created this HDR from 3 of them.
I want to invite you to join me as a volunteer on the John Kerry campaign. Our success on Election Day depends on having the largest grassroots movement in history. There are lots of ways you can help-- in the field or on the computer, but to participate you need to sign up as a volunteer today.
As a volunteer you will be given your own online account to plan or attend John Kerry events, recruit other volunteers, raise money and participate in many more exciting activities. You will also receive emails with the latest campaign news, insider updates, and critical action alerts.
Election Day is just around the corner. Be a part of the group that has put George Bush on the defensive. We cannot slow down now; John Kerry can win this election but he needs all of our help.
I'm looking for my old friend from junior high: Adam Starr. We both grew up in the East Bay. We were both part of the Jewish Youth Group up there. I've looked for him on facebook and google to no avail. If you're around man, shoot me an email: [email protected]
I just wanted to wish you a Merry Christmas (or a Happy Holiday if you don't celebrate Christmas) and a Happy New Year. I hope you have had a great year and I wish you the best for 2008. Enjoy your holiday and don't forget to send joy and best wishes to your friends and family.
While driving through the desert I spotted not one, but two desert tortoises. They are really cool creatures and are protected under the endangered species act. I slowly walked towards the tortoise making sure not to scare it. When I was about 10 feet away I stopped any laid down. The tortoise then approached me and I photographed it.
ok so i've decided to start using a better photo gallery system called "gallery". the home page for the project can be found here: Gallery Home Page ... it's really cool and i even found a great plugin for iPhoto that lets me export directly too it and even uses the comments and titles i set up in iPhoto. the program is called iPhotoToGallery and can be found here.
We had the most wonderful honeymoon ever. We didn't want to come back to America, but hey life is about compromise right? We are currently sorting through our photos and our memories and will be posting a complete trip report in the coming days.
Penelope and I touched down in Hawaii today for a friend's wedding. We're staying at the Kauai Marriot in Lihue. Before we left I picked up a waterproof camera, the Olympus Stylus 850, which I'm very happy with so far. I love having a waterproof ultracompact camera. Here are a few shots from today:
Three Moro Islamic Liberation Front (MILT) rebels who are said to be protecting illegal fishermen were killed in a clash with government forces off the southern Philippine city of Zamboanga on Monday, the ... [topix world]
I have always loved malt-o-meal and for the last few weeks I have been enjoying it several days a week thanks to Penelope's wonderful breakfast cooking skills. She even introduced a new way of eating it to me, Savory style with butter, fresh ground pepper and salt. Mmm good stuff!
Brendan O'Connor gave a talk called "Vulnerabilities in Not-So Embedded Systems" about how easy it is to take over the computers that run the Xerox Multifunction Devices. Basically he wants people to treat these supposed embedded systems as servers which they really are. Through his research he found that the Xerox systems didn't have the GRUB boot loader locked down with a password so he was able to gain access to the system and basically do whatever he wanted with it. These systems are dangerous because they are full linux systems, but the user doesn't have access to it so they are unable to secure it. As you know services are constantly being found to be vulnerable and relying on a technician to come and patch your copier isn't going to keep your network safe. It would be wise for vendors to allow users access to these systems so that they can keep them safe.
I was just wondering if the live focus feature in the Canon 20Da is a hardware change like the different IR filter is or if is purely software... you would think it would be software. You can download the 20Da firmware but it appears to be in Japanese.
UPDATE
It won't work because the mirror on the 20Da is semitransparent, allowing simultaneous viewing through the eyepiece and the LCD.
Happy Valentines Day to all the women in my life especially my fiance Penelope and my mother R.G. Bullock, who are the most wonderful women in the whole world. Thank you for all the happiness you bring me.
It all started Friday night. I was hanging out at ezw's apartment and Jason Game rolled through talking about a party up in the hollywood hills. When I heard that I was like... forget free thinking... I'm going up to the hills. So we jumped in my car around 11 and drove up into the hills.
After about 2 miles driving up that one curvy ass road we came to the house. It had the most amazing view I have ever seen at a house. It was even better than the high-tech mansion was! The whole front of the house was glass from floor to ceiling.
The night was so clear you could see all the way to signal hill in long beach. There was all the beer you could drink and a fill wet bar (ok pretty full). and some nice melodic dnb was playing... the only problem is that we were the only ones there at 11pm.
After a little while a few more carloads of guys showed up until there were 2 girls (on had left) and about 20 guys.
At this point I told jason i thought i was gonna take off... unless 5 carloads of girls showed up. As I sat there I kid you not, girls kept coming down the stairs until the ratio was even at about 12:30...
The ratio got even better as guys started leaving after about 2am... but there was still booze flowing and i was in my element... i walked around and met every single woman that was at the party...
i recognized them but didn't know where from... then i heard sombody mention it was like club bang in here and it all clicked....
Joanna Rutkowska gave a highly informative talk at Black Hat called "Subverting Vista Kernel For Fun And Profit." In the first part of her talk, she demonstrated an attack on Vista's code signing feature that requires any code that is loaded into the kernel to be signed by Microsoft. Her attack did not take advantage of an implementation bug or a vulnerability, but instead used the built in raw disk write access to change a few lines in the pagefile. Once the pagefile was altered and the changed data was read back into memory she was able to load any code she desired into the kernel. She stated that this didn't mean that Vista was insecure, just not as secure as Microsoft says.
I talked to her for a few minutes today about her talk and asked if she was going to be releasing the code, and she said she didn't see the point of doing that. Her goal was not to provide people with a way to hack systems, but to alert the community and Microsoft of a flaw in the system. She also mentioned that she is in active informal discussions with Microsoft and they are aware of the problem and the potential solutions she laid out in her talk, but she didn't want to comment on what they were going to do about it.
The second part of her talk covered a proof of concept root kit called Blue Pill that takes advantage of the extremely powerful new virtualization features in the new 64 bit AMD processors. Blue Pill takes a running operating system and completely virtualizes it beneath a Hypervisor which can then be used to intercept certain system calls and execute arbitrary code nearly completely invisible to the user. As the system is truly virtualized on the processor level and not in kernel and userspace, the virtualized system has direct access to the hardware (except for calls the hypervisor is intercepting) and detection would be non-trivial to say the least. Although she did her research on the AMD processor, she said the same attacks would be possible on the new Intel chips, although their virtualization implementation was not as powerful.
I just finished watching the latest episode of the Boondocks and it was hilarious. I especially liked the voice acting of Samuel Jackson playing a white guy with cornrows and quoting the briefcase recovery scene in Pulp Fiction. "The absence of evidence is not evidence of absence".
I pay good money for a 6mbit DSL connection. Why can I not stream video from your site in real time? It works great from Apple's quicktime trailer site. What is the deal?
[This is an old project that CHS, Arclight and I did in which we melted down some old hard drives, I just revently uploaded the pictures again so I am reposting it here on my blog as well as on the original site: driveslag.eecue.com]
Due to the recent MIT study concerning data recovery from old hard drives, we decided that the only fool proof means of data removal was complete destruction of the disk platters.
We started with two hard drives that had failed for various reasons. The data on the disks was sensitive, like most personal data you will find on any random hard drive. We had considered various methods of destroying the data. These methods of destruction included: detonation, shooting with high calibre bullets, bulk magnetic eraser, grinding the platters, smashing the platters with a hammer. These methods would all thwart a novice data recovery party, but wouldn't be 100% effective due to scanning tunneling microscope recovery techniques.
We finally decided that the only sure way to thwart data recovery was to melt down all the aluminum contained in the platters. Slagging the drive would have two effects on the medium. First off it would convert it from a readable disk to any shape we decided to pour it into. Secondly it would nullify the magnetic properties of the coated aluminum.
We started by putting the drives into a steel crucible:
Next CHS fired up Arclight's furnace and adjusted the flame for proper heat dispersion:
Then he inserted the crucible into the furnace:
After a few minutes we noticed toxic smoke rising from the furnace vent and decided to take a look inside.
We realized we should have removed the PCBs from the drives first... oh well:
Pretty soon the only solids left in the crucible were the steel caps that enclose the case:
Once we removed those we saw that the woven fiberglass inside the PCBs still remained:
We then poured the molten aluminum into out ingot cast:
Good luck recovering data from this:
Our prognosis: drive slagging is a fool-proof method to prevent data recovery.
It's designed for melting down
aluminum, zinc, brass/bronze primarily. but it could even be adapted to cast iron (AKA crucible steel).
its current capacity is 8 pounds of aluminum, or 25 pounds of
brass/bronze plus or minus a pound depending on alloy.
it is propane fired, and the refractory lining was made from a formula we found on the backyardmetalcasting homepage, http://www.backyardmetalcasting.com/
It is NOT normal cement. it is designed specifically to take the intense heats involved with melting metals and designed to be porous so that moisture can vent out, rather than crack the lining or have the lining explode.
normally we use it for basic sand casting techniques.
UPDATE: Drive Slagging Featured In LISA '04 Presentation
In 2004 Simson Garfinkel gave a talk at the USENIX LISA conference about data on old hard drives. The report he wrote was actually what made us decide to do the drive slagging site in the first place. He featured our method of data removal in his slides which can be found at the link below. If you just want to see the slides click the permalink.
So I saw a post over at digg about how to ruin blogging, and I thought, oh hell yeah count me in! So I signed up on a site called [censored] that allows business to pay bloggers to post about their products. To me this seems a whole lot like payola, but hey I am disclosing that I am advertising for what appears in this post and I am (supposedly going to be paid for it). So let me (or may payola sponsor) ask you some questions
UPDATE: Screw this! Here is what they said:
Please refer to a previous rejection message regarding your posts. Remember: 1)one post PER opportunity 2)word requirements Thank you!
It never said anything about that in the terms of service and this post made the work requirement so I'm over it!
LABlogs has been changing their site up in the last few weeks and it looks like they are going to add the ability for people from the community to post.
Well, I've been too busy to blog recently due to several large projects that I'm working on concurrently, but I figured I would respond to this 5 things meme, as Siel of Green LA Girltagged me.
I lived in South Africa for a year when I was 6 years old.
I only drink coffee on ice (and some times it's not even fair trade!)
I make my cats dance, but I think they like it.
My first job out of High School was designing rave flyers.
I have been drooling over the extremely fast and slow focusing Canon EF 85mm f/1.2L lens, and a few days ago, I went to Samy's Camera and bought it. I really love the lens although I'm still getting used to the extremely shallow DOF that the gaping 1.2 f-stop creates. I also going to need to pick up a neutral density filter if I want to take daytime photos with a wide open aperture. Here are thethreesets I have uploaded so far. I love this lens!
i've been working on setting up a system of bridging ip-less packt filters with ipfilter (for logging, filtering, accounting, proxying, NAT) and ipfw (for bandwidth limiting). I also wanted to set up a private mointoring network with a thrid NIC in each box. Even though this link was privat I still wanted to keep everything on the wire encrypted.
I just bought a complete Mamiya RB67 setup (in pieces) from ebay for my mom's birthday. She used to have the camera about 10 years ago, but sold it when she went digital. I took some photos to test it out this weekend and I am very happy with the result. This is not the final image, but once I get back the higher resolution scan I will replace it.
UPDATE I just got back the 39mb scan of the image from A&I and it looks great. I played with it a bit to bring the detail in the shadows up and also to remove some dust. I am looking forward to printing this. If it looks good @ 10x12 I may get a drum scan done so I can go even bigger.
Are you sure your voter registration is up to date? Are you planning to make sure your vote is counted by voting early with an absentee form?
JohnKerry.com has a new resource that helps you prepare voter registration forms or request an absentee voter ballot from your state.
This is an easy and fast way to make sure that you're registered and that your vote is counted. Absentee ballots-sometimes called early voting-are especially important since something could come up at the last minute that prevents you from voting on Election Day.
Please take a couple of minutes right now to get started with your voter registration and absentee ballot requests by clicking on the link below.
Here are some photos of one of the bricks there were thrown from the roof of the Alexandria Hotel the other night. I know they're not that great, but hey I have programming to do! I have about a 1387 photos to sort through from the last few months as I have been busy writing the new version of the software that powers this site. I wanted to wait till it was done before adding any more photos, but oh well!
After shooting some HDR photos in Vernon, I was heading in to work when I saw an overturned truck. I stopped to take some photos of the truck being turned back over. Note the tow-truck's wheels on the last shot.
Oh yeah this is going to be great. The Borat trailer is pretty much a rip-off of the U.K. only special called "Best of Borat" although the scene where he kisses his sister was much expanded: "This is my wife, this is my mistress, this is my girlfriend, this is my other girlfriend, this is my sister" Where in each statement his is with a different woman (or young girl in the case of his sister).
UPDATE: So I'm reading through the message board on IMDB and I came across a post [bugmenot registration] from a frat guy who was duped into being in the movie. He wasn't sure if he was in it or not, but then people who have seen the screening chimed in, and oh boy is he in it! Apparently Borat tells them about a game in Khasakstan where they put some cheese up their "khrum" and then let a mouse crawl in, and this guys says he would do it. Too funny... I can't wait for this movie to come out.
Jump on your bike every second Thursday and join us on our art gallery tour through the skewed streets of Downtown LA. We begin our ride at 5:00pm at the Downtown Art Gallery on 1611 S.Hope St. There is a free parking lot next to the gallery if you are unable to ride or take public transit from your location. We will leave the Downtown Art Gallery between 5:30 and 5:45 and make our way to all the galleries that take part in the Downtown Art Walk (except MOCA Grand and the Library.) Here is a google pedometer map of the route we will be taking and here is a map of the actual art walk[pdf]. Don't forget to bring a lock and of course your bike.
UPDATE!! I registered a domain and built a quick website for the Downtown Art Ride. I will be adding more info soon along with a great map that Eric Richardson created at his new job.
Alex Stamos and Zane Lackey gave a talk at Black Hat called "Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0". As AJAX evolves from a toy used by teenyboppers to a serious tool used by banks, hospitals and uncle same, it becomes more and more important to ensure bug free code. AJAX has changed web attacks by exposing the use of frameworks used by the applications via included .js files which expose supported calls. Cross site scripting becomes more complicated as you can inject script into the javascript stream. Injection attacks are also more dangerous due to front ends that are exposed in the client side code. Business logic in applications has become more complex so parameter manipulation vulnerabilities are still excellent attacks.
XSS becomes more complicated and more interesting because you can just put javascript right into a running javascript engine, which becomes harder to escape as you're no longer looking for brackets and tags.
Because your browser is running a javascript application, if an attacker sends you rogue code, in say link form in your cool AJAX email app, your browser will run the code sent in the webmail application instead of loading it in a new page and then the attacker would be sent your authentication cookie. The attacker would then have access to your web mail. The speakers used the fictitious company Webmail.com in this example, and when asked about gmail they responded that they have more lawyers than webmail.com, but it was pretty clear the attack they were talking about was possibly on gmail.
Dynamic script nodes allow attackers to embed malicious javascript in a website that would allow a cookie from any site to be pulled because browsers allow cross domain XmlHttpRequests, this is very bad!
Although I am Jewish, my family has always celebrated both Chanukkah and Christmas, some times we only did Christmas. This year I am doing both, and I had a wonderful time with both my family and Penelope's family. On Christmas eve we went to my mom's house in Woodland Hills and had some Chanukkah ham, it was one of those special Kosher hams. Then on Christmas morning we went to Penelope's brother's house for breakfast and to open presents. After that we headed over to her Grandma's house to meet some of her cousins from Texas, and finally we went to my Aunt Jan and Uncle Van's house in Villa park, a city that is famous in Orange county for having neither churches nor bars. We both had a really great time and it was a great holiday.
Where are you man? We were good/best friends in High School. I can't seem to find you on the web except for this photo of you from 1996. If you stumble across this let me know!
There is nothing in the world quite like milking a giant wild horned animal, but it's quite dangerous, which is part of the reason that a Swedish company can sell it for $500 a pound.
this is LA's only 2-step club. It rocks and I go every week (I've been too busy the last two weeks though). See everyone there tonight! .. check inside for pictures:
i've finally gotten a hold of some c2 and i've gotta admit that it's nowhere near as bad as i thought it'd be. besides the occasional hint of artificial sweetener, it really seems like coke went thru the trouble of making c2 taste like regular coke.
[read the rest at gomi no sensei]
I just read this post over at 5thandSpring, and I just wanted to wish Jim and Celia the best in their relationship. I enjoy reading both of their blogs and I think it's great that they hooked up. I haven't been paying close attention, but is this the first blogger relationship in Downtown?
after setting up my secure snmp network i needed something to parse the data with. MRTG is too basic so i opted for rrg. I used the software package called cacti. It's very nice.
I can tell Green LA girl is right on the verge of buying a bike. I will give her some more motivation here: Yesterday I bought Penelope a vintage Schwin girls road bike from the '60s or '70s for a whopping $15. I don't know if she is going to like it or not due to the rust that covers most all of the components, but the frame is pretty much rust free so we have a good place to start! In the next couple of days I am going to take Penelope and the bike down to the Bicycle Kitchen and start converting it into a fixed speed lean mean road machine. Eventually I will send Penelope on her own to Bitchen, which is the girls only night that BK does, but I want to help her with the first few steps.
I think Penelope is going to kick my ass because I also bought another bike via ebay for $36 although this one is an antique single speed. I am not sure if it is legit as the seller has no feedback, but we'll see... I'm going to pick it up in person.
In other news I just noticed that BK has a blog called the Bici Blog.
Penelope and I love going to the LA Zoo, but don't get to go as often as we would like. We made it out there this weekend on our Sunday together. Here are some of the photos I took:
I want to start this post off with a very special thank you to Eric Richardson and Cartifact for donating the excellent map for the Art Ride once again. Eric went out of his way to craft a great map for the ride and Cartifact very generously donated their wonderfully detailed Downtown map for use on the Downtown Art Ride.The Downtown Art Ride takes place every second Thursday to coincide with the Downtown Art Walk. The ride starts at Art Murmur gallery on 6th and Main and we try to make it to all of the other galleries in Downtown. If you're interested in joining us on the ride, just show up at 5:00pm at Art Murmur. Bring a bike, lock, and light and optionally, but highly recommended, a helmet.
I will be riding with my camera and photographing riders and artists, you can see some samples from the previous art rides here. There will also be a recent film school grad shooting a spec commercial to promote bicycling in Los Angeles for her director's reel. Shouldn't interfere with the ride much though. We had a really great turnout last month and I've already have a few people email me about this month, so it should be a fun ride. I'll see everyone tomorrow!
After our most excellent 17 mile bike ride through the fake downtown of Huntington Park which Mack Reed describes so wonderfully, Sean Bonner mentioned that there was a new Borat Trailer before Snakes on a Plane. I found it here on Yahoo, it's nice... I like.
The big vendors are more willing to talk to the researchers and the end users are more apt to work with the vendors. Most vendors are very cooperative about security issues and disclosure. The Cicso incident has made big vendors more willing to work with end users and security researchers, and all in all the incident was good for the security industry. Large customers of big vendors want earlier disclosure information to be shared with them before the smaller customers, but the consensus is that early disclosure for big customers is a bad idea, even to the point of not giving preferred treatment even to internal networks and devices. A very large part of the discussion involved when vendors have a vulnerability and not a fix. There was no clear consensus on this topic, but the vendors felt they shouldn't disclose a vulnerability unless they have a fix for it except in extreme circumstances. Vendors don't want to draw attention to a flaw that people don't know about, so they aren't likely to disclose. One of the best things is that vendors are talking more, talking to researchers and working together to fix problems.
In a way, San Francisco City Hall is partially responsible for me being alive today. Way back in the day, my parents were married there in a civil ceremony. The dome of city hall is really beautiful, it looks like it was restored recently. I took some HDR photos of the civic center yesterday, enjoy.
I'm here in Osaka... i spent most of today wandering around alleys of the city... everytime i look up i am reminded of Lain. Today as well as the next two days are the biggest holiday of the year so just about everything is closed... everything except food stands and arcades... and this internet cafe that i'm in now... go figure.
i played some pachinko. i also played a really cool first person shooter called World Battle. This is very cool and i was doing pretty good... i even attracted a bit of a crowd. Although i did end up spending about 1000 Yen on it... which is about 10 bucks.
Last night (New Years Eve) I went to a party in Osaka at club evo. It was pretty fun. When i first arrived i heard drum'n'bass playing so i happily paid my 30,000 ¥ ($28) and went down stairs. Unfortunatly the dnb was only playing in the front room and nobody was dancing. oh well i still had fun and met a bunch of cool japanese people. i also danced my ass off... more than i had danced in about a year... and it was to techno hahah.
My hotel is very nice and pretty much western... although it has a bidet and a really deep shower... but at least i have my own bathroom.
today for lunch i had my favorite... Tako Yaki .... mmmm good stuff! it's a little chunk of octopus inside a tasty dumpling cover with sweet sauce, mayo (eww i could have done without the mayo) and bonito (dried fish flakes) it appears to be alive because the bonito writhes in the heat.
i was really hoping to find a wireless network that was open so i could surf for free... but all the wireless networks i found that were open, assigned me an ip and then had no route to the internet.
I have uploaded all the pictures i've taken so far and they can be found here:
Last night my friend Don Smith aka Don of the Desert died in a fire at his residence in Twentynine Palms. Don was a master welder and could fabricate anything imaginable out of metal. Rest in Peace Don.
Do you have a bike? Do you find yourself sitting in your car going insane, dreaming of being on two wheels rolling around the concrete jungle? Have you ever wanted to just ride around town and see some art or push your pedals with hundreds of other cyclists? Well if you answered yes to any of those questions you should grab your wheels and head down to one of the group rides that is taking place tomorrow and Friday night. Tomorrow is the Downtown Art Ride which Eric Richardson and I started about 6 months ago. The ride coincides with the Downtown Art Walk and we try and make it to all the galleries on the walk except the Library and the MOCAs. Bring a lock (actually we're trying to have somebody out front watching bikes) and a helmet along with a light and your drinking shoes as most of the galleries have free booze.
Then on Friday night is Los Angeles' largest group ride, Midnight Ridazz. The theme this month is ¡Viva la Revolución! ¡Viva la Virgen de Guadalupe!
To all the women in my life, especially my fiance Penelope. Every day our romance grows stronger as I fall deeper in love with you. I love you baby! I really enjoy our time together and I especially enjoyed the blogs you posted.