ObiJan Technologies

Hall of shame: Western Digital

noreply@blogger.com (Jan Hertsens) — Mon, 16 Jan 2012 21:03:00 +0000

When setting up my otherwise pretty nifty NAS, I stumbled on this error message when setting up the administrator password. This leads me to the usual questions:

Why limit to 16 characters? Are you storing this in plaintext, and is that the size you allocated for it?
Why do "double quotes"? Are you not trusting your own input validation and escaping routines?
What's up with the double errors? Does your system have a stutter?
Why not let me know before I enter my password, what the requirements of said password are?

Hall of shame: Ticketmaster.com

noreply@blogger.com (Jan Hertsens) — Tue, 20 Sep 2011 03:06:00 +0000

There are many reason why I despise Ticketmaster, such as their ridulous "because we can" fees, "convenience fee for using the website", "fee for printing your own tickets on your own paper, using your own printer, with various ads on it", etc.

But this series is about security worst practices, so here goes another password FAIL.

Extra points for having a timer that gives people 90 seconds to fill in the form, come up with a secure password, and read the T.O.S. and privacy policy (each a couple dozen pages).

Hall of shame: Priceline.com

noreply@blogger.com (Jan Hertsens) — Wed, 07 Sep 2011 03:26:00 +0000

When creating an account, I'm asked for my "preferred internet password".
Seriously?Sound like marketing-speak for "Go ahead and reuse the password here that you use on facebook and bofa. We don't mind!".

Shame on you for encouraging bad behaviour!

One extra point for "default opt-in"ing the user to the marketing spam.

Hall of shame: Mediafire

noreply@blogger.com (Jan Hertsens) — Thu, 04 Aug 2011 22:00:00 +0000

Let's see:
You have a nice "password strength" meter, but once one submits the form, it repeats back the password in the clear, complains that its too long, and can't have any "special" characters.

Why would that matter, since the password hash would be the same regardless of length? You are securely hashing the passwords, and not storing them in the database as plain-text, right? Right?

Also, can you tell me exactly what the difference is between a special character and a non-special one? Is it "special" when it causes a SQL Injection vulnerability (which of course you would defense against by properly escaping database inputs), when storing it in the password in plain-text (~~which of course you don't do~~) ?

BTW: I don't think I will be trusting you with access to my Facebook account just yet. Hope you don't mind.

Update:
I have proof that they store password "in the clear": The password test is case-insensitive!
You can try this out yourself:
If your password is "joshua", you can log in using "JOSHUA" or "JoSHuA". This is only possible if the site doesn't use any password hashing at all. Security 101 FAIL!

"Google Health" on its deathbed

noreply@blogger.com (Jan Hertsens) — Sun, 31 Jul 2011 20:14:00 +0000

The google giveth and the google taketh away:

Official Google Blog: An update on Google Health and Google PowerMeter:

"we’ve observed that Google Health is not having the broad impact that we hoped it would. There has been adoption among certain groups of users like tech-savvy patients and their caregivers, and more recently fitness and wellness enthusiasts. But we haven’t found a way to translate that limited usage into widespread adoption in the daily health routines of millions of people. That’s why we’ve made the difficult decision to discontinue the Google Health service. We’ll continue to operate the Google Health site as usual through January 1, 2012, and we’ll provide an ongoing way for people to download their health data for an additional year beyond that, through January 1, 2013."

This means that my effort of codifying my health history, and keeping track of my workout regime and it's effect will still have a function: To remind me and other early adopters not to put too much trust in new projects, even from the biggest companies.

Now hows that G+ profile building coming along....

New snooping bill: What could possibly go wrong?

noreply@blogger.com (Jan Hertsens) — Fri, 29 Jul 2011 05:26:00 +0000

House panel approves broadened ISP snooping bill :

"Internet providers would be forced to keep logs of their customers' activities for one year--in case police want to review them in the future--under legislation that a U.S. House of Representatives committee approved today.

The 19 to 10 vote represents a victory for conservative Republicans, who made data retention their first major technology initiative after last fall's elections, and the Justice Department officials who have quietly lobbied for the sweeping new requirements, a development first reported by CNET.

A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored."

Let's think this through (hey, somebody has to!):

This is billed as a "protecting children from pornography" act. Where is the official double-speak justification on this? What part of this could even theoretically protect any kid from pornography? Did the spin-doctor on duty call in sick?
This is going to be made available for "police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well". Are we feeling secure yet?
Every other monitoring system of this sort has been abused on a systematic basis.
Who is going to be paying for this? I see a $6.99/month "snooped data retention" fee coming to a statement near you soon!
The ISP is supposed to be capturing credit card numbers, bank account numbers, personal information, which begs questions such as:

Who is going to be responsible for storing and safeguarding this information?
Can you imagine what kind of tasty target it would be for a criminal? How may credit card transactions are flowing through Comcast's network every day?
Are the ISPs going to be held to the same data confidentiality laws as everybody else?
I see PCI, HIPAA and a few others jump out as being applicable here. Who is going to audit these systems to ensure compliance.
(Luckily) nearly every website these days uses HTTPS from credit card transactions. How is an ISP supposed to capture this information on the wire?

There are so many things wrong with this idea, and they haven't even started implementing it yet.

Seriously? A.k.a. "My adventures with "ePolicy Orchestrator"

noreply@blogger.com (Jan Hertsens) — Thu, 28 Jul 2011 21:33:00 +0000

From the why-oh-why-do-you-hate-me department:

Seriously? We have to break the official IT computer naming policy because you product refuses to be installed on a system that has a (perfectly legit) underscore in it's name?

I usually don't get frustrated with a product until after I install it.

It only after I change the computer name, that I get this error on my Windows 7 professional installation:

Of course, that document is not part of the installation, only the "product guide" is.

Update 1:
I now have a super duper "Windows Server 2008 R2 - 64 bit" installation. Guess what I get when the installation starts? A new error!

"8.3 naming convention"? Wait... Didn't you just force me to upgrade to "Windows super duper"? And then you complain that you don't have the features from DOS in 1981? And no, the "installation guide" doesn't mention anything about this.

Update 2:
After some Googleing, a registry change, installing MS SQL, configuring port, choosing various passwords (whose complexity requirement are kept a secret), the installer finally got running.

And I was awarded with....

At this point, only 1 comment makes sense:

Update 3:

Wondering if I was running the latest version, I found out

McAfee's beta portal is seriously broken

it refuses my (stored) password
it doesn't really execute password resets (although it says it does)

That doesn't really matter, since there is a an open FTP server from which one can download any beta software they ever released.
That also doesn't really matter, since I was already testing with the latest version, EPO 4.6 RC3.
The beta seems to expire really quickly, in this case: May 31, 2011 (it was released mid march)

So, saying in the spirit, I used an ancient "hack" technique from the 80s. It's called "setting the clock back".
Result:

30 minutes of installation dialogs later:

Allow me to say:

Pretty Good Ponderings?

noreply@blogger.com (Jan Hertsens) — Tue, 19 Jul 2011 18:20:00 +0000

Yesterday, I finally got around to generate a new PGP/GPG key pair, and obsoleted 2 old ones. They were created in 1994 and 1998. I couldn't even generate a revocation for the oldest one, since the "IDEA" cipher is no longer supported.

Let me rephrase that in context:

I can mathematically prove that I was active in computer security before many of the attackers that I defend against, were born.

In other news:
Djee, I'm old. But in this industry, we call that "well-tested and peer-reviewed".

P.S: For those wanted the shiny new bits on their keyring, the magic incantation is:

gpg --recv-keys 0x788a1200b221877e

Yahoo & speed of innovation

noreply@blogger.com (Jan Hertsens) — Thu, 23 Jun 2011 23:51:00 +0000

While on my quarterly check of “email address that I haven’t used this decade”, I noticed the congratulatory email from Yahoo.

After 13 years of spam-filled ugliness, they are going to upgrade their email interface.

I will get right on using them again! (Around 2019 or so)

Physchic computer support

noreply@blogger.com (Jan Hertsens) — Sun, 06 Mar 2011 22:34:00 +0000

Can you help me with my computer?

Is it no longer working?

Eh... yeah.. weirdest thing...

Did you let your kids use it?

Yeah, little Billies computer was acting up...

And you let him use your login, instead of a "Guest" account?

Yeah, it was just for little while...

And that was a full-privilege administrator account?

Yeah, that's how the computer came...

And you left him alone like that?

Yeah, well, I had to go to work.

So the first thing he did was install "Limewire"?

Yes, how do you know?

So he thought he scored some free music, but nobody told him music files don't end in .mp3.exe ?

Eh... what's an EXE?

So he installed whatever the trojan of the week is, and now your computer won't connect to anything any more?

Yeah, exactly! How do you know?

This is why we can't have nice and secure things...

noreply@blogger.com (Jan Hertsens) — Wed, 29 Dec 2010 19:00:00 +0000

I recently received an invite for "shtyle.fm". If you never heard about it, you are in good company, as it can best be described as "Myspace's retarded cousin".

So when I got the request from a family member to look at her pictures on there, I reluctantly started the sign-up process, making sure to only use throw-away info.... until this screen stopped me dead in my tracks.

Some facts about this screen that may to seem obvious at first glance:

It's a mandatory part of the sign up process
It promises a free virtual teddy bear!
It requires you to fill in the credential of a real email account.
It validates the credentials, and throws an error if you give it fake information
The information is submitted and transmitted in the clear, over http, without any encryption (although the page seems to include an unused JavaScript implementation of RSA for some reason)
The page has (at least) a XSS vulnerability: Enter "+alert(1)+" in the email box (with quotes) and see what happens.
In case a connection is successfully made, the application will sift through your inbox for email addresses of your friends and send them personal invites in your name.

Are we scared yet? No? Neither seems to be the thousands of happy users on that site.

The security professional in me gets the shills, but the social human in me appreciates the service provided here. It provides a different view on your friends and acquaintances:

If you are somebody who gives up your credentials to anybody who asks, than that indicates how reliable you are. Don't count on borrowing my car keys.

If you consciously sell out all your friends for the promise of a virtual teddy bear,... I think that says something about your moral value system.

Facebook Down!

noreply@blogger.com (Jan Hertsens) — Thu, 23 Sep 2010 20:48:00 +0000

Just a quick lunch-time check-in to facebook. And what do I see? It's down due to an internal misconfiguration.

Just imagine how much it costs a minute for a site valued at $35 billion to be down.

OMG got to post this on Facebook.... oh wait...

Gym

noreply@blogger.com (Jan Hertsens) — Wed, 22 Sep 2010 02:20:00 +0000

Most important part of the workout : looking good!

Defcon 2010 badge

noreply@blogger.com (Jan Hertsens) — Sat, 31 Jul 2010 16:14:00 +0000

My colleague Ryan geeking out with the infamous "ninja badge".

Look how happy he looks!

Anybody want to place a bid? I can get it while he is asleep....

DHS Anti-terrorism technology examined

noreply@blogger.com (Jan Hertsens) — Mon, 12 Jul 2010 05:07:00 +0000

Together with my (second) erroneous ID card, I got this cool envelope from the "Department of Homeland security".

It mentions:

"We recommend use of this envelope to protect your new card and to prevent wireless communication with it."

And the same message in Spanish. Because, of course, every "alien" speaks Spanish.

I have a few questions surrounding this:

Why on earth is my card even capable of "wireless communication"? Do I really want my personally information to be read remotely? Who thought this was a good idea? The rest of the US burocracy is stuck in the stone age, but somebody thought that contact-read card with RSA encoded chips would not have been fancy enough.
Tinfoil. Seriously? Billions of dollars in funding and the technology that keeps us safe from terrorists stealing our identity is the same that your parents packed your sandwiches in?

We're all gonna die.

Your mandatory guide to being a profitable citizen

noreply@blogger.com (Jan Hertsens) — Mon, 21 Jun 2010 02:16:00 +0000

The article "Pitfalls of credit reports" touches on many points that everybody suspected for while:

"While this does punish profligate spending on credit, it also discourages full payment of debts. The FICO score increases if a cardholder keeps spending on credit, paying the minimum balance and taking as long as possible to pay off the full amount."

Translation:
It is your duty to maintain maximal profitability. You are to be in a constant state of debt, not so much that you can't repay it, but enough so you keep on paying until you die.

Failure to comply will result in harsh punishments: Existing loans and mortgages will jump in costs. Getting a job will be a lot harder.

Thank you for complying.

Should you have any complaint, feel free to call the automated help system, where you can leave a message. It's extremely unlikely that a human will ever take the time to listen to it, and nearly impossible to get action taken on it.

"There is, however, one way to ensure that a complaint is viewed in detail: According to the TransUnion employee handbook, politicians, legal workers, professional athletes and entertainment celebrities are to be given special treatment."

Translation:
If you are important enough, we might listen you. Or if we really think you may sue us.

Personally, I think I am going to try telling them that I am a lawyer.

Apple needs a new porn filter!

noreply@blogger.com (Jan Hertsens) — Sun, 13 Jun 2010 02:32:00 +0000

Not so long a The Steve himself declared that all porn applications are banished from the app store.
You know, it's a moral "OMG THINK OF THE CHILDREN" thing. We wouldn't want Apple to be thought of as peddling porn!

Then there is this:

Yes, good old playboy still has their app. There is no way this is by accident:

Playboy is the "eircar test" of porn blocking. IT geeks type "www.playboy.com" in a browser whenever they want to test if the "nannyware" system that HR made them install, is actually working. what Coca-cola is to soda, Playboy is to porn.
It has a 7+ rating
It warns for "Frequent/Intense Sexual Content or Nudity".
There's "feed Africa"-sized cleavage on the main screenshot

Shame on you Steve. You tricked me. You told me that the appstore was safe! Now my innocence is lost forever.

While on the subject, can anybody explain to me why looking at mammary glands on my iPhone is bad when those pixels are generated by an application, while they are perfectly OK when watched in full motion video:

Anybody?

The futility of data analysis

noreply@blogger.com (Jan Hertsens) — Thu, 03 Jun 2010 17:05:00 +0000

Just saw this on one of my favorite sites:

How to Encrypt and Hide Your Entire Operating System from Prying Eyes:

Over the years, we've written about loads of different ways to hide and encrypt your private data from others, but if you're really serious about protecting your data, you can actually hide your entire operating system. Here's exactly how to do it.

To accomplish this task, we'll be using TrueCrypt, our favorite free and open-source disk encryption software that runs on all platforms, supports hidden volumes, and can even encrypt your entire hard drive."

In short, these are easy to follow instructions on getting a fully hidden OS on your system, protected by industrial grade encryption. And it includes a fully functional"decoy OS", so when somebody puts a (legal) gun to your head, you can give them a second password, and have a totally believable alternative to your real installation.

This has been possible for quite a while now, but seeing it explained in easy-to-follow steps on a mainstream site is another tipping point passed.

Game, set, match.

Can somebody explain to me why we still have laptop inspections in airports? Does anybody believe that any TSA agent is going to be able to discover this system?

Directv tells me I'm not to be trused!

noreply@blogger.com (Jan Hertsens) — Tue, 13 Apr 2010 15:00:00 +0000

I just discovered "DirecTv2Pc", an application that is supposed to let you display your DVR'd content on your PC. After and exciting download, I ran the installer.

Note that the installer doesn't install, it "verifies and assists" the poor hapless user in making sure his systems is blessed enough to receive the holiest of holy, (a.k.a. last nights episode of "dancing with the stars").

Can you guess what the result was? Both my high-end gaming laptop and my shiny new Windows 7 systems where deemed unworthy.

But no worries, there was a link to fix the problem! Let's see, I only need to "upgrade" my graphics driver... and graphics card... and monitor. And while I am at it, also the cable and connectors.

The "Joe User" in me thinks immediately: Wait a second, this is the exact same machine which smoothly runs Hulu. And Netflix. And DVDs. And games. Oh! And high-def movies rented from iTunes.

In short, the real reason that Directv wants me to burn several hundreds of dollars on new hardware is not to increase performance for me. It's to add copy-protection (user restrictions) features for them!

This is a great example of the fallacy of DRM: I can download and view a pirated copy of any blockbuster movie in a blink, but I can't watch legitimate content that I paid for. Wonder what the moral lesson here is?

Oh.... I just noticed that my Directv contract is almost up for renewal... Maybe that dish can be a nice bird bath for the garden?

More governement security at its finest: Jury summons

noreply@blogger.com (Jan Hertsens) — Wed, 23 Sep 2009 16:38:00 +0000

Yesterday, I experienced something that many people are already familiar with: A jury summons.

The paperwork explained how I was randomly selected from the DMW or voter database (which I am not part of), and to present myself on October 10th at a particular courthouse. It came with apologies, helpful information and a parking permit.

There is only one big problem:
I am not a U.S. citizen, hence not legally allowed to be a juror.

Yes, I could send in the form, with proof of my non-citizenship, and I would be "excused" from this duty.

But that is not the point.

Think for a second what would happen if I "played stupid", and showed up at the requested time and place, Californian drivers license in hand? Would anybody have checked anything at all? I strongly doubt it. Then continue the thought: What happens to a court case if one of the jurors turns out afterwards to be "ineligible" ? IANAL, but "instant mistrial" sounds like a likely outcome.

Lessons here: Don't re-use database information for other purposes, especially if the authorization levels are different. Being able to recognize a stop-sign is not the same as being able to judge a serial killer.

Security outsourcing: pigs or chickens?

noreply@blogger.com (Jan Hertsens) — Sun, 31 May 2009 19:59:00 +0000

Luck has it that I found a picture on a lolcat-related site that illustrates some points better than any presentation I could give.

When asking somebody to manage your security, think about bacon and eggs, and ask yourself: Is this person a pig (committed) or chicken (involved)?

So, when you have the lowest bidder managing your critical systems, don't be surprised to get exactly what you asked for.

OMG! We are are all gone DIE!

noreply@blogger.com (Jan Hertsens) — Mon, 04 May 2009 00:37:00 +0000

Let's take a breather from the "swine flu" craziness, and think things through for a minute.
First off:

Yes, you are going to die.

Life has a 100% mortality rate. This has been proven billions of time before you were born. Anybody who believes they are immortal needs serious counseling.

Now that we got that unpleasantness out of the way, let me give you some basics of "threat level analysis" : In a nutshell, you figure out out what is most likely to hurt you based on a self-assessment and what has happened to others in the past, which gives you a list of what exactly you should be worried about, and how much.

Let's look at the facts that we have available:

This particular "swine flu" "epidemic" has killed less than a dozen people total. Source: CDC

Other mortality stats of other causes (Source: NSC):

Type of Accident or Manner of Injury Deaths One Year Odds Lifetime Odds

Assault, X85-Y09, Y87.1, *U01
18,124

16,360

210

Assault by firearm, X93-X95
12,352

24,005

309

Assault by sharp object, X99
2,097

141,396

1,817

Other and unspecified means and sequelae, X85-X92, X96-X98, Y00-Y09, Y87.1,*U01

Event of undetermined intent, Y10-Y34, Y87.2, Y89.9
4,742

62,528

804

Poisoning, Y10-Y19
3,240

91,515

1,176

Hanging, strangulation, and suffocation, Y20
139

2,133,144

27,418

Drowning and submersion, Y21
242

1,225,236

15,749

Firearm discharge, Y22-Y24
221

1,341,661

17,245

Exposure to smoke, fire, and flames, Y26
120

2,470,892

31,760

Falling, jumping, or pushed from a high place, Y30
69

4,297,204

55,234

Other and unspecified means and sequelae, Y25, Y27-Y29, Y31-Y34,Y87.2, Y89.9
711

417,028

5,360

Ignition or melting of nightwear, X05
6

49,417,844

635,191

Ignition or melting of other clothing and apparel, X06
97

3,056,774

39,290

There you have it.

You are more likely to killed by your own pajamas or an asteroid than by this flu.

You don't need a mask, you need fireproof pajamas and a safety helmet.

P.S.:Get one for the kids as well

Biz Stone reads my post!

noreply@blogger.com (Jan Hertsens) — Wed, 01 Apr 2009 20:03:00 +0000

Techcrunch reports on a email being sent to specific twitter accounts:

We’re going to discontinue autofollow because this behavior
sends the wrong message. Namely, it is unlikely that anyone can
actually read tweets from thousands of accounts which makes
this activity disingenuous.
Biz Stone, Co-founder
Twitter, Inc.

This is exactly what I have been saying recently about the "followers bubble". I've had others agree with me, while some (not to be named here) call out that it wasn't my place to say how they should use twitter. You're right. I have no control or jurisdiction over your twitter accounts. But the twitter exec staff sure does.

Yes, during my happy-dance, I did realize that this new policy will only relate to those few accounts using the twitter-implemented auto-follow, and do nothing for those who use external tools for this. But one can hope that this becomes a more strict policy, and I got a solution for that too:

Biz, because you such a nice guy, here is my free twitter monetisation strategy for you:

Relate the number of people you can follow to a pricing tier.

Think of the benefits:

Keep the auto-followers under control, without needing to heuristically blacklist accounts.
Only celebrities, companies and spammers are impacted, and they all got money.
...
Profit!

This is possibly going to stir up some emotions, but think about this:
If you can honestly say "I think this person is interesting, so I am going to follow what they have to say", then why would you refuse to pay e.g. 1 cent per month for the privilege?

You are all special! That's why you ride the short bus to school!

noreply@blogger.com (Jan Hertsens) — Tue, 17 Mar 2009 22:51:00 +0000

Don't you just love these little notifications from twitter when you have a "new follower"?
Doesn't it make you feel all fuzzy and warm inside?

That's cool.

Are you starting to asses your self-worth by the number of followers you have?

Do you "follow" people just so they might follow you?

Do you "follow" people just because they follow you?

That's retarded.

And if you have a script in place that does the automatic "follow who follows me" for you...
that makes you the retard that pees in the public pool.

Here's why:

The number of followers is not a score. It's a statistic. Like "minutes used on your phone plan" or "number of claimed dependents". Changing that number doesn't make you more or less cool. Changing your behavior just to change the number is stupid.

The entire "Reason D’être" is to post status messages. So that people who think you are interesting can see what you are doing or thinking. So they "follow" you. But: there is a limited amount of information that a human can possibly read and comprehend, at any given 24h period.

Ergo: With every additional person you "follow" the average "attention value per followed person" decreases.

In other words:
If you follow more than a few dozen people at the same time, you are a fraud.

What else would you call promising people to give attention, and then ignoring them ?

Of course, the auto-follow is evil squared.

This is telling people "You are so special to me, I will subscribe to everything you say. But I can't be bothered to read it. Or even click a button to send this message. Also, here's my affiliate link to herbal viagra."

Yes, this is my new pet peeve, because it destroys the emerging ecosystem. I have seen spam bots with dozens to thousands of followers, and interesting people with only a handful of followers. Do you see what going on here?

I do find some enjoyment in the fact that the people who are complaining most about receiving twitter spam are those who are at the root cause of it. Karma can be a bitch.

"Why so serious?" ? Because I am one of those old geeks who remembers the days that you could actually post an email address online without it being spammed to death in hours. These days, spam traffic is the bulk of all email. Can we learn from mistakes, please?

My email address was: 2:293/608.23

noreply@blogger.com (Jan Hertsens) — Mon, 02 Mar 2009 20:50:00 +0000

Yes, really.

While looking for some older post I once made, I discovered one of the first I made.
Ever. At least on the internet. It was 1995. Thats roughly a decade and a half worth of live on the tubes that google searched through, in the blink of an eye.

Impressive, but people forget that life did not start with this "internet" stuff.

Before that, I used "FidoNet". It's logo was this:


                 __
                /  \
               /|oo \
              (_|  /_)
               _`@/_ \    _
              |     | \   \\
              | (*) |  \   ))
 ______       |__U__| /  \//
/ FIDO \       _//|| _\   /
(________)     (_/(_|(____/

Yes, younglings, that's a logo, from the days when a "GIF image" was a state of the art extravagance (which required switching to another application). And just in case you are wondering, that's a dog holding what we use to call a "floppy". Not the fancy-smancy 3.5 inch hard-plastic kind, but the good old "five and a quarter" slab of floppyness.

Those were the days of booting up an XT, firing up a "fancy" editor to type in your email, "packing" it, "tossing it", firing up the modem, listening patiently for it to connect (you could diagnose many connection problems by listening to the "handshake sounds"). Then off your mail went, and if you were really lucky, there was a zipped email waiting for you at your providers location. Mail was routed organically, and could take several days to travel across continents. "Discussion group" post could take a couple of days to reach everybody in the country. And attachments, although technically possible, would get you flogged by every "sysop" down its route.

The good old days... men were men, women didn't exist. Modems were big enough to stop a bullet for you (maybe even a runaway bull). And had blinking lights!

What it did not have were things like "the wayback machine", or "archive.org" to act as a historian of all these years of content. There is no way to ever find the text again of my first shy post. Or the "really funny joke" about the carrot and the nurse. Or the discussion that founded some companies are architecture setups that are in use still today.

"All the moments will be lost in time, like tears in the rain."

Now get off my lawn!

Assault, X85-Y09, Y87.1, *U01		18,124	16,360	210
	Assault by firearm, X93-X95	12,352	24,005	309
	Assault by sharp object, X99	2,097	141,396	1,817
	Other and unspecified means and sequelae, X85-X92, X96-X98, Y00-Y09, Y87.1,*U01

Event of undetermined intent, Y10-Y34, Y87.2, Y89.9		4,742	62,528	804
	Poisoning, Y10-Y19	3,240	91,515	1,176
	Hanging, strangulation, and suffocation, Y20	139	2,133,144	27,418
	Drowning and submersion, Y21	242	1,225,236	15,749
	Firearm discharge, Y22-Y24	221	1,341,661	17,245
	Exposure to smoke, fire, and flames, Y26	120	2,470,892	31,760
	Falling, jumping, or pushed from a high place, Y30	69	4,297,204	55,234
	Other and unspecified means and sequelae, Y25, Y27-Y29, Y31-Y34,Y87.2, Y89.9	711	417,028	5,360

			Ignition or melting of nightwear, X05	6	49,417,844	635,191
			Ignition or melting of other clothing and apparel, X06	97	3,056,774	39,290