Yesterday, I experienced something that many people are already familiar with: A jury summons.
The paperwork explained how I was randomly selected from the DMW or voter database (which I am not part of), and to present myself on October 10th at a particular courthouse. It came with apologies, helpful information and a parking permit.
There is only one big problem:
I am not a U.S. citizen, hence not legally allowed to be a juror.
Yes, I could send in the form, with proof of my non-citizenship, and I would be "excused" from this duty.
But that is not the point.
Think for a second what would happen if I "played stupid", and showed up at the requested time and place, Californian drivers license in hand? Would anybody have checked anything at all? I strongly doubt it. Then continue the thought: What happens to a court case if one of the jurors turns out afterwards to be "ineligible" ? IANAL, but "instant mistrial" sounds like a likely outcome.
Lessons here: Don't re-use database information for other purposes, especially if the authorization levels are different. Being able to recognize a stop-sign is not the same as being able to judge a serial killer.
Wednesday, September 23, 2009
More governement security at its finest: Jury summons
Labels: governement, security
Sunday, May 31, 2009
Security outsourcing: pigs or chickens?
Luck has it that I found a picture on a lolcat-related site that illustrates some points better than any presentation I could give.
When asking somebody to manage your security, think about bacon and eggs, and ask yourself: Is this person a pig (committed) or chicken (involved)?
So, when you have the lowest bidder managing your critical systems, don't be surprised to get exactly what you asked for.
Labels: security
Sunday, May 3, 2009
OMG! We are are all gone DIE!
Let's take a breather from the "swine flu" craziness, and think things through for a minute.
First off:
Life has a 100% mortality rate. This has been proven billions of time before you were born. Anybody who believes they are immortal needs serious counseling.
Now that we got that unpleasantness out of the way, let me give you some basics of "threat level analysis" : In a nutshell, you figure out out what is most likely to hurt you based on a self-assessment and what has happened to others in the past, which gives you a list of what exactly you should be worried about, and how much.
Let's look at the facts that we have available:
This particular "swine flu" "epidemic" has killed less than a dozen people total. Source: CDC
Other mortality stats of other causes (Source: NSC):
Type of Accident or Manner of Injury Deaths One Year Odds Lifetime Odds
Assault, X85-Y09, Y87.1, *U01 18,124 16,360 210Assault by firearm, X93-X95 12,352 24,005 309Assault by sharp object, X99 2,097 141,396 1,817Other and unspecified means and sequelae, X85-X92, X96-X98, Y00-Y09, Y87.1,*U01
Event of undetermined intent, Y10-Y34, Y87.2, Y89.9 4,742 62,528 804Poisoning, Y10-Y19 3,240 91,515 1,176Hanging, strangulation, and suffocation, Y20 139 2,133,144 27,418Drowning and submersion, Y21 242 1,225,236 15,749Firearm discharge, Y22-Y24 221 1,341,661 17,245Exposure to smoke, fire, and flames, Y26 120 2,470,892 31,760Falling, jumping, or pushed from a high place, Y30 69 4,297,204 55,234Other and unspecified means and sequelae, Y25, Y27-Y29, Y31-Y34,Y87.2, Y89.9 711 417,028 5,360
Ignition or melting of nightwear, X05 6 49,417,844 635,191Ignition or melting of other clothing and apparel, X06 97 3,056,774 39,290
There you have it.
You are more likely to killed by your own pajamas or an asteroid than by this flu.
You don't need a mask, you need fireproof pajamas and a safety helmet.
Labels: humour, statistics
Wednesday, April 1, 2009
Biz Stone reads my post!
Techcrunch reports on a email being sent to specific twitter accounts:
This is exactly what I have been saying recently about the "followers bubble". I've had others agree with me, while some (not to be named here) call out that it wasn't my place to say how they should use twitter. You're right. I have no control or jurisdiction over your twitter accounts. But the twitter exec staff sure does.We’re going to discontinue autofollow because this behavior
sends the wrong message. Namely, it is unlikely that anyone can
actually read tweets from thousands of accounts which makes
this activity disingenuous.Biz Stone, Co-founder
Twitter, Inc.
Yes, during my happy-dance, I did realize that this new policy will only relate to those few accounts using the twitter-implemented auto-follow, and do nothing for those who use external tools for this. But one can hope that this becomes a more strict policy, and I got a solution for that too:
Biz, because you such a nice guy, here is my free twitter monetisation strategy for you:
Relate the number of people you can follow to a pricing tier.
Think of the benefits:
- Keep the auto-followers under control, without needing to heuristically blacklist accounts.
- Only celebrities, companies and spammers are impacted, and they all got money.
- ...
- Profit!
This is possibly going to stir up some emotions, but think about this:
If you can honestly say "I think this person is interesting, so I am going to follow what they have to say", then why would you refuse to pay e.g. 1 cent per month for the privilege?
Tuesday, March 17, 2009
You are all special! That's why you ride the short bus to school!
Don't you just love these little notifications from twitter when you have a "new follower"?
Doesn't it make you feel all fuzzy and warm inside?
That's cool.
Are you starting to asses your self-worth by the number of followers you have?
Do you "follow" people just so they might follow you?
Do you "follow" people just because they follow you?
That's retarded.
And if you have a script in place that does the automatic "follow who follows me" for you...
that makes you the retard that pees in the public pool.
Here's why:
The number of followers is not a score. It's a statistic. Like "minutes used on your phone plan" or "number of claimed dependents". Changing that number doesn't make you more or less cool. Changing your behavior just to change the number is stupid.
The entire "Reason D’ĂȘtre" is to post status messages. So that people who think you are interesting can see what you are doing or thinking. So they "follow" you. But: there is a limited amount of information that a human can possibly read and comprehend, at any given 24h period.
Ergo: With every additional person you "follow" the average "attention value per followed person" decreases.
In other words:
If you follow more than a few dozen people at the same time, you are a fraud.
What else would you call promising people to give attention, and then ignoring them ?
Of course, the auto-follow is evil squared.
This is telling people "You are so special to me, I will subscribe to everything you say. But I can't be bothered to read it. Or even click a button to send this message. Also, here's my affiliate link to herbal viagra."
Yes, this is my new pet peeve, because it destroys the emerging ecosystem. I have seen spam bots with dozens to thousands of followers, and interesting people with only a handful of followers. Do you see what going on here?
I do find some enjoyment in the fact that the people who are complaining most about receiving twitter spam are those who are at the root cause of it. Karma can be a bitch.
"Why so serious?" ? Because I am one of those old geeks who remembers the days that you could actually post an email address online without it being spammed to death in hours. These days, spam traffic is the bulk of all email. Can we learn from mistakes, please?
Monday, March 2, 2009
My email address was: 2:293/608.23
Yes, really.
While looking for some older post I once made, I discovered one of the first I made.
Ever. At least on the internet. It was 1995. Thats roughly a decade and a half worth of live on the tubes that google searched through, in the blink of an eye.
Impressive, but people forget that life did not start with this "internet" stuff.
Before that, I used "FidoNet". It's logo was this:
__
/ \
/|oo \
(_| /_)
_`@/_ \ _
| | \ \\
| (*) | \ ))
______ |__U__| / \//
/ FIDO \ _//|| _\ /
(________) (_/(_|(____/
Yes, younglings, that's a logo, from the days when a "GIF image" was a state of the art extravagance (which required switching to another application). And just in case you are wondering, that's a dog holding what we use to call a "floppy". Not the fancy-smancy 3.5 inch hard-plastic kind, but the good old "five and a quarter" slab of floppyness.
Those were the days of booting up an XT, firing up a "fancy" editor to type in your email, "packing" it, "tossing it", firing up the modem, listening patiently for it to connect (you could diagnose many connection problems by listening to the "handshake sounds"). Then off your mail went, and if you were really lucky, there was a zipped email waiting for you at your providers location. Mail was routed organically, and could take several days to travel across continents. "Discussion group" post could take a couple of days to reach everybody in the country. And attachments, although technically possible, would get you flogged by every "sysop" down its route.
The good old days... men were men, women didn't exist. Modems were big enough to stop a bullet for you (maybe even a runaway bull). And had blinking lights!
What it did not have were things like "the wayback machine", or "archive.org" to act as a historian of all these years of content. There is no way to ever find the text again of my first shy post. Or the "really funny joke" about the carrot and the nurse. Or the discussion that founded some companies are architecture setups that are in use still today.
"All the moments will be lost in time, like tears in the rain."
Labels: nostalgia
Tuesday, February 10, 2009
Monday, February 9, 2009
It takes a govermental agency to be this security clueless!
Recently, I had to look up something on website ran by a local college. Of course, the site broke (the pages did not load within the session timeout), so I fired off an email to their listed support email.
Here is what I got back:
Auto-Reply
We have received your email enquiry. Please try one or more of the suggested solutions below. Web help is available Monday through Friday 8am - 4:00pm (not available weekends and holidays). If you reply to this email, please provide your full name, Soc. Sec. No., birthdate, and your current address.
Quick help
New Applicants: you will be able to login to the WebAdvisor one business day after you have submitted your application.
Step-by-step Web Registration Instructions:
http://(removed)/spring09/fullSchedule.pdf
Account Lock-out:
Wait 10 minutes and try again
Password and login help:
If necessary, please go to the WebAdvisor web page and select "What is my User ID?" from the Student Menu. Provide the required information to obtain your User ID.
Then select "What's my password" from the Student Menu.
Select "I don't remember my password" and provide the required information.
A new password will be emailed to you.
Password must be 6 to 9 characters in length and include both letters and numbers, no special characters
If you are still having problems, please contact the appropriate
Admissions & Records Office
(Contact Information removed here)
Thanks
Class assignment: List all security violations in this reply, discuss.
Thursday, January 15, 2009
On Kafka and child porn
Interesting application of child porn laws:
In the Pennsylvania case, a school official seized the phone of one of the boys after he was caught using it during school hours in violation of a school rule, according to local police Capt. George Seranko. The official found the picture on the phone, and after some interrogation, discovered that two other girls had also e-mailed photos of themselves in the nude to friends. That's when the school called police, who obtained search warrants to seize the phones and examine them. Police showed the images to the local district attorney, who recommended they bring charges.
I've seen this happening so many times: An ambitious politician creates a law "for the good of the children" and before you know it people with pitchforks are setting libraries on fire.
Imagine this:
You are alone in your room. You look at yourself naked in the mirror. You take a picture of yourself, and you instantly are sex offender, branded for life. Any friends you send it too, instantly are too.
Or...
Two kids having consensual sex. Legally. The can invite kids of their own age to watch. Or even join in. When they watch through a window, they are legally OK. When they watch using a web cam, they all are instant sex offenders.
Or how about... you are surfing myspace and stumble across a profile page of a teen posting nude pictures of him/herself. Yes, that teen would be in violation of (amongst other things) the TOS. But still your browser dutifully downloads and stores the offending JPG. From then on, any computer forensics package run on your PC will provide the proof to convict you of possession of child porn.
Personally, I don't know what is scarier these days. The "evil hackers on the internet" or the "knights that protect us".
One group will try to to rip you off, and steal your money. The other can take away your home, freedom, custody of your kids.
Labels: idiocy, politics, rant, thinkofthechildren