Jeff Duntemann's Contrapositive Diary Rotating Header Image

January, 2012:

Odd Lots

  • I’m still alive, and still remodeling. Designing two more Elfa buildouts, in fact, before the Container Store’s annual Elfa sale times out on January 31. Getting migraines from craning my neck during ladder work, too, which has made me disinclined to be perky in this space. It won’t be forever; the painting was finished today, finally. But it will be February before the carpeting’s in.
  • From the Words I Didn’t Know Until Yesterday Department: plectrum, an implement used to pluck the strings of a stringed instrument such as a guitar or harpsichord. Among the many forms of plectra are guitar picks and harpsichord jacks.
  • Here’s an intriguing list of major solar flare events, beginning with the Carrington Event in 1859. Is it just me, or has the Sun done a lot of quieting down in the last 100-odd years?
  • Why Megaupload? Those guys had four percent of all Internet traffic worldwide, all of it Linux distros and Project Gutenberg mirrors. Yeah, that’s it. Yeah.
  • On the other hand, there are a lot of people who were using Megaupload as a cloud server for their own files. And you wonder why I like local storage.
  • As I take a break from remodeling to try and get my head around various current IP topics, it occurs to me that the well-covered Megaupload bust is Streisanding the hell out of the bitlocker concept itself. People who had never heard of bitlockers (alias “one-click hosting”) or indexes like FilesTube are doubtless adding lots of new bookmarks today.
  • That swoopy one-piece telephone with the dial on the bottom that you used to see in a lot of spy movies and TV shows? The Ericophon.
  • Nancy Frier has found a niche printing firm that can actually print from then original plates used in Alox kites, and so new kites using the original Alox designs may well live again. More as it happens.
  • This dream is such a common phenomenon that the dream itself must have a name. What is it? (I’ve had it now and then for probably thirty years.)
  • Is there a utility that will search a Web page or pages for a list of search terms every X minutes / days / weeks ?

Another Elfa Closet Done


The rehab of our lower level continues apace. The tile guys finished up today, replacing the tile around the tub and some floor tile that was damaged by the mudjacking last month. The grout has to cure for another week and the toilet has to be re-set, but the tub no longer leaks. Shortly we will have a guest bathroom again.

The painters begin their work on Monday. We haven’t ordered the new carpeting yet, so the carpeting won’t be replaced for probably another three weeks. In the meantime, there are plenty of odd jobs to be done down there, and yesterday I dove in on one of them: my workshop closet. I’ve been planning an Elfa buildout in that closet for literally years, but it hadn’t bubbled to the top of the stack until recently. To replace the crappy shelves I had in there with Elfa I first had to empty the closet completely, and there was nowhere to stack its contents until I was forced by the mudjacking to clear the eastern ten feet of my shop space. That in itself was an adventure in strength training; QST may be the only magazine in creation denser than National Geographic.

So last week I hauled hundreds of pounds of parts, tubes, sound boards, unfinished project lashups and much other junque out of the closet and stacked it in the newly empty space where those QSTs had been. And yesterday, level and cordless screwdriver in hand, I got the Elfa installed.

Elfa is a steel shelving system made in Sweden, built like a battleship and priced accordingly. As best I know it’s an exclusive from The Container Store chain here in the US. It’s based on a horizontal track mounted high (ideally in studs) from which vertical tracks are suspended. The vertical tracks are not fastened into the wall at all, so can slide side-to-side for fine adjustment. (Mine is biased four inches to the right.) There are several major styles (closet, kitchen, office, garage) and all kinds of interesting bits that click into the tracks. It’s basically a Meccano set for shelving.

I’ve used it twice before, in our upstairs office closet, and across two thirds of the back wall of our garage. It takes a little practice to get good at it, but there’s nothing especially subtle about the system. It was breathtaking to see just how much clutter we were able to scoop up off the garage floor and shovel onto the shelves.

Yesterday I filled an 88″ wide closet with a six-foot shelf bank, leaving a little room on each side for specialty storage for things like brooms, vac wands, and mobile antennas, including a full set of Hustler RM-series loading elements. The Elfa system includes pull-out bins, one of which I bought to see how useful it might be. Having filled it with plastic scraps, I’ve decided that it’s very useful, and on my next trip to Denver will get two more.


I’m still switching shelves around and moving them up and down to get a sense for the spacing, and may put a couple more 2′ shelves on the right side to make space for things more horizontal than vertical, like homebew lashups. That said, I’ve already re-shelved most of the stuff I’d pulled out of there last week, and still have almost twelve shelf-feet of completely empty space. As wins go, it was a biggie.

Highly recommended.

The Trojans Are Winning

Trojans sent as spam attachments are (thankfully) not as common as they used to be. Several years ago I would get fifteen or twenty every day. In the past year or so I only get three or four per week. Nearly all of them are executables of some kind, either simple Windows .exe or .scr files, or else an MS Office file (generally an Excel spreadsheet) containing a malicious script. This morning I got a flurry of phishing attempts delivered as PDF files. As I often do, I scanned the PDF file with both AVG and MalwareBytes to see which trojan was present. This time I got a negative from both utilities.

Now, an email telling you that you should open the attached file to see details of your order / bank transaction / payroll deposit etc. are guaranteed to be malware. If two well-regarded AV utilities call the file clean, I begin to wonder how effective our AV technology really is. I’m particularly disappointed in MalwareBytes, which has been razor-sharp so far at detecting email malware.

So I submitted the file to Jotti, which is an interesting one-file-at-a-time malware scanning service. I’ve known about it for some time but never tried it before, as I’d never received anything that managed to duck AVG and MalwareBytes both. What Jotti does is aggregate online file-scanning services, and then aggregate the results from all the services. The PDF exploit got past 14 of 20 scanning services used by Jotti, including AVG. Them’s lousy numbers.

Here’s a screen cap of the Jotti output report.

To get some perspective, I did a little additional testing. Things got worse. I saved a .zip payload out of an obvious phish email that came in yesterday, and submitted the zip to Jotti. One out of twenty scans came up positive. I then (carefully) unzipped the payload to a naked .exe, and submitted that. Zero. Zip. Nada. Nobody caught it. Wow.

What this tells me is that the Trojans are winning. Scanning things before you open them is no longer any sort of guarantee. Dodging malware now requires that you turn your paranoia knob up several notches. Here’s what I recommend for Windows users:

  • Run Internet-facing apps from an LUA, or with a privilege-limiter like DropMyRights.
  • Install and use NoScript, and allow scripting only on trusted sites. Be conservative on what “trusted” means. Javascript is evil.
  • Install and use AdBlock Plus. Until sites can guarantee that their ads aren’t serving up malware, I reserve the right to block their ads. It isn’t just small sites that are vulnerable; Gawker Media got hit a year or two ago.
  • Do not use Adobe Reader. There are lots of other PDF readers that are as good or better. I recommend PDF XChange from Tracker Software. What you want is a high-quality product with low market share. Adobe Reader is an exploit farm in part because the bad guys search it harder for exploits–and most of the exploits are highly specific to Adobe Reader.
  • Whatever PDF reader you choose, go to the options dialog and turn off Javascript. I have yet to hear any compelling reason for a PDF to execute JavaScript. Oh, and did I say that Javascript is evil?
  • Do not use Flash on a Windows system. Don’t even install it. Use a Linux instance to read YouTube or other Flash-based sites that you absolutely must browse.
  • If you’re geeky enough, get a VM manager and run Internet-facing apps (or at least Flash-equipped sites) from inside a VM. This makes bookmarking tricky, but a VM is a very tough thing for malware to get out of.
  • Don’t pirate software. In particular, don’t install something and then go looking for a crack to get past registration/activation. Cracks are virtually always malware, and the pirated apps themselves are infected as likely as not.
  • It sounds nuts, but we do it: Get an entirely separate machine for any kind of online banking. Ours runs Linux. We do nothing on the machine at all other than online banking. We turn it off except when it’s in use, which is an hour or two per week, tops.

Both Macs and Linux machines are harder to infect than Windows, but most of their supposed immunity comes from their being scarce enough that the bad guys don’t attempt to exploit them. I’ve seen a troubling increase in the number of exploits tuned for the Mac, which means that Macs are now mainstream. With success comes danger. Also, more and more malware comes in via social engineering, and since that’s a wetware problem, Macs and Linux boxes are no more immune to that than Windows. (The real malware danger in running a Mac is the all-too-common conviction that Macs are immune to malware. Uh-uh.)

It’s certainly true that the vast majority of malware infections are the result of Computing While Stupid. Alas, the line we’ve heard for years about keeping AV software installed and up-to-date is increasingly irrelevant. There is no way to harden a PC to allow you to do any damned thing you want. Nothing’s bulletproof. You have to dodge–and you have to dodge harder and harder all the time.

Odd Lots

A Rootlocked Industry

I just heard this morning that the ASUS Transformer Prime will be shipped with a locked bootloader. I wanted to spit; that machine was (until a few hours ago) at the top of my tablet prospects list. Then, about twenty minutes ago, I found the update: ASUS, having felt the Gates of Hell open upon its head for the last four days, decided that it will ship a bootloader unlocker for the product–though at the cost of your warranty.

This topic will be the tech issue of 2012: Whether or not our industry has a rootlocked future.

We’ve had hints about this for some time. I originally wrote off the fact that Android could not access the Xoom’s card slot as some weird failure at Motorola. Then I found that this was only true in the US. Europeans, once they got the Xoom, found full access to the slot. Only where the Xoom was a “Google Experience Device” was the card slot out of reach. So it wasn’t Motorola at all. It was Google declaring war on sideloading, lest sideloading thin out their revenue stream from various Google cloud services.

Looking around at promising tablets, it’s a rare one now that isn’t rootlocked. I evaluated and turned down the Nook Tablet for that reason. (The original Nook Color is still what I consider an open system–though for how long no one knows.) The Xoom 2/XYBoard no longer has a card slot. (Rounded corners are not enough to make me pull the plastic out.)

Put as simply as possible, all of the major vendors want to make the handheld market basically what the TV market is today: A completely locked end-to-end pipeline that guards content from server to screen. ASUS was very clear about that: They had to lock the TP’s bootloader to get Google to allow Google video rentals to operate on the machine. Motorola hasn’t confirmed it, but I’m sure it was the same for the original Xoom. Calling it “video rental” is a misnomer. It’s really pay-per-view, which Big Content has wanted to do for many years. The PC market evolved in too open a fashion to make that possible. The tablet market, by contrast, seems to be jumping right into their pockets.

Part of this is the idiotic “give away the razor, sell the blades” business model. Tablets are often cheaper than they would otherwise be, because their vendors expect to make money on content, with content subsidizing the device cost to the end user. People now expect a tablet to cost no more than a certain amount, and so getting a truly open tablet (without a locked content stream) on the market at a competitive price is far more difficult.

Side comment: Yes, I am an anomaly. I see two or three movies a year (at the theater) and do not watch TV at all. I do read a lot of books, and I’m certainly willing to pay for them, but I do not buy as many as I might if I were more sure that they would not simply evaporate on me someday, due to a corporate bankruptcy or some kind of patent or IP rights battle that doesn’t involve me. If an ebook costs more or less the same as a hardcover, I buy the hardcover. It’s unclear how prevalent my attitude is, but I’m sure it’s prevalent enough to depress digital revenues significantly.

I’ve already mentioned that Android isn’t an OS in the same sense that Windows is. Vendors and carriers can make mods to Android that basically fork the open-source base and turn it into separate OS species that are more “Android compatible” than anything like a single OS. Android isn’t a GPL product. It uses the Apache 2.0 license, which does not compel vendors to release changes back into the community. So Android is a hybrid of open and closed technology that makes the sealed content pipeline possible. (Otherwise, the community would just edit out what it didn’t like and recompile the OS.)

2012 will be an interesting year. The top vendors like Apple, Motorola, and Samsung have enough market share to get away with this. Smaller vendors like ASUS (and down from there) do not. My hope is that we will see smaller vendors offer truly open high-quality Android tablets that do everything but offer pay-per-view content, and are capable of booting into other versions of the OS, or another OS entirely. I’d pay more for such a tablet. A year from now we may know. Stay tuned.

Unhappy Old Year

So. Once again we rebooted the calendar, and it worked. Whew. Couldn’t have happened soon enough. This year had its moments, but it wasn’t among the best I can recall, though it stands shoulders above 2002.

The year began with the worst flu I’ve had in 35 years. Lesson: Get your flu shots! Carol did. I didn’t. Q.E.D. There was other illness in the family that I won’t talk about, though nothing life-threatening. For that we have to move out into our friendscape. We lost Prudy Stewart, a stalwart from the local Bichon Frise Club, along with Harold Shippey, a gentleman in our camping group. Two of my grade school teachers died within a couple of months of one another: Mrs. Mary Clare Toffenetti, who taught art and French at IC school, and Mrs. Mary Veronica Condon, who taught third grade and also French. Dan Matthews, one of the kids in my grade school class, who had been a close friend for several years, died on Christmas Day. Just last night, one of our parishioners, who generally sat two pews behind us at church, had a serious heart attack. He’s in a coma and is not expected to survive.

All this since November 1, sheesh.

Oh, and my house almost blew up. Settling soil has been our bane here for years now. We had to empty the lower level and get the slab mudjacked, and are still fooling with paint chips and carpet samples now that the carpet’s been torn up anyway. All of my SF and most of my electronics magazines are packed and out of reach. It’s a mess.

For good things to report I’ll begin with the completion of Drumlin Circus, a 53,000 word short novel that came together in one furious six-week period, during which I wrote as much as 5,000 words in a single day. Jim Strickland and I put a tete-beche double novel on the market, incorporating Drumlin Circus and On Gossamer Wings, both tales from the Drumlins World.

Jim and I attended the Taos Toolbox writers’ workshop in July, conducted by Walter Jon Williams and taught by Walter and my SF mentor Nancy Kress. I described the workshop in two entries after we got back, and would have continued if my damned gas line hadn’t threatened to ignite virtually under my feet. (I hope to write a little more about the workshop in coming days.) I will say right now that if you have a little experience in SF or fantasy, Taos Toolbox is spectacular. Granted, it’s expensive, and almost unbelievably intense. Jim describes it as a 500-level graduate course in the art of the novel compressed into two weeks, and that sounds about right. Walter is currently accepting applications for the 2012 workshop, and I give it my wholehearted recommendation. I met a lot of wonderful people, workshopped 15,000 words of my current novel-in-progress, Ten Gentle Opportunities, and returned with new dedication to the craft of fiction. I’d hoped to finish TGO by the end of the year, but (as described above) the year did not cooperate. The new target is April 1. Snotty AIs, zombies dancing the Macarena, a copier factory gone rogue, magic as software, physics as alternate magic, and malware from another universe…hey, what else d’ya want?

On October 2, Carol and I celebrated our 35th wedding anniversary. We spent ten days on Oahu, generating enough gumption to start having the lower level rehabbed when we got back. It took everything we could generate, and more.

I joined the Writers Write! group here locally, and have made many friends there. The group’s motto is Just write the damn book! It’s advice I need to take.

Those are the broad strokes. Scattered among the days were little flashes of light and minor grunts of annoyance. My brakes have needed work three times. I met Cynthia Felice. My new superregenerative FM receiver has dead spots. I finished a nice steampunk computer table. That sort of thing; up and down on an almost daily basis.

I have high hopes for 2012. Carol and I have deliberately held back opening our Christmas presents until January 6th to get an upbeat start on the year, and 2012’s first 18 hours have gone pretty well. I won’t try to draw any conclusions from the data points presented. Hey, sea level dropped 6mm in 2010 alone. Blips happen, so let’s not read too much into any of them. It’s not the end of the Holocene…yet. Then there’s the Mayan calendar. Y2KXII, anybody? Let’s party!)

Happy new year, everyone. Strive to appreciate your friends this year. (You won’t have them forever!) Write more. Worry less. Go outside and check your gas pipes. Eat fat and drink sweet wine, and make sure you share what you have with others. I’ll be here when you need me.