• As you know, I attempt to keep abreast of the Left media so that I can report things here, and also to help those on the Right understand things that might require some translation. Even though I’ve moved more Right (or the Left has moved more left, whatever), I intend to continue doing this. It is important to me to not have an echo chamber, and to listen to news from a variety of sources. This leads me to today’s article.

    Kamala Harris Swears In Senate Members from Times of India

    You’re welcome to read the article. It’s a confusing bit of media. The heading would lead you to believe that the article is talking about Harris swearing in the new Senate members. It really has little to do with that. Instead, they talk about how J. D. Vance was laughing during the swearing in (the video just repeats itself a few times btw), and a video went viral of him doing so. It’s reported like this is a Big Deal. It’s not. He was smiling through the entire thing, pleased as punch to see so many of his friends being sworn in. As he should. He wasn’t laughing. I’ve watched the thing.

    One of the quotes from the article gives you a feel for what they’re aiming for (and missing, imo, but that’s another story): “Many of the Republicans Kamala Harris swore in today could not pronounce her name, the Time Magazine headlined its article…” They later suggest that those Republicans could pronounce her name but chose not to. The bottom line is, they’re more worried about the name than the people being sworn in. I will tell you, I only remember how to pronounce her name because Kamala rhymes with mommala, which was part of a SNL skit, I believe. I have to say it over in my mind to remind myself! It’s an unusual name. Now, should they have made the attempt? Yes. It’s a statement of respect, and while I don’t expect any of them to respect her, they should respect the office, and they should treat her as if they respect her for ceremonial things like this. That they didn’t says stuff to me, but it’s still pretty minor.

    The article also talks about how the “smiling people” coming to her to be sworn in were her bitter enemies only weeks ago, as if this is two-faced in some way. Why would they not be smiling? They won. We all won. They said she was a threat to the American way of life, and I believe that she was, and may continue to be if she stays in politics. They also make some claims about the claims made by Republicans about Harris, claims of “her wanting to ban Christmas from the calendar” and “bringing dog meat to immigrants’ stoves.” It’s asinine and silly. The only part they sort of got right was the claim that she tried to skew the election results by flooding the polls with illegal immigrants. I’m still struggling to understand who in their right mind would vote against a law that protects our voting places.

    (more…)

            

  • John of www.GunsSaveLife.com was kind enough to post a link back to us and to quote The Game is On! SCOTUS update

    He expressed a bit of skepticism.

    John is skeptical because nobody knows what is going to happen in Supreme Court conferences.
    It is all “reading the tea leaves”.

    The black box which is Supreme Court conferences has visible inputs. Status of the case, briefings on the case, circuit split, time after the last Supreme Court opinion on the subject and a few others.

    For output, we have “Denied”, “Denied with statement”, “Granted”, “relisted” and “rescheduled”.

    Why the justices decide on which output is a guess. Some people are good at those guesses. Mark Smith has a good record. I don’t have a record to stand on. We know historically that “rescheduling” happens when the justices want to see multiple cases at the same time. We know that under Roberts, cases that are relisted are almost always granted cert. and those that are not have some procedural issue with them, not merits issues.

    Cases that are denied Cert generally have nothing said about them. Think of it as spending 30 minutes trying to convince your parents to do something, and at the end of that they say “no”. That’s how most denial of cert goes. Nobody cares when cert is granted. It is going to happen.

    When one or more justices feels strongly that cert should have been granted, they will write a statement to go along with the order list. Occasionally, a justice will write a statement explaining to the petitioner why cert was denied so that they can address the issue.

    We saw several statements from Justice Thomas on why they were not granting cert on Second Amendment challenges that were in an interlocutory state.

            

  • There is a light at the end of this tunnel. I think that I might have the new router up and running tomorrow. I’ll be turning down two servers. Many good things happening.

            

  • As of January 6th, we are on deck for THREE Second Amendment cases to be evaluated by the Supreme Court.

    On January 10th, the justices will discuss all three cases, Ocean State Tactical, Snope, and Gray.

    On the following Monday, or Tuesday, they will issue their orders.

    The Court can:

    • Grant Cert.
    • Deny Cert.
    • Relist the case

      • .

    While it would be wonderful to have them just grant cert in all three cases, the more likely event will be that the cases will be relisted.

    In the Roberts’ court, this is the standard for cases where the justices have agreed to hear the case, but Roberts wants to make sure there are no issues hiding in the case history.

    We can expect two to four relisting before they finally decide yes or no.

    At that time, we will know what the schedule will be. If the cases will be combined, or if they will all be heard on the same day.

    We are on track to have a major Second Amendment opinion issued by the Supreme Court around the end of June.

            

  • My father taught me this recipe just before I moved out of the house, and he learned it from his mother, my Nagymama (Hungarian for grandmother). It’s one of those stick to your ribs recipes, and can be made with a variety of ingredients. This is the base recipe, and I’ve included some additions at the end, for inspiration. This is the perfect thing to make when you know you’re going to be shoveling snow for hours, or you have to do other outdoor work in cold or damp and chilly environs.

    Ingredients:

    • 16 oz kielbasa sausage, coined
    • 6 to 8 potatoes, cubed
    • 4 cups broth
    • 3 to 6 tbsp sweet paprika (Szeged brand, please)
    • 2 tbsp vegetable oil
    • 1/4 package of bacon, diced
    • 1 large onion, diced
    • 3 to 6 cloves of garlic, minced

    In a large soup pot, add the oil and heat on medium. Add onions, and cook until softened. Stir in half of the paprika. Add bacon and sausage, and cook until they are thoroughly browned and bacon is beginning to crisp. If necessary, pour off some oil (though it will lend a lot of flavor if you leave it in).

    Add the potatoes to the pot (do NOT stir). Pour in the broth until it is just barely above the top layer. Add more paprika, to make everything quite red. Bring everything to a boil, and then lower the heat to lowest setting and simmer for about an hour. Please note, this may stick a bit to the bottom of your pot. Don’t stress. As long as it doesn’t burn or char, it’s perfect that way.

    After an hour, check on your stew. The potatoes should be soft and beginning to fall apart. Stir well, and add some salt and pepper to taste. The end result should be a stew thickened by the potatoes, and filled with tasty sausage.

    Notes:

    You can make this with any sausage, or technically any protein. Kielbasa was my Nagymama’s way of making this meal, but it can also be made with Andouille, Polish sausage, and even breakfast sausage or hot dogs if you’re in a pinch. When stirring, use a wooden spoon or spatula. Bits of potato will stick to the bottom a bit, but they can be scraped up gently and will make the stew taste even better! Also, if you like a bit of spice, you can also use some or all HOT paprika, as opposed to sweet. Beware… good quality Hungarian paprika is very flavorful, and the hot stuff is quite hot. I recommend “Szeged” brand, which is available in Market Basket, Shaw’s, and most other big box grocery stores.

    I’ve made this with pretty much every kind of cheap meat out there. You can use any protein at all, but if you’re using a raw meat, cook it first. I prefer to use sausages and pre-cooked meat because it makes this trivial to pull together quickly. You can also make this in the crock pot by cooking up the onions and meat, then tossing everything into the crock pot and cooking on low for 8 hours, or high for 4. This freezes well, too, so if you have leftovers you can make up single serving packages and toss them in the freezer.

    I serve this up with dill pickles and bread, because it’s what Nagymama always did. It goes well with just about everything, though.

    Paprikás Krumpli is almost always served with pickles.
            

  • I have hundreds of dollars worth of GPS equipment. Not counting the cell phones we all carry with us.

    I wanted to try to create a Stratum 0 NTP clock.

    The last time I attempted this, I used a Garmin handheld GPS. Time to sync was in minutes and while the power draw as trivial, by the standards of the day, it would still burn through AA batteries.

    Because you, kind readers, told me that there were cheap options, I went looking.

    What I found was a GPS module that is about an inch square. For $15 I could have one delivered. It comes with a header containing VCC, GND, TXD, RXD, and PPS. I figured I could solder in the provided header then run them to a GPIO that has an attached UART.

    Well, the darn things showed up a day early, and I didn’t really want to do any soldering. I plugged it in via the USB port, put it in the window. A few minutes later, it had a hard lock.

    After installing gpsd and configuring, chrony I now have a system that is locked at less than 1ms accuracy, NOT using the PPS option.

    That will be next week’s project. Getting that PPS signal to the motherboard.

    If I had a Raspberry Pi with a good interface, not wifi, I can see that this would make a darn nice little timekeeper.

            

  • For the most part, I’ve stopped writing or reporting on “mass shootings”. They happen. My initial takes are normally wrong. The information that we are fed is designed to tell a story. I hate being a conspiracy guy.

    My biggest error, so far, has been my initial analysis of the Trump shooting.

    Having said that, it is difficult not to have questions when something stinks.

    Part of critical thinking is to ask questions. To verify answers. To put answers to the test.

    Example: We had a breaker pop on Friday. I knew what the cause was instantly, the wife was running her space heater.

    When I got to the living room, she’s sitting on the sofa. Within seconds, I determined that she had left the heater on, even after she left the room.

    Wife and Ally are telling me that it couldn’t be the fault of the heater because it had been running for a while and hadn’t blown the circuit.

    Yeah, that was before we had that extra bit of draw on the circuit from the wife turning on the TV and side table light and other loads.

    They used critical thinking to eliminate the heater. I used more knowledge to rule the heater in.

    That circuit is rated at 1650 watts. The heater, in low mode, draws 750 watts. The lights left on, the misc. stuff plugged into the walls, the bathroom light and fan easily reaches 300 watts. My computer has a 750 watt power supply in it. The switch and other “stuff” plugged into the same circuit. All of that is a significant load. Thus, popped breaker.

    While rated at 1650 watts, those circuits will actually run for a bit over that limit until they pop.

    When you look at a fact set, you have to evaluate all the parts to be able to reach a logical conclusion. Upon reaching that conclusion, you still need to have an open mind for more data that might change your analysis.

    Security Analysis

    Doing a security analysis of a location or situation has risk. I’m reminded of a sales analysis I did and provided to our sales manager for Cray.

    The short of the analysis was that they were asking for millions of dollars from the client for a drive system which they could buy from other sources for under $100 thousand. I gave him this analysis so that he would have the ability to answer these types of questions before they were asked of him.

    The sales manager reported me for “attempting to sabotage the sale”. I listened and reported back to my chain of command. The customer didn’t need me to tell them what their options were, they already knew.

    Security analyses are like that. Telling a potential target of an observed weakness is more likely to get you in trouble and harassed than it is to get the institution to budge.

    I’ve gamed out some options against institutional targets. I don’t ever talk about those analyses because I do not want something to happen to those targets and me becoming a person of interest.

    Even the language I use would get me in trouble. I learned it from working for the military. Everything we analyzed was a “target”. It didn’t matter whether it was a T-90 from Russia or a Leopard II from Germany or an XM-1 from the US. They are all targets.

    Most people don’t get it. So I don’t use those terms.

    Questions

    A veteran from the US Special Forces has decided to do “bad things.” He is going to detonate a bomb to cause damage to a Trump Hotel.

    For some reason, he decides to take his passport with him on this mission.

    The heat from the detonation is so intense, his weapons melt. Likely just the plastic furniture, but his passport and IDs survive.

    What protected those IDs from the heat?

    He rented a Tesla truck to do this in. What advantages does a Tesla truck have over an Econvan?

    With extensive training on IEDs and making explosives, his device was pretty much a dud. What was the explosive used? Why didn’t he use a real explosive?

    See TM 31–210 (HQ Department of the Army, 1969) pages 7 through 72 contains extensive information on primary and secondary explosives from field expedient sources.

    Pages 194 through 223 cover making Fuses, detonators, and delay mechanisms.

    A revised version was released in 2007.

    So SF dude, who has been trained in all of this, messes up a simple bomb?

    This man was likely highly trained in how to perform one man operations that were extremely successful. Why did he forget so much of his training?

    Finally, why did he choose to use a Desert Eagle in 50 cal to off himself?

            

  • My wife read my article on passwords and “got it”. Which is nice. I was attempting to explain how password crackers use rule sets to modify input dictionaries to create more guesses from a single word list.

    I decided to see how much things have advanced. To say I was shocked would be an understatement.

    In 2013, the game “Battlefield” was hacked and the entire password database was captured.

    This is not the major security threat you might instantly leap to, but it is bad.

    Stealing Passwords

    I worked in the Systems Group at my University. We were tasked with all software maintenance, installations, upgrades, and in house improvements to the operating system.

    The systems group had taken the original manufacturer’s operating system and extended it to the point where it was no longer the same operating system. Having done this, we gave back all the code we had written to the manufacturer, who incorporated what they liked into their next release.

    We had developed a long term backup plan. This plan was three tiered. We took daily backups of the entire file system. This was a rolling tape backup. There were 30 days of daily backups performed before the first tape was overwritten.

    We also performed weekly backups. There were 52 weeks of weekly backups. So a total of 82 backup sets.

    In addition to this, we did end of term backups. These were done just after the term ended. These tapes were kept.

    What this meant was that if your file were to live for at least 24 hours, you would be able to recover to any particular day in the past 5 weeks of your file.

    If your file were to exist over a weekend, you could recover that file to how it was on the weekend it was dumped for the past year. And if your file were to exist over the term break, it would exist for the lifetime of the storage. 9 track tapes now being dead, I’m not sure what the University did to preserve those old tapes.

    In addition to these backups, we took a separate backup of the “password” file once a day. There were 30+ days of password file backups.

    That is the setup. The actual story:

    We used to give tours of the machine room. The operators enjoyed bragging about the quality of our backup system.

    One of these tours, a little monster took one of the password backup tapes and put it in his backpack. He walked out of the machine room with that tape. Nobody noticed the missing tape for the next 30 days.

    Said monster took that tape over to the engineering department, where they had their own 9 track tape drives. He read in the file.

    He was presented with 10s of thousands of clear text passwords.

    This had financial implications because we sold computer time.

    We changed our policy to always encrypt the password file before it was written to tape. I have no idea if that encryption standard was any better than Sunday comic page ciphers.

    No more Plain Text Passwords

    The number of times somebody in a movie has gotten the idiot to give them somebody else’s password is astronomical. The truth is that most passwords are stored in an “encrypted” format. We don’t have access to your password.

    We can reset your password, but we can’t tell you what it is because that isn’t recorded.

    At the university, they were still storing passwords in plain text. They only encrypted the password when it was written to tape.

    Modern systems store that password in an encrypted format. The old method was what is called “descrypt”.

    The first two characters of the encrypted password is the “salt” and the rest is the DES hash of the password. This is NOT the same as encrypting your password with a secret and then being able to decrypt it with that same secret. Instead, we use your password to encrypt a given, known, piece of text. The encrypted result is what is stored.

    When you provide your password, we encrypt the same text string with your password. If the resulting text matches what we have stored, you have proven you know the password.

    Here are a couple of hashed passwords: SD2PFyBHY1oUY, q5M9nJsU/JSwI, sTd5NrAIMrisU, 8MbLuguRAeo92, $1$OcbNKu2y$l9faj.aCWodfonXiSlgnV0, $1$hh765lOJ$lrZ4jkCtUkG3qPBuFJQ/2., $5$2W0fdlfY.a/iXErF$xbzHcX8CfPc89vJkxsiC/BjDmqxI20Yk.Vj9OLL/6e2, and $5$HxfQ9B30d8GdmyPo$J6FWaeGKSez2cLbw3cktvaYgPvsTFaXdMzYp4yDcQjD.

    These are all hashes of the same password, “hello world!”

    Slow Them Down

    Storing passwords in plain text is stupid. But computers are faster than you think. Thus, we want to slow down the speed at which computers can make guesses.

    We do this by using a salt.

    Consider the situation where you had 74,577,451,608 guesses you wanted to try. If you were to create the hash for each of those guesses, it might take you a bit of time. In the end, you would have them all. Now it is only seconds to look up the hash in a database/file and get the plaintext password used to generate that hash.

    To fight this, we use the salt. The salt modifies the hashing process such that for any given password, there are many possible hashes to represent that password.

    As shown above, even when using the same “hashing algorithm” we got many results.

    This is to slow the guessing of passwords down.

    And the results

    In 2013, the game “battlefield” was cracked. They escaped with around a 1/4 million password hashes. These are not clear text, you can’t just type them into an account and get in, they are still “protected”.

    I used a starting source of 184,000 known passwords. To this, I added an American and a British word list. I didn’t bother to get name lists for a total of 282,000 unique test words.

    In the simplest case, with no salt applied, that is 184,000 * 282,000 different combinations to test.

    In 2 minutes and 50 seconds, on my medium GPU and medium CPU, we tested 74,577,451,608 different passwords against 282,546 password hashes.

    We were able to guess 7.30% of the passwords, or, 30943 passwords.

    That is more than enough to make money.

    pilote50 c0c4c074 ninjustu shana596 ilovemom1122
    b02723 wayfaerer 170215556 crouch69 deafread
    Hobbit0727 1steward mckenzie12321 tki915 draguuns
    bangbus aliga2006 flikker88 dm1249 bata501
    wysiwyg_2008 blowover caros1996 poopscoop Sugarcoat231
    silo93 kotwica har2602 plasth13 ambrochio
    resistance2 sluiter9 overfiend plexico0 hitman1337
    jryans13 123sithi1 kever1303 negfaen kaunas1986
    Miltons1 wildcat0712 8621409 Vj211290 hondadragon2
    arginine limpdown itu202 popo2214 jasdie69

    And you can see how bad they can be.

            

  • Security is a concept that Chris talks about a lot in his computer babble. I want to talk about a different kind of security, though. Prepping security is a multi-layered woven mess of gods-only-know-what. Still, it’s vitally important to untangle the knots and figure out what you’ll do should shit go south.

    The first aspect of security is always the most simple and visible. How do you protect you, your family, and your stuff? We’re all 2A folk here, and so firearms and other munitions are a part of what we do to keep ourselves safe. Firearm security requires a lot of practice and information, ranging from knowing how to use your firearm in a safe and rapid manner to how to store it both safely and securely. Along with firearms, you have other lethal and non-lethal methods of physical protection. These include knives, IEDs, tasers, bear spray, bows and arrows, slingshots, atl atls, and other fun “touch them from a safe distance” tools.

    For grounds security, I always recommend the usage of high decibel horns. A friend of ours was having problems with teens defacing her garage with swastikas, and it was very disturbing to her because she’s Jewish. I suggested an air horn as a non-lethal response, something she very happily used. The first (and last) time the miscreants came back, when they opened her gate they got blasted with a huge air horn that alerted the entire neighborhood, and apparently left behind a fecal sample for the cops to work with. This is a “works once” sort of thing, of course, because once Bad Guys know its there, they can find a way around it. Still, if you have hidden trip wires, change them on the regular, and switch things up, it works, and works well.

    Glitter bombs and shit bombs also work wonders, while the popo is still at work. Again, this is a non-lethal response so you’re unlikely to get into trouble. It does mark the offender well, though, and makes it very easy for the popo to find them. It’s also disturbing when it happens, so anyone who’s stupid enough to trip it is going to be freaked out. And I’m here to tell you, as the parent of children, glitter is forever, like herpes. That person will never be able to show their face in your neighborhood again, because no matter how much they bathe, you’re going to notice your signature color sparkling in their hairline or up their nose.

    (more…)

            

  • Happy New Years

    Welcome to 2025. This is the time of year when I used to write the wrong year on my checks. I’ve not written a check by hand in over 5 years. That’s what computers are for.

    And we are getting older. It used to be that we would sit around the TV for a few hours waiting for the ball to drop.

    This year we were all doing our thing. Then at 2345 the alarms went off. We stumbled into the living room. Went to YouTube to find a ball drop channel.

    We did the toast to the new year, then stumbled to bed.

    Firewalls

    I am bringing up a server in a new infrastructure. Instead of using the half arse load balancers and firewalls provided by the vendor, I decided to use a micro/nano instance and install pfSense.

    pfSense is based on FreeBSD. Wonderful. The issue is that the vendor does not support FreeBSD nor do they support pfSense. This led to 24 hours of frustration.

    The issue? The installation went smoothly, as expected. Everything is done on the serial device. When booting into the newly installed OS, the screen would lock up right after it said it was loading.

    The issue? The installation media runs the console on the serial port AND the video console. The default for the installed OS is to only use the video console.

    I received a message to my help request shortly before I wrote that I had turned on serial devices and everything just worked.

    Why is this important? For testing, I had the firewall locked way down. Fine. Everything works fine for me. I try and install a LetsEncrypt certificate and it failed.

    It told me it was a firewall issue.

    It took me another day before I figured out that I had locked out web access to the firewall. I was only allowing my server to connect.

    Small Steps

    There have been a couple of cases out of the circuit courts in the last few weeks that are positive wins for the Second Amendment.

    My guess is that we have a few more judges that believe in doing what the Supreme Court told them to do. And I believe that everybody is waiting for the Supreme Court to put the hammer down on another set of Second Amendment cases.

    Everything Is Relative

    I have been so immersed in getting our data center up that I lost sight of client needs. I was just about to write to one of my clients to see if they had noticed the improvement in performance.

    I woke up to a message of frustration. Nope, it wasn’t better. Was it better than it was? Yes. Was it good enough? No.

    Fixing it.

    Of Course It Is Illegal

    I have a friend who is currently living in one of those shit states. One of those states where you can assume it is illegal unless it is specifically made legal. And that could change tomorrow.

    At the homestead, varmint are taken care of with the right caliber. Those squirrels ransacking the birdfeeders? They be varmint needing .22LR, subsonic.

    The possum and raccoons getting into garbage cans or attacking the chickens? .357 Magnum varmints.

    Deer eating the crops? 30-30 varmints.

    Bears getting into the beehives? 45–70 varmints.

    Where he lives, he has bear coming up on to the back porch. He can’t do anything about it because it isn’t legal to shoot them. And the neighbors would complain.

    I offered him an air rifle for the squirrels. He was concerned it would make too much noise and the neighbors would complain.

    I gave him a “Wrist Rocket” slingshot for Christmas.

    He can legally possess it. I can legally give it to him. He cannot legally buy a slingshot nor can he legally make a slingshot in his state.

    I wish he would move to my state, he would enjoy more freedoms.

    Question of The Week (2)

    1) Are the security posts of interest? The explainers about things computer?

    2) Are you excited that the Supreme Court is prepared to hear another Second Amendment case?