Monday, July 17, 2006

Looking for a personal battle tank?


Then have I got a deal for you! Amazon is offering the JL421 Badonkadonk Land Cruiser/Tank, which boasts a top speed of 40 mph, a 400-watt sound system, and can either be piloted from within the tank or from its topside hatch. A reviewer notes:

Finally, a tank you can trust

I'll admit it. Shopping for a personal tank can be a bit daunting. Many times in the past I've purchased overpriced, so-called "battle tanks", then driven them into battle only to be wrecked in ten minutes by the first blow off of some insurgents home-made morter.

But not this baby, no way.

This tank R-O-C-K-S! Literally- the 400-watt sound-system keeps me rockin like a crazy man as I'm dishing out justice commando style. Wow. I just can't say enough. And the kids love it, too- imagine the look of terror in the eyes of the enemy as I'm dropping off my kid's team to their soccer game. Shock and awe, my friends, SHOCK AND AWE!

I had NAO install the optional GPS-guided white phosphorus missile system, and talk about *SWEET*! Burn baby burn!!!

Oh, it also has plenty of room for groceries, and if you need to like move a loveseat or something it'll fit if you use a little bungee cord.

The only real negative with this tank is that it shows up on radar a little more than I like (although there is a polyresin graphite stealth model available). Also, the included spare isn't full size.

Overall, a great tank.

Sunday, July 16, 2006

Open-Source and LAMP News Roundup


Interesting collection of news items -- some fresh, others a few weeks old -- assembled into a contextual whole sure to excite the entire family. The speakers at the last few LinuxWorlds were representative of the increasingly corporate face of LAMP: CitiGroup, e-Trade Financial, Cendant Travel (owner of Orbitz and many other sites), and Nationwide among them.

eWeek Grades the Stacks


Last week, eWeek compared a range of popular stacks including Windows JBoss, Windows Python, WAMP, Linux Python, LAMP, Linux JBoss, Linux J2EE and native .NET. Unfortunately, at least from my perspective, the stacks included portal software that clouded the results.

And the portal choices were crucial: SharePoint Portal Server 2003, XOOPS (for PHP), Plone (for Python), and LifeRay and JBoss Portal (for JSP). Certainly for LAMP and J2EE, many other choices were viable contendors.

The biggest surprise? The performance of the WAMP stack was exceptional: its transactions-per-second more than doubled native .NET. In average throughput-per-second, though, native .NET crushed the competition.

Regarding LAMP, eWeek wrote:

This stack's performance numbers suggest what many who have been using PHP for some time now (including some of the busiest blogs on the Web) know to be true—that a pure LAMP-based PHP system can easily handle enterprise-class traffic and loads.

As for WAMP, eWeek reports that it offered the most intriguing results:

The results we saw with the WAMP stacks were probably the biggest surprise in our entire test. Enterprise IT managers shouldn't hesitate to look into the option of deploying open-source stacks on a Windows Server platform.

Stephen J. Vaughan-Nichols adds his two cents regarding the decision to include portal software in the testing:

...I know exactly why these benchmarks produced their results. Indeed, eWEEK Labs agrees with me and points these factors out. For example, all their tests were based on standard portal configuration setups. So, you're not really testing the stacks themselves, you're testing the portals... Given an expert performance tuner's hand on any of the tested configuration stacks, and you would have seen vastly better results from the Linux-based stacks, and better results from the Windows stacks...

In truth, SharePoint has a huge advantage in this sort of analysis: it is tightly integrated from the operating system level all the way through to the application serving framework (.NET). That's not the case with the plethora of OSS portals, which are completely independent projects. Nonetheless, performance results of untuned LAMP and WAMP stacks are exceptionally intriguing.

Enterprise LAMP usage noted by CNet


Last week's CNet article, "Open-Source LAMP a beacon to developers," points to the dramatic rise in enterprise LAMP development:

The so-called LAMP stack of open-source software--which includes the Linux operating system, Apache Web server, MySQL database and scripting languages PHP, Perl or Python--is pushing its way into mainstream corporate computing... Indeed, several companies are staking out businesses around the open-source software rather than aligning with Microsoft's .Net or with Java 2 Enterprise Edition (J2EE) server software and tools...

"What we've seen in the last two years is corporations saying, 'We don't need these big heavy J2EE application servers. Why don't we migrate to something easier to deploy and less costly?'" said Mark Brewer, CEO of Covalent...

"If you look at .Net or J2EE, they are top-controlled by single entities to make decisions--sometimes good decisions, sometimes bad," said Marten Mickos, CEO of MySQL. "In the LAMP stack, the evolutionary powers make sure that only best-of components survive. It is a difference in philosophy."

Both Microsoft and Java vendors are clearly aware of the popularity of LAMP...


Real Meme on J2EE and Mono: Waning


Over at Real Meme, the assertion is that J2EE has topped out and is on the wane. Evidence includes a statistical/quant analysis of the misc.jobs newsgroups and related technology areas (report: Saving J2EE). As for Mono, Real Meme reports, "He's still dead, Jim."

An InternetNews analysis asks, "Is Java EE's Complexity Its Worst Enemy?":

Java Platform, Enterprise Edition is such an unwieldy beast that developers are moving away from it, cherry picking the few pieces they need or looking at open source alternatives. And if the trend continues, Java EE could die on the vine.

That's the conclusion of a report from The Burton Group, written by an analyst who has authored three books on Java 2 Enterprise Edition (its old brand name). "So it's not like I want this to be the case," joked Richard Monson-Haefel, senior analyst for Burton and author of the report...

That's been my experience. Whenever comparable web application projects were delivered in CPG, banking, and healthcare areas -- and one was in J2EE and the other in LAMP/WAMP -- each and every time the latter project beat it to market. And usually with far less FTE count. I'm not sure whether the key factors were complexity, learning curve, ramp-up time, or vagaries of the development/testing environment, but it always seemed the J2EE project lagged. Pfizer is another example of a company that has publicly reported similar results.

Open-source and Security


First came word that Antivirus vendor Trend Micro has definitively stated that open-source software is "more secure". Raimund Genes, Trend's CTO noted:

Open source is more secure. Period... More people control the code base; they can react immediately to vulnerabilities; and open source doesn't have so much of a problem with legacy code because of the number of distributions.

Other news hitting the mainstream media: word of widespread exploitation of a "feature" of the Windows File System (NTFS), which is used to create nearly invisible rootkits (self-hiding malware packages). Some commentators had warned for years that Alternate Data Streams (ADS) were rife for abuse. More recently, rootkit sites, WhiteHat tools, and even CIO Magazine have picked up the drumbeat. All point to a capability in the Windows OS that is extraordinarily difficult to police. Imagine a file -- created right from user-mode -- that is completely invisible to all but the most sophisticated tools. Effectively, that's the net-net of Windows' ADS.

OSS and Microsoft


There has been plenty of speculation about Microsoft's "co-opetition" with the world of OSS. Most recently, Sys-con editorializes MSFT's decision to provide interoperability between Office file formats and the Open Document Format (ODF):

Microsoft has up and made a 180-degree turn and is now saying it's going to half-heartedly support the Oasis-blessed OpenDocument Format (ODF) foist on it by Sun and the sovereign Commonwealth of Massachusetts, whose adoption of the anti-Microsoft format has threatened to start a wholesale defection from the Microsoft standard, particularly by government.

Not to be outdone, Google has joined the burgeoning ODF Alliance, which started with 36 members in March and is now at 240... Anyway, Microsoft says it's created what it calls an open source Open XML Translator program and that the stuff - described as "a technical bridge" between its own Open XML formats and ODF... This is Microsoft's first open source project, new and hostile territory for the company, but it's gone so far as to post a prototype for Word 2007 on Sourceforge.

And at ZDNet, Dana Blankenhorn asks, "What would a Microsoft fade mean for open-source?"

...Just as the cost of starting production rises exponentially as chips get more complex, so the cost of developing and maintaining software rises with complexity.

In hardware, this means the number of companies which can afford a fabrication plant or "fab" declines. In software it means that fewer-and-fewer companies can compete in important niches as software grows more complex... Open source may be software's way out of Moore's Second Law. And that law will continue to bite every remaining competitor in the proprietary realm, including Microsoft.

Self-Defense 101 for the New York Times


In an interview with Israeli Air Force Major General Eliezer Shkedy, one of his answers struck me as especially insightful:

This war [on terror] is so complex. [The terrorists] are always trying to figure out what we're doing; they adapt to it. I would love to be able to tell [all] we are doing... to protect them. They'd be proud to hear it. But the moment I make something public, the other side will adapt. So telling the public actually harms... efforts to protect the public.

Got that, editors of the New York Times? Is that clear enough for you?

Saturday, July 15, 2006

Okay, this sent chills down my spine


The report that Israel has given Syria a 72-hour ultimatum ("...to stop Hizbullah’s activity along the Lebanon-Israel border and bring about the release the two kidnapped IDF soldiers or it would launch an offensive with disastrous consequences...") didn't do it. But a commenter's note did:

Isaiah speaks of Damascus ...when he says (17:1):

The burden of Damascus. Behold, Damascus is taken away from being a city, and it shall be a ruinous heap... ...and the kingdom from Damascus, and the remnant of Syria: they shall be as the glory of the children of Israel, saith the LORD of hosts.

JOS Salary Survey


The JOS forum has an interesting thread (which made it to Digg's frontpage) regarding IT/Software Development salaries. Lots of data -- the accuracy could certainly be in question, though. Not exactly scientific methodology, but interesting nonetheless.

Joel on Software: Salary Survey

Friday, July 14, 2006

Iran's Proxies at War with Israel


It is worth remembering, especially at this juncture in the decades-long Middle East conflict, the reason Iran's Mullahs can roll the dice. While their proxies (Syria, Hezbollah, and Hamas) launch attacks into Israel, they gamble on U.S. inaction due to political paralysis.

They read the New York and LA Times. They hear the likes of Nancy Pelosi, John Murtha, and Howard Dean on CNN. And they remember Jimmy Carter, whose lack of will led to the ascent of the theocracy in Tehran.

They bank on the purely partisan gamesmanship that has supplanted any coherent long-range plans on terrorism and terrorist states. Americans were once unified after 9/11, but the country has long since become fractured -- first by Howard Dean during the '04 primaries and then by the mainstream Democratic party -- for reasons of political expediency.

The party organ of the Left, the New York Times, routinely censors stories and pictures of the WTC jumpers, the heroes of flight 93, the 500 WMD found in Iraq since 2003, the accelerating reconstruction of Iraq, the horrific attack on Beslan, the aftermath of the Madrid subway bombings, and any other evidence of the widening global conflict promoted by religious extremists against civilization.

Instead, the Times chooses to wage war on America's national security initiatives and to provide a willing channel that funnels propaganda to the enemy. The litany of wartime programs the Times has chosen to expose include rendition, SWIFT, phone-number databases, international calling pattern analysis, and the like. Counter to the Times' claims of government's overreach, not one person has gone to jail nor has anyone even been indicted over these programs.

The Times pretends instead that we are not at war. They ignore the ever-escalating conflict, which was strengthened by the A.Q. Kahn nuclear parts network and the Loral/ICBM debacle under the not-so-watchful eyes of Clinton and Albright. That leads us to the current situation with North Korea and Iran.

Michael Ledeen comments:

Iran has been at war with us all along, because that’s what the world’s leading terror state does. The scariest thing about this moment is that the Iranians have convinced themselves that they are winning, and we are powerless to reverse the tide. As I reported here several months ago, Khamenei told his top people late last year that the Americans and Israelis are both politically paralyzed. Neither can take decisive action against Iran, neither can sustain prolonged conflict and significant casualties. Meanwhile, the Supreme Leader said, the terrorists are all working for Iran, and we will expand the terror war.

Don’t think for a moment that they worry about victims in Gaza or Lebanon. They are delighted to see Israel fighting on two fronts, because they will use the pictures from the battlefield to consolidate their hold over the fascist forces in the region. After a few days of fighting, I would not be surprised to see some new kind of terrorist attack against Israel, or against an American facility in the region. An escalation to chemical weapons, for example, or even the fulfillment of the longstanding Iranian promise to launch something nuclear at Israel. They meant it when they said it, don’t you know?

The only way we are going to win this war is to bring down those regimes in Tehran and Damascus, and they are not going to fall as a result of fighting between their terrorist proxies in Gaza and Lebanon on the one hand, and Israel on the other. Only the United States can accomplish it.

If national security is the question, the party of weakness (and its media organ - the Times) will never be the answer.

National Review's Michael Ledeen: The Same War

David Twersky has more: War on Iran has begun

Plame Blame Game: Lame


The fun kicks into high gear with news that Vanity Fair pinups Valerie Plame and hubby Joe Wilson have sued various folks in the Administration. I can't wait until this one hits CourtTV:

For those who think that the Wilsons still have any credibility left, please see my omnibus post on the various efforts by Joe Wilson to obfuscate the truth until put under oath by the Senate Select Committee on Intelligence. Undoubtedly, this lawsuit will founder on the same shoals -- and it will give us a splendid opportunity to ask Plame under threat of perjury [many] questions including: ...How did Joe Wilson get this assignment?

Let's put Plame on the stand and really get to the heart of what she hoped to accomplish by promoting her husband for this task. I'd bet the lawsuit gets dropped in a New York minute -- and if not, the record of Wilson's prevarications should easily sink it.


Captain's Quarters: Attention, Perjury Fans!

Thursday, July 13, 2006

Boycott the New York Times


Long ago, the Times' public editor Daniel Okrent answered the question, "Is the New York Times a liberal newspaper?" His response was, "Of course it is."

In the most recent edition of Talking Points, Bill O'Reilly pointed out some additional metrics regarding the Times:

The publisher of The Times, Arthur Sulzberger, believes the Bush administration is a danger to the world. He's convinced the president is using the War on Terror to turn America into a totalitarian state bent on enriching the powerful and violating the rights of every day people.

Sulzberger's put together a staff of true believers like himself. And they are bent on undermining the Bush administration. Not watching it, undermining it.

Three political columnists for The Times -- Maureen Dowd, Bob Herbert and Frank Rich -- wrote a total of 156 columns on the Bush administration in the past 18 months. Every one, all 156 were negative.

...[The Times] simply says it is exposing an incompetent president. But the truth is far more insidious. There is a far-left press jihad going on in this country. That's the truth. Their ideology prevents them from understanding true evil. Their theoretical outlook would make it impossible to win on the battlefield.

The title of O'Reilly's piece: "When Living in a Dangerous World, You Must Know Your Enemy." But: 156 anti-administration stories in a row? Maybe it's just a coincidence. And maybe penguin commandos will invade Canada and pillage Toronto.

O'Reilly has a point. Does any sane person doubt that extremists plot further attacks on New Yorkers? High-profile targets include Manhattan's subways, buses, tanker-trucks, neighboring refineries, tunnels, bridges, and high-rises -- to name but a few. But the Times can't be bothered to investigate or comment upon the enemy's plans.

Instead, it concentrates on disclosing a swath of classified Government programs, ranging from rendition to SWIFT. Furthermore, its news and analysis pieces have attempted to justify its behavior. Laughably, other articles even question the Government's rollup of terror attacks that are in the planning -- and not execution -- stages.

Furthermore, incidents that appear in the mainstream press (e.g., the 500 WMD found in Iraq since 2003) are censored and ignored by the Times in a self-righteous zeal to wage information warfare against Americans and New Yorkers specifically.

It is one thing to have opinions and spin the news. It is another thing altogether to censor the news, to damage national security, and -- in the end -- to ultimately harm the American people by withholding news and information in a manner reminiscent of Pravda circa 1960.

Boycott the New York Times. New Yorkers deserve better. Americans deserve better. We deserve the truth.

Tuesday, July 11, 2006

Hugh Hewitt hammers another nail into the LA Times' coffin


It is certain the LA Times doesn't need another reminder that their business is going to hell in a hand-basket (heaven knows that Patterico has delivered enough to rival a pizza-driver's mileage). Nonetheless, they got one yesterday. Hugh Hewitt delivered a blistering (and maniacally dandy) weather report for the LA Dog Trainer.

It comes after a May 2006 report showing that the Times has lost more paid weekday circulation (5.4% year over year) than any other major daily.

Hewitt's prediction? Continued blight, followed by extended drought, followed by seven or more years of famine. Think of it as the second half of Joseph's dream interpretation for Pharoah and you're pretty much there.

...When the new circulation figures for the [LA Times] appear, it is a guarantee that... any losses will be explained away by reference not to the papers' atrocious editorial decisions, but to the challenge from online competitors.

To help the small brained dinosaurs... there's a useful new category cooked up by the Audit Bureau of Circulation that counts free papers left in hotel lobbies etc., "Verified Circulation."

You can perfume a corpse, but that doesn't make it less dead. Keep your eye on home delivery, paid circulation. The advertisers will. And my guess is that they won't be happy. Nor will the shareholders or Wall Street...

Wheeeeeeeeeeeeeeeeew. That's a mighty tall glass of shut-up juice the Times just got served.

It's always fun to see Mr. Hewitt delivering bi-coastal smackdowns. That's why CNN only books him on CNN's Reliable Sources infrequently. Say, when there's an eclipse during the Summer Solstice... and when he's outnumbered 3-1 or greater by the moonbattery. I did notice that the last time he was on, they pulled the usual one conservative versus three liberals (including a certain "Eric Lichtblau", recently infamous for a shameful national security disclosure). Hewitt rendered it a brutal mismatch for the Right.

I could be mistaken, but Hewitt delivered enough punishment that by the end of the segment he was yelling, "Is that all you got? Bring on some more! Carville, Rafferty, whoever you got!"

I could've imagined that last part, but I'm pretty sure that's the way it went down.

It will get considerably uglier for the Times, whose infantile behavior defies both logic and any semblance of business sense. The only saving grace for those employed or otherwise captive to the Times: the inevitable, chaotic meltdown won't last long, so it will all be over quickly.

Monday, July 10, 2006

This American thinks Soccer needs some major changes


It's been said before and I'll go ahead and say it again. Soccer is weak, my friends. Too weak for most Americans to bother with. It's downright painful to watch. Once again, I invested a couple of hours to watch the World Cup final. My biennial affair with soccer was as satisfying as eating Angel Food Cake without any toppings. I can officially vow -- in writing -- not to watch another.

As a basketball fan, the problem is obvious. Soccer is ridiculously, egregiously skewed towards defense. Example: do soccer statisticians track the number of turnovers in a match? If so, what's the record? 5,000?

Selecting (yet another) World Cup champion with penalty kicks is like deciding a Super Bowl with a Punt-Pass-and-Kick competition. Or choosing a World Series champion with a Home-Run Derby.

And it's especially bad when one team -- France -- dominated the pitch for the last 75 minutes. You heard that right: France literally controlled every bit of action for that period. Only a lightning-fast save by Italy's goalkeeper on a brilliant Zidane header kept the match tied.

In the meantime, Italy stacked defenders in their backfield like cordwood and played the least offensive-minded attack one can imagine.

Here's a suggestion: outlaw the goalie. Or get rid of the offsides (I'll admit it, that's still something this gauche American can't even begin to fathom... so let me get this straight: my reward for outhustling the defender is a turnover!). Make the goal bigger. I don't care, just tweak the game to get enough offense that every critical match doesn't end up with penalty-kicks!

That would involve adjusting the rules a bit to get the average score to, say, 5-4.

I'm sure the soccer-holics don't care what Americans think. But I think your sport -- as currently constructed -- isn't worth watching. I suspect there are a lot of other Red-Staters who agree with that sentiment.

Sunday, July 09, 2006

The suicidal tendencies of the Times


Eric Lipton must be suffering from depression and anxiety over the Government's recent rollup of terrorists caught plotting to destroy PATH tunnels in and around Manhattan. How else to explain his (each hand holding up two fingers) news story entitled, "Recent Arrests in Terror Plots Yield Debate on Pre-emptive Action by Government"?

It's worth pointing out that the Times has spent very little time analyzing the terrorists' actual plans and have instead scrutinized the government's attempts to preempt attacks. The point of Lipton's piece follows this template. Not satisifed with exposing the classified programs that help catch terrorists, the Times also hopes Americans will question the ethics associated with arresting terrorists before their plots have fully congealed!

I'll save you the time and energy required to click the link and read 14 column-inches of the Times' traditional counter-clockwise spin. Lipton's bullet-points are:
  • Terrorists have been arrested while in the planning stages of attacks
  • Shouldn't we wait until they're closer to pulling off their attacks (can't we give them a fighting chance to carry their plans out?)
  • Some attorneys like Martin R. Stolar figure we should!
Using Martin Stolar to counter the Government's notions of prosecuting terrorists makes as much sense as having Michael Jackson serve as a character witness in a pedophilia case. Lipton writes:

...suspects have been apprehended before they lined up the intended weapons and the necessary financing or figured out other central details necessary to carry out their plots...

"Talk without any kind of an action means nothing," said Martin R. Stolar, a New York defense lawyer. "You start to criminalize people who are not really criminals."

And just who is Martin Stolar? He seems to be quite a character, based upon a brief session with Google. Stolar's background includes unsuccessfully defending would-be terrorist bomb-plotters:

A Pakistani immigrant was convicted yesterday of plotting to wreak havoc in the heart of the city by blowing up the Herald Square subway station... Siraj and [a conspirator]... were caught discussing nitty-gritty details... including targets, how big the bomb should be, how to get nuclear materials and different disguises to use when they planted the bomb...

But Siraj's lawyer, Martin Stolar, insisted his client was entrapped, saying, "This was a manufactured crime... This is not somebody who is a terrorist."

Stolar showed up to organize and/or defend civil disobedience protests at the Republican National Convention.

He also defended "activist" David Segal, who pled guilty to a charge of attempting to burn down a Bronx military recruiting office and was subsequently sentenced to prison.

He also appears to be the same Martin Stolar who was denied entry to the Ohio bar for refusing to answer, among other questions, the following:

State whether you have been, or presently are . . . (g) a member of any organization which advocates the overthrow of the government of the United States by force . . . .

Stolar appealed that decision all the way to the Supreme Court, who ruled in 1971 that he did not have to answer the questions.

In other words, Stolar appears to have some very odd loyalties and -- at minimum -- loose affiliations with out-of-the-mainstream, anti-Government types.

So this wouldn't be the first guy I would go to when I needed a legal expert. But that's just me. However, he was someone Eric Lipton thought of immediately when weaving another tilted story.

If I wanted an expert, I'd find someone equivalent to Dennis Lormel. Lormel is a 28-year FBI vet, who served as Section Chief for Financial Crimes. At the Counter-terrorism Blog, he writes about the effects of the Times' SWIFT disclosures (hat tip: Hugh Hewitt):

The Times article mentioned select operational investigative SWIFT program successes, to include the capture of Jamaah Islamiah leader Hambali. How could that happen if terrorists had stopped using the formal financial system because of Government disclosures of financial tracking mechanisms?

...One fact is certain…the disclosure... has caused terrorists and their supporters to sit up and take notice. This will cause terrorist operational changes and significant new challenges for the Government in identifying and countering evolving terrorist financing methodologies.


Another interesting aspect to Lipton's article relates to the American Spectator's report that the Times' SWIFT disclosure endangered three ongoing and active investigations:

Treasury and Justice Department officials [indicate]... media outlets were told that their reports on the SWIFT financial tracking system presented risks for three ongoing terrorism financing investigations. Despite this information, both papers chose to move forward with their stories.

Could it be, Eric, that the Government was forced to rein in the conspiracy prematurely because the Times helped blow the investigation?

* * *

The original title of Lipton's piece was:
In Zeal to Foil Terror Plots, Cases May Be Missing Something

But a more accurate title would have been:
In Zeal to Foil National Security, Newspaper May be Missing Something

Put bluntly, the Times appears to have suicidal tendencies. How else to explain its willingness to coddle terrorists and expose a series of classified US national security efforts, some of which all can agree are perfectly legal?

In the Archives of Suicide Research, Dr. M. Wolfersdorf associates these tendencies with, "thoughts of worthlessness, guilt, despair, depressive delusional symptoms, inner restlessness and agitation."

By and large, that sounds like the Times to me.

The nom de guerre  "Gray Lady" may have special significance given the Times' suicidal tendencies. After all, a corpse in a state of rigor mortis is tinged with gray.

Related:
Hugh Hewitt: The NYT's Bill Keller, Unplugged
Patterico: Another Leaker Damages Our Counterterror Efforts
Philip Mella: The politics of Terrorism
RantingProfs: Another Terror Threat and Damned if you Do
Rathergate: Bill Keller does Charlie Rose
Villainous Company: NYTimesWatch: Connecting The Dots On Treachery

Saturday, July 08, 2006

The stark idiocy of the New York Times


If I wanted to drive a newspaper into the ground, I would follow the New York Times' game-plan. They seem to be executing on a vision to drive shareholder value right into the tarmac. This morning's online edition clarifies their wanton self-destructiveness. Given the arrests of terrorists plotting to destroy the PATH tunnels in and around Manhattan, I expected at least one of the lead stories to mention this little nugget of info.

After all, if I lived in the NYC area, I'd definitely want to see what my fellow commuters and city-goers could have experienced had the nimnulls been able to pull off the attack.

So I visited the Times site. And I couldn't find the story on the front-page. I scanned the entire page several times. The lead stories, in order, were:

General Faults Marine Response to Iraq Killings - Lt. Gen. Peter W. Chiarelli has concluded that some senior Marine officers were negligent in failing to investigate the deaths of 24 Iraqi civilians in Haditha last November, officials said.

* Joint Raid Captures 2 Linked to Rebel Shiite Leader
* Officer Ready to Plead Guilty in Bribery Case

New Jersey Governor Ends Weeklong Shutdown - Gov. Jon S. Corzine issued an executive order early Saturday after lawmakers approved a $30.9 billion budget that increases the state sales tax.

* Drastic Action, Modest Result in New Jersey

That's What Friends in High Places Are For - Senator Orrin G. Hatch intervened to obtain the release of music producer Dallas Austin from a Dubai jail.

* Graphic: The Tale of the Producer's Pardon

An Internet Lifeline for Troops in Iraq - For this generation of soldiers, the Internet has softened the blow of separations that can make strangers out of husbands and wives.

Israel Pulls Forces Back From North Gaza - Israeli forces withdrew from most of the northern Gaza Strip after three days of fierce fighting, but clashes erupted on the outskirts of Gaza City.

* A Day of Funerals Across the Northern Gaza Strip

Here's Proof That New Yorkers Like to Complain - Thousands of complaints to the mayor have been unearthed in New York City going back to the 1700's.

* Slide Show: Letters from New Yorkers Past

A Drive to Root Out the Resurgent Taliban - American troops are engaged in their biggest operation against Taliban forces in Afghanistan since 2001.

* Audio & Photos: Search for Taliban
* Afghan Legislator Accuses U.S.-Led Forces of Firing on His Family

Ukraine's Coalition Unravels in a New Setback - President Viktor A. Yushchenko's coalition collapsed in acrimony just two weeks after it was formed.

After scanning all of these articles and links, I finally found a reference to the PATH plot on the front page:

3 Held Overseas in Plan to Bomb New York Target - Law enforcement authorities said the plan presented a genuine threat even though it was in its earliest stages and no attack was imminent (Ed: emphasis mine ).

Consider, for a moment, the treatment of this story by the rest of the media establishment -- who must possess at least a scintilla of self-preservation:

#1 at CNN (US News): N.Y. tunnel plot uncovered
#1 at Fox News (Headlines): FBI Busts Terror Plot Aimed At NYC-N.J. Transit Network
#1 at MSNBC (In the News): U.S. says NYC bomb plot foiled

The story is of high interest around the country... and of alarm-claxons-going-off-level-interest for New Yorkers.

But here's the deal: the Times is... embarrassed. This story utterly humiliates the Times once again. The very sort of international tracking programs they decry and expose has likely been employed to save the lives of hundreds or thousands of New Yorkers.

And the New York Times. Couldn't. Care. Less.

They're happy to casually bury and downplay the story at the expense of their readership and subscription base. And even the story's lede ("Law enforcement authorities said the plan presented a genuine threat even though it was in its earliest stages and no attack was imminent  ") has all the bias and spin they can muster.

Here's a Times stock chart. Expect it to continue plummeting. After all the disclosures and leaks of classified US national security programs, it's the least they deserve.

And I'm still waiting patiently for the Times to leak or expose an enemy plot.

Related:
Captain's Quarters: More dishonesty at the Gray Lady
Expose the Left: FBI foils terror plot
Hugh Hewitt: Interview with Mark Steyn & James Lileks and The New York Times' Duties of Disclosure
Michelle Malkin: 7/7 Remembrance and Newspaper of Wreckage

Friday, July 07, 2006

Bust  by Ken Bruen and Jason Starr

Book Review:

Bust (Hard Case Crime) (Mass Market Paperback) by Ken Bruen, Jason Starr The CEO of NetWorld, Max Fisher, wants his wife dead. He's decided that he's ready to marry his girlfriend Angela -- a fiery Greek-Irish executive assistant with amazing new components -- and start over. Divorce is not an option, what with half of his formidable assets on the line.

So Max agrees to meet Angela's cousin's buddy, a hit-man named Popeye. What Max doesn't know is that Popeye is actually Angela's real boyfriend. He's a psychopathic Irish "proveen" -- a small-time enforcer for the "Ra" (IRA), who are smart enough to keep him at arm's length. Predictably, given this cast of characters, the hit goes down, plenty of things go awry, and things start to spin out of control.

Compounding matters is a hood named Bobby Rosa, now confined to a wheelchair, who makes his living blackmailing couples engaged in compromising relationships. Through sheer coincidence, Rosa happens to snap some shots of Max and Angela "celebrating" his wife's departure. Once Rosa confronts Fisher -- who is already under heavy police scrutiny -- with the photos, the plot swings in a rush of completely unpredictable turns.

You'll be hard-pressed to tell where Bruen's work ends and Starr's begins. The story is seamless and pulse-pounding. The characterizations are deep; you'll feel you've gotten under the skin of Max, Angela, and even the nutcase hit-man. My guess is you won't be able to stop reading until you flip the last page.

Paging Mr. Lichtblau... Mr. Lichtblau...


The incomparable Mark Steyn asks a fascinating question related to the New York Times during an interview on the Hugh Hewitt show. The Times has disclosed a series of classified U.S. programs that protect the national security interest, most recently Eric Lichtblau's article on the perfectly legal SWIFT program that tracks terrorists' international movement of funds.

[The Times'] defense now of their big scoop is that it wasn't a scoop, that in fact, everybody knew all this anyway, so they weren't telling anybody anything they didn't know. And I think that's nonsense. You know, Ann Coulter had a very good...she just said it as a throwaway line, really just en passant, and I'm not sure she realized actually quite what a good question it is. She said at some point in a column the other day, how many big al Qaeda secret plans  has the New York Times revealed?

And I think that's actually an interesting question. You know, when you go into a New York Times planning meeting, how much of their editorial resources are being devoted to getting inside the enemy? The British press is pretty anti-American, they're pretty anti-Israeli, they're anti-all kinds of things. But they still have journalistic instincts. Every week, I read a fascinating story in the London Times or some other paper, in which some guy has gone undercover... among the radical [extremists] in Yorkshire towns in England, where the July 7th bombers came from. And he's got all this fascinating material. A guy went undercover... [in] Brighton, in England, and came out with all kinds of material. How come nobody at the New York Times seems to be interesting in devoting any editorial energy to exposing what the enemy's up to?

A fascinating question. Methinks the Times won't be volunteering an answer anytime soon.

Thursday, July 06, 2006

Net Neutrality: Dvorak on Ted Stevens


In the latest PC Magazine, John Dvorak eviscerates Ted Stevens -- erstwhile front-man for the carriers -- using everything but a Bertram knife and a cheese-grater:

The Net neutrality bill took kind of a weird turn despite its defeat, when the public got to hear the mouthpiece for the telecom industry, Senator Ted Stevens. Wow. Stevens, an Alaska Republican, made a 10-minute speech before Congress that was something of a cross between a comedy act by Professor Irwin Corey and testimony by Casey Stengel, both famous for flubs, non sequiturs, and double-talk.

Stevens is most famous for diverting federal money to Alaska and especially famous for his grabbing $453 million needed for post-Katrina rebuilding to construct two bridges in Alaska, including the infamous "bridge to nowhere." He may be inarticulate and weird, but he does manage to benefit his state at a cost to the nation as a whole.

Stevens now appears to be the front man for the telecom companies (they must be so proud!) regarding Net neutrality, and you can listen to his 10-minute diatribe here. Let me warn you in advance. It's incredibly painful. It's too obvious that this man has no idea what the Internet is exactly and no idea about the issues behind Net neutrality. It seems like a miracle that he can even find the crapper...

Read the whole thing™.

Phalanx Close-in Ship Defense Guns getting Upgrades


The Mark 15 Phalanx ship defense weapon is capable of firing 3000 to 4000 20mm rounds-per-minute as a close-in anti-ship missile weapon. Defense Industry Daily reports that the upgraded version (1B) can also be used against gunboats, artillery, and helicopters.

Some of the customers for the Phalanx include:
  • US Navy
  • US Coast Guard
  • Australia
  • Israel
  • New Zealand
  • Japan
  • United Kingdom
  • Canada
  • Taiwan
  • Poland
  • Bahrain
  • Saudi Arabia
I don't think they're firing any of these at the Knob Creek Machine-Gun Shoot in Kentucky, though the crowds would be even bigger if they did.

Wednesday, July 05, 2006

The obstructionists were wrong (again)


I wonder if the obstructionists on Capitol Hill ever get sick of being wrong? W.C. Varones, writing at PoliPundit, remarks:

Are you thinking what I’m thinking? … that today’s missile tests by North Korea are an excellent illustration of the necessity of missile defense? And that all those Democrats who limited funding for and tried to block development of Ronald Reagan’s “Star Wars” program were dangerously, irresponsibly wrong?

he argument was that missile defense would somehow upset the Mutual Assured Destruction balance and escalate the arms race with the Soviet Union. Well, now the Soviet Union is long gone. We now have rogue states with missiles, and a missile defense seems like a pretty good idea...

Yep™.

Photo Tour of North Korea


These photos of North Korea were taken by a Russian tourist. Many of the photos are "illicit", in that they depict the real conditions in the totalitarian state and not the utopian ideal (hat tip: Powerline).

MilitaryPhotos.net: Photo Tour of North Korea

Monday, July 03, 2006

Think your SSL traffic is secure?


If you use SSL at work in ways designed to elude acceptable-use filters (e.g., WebSense) or to secure applications like telephony and file-sharing, you may want to re-think that proposition.

A series of products, among them Blue Coat's SSL Proxy, provide SSL-cracking capabilities to organizations interested in shutting down SSL violations of policy.

In effect, Blue Coat's SSL Proxy breaks any SSL traffic its been configured to intercept. How can that be so? Isn't SSL/TLS secure from man-in-the-middle (MITM) attacks?

How Blue Coat cracks SSL/TLS


I've based the first part of this analysis on BlueCoat's SSL Proxy White Paper (PDF). Later details are based upon its Deployment Guide, which spells out some of the nuances of configuration.

When a connection request is made by the browser, it passes through the Blue Coat proxy on its way to the real SSL server. The response from the destination SSL server includes a certificate. This certificate is designed to (a) irrefutably identify the server; and (b) secure the communications between client and server. To do so, the cert wraps the server's public-key, which is tied to the domain name (or, less likely, IP address) of the server.

The real server's cert, though, is intercepted by the proxy on its way back to the browser.

Before the proxy passes the certificate through, it unwraps the public key and then re-wraps it in an "emulated certificate" (I'll go ahead and call it a spoofed cert, which I think is more accurate). This spoofed cert is then returned to the client browser. The client thinks everything is on the up-and-up and -- after it verifies the spoofed cert -- it establishes the encrypted tunnel.

The tunnel, though, is now terminated at the proxy server. The proxy itself has established a second tunnel to the real destination SSL server.

The proxy can now inspect the cleartext traffic, block the traffic, or pass it on to other devices for their use (more about this later), and otherwise fiddle with it prior to sending it down the second encrypted tunnel to the real SSL server.

Modifications are required on the client


This approach, though, does require a slight modification on the client side. Namely, the server has to be "trusted" within the client's certificate chain. If a corporation runs its own CA (certificate authority), odds are that the browsers in the organization will already be configured to use an extended CA chain.

Even if the organization doesn't have its own CA, a new signing-key -- in the form of a new cert in the client-side chain -- can be added to the browser's list as "trusted." Once added, all proxying of the SSL traffic can take place without popped-up warnings or errors: the browser's SSL configuration is ostensibly "correct". The server brokering the SSL session is correct and "trusted."

The Blue Coat Systems Deployment Guide explains how this client-side operation works (PDF):

When the SSL Proxy intercepts an SSL connection, it presents an emulated server certificate to the client browser. The client browser issues a security pop-up to the end-user because the browser does not trust the issuer used by the ProxySG. This pop-up does not occur if the issuer certificate used by SSL Proxy is imported as a trusted root in the client browser's certificate store.

The ProxySG makes all configured certificates available for download via its management console. You can ask end users to download the issuer certificate through Internet Explorer or Firefox and install it as a trusted CA in their browser of choice. This eliminates the certificate popup for emulated certificates...


Concerns with Cracking SSL


To be sure, one wonders about the privacy issues raised by this class of device. A commenter on the SANS list expressed just this concern a few weeks back:

...I understand the reasoning behind doing SSL interception just for content filtering, but even in a corporate, .gov, or .mil situation where the user may have explicitly or implicitly signed away all of their privacy rights, there is some expectation that SSL traffic is not going to be visible to a third party, much less cached...

In fact, the Blue Coat Deployment Guide spells out a recommended best practice that alludes to this facet of operation:

[You should] Implement HTML notification for intercepted sites... to inform end-users that their HTTPS traffic will be monitored and that they can opt-out if they do not want their traffic to be intercepted. HTML notification is also helpful if a site is accidentally intercepted.(Ed: emphasis mine )

Interestingly, of all the operations described in the manual, the Windows Update process is arguably the most secure! Presumably, this is because Microsoft doesn't allow alteration of the certificate authority chain. The FAQ in the Deployment Guide notes:

Problem: Windows Update

Description: The Windows update does not work when the SSL Proxy intercepts windows updates connections. This is because the Windows update client does not trust the emulated certificate presented by the SSL Proxy.

Solution: SSL connections for Windows updates should always be tunneled.

Exposure of SSL cleartext to third-parties


As far as privacy concerns, another aspect of SSL Proxy operation is interesting to contemplate. Namely, certain companies have established partnerships with SSL Proxy vendors in order to add to the suite of capabilities offered by the base proxy products. For instance, BlueCoat struck a deal with PortAuthority, presumably to permit sharing of cracked SSL/TLS traffic between the companies' devices.

I haven't investigated all the permutations of these arrangements, but one wonders the following:
  • How secure is the communication channel between the products?

  • How secure are the products themselves (i.e., how many vulnerabilities do the various proxies have -- and their partner products)?

  • How do organizations validate the configurations to ensure that banking and other sensitive traffic remains protected on an ongoing basis?

It's not that these issues can't be addressed. But they should be food for thought for anyone implementing or operating under the constraints of these types of devices.

In any event, be aware that these products exist... and they can do what they claim if properly configured. Webmail, peer-to-peer file sharing, telephoney, etc. can all be monitored and blocked, even if tunneled through SSL/TLS.

The New York Times' Eric Lichtblau: Bonfire of his Vanity


Excerpt, courtesy Powerline:

Eric Lichtblau’s story in the New York Times, June 22:

Bank Data Secretly Reviewed by U.S. to Fight Terror By ERIC LICHTBLAU and JAMES RISEN

Eric Lichtblau today, on CNN’s Reliable Sources:

“USA Today”, the biggest circulation in the country, the lead story on their front page four days before our story ran was the terrorists know their money is being traced, and they are moving it into—outside of the banking system into unconventional means. It is by no means a secret.