solarbird: (banzai institute)
How is NSA breaking so much crypto?
OCTOBER 14, 2015

There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.

solarbird: (molly-thats-not-good-green)
Well, this is abrupt - they thought they had a couple of years left:

SHA1 encryption expected to be easily cracked by end of year.

eta: I'm kind of proud of this:

solarbird: (Default)
Comcast Tier 2 just told me it's not their fault, and they didn't do anything, and it's our network that's broken and our Cisco router is allocating IPv6 addresses.

Except WE DO NOT EVEN HAVE A FUCKING CISCO ROUTER. They repeatedly insisted that we did. We do not.

And they will not do anything.

They're insisting it's our fault and they've never done anything like this (even though they have twice before and fixed it on their end both times) and they have no records of anything like this happening before.

They also simultaneously insisted that we were self-generating IPv6 addresses (but I guess only when talking to their servers? Sure, that makes sense) and that our gateway is set up not to pass IPv6 traffic, even though their servers are seeing us as IPv6.

And he refused to let me talk to anyone else.

I guess we need to find a new upstream IP provider, because I have no idea what to do next.

Also, I was pretty pissed off that despite the fact that I've been the one doing all this calling since always that I had somebody who comes in and does our networking work.
solarbird: (Default)
Aaaand Comcast had no open ticket for their routing fuckup (see previous post) which is why we never got a callback. Apparently the previous tier 1 tech entered the escalation ticket as a comment ticket instead of an escalation ticket. Or something.

Meanwhile, due to their routing fuckup - and keep in mind, this is the third time they've done the same damn thing - we've been unable to deliver mail to Comcast users for a week now.
solarbird: (Default)
I take back what I've said in the past about Comcast business internet support being better than their consumer level.

They've fucked up their internal routing of our mail for the third time, which means we can't contact comcast customer servers to deliver email. And despite the previous two times being in our customer records, they seem to have no idea what to do or even who should do it.

Primary support sent me to security assurance, because they couldn't deal with it. Security Assurance said they can't do anything about this kind of problem, and made me call back to primary support.

First tier primary support that time didn't even understand the problem, so they elevated me to tier 2, who just called me back also not understanding the problem. After eventually explaining in sufficiently small words, they've just told me they can't do anything about it and can't even escalate it and that I have to talk to security assurance. After I made it sufficiently clear that Security Assurance has insisted they can't do anything about this, he just kind of started repeating, "we cannot do anything about that here, we have no way to escalate it, you have to talk to security assurance."



eta: Aaaaaand I've been sent back to core support again. Because Security Assurance Doesn't Do Anything Like This.

eta2:: I am currently on hold. And elevated again to tier 2. And they're calling me back.
solarbird: (molly-braceforimpact)

Yes, seriously. Right now.
solarbird: boring bit (boring bit)

I’ve set up a redirect so that mobile users going to the front page from outside the site will, by default, go to the mobile version. But unlike with the blog (where I can’t do this because reasons), you can actually and properly exit to the desktop view – there’s a link at the bottom of the mobile page to do it.

It’s the same mobile version as the one you’d get by default if you went to the blog on mobile, so there’s not really much new. But I didn’t want to have to add a “go to mobile” link on the front page or anything, so this seemed like an adequate solution for now.

Anyway, if you’re curious:


Forced desktop:

Mobile front page:

That’s not perfect because the mobile front page will be shown as a desktop blog page but with mobile content if you go there from desktop, because again reasons.

Next version won’t do that sort of foolishness, but that can wait a couple of years – I hope!

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (banzai institute)
It's still early days, but doing all that mobile view work (and turning it back on once it was usable) seems to have had a pretty decent impact. Here are some stats from Google Analytics:



The bit in red is mobile; above that is desktop; below that is tablet. The tablet audience is surprisingly small; it's swamped by both desktop and phone. The "bounce" rate is the percentage of people who hit the site and only look at one page. The pages per visit is a mean, and includes the bouncers. The time-on-site thing I consider kind of unreliable, to be honest. (It's regularly internally contradictory within a single day, is why.)

Anyway, as you can see, phone users used to bounce off the site at a dramatically higher rate than other kinds of users; now they've moved into line with everyone else. Pages per visit on phone is up, time on site (unreliable tho' it may be) is also meaningfully up. Mobile users had been dragging the whole site average down; now it's back in line with other formats.

So I guess that mobile view is kind of important! In retrospect I guess that seems kind of obvious, but I tend to hate them personally, so I guess that kind of affected my impression of their value. I wish I'd done the work earlier, now. Ah, well, live and learn.

Echoed from Crime and the Blog of Evil

solarbird: (Default)
I did a bunch more site maintenance over the weekend, particularly on mobile. This involved combining the candy button row with the menu row and making both look better (imo), and adding some silly animation on the social buttons because I could, and stuff like that.

Let me know if things are broken; there was a lot of under-the-hood work here, and if I bodged something together wrong, well, I'll fix it if I can. But see the known issues below.

Regardless, have some before and after pictures, and a couple of animated gifs if you want to see a direct comparison: front page view, blog post view.

But the mobile experience in particular is what's really different. It's changed so much that I've turned it back on for most mobile browsers, having previously disabled it for everything except the most primitive mobile web viewers.

Carrington Mobile PreviewBasically, before, it just had all sorts of problems. Leaving aside the colours being all wrong, there was pretty much no way out of this view or to the rest of the site. It just wasn't built for use in a mixed-software environment, and the navigation system was fiercely primitive.

Plus, it didn't do any correct things with images, so any but the smallest pictures were truncated, and so on. You pretty much had the latest posts and... that's it.

There was, in theory, a way to exit to desktop view, but it didn't work and I didn't know why. The best I could do was wodge in a link back to the main site, as best I could, but it was pretty well hidden.

Now, post-update, if mobile users come to the site's front page, they still get the desktop view. That's because reasons; it'll stay that way until the next big site rebuild. But once mobile users hit the blog, they'll enter the mobile mini-site. And here's what they see.

The secret is, almost all of my mobile hits go straight to the blog, so for them, it is the front page. So triggering better mobile behaviour based on that seems okay.

The first thing you might've noticed is hey look, it's a bloody navigation bar. Holy hell, who could've thought that up? Fun, right? It's sticky, too, so it shows up on all the mobile pages. But even better - all those top links to go mobile views of pages, including the front page.

It sounds trivial, but this was actually more work than it should've been, since this mobile theme had no provisions for this at all. So I wrote it in.

Now, there's cheating going on here. The mobile front page is a completely separate page. That means I have to maintain two front pages, which blows. Same for the shows page. But since the mobile version of the front page will be pretty static, I'm ... acceptably okay with that. Stuff changes on the desktop version all the time, but those changes are automated - newest blog post preview and Twitter feed excerpt, right? If you're seeing this page, you've already been to the blog, so the latest-post excerpt is uninteresting, and there's a social media bar with links if you're into Twitter. It'll do.

And hey, check it, blogpost images shrink to fit now. Welcome to 2008! Or, arguably, 1997. Whatever.

Down at the bottom of the mobile pages you'll find navigation links back to the desktop version of the site. The blog and music players will stay mobile versions, but the rest - this is how to get to the desktop view where possible.

There are more places to go in this bottom menu; since it's the desktop menu, I can put on all the primary pages and you'll get a... somewhat consistent experience? As less inconsistent as I can manage? Something like that.

I'm sure this is a bit confusing, but it's my best compromise and I'm hoping it works out.

Here's the blog page top all knitted together, and the same for the front page. And desktop view, blog page, before and after, since I've already uploaded them.

Anyway, that's what I did this weekend. There are problems. The biggest is that I can't tell the difference between Android tablets and Android phones, so right now, Android tablets are getting phone view, when I'd rather be serving them desktop. A lot of people are surprisingly okay with that, apparently? Anna tells me the devs at Big Fish Games have to do it on a per-device basis, and I don't have that kind of granularity.

The second is that it should be possible to disable mobile view entirely on any device. I mentioned above that it never seemed to work. Now I at least know why it doesn't work (cache conflicts), and also know that I can't fix it. (And that there have been unanswered support requests for this sitting out there for months. I guess they can't fix it either.) Sorry, best I can do. Stick to the desktop navigation menu and you'll mostly get desktop.

Other than that, let me know if you see problems, and let me know what does and doesn't work for you. From what I'm hearing, almost everyone prefers a phone-specific view on phones. I hope that's true.

Echoed from Crime and the Blog of Evil

solarbird: (molly-computer-all-lit-up)

I’ve been doing a bunch of work to make my formerly-terrible phone view for my blog into something that’s better on a phone.

What do you think, sirs? Additions include navigation to other parts of the site (finally), a mobile contact form that works, easier access to the mobile music page, throwing mobile users of video over to my youtube page, things like that.

And two questions:

1. As a phone user, do you want to see this view instead of the desktop view? I think at this point (since it’s not just locked into the pale-blue-on-pale-blue madness which was Carrington Mobile and also lets you visit the rest of the site) it’s kind of reasonable so suggest that.

2. If you’re a tablet user, do you still get the desktop site? I want that. Tablets can handle desktop view. Phones, though – yeah, not as much.

Anyway, what do you think?

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (gun good job)
...but when I do, it's on production servers.

You may have noticed things flipping around a bit on the band site today? I'm doing some small cleanups and upgrades and stuff. The home page has been particularly hilarious. I should've done screencaps.

Anyway, the non-blog and non-bandcamp sections are pretty much done, except for a new banner graphic I haven't made yet - check it out if you like. Mostly it's menu and headers and social media button updates and improvements.

I just need to port all that to the blog and to Bandcamp. YAY INCOMPATIBLE CODEBASES! Welcome to Doin' It Wrong in 2015; I'm your host; the Acme rep will be here any time now; watch out for falling pianos.

Now - let's get dangerous.

Echoed from Crime and the Blog of Evil.

solarbird: (music)

I really need to get that antimatter generator up and running. We’ve lost power again. Going down; back up when we… can be back up. No ETA yet. will continue to work.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (korra-grar)

Remember yesterday, when Google decided all the mail I was trying to send users – personal mail, one to one correspondence – was actually bulk email spam?

Today it’s decided that I don’t meet IPv6 authentication standards. Except WE DON’T EVEN RUN IPv6.

Does ANYONE know what those clowns are doing over there? I mean seriously, what are they doing?

----- Transcript of session follows -----
... while talking to
<<< 550-5.7.1 [2601:8:9740:1300:da50:e6ff:fe55:2303] Our system has detected that
<<< 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
<<< 550-5.7.1 records and authentication. Please review
<<< 550-5.7.1 for more
<<< 550 5.7.1 information. rc8si3266778pdb.83 - gsmtp
554 5.0.0 Service unavailable
Reporting-MTA: dns;
Received-From-MTA: DNS;
Arrival-Date: Thu, 18 Dec 2014 09:26:44 -0800

eta: That turned out to be a one-off, with Google reverting to the rejected-as-spam error. Until now! When it's rejecting mail as "too much mail being sent." We've sent like 20 MESSAGES ALL MORNING, most of those test messages, all of them bouncing.


421-4.7.0 [ 15] Our system has detected an unusual rate of
421-4.7.0 unsolicited mail originating from your IP address. To protect our
421-4.7.0 users from spam, mail sent from your IP address has been temporarily
421-4.7.0 rate limited. Please visit
421-4.7.0 to review our Bulk
421 4.7.0 Email Senders Guidelines. ry9si11359491pbc.147 - gsmtp

eta2: Okay. Between getting Comcast to revert some of their internal network changes (and marking us DO NOT INCLUDE) and figuring out how Google was reacting badly to them, we seem to be able to deliver mail to Google again. Google never did answer or even acknowledge queries tho', and their solution pages were a combination of useless and irrelevant.

Wow, this was not how I wanted to spend all day.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (music)

Google is blocking a piece of mail from me as spam. It’s individual mail directly from me to directly one other person. It has no images or links and is plaintext. I’m asking someone I know for recommendations for a fill-in slot at a music festival.

Any ideas? The page linked in the bounce is pretty much useless, and I’m worried they’re trying to force everybody to adopt DKIM, which is a tremendously broken standard I’ve addressed before.

  ----- Transcript of session follows -----
... while talking to
<<< 550-5.7.1 [2601:8:9740:1300:da50:e6ff:fe55:2303      12] Our system has detected
<<< 550-5.7.1 that this message is likely unsolicited mail. To reduce the amount of
<<< 550-5.7.1 spam sent to Gmail, this message has been blocked. Please visit
<<< 550-5.7.1 for
<<< 550 5.7.1 more information. g5si6986243pdc.141 - gsmtp
554 5.0.0 Service unavailable
Reporting-MTA: dns;
Received-From-MTA: DNS;
Arrival-Date: Wed, 17 Dec 2014 11:46:08 -0800

I tried a shorter one, and it's bounced as spam too:

From: "Dara Korra'ti (public)" <[deleted]>
Subject: how about this one?
Date: December 17, 26 Heisei at 11:46:07 AM PST
To: (account withheld}

does it like this short one? If so, check your FB, Google is blocking email from me to you. :(

We have an SPF record, and this is a new trick we've only detected today. Some mail can get through to other people, but none to this recipient. But the original mail which triggered the first bounce can get through to no one. Thoughts?

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (Default)

solarbird: (Default)
Murknet is going down. See you on the flip side.
solarbird: (music)

There’s a windstorm coming in tonight and tomorrow; it’s supposed to get quite windy (95-100kph gusts) by Thursday afternoon, so we may lose power and go offline around that time. There won’t be much warning, necessarily; we have 45 minutes or so of offline power, but we don’t tend to want to use all of it staying online if we know we’ll be down overnight.

And since tomorrow is the day I was planning to remind everybody about the Hey, Creative Followers! Show People your Stuff! post, I’m doing an extra round of that now, just to be safe. Go add your creative output to the list in comments for Monday’s big repost!

Or if you don’t have something to post, go look at the list now, it’s pretty cool. :D

If we do go down, the Bandcamp site ( will stay up, and we hope you’ll consider pre-ordering Bone Walker just to help us dig out. And pay for the mastering. And all that. Or really just to make us feel better. One or more of those. :D

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (Default)
It's been fix-many-small-annoyances through small amounts of money time lately. Did you know through-house-wiring networking adaptors are down to like $28 for a pair? I did not. But someone mentioned on Facebook that they'd bought a pair (a more expensive pair, but this cheaper brand I've successfully used before) and wow has that fixed the ASUS microserver and streaming of Legend of Korra on the television.

And some other things, too.

I've been doing a lot of that lately. I migrated to a not-as-stupid not-by-me password manager. I built a small shelf (and bought another) and rearranged problematic storage in the kitchen. The three-day packs? Recertified and up to date! I made a replacement couch cushion cover for the one that had ripped almost a year ago. I bought a $20 pair of motion-activated LED battery lights for one studio closet and the costuming/sewing supplies/paperwork storage closet and wow that's nice to have done, I didn't realise how bad it was. I bought a $15 curtain rod (with wall attachments) to replace the saggy clothesline in the laundry room and there's so much more space suddenly you have no idea.

It goes on like that a while. I posted a little over a month ago (on the band blog) about finally working my way back down through the to-do list to things from Before Eye Explosions, and I haven't really stopped. Tomorrow I'm finally going to polycoat the iPad case I made for Anna over a year ago.

CHUG CHUG CHUG MOTHERFUCKERS SHIT IS GETTING DONE and none of it is really, truly important? But yeah it feels nice to be sorting all this shit out.

I think the surprising part is that as I do this, I'm starting to get experimental with music again too, in ways I haven't been for a while. It's been entirely eye surgery recovery OR work on soundtrack album and exactly fuck and all else. The last few days, tho'? Noodlin'. On a new instrument! I was at it for so long on Sunday that Paul begged me just to STOP FOR THE LOVE OF GOD and that was fun. :D

Anyway, so that's just kind of nice. I like sorting things out. I really do.
solarbird: (molly-tired)

The band site will be offline some today, for security mitigation measures which have actually already started. (Debian backports have not released a patch yet for a particular issue of immediate importance.)

Relatedly, if you haven’t patched any systems you have for this vulnerability, get on that.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

solarbird: (Default)
i am at that point in a project where i just wish i'd spraypainted everything white

also the fucking wrong paint that home depot gave me against my explicit instructions ("paint and primer in one" fuck that that's called shitty pigment) does not bind worth shit TO ITSELF i waited three times the minimum time for a second coat and got sheeting and horribleness

actually let me revise my first statement i am at that point in a project where i wish i'd blown up the building

ahhhhhhh the sound of distant explosions

so soothing

October 2017

12 3 4 567
8 91011 12 1314
15 16 17 1819 2021

Most Popular Tags


RSS Atom