December 30, 2008

MD5 signed websites may not be secure

You may have noticed when you go to certain websites, you'll get a signed certificate that is supposed to prove that you are at that actual website. I say supposed to because there was demonstration at the Chaos Computer Congress on how to spoof (fake) a MD5 certificate of authentication. There are a couple kinds of certificates and it appears that only the MD5 CA has been spoofed. This is an older type of certificate but is still used by many websites. There has been a warning about this concept for sometime, however, it was just demonstrated . So it's no longer a concept because there is proof it can be, and has been done.

You can read all about it here http://www.win.tue.nl/hashclash/rogue-ca/

Microsoft has also issued a security bulletin about it here http://www.microsoft.com/technet/security/advisory/961509.mspx

The guys who figured out how to do this will not release all the details of how it was done for a couple of months, to give time for a fix to be developed.

I'll post more details as they become available.

December 19, 2008

The Music Industry Has Finally Learned

Looks like the music industry has finally figured out suing your customers is bad business. It's not just suing their customers, but the way they went about it. Not only did they sue over 38,000 people for sharing music, they wanted outrageous settlement sums. The RIAA wanted $700 and more, per song that was shared. Some of the settlements they were after had total fines in the six figure range. They also filed tons of John Doe lawsuits. They didn't even know who the people were that they were after. They demanded that universities, internet service providers, and telephone companies turn over private records to them, so they could put names to IP addresses of suspected file sharers. On top of that, they used scare tatics. They knew that plenty of the college students and single moms couldn't afford lawyers. They would offer defendents settlement deals that ranged in the tens of thousands of dollars or else, if they lost, they would have to pay judgements that were in the range of hundreds of thousands of dollars.

However, things weren't going there way. When the RIAA finaly won a settlement for $30,000 from a 16 year old who downloaded 37 songs, a judge reduced the fine to $7,400, which the RIAA accepted. Meanwhile, other judges were throwing out their lawsuits completly. While the RIAA has deep pockets and an army of high paid lawyers, one has to wonder how much is a copied song really worth. Not to mention some artists themselves were against the lawsuits. Of course the judgements themselves didn't go to the artists, they just lined the pockets of RIAA.

I can't help but wonder why the music industry didn't emnrace the whole music download system a long time ago. Being a musician myself, I'd be happy if someone shared my music with someone else. What better way to get your music out there then by letting people listen to some of it. Face it, most of us get little or no radio play and even less of us are on MTV. The sharing of music is probably the best way for a musician or band to get any other exposure.

These lawsuits failed on so many levels it's unbelievable. The only ones who win are the RIAA's legal army. Bet they aren't too happy with this tunr of events.

December 18, 2008

The Gibson Dark Fire Guitar

Besides being an I.T. guy I'm also a musician. I started playing guitar when I was 13, which happens to be the same age I was when I got my first computer, the Apple ][+. As I was growing up I played in a band, but I also became interested in audio engineering . I was the singer in a band for a brief period of time and after I was no longer the singer, I became their sound guy. I soon realized that trying to make a living as a musician was a long shot. They don't call us starving musicians for nothing. So I got a little 4 track recorder by Fostex and started recording myself and the band I was working with. After recording the band all night I had the realization that, I really liked doing that. So I decided that I would become an audio engineer. Then I enrolled at Sound Masters Recording Engineering School and got my degree in audio engineering. After that, I worked at several studios and clubs. I worked in many aspects of the recording industry, for several years, before I got burned out on the whole music bussiness and living in Los Angeles.

So while this is mainly a tech blog, I'm still playing and recording my own music. And here is where the two meet. The Gibson Dark Fire Guitar. You may have herd of, or seen, the Gibson Robot guitars. This is considered the Robot 2 guitar. It's the most advanced technological guitar to date. If you want to see what this new guitar is capable of, check out this video. I think it's a pretty amazing guitar, unlike anything I have seen before.

December 17, 2008

Major IE Update

In case you've missed it on the news, there is a big security hole in Internet Explorer. Usually Microsoft puts out updates on the first Tuesday of the month and for them to release a security update at any other time, indicates how bad it is. If you haven't already run Windows Update today, I highly recommend you do so ASAP. Be sure to reboot your computer after the update so it finishes the install. You can also head over to Microsoft and read more about it by clicking here.

December 11, 2008

Everything VOIP

Back in the day, I was very, very interested in phone systems. My interest in phone systems came about not long after I got my first modem, back in 1982 or 83. I began calling BBS's and realized some of the best ones were outside of my free calling range. So I figured out how to tell which BBS's were free local calls, with a chart in a phone book. The chart had NPAs and Prefixs. And that was when I learned my first telco jargon; NPA is Number Plan Area or Numeric Prefix Area, which is your area code & prefix which is the first 3 numbers after your are code. Using this info I could see what other NPA and Prefix were in my local calling area. So I had lots of (818) and (213) numbers that were free to call and lots of BBSs I could call. And on some of these BBS's were telephone sections. Soon I was learning all about ESS (electronic switching systems) and old crossbar systems, basicly pre ESS phone systems which, at that time, still exisited in many rural areas. Later my attention turned to cell phones. Taking a Motorola 550 flip phone, for example, and putting it in tech or service mode just by grounding a pin between the battery and the phone. In this mode you could do all kinds of neat tricks like see the transmit and recieve signal strength, switch to differnt cell channels and even listen in on active calls.

Now we have a whole new world of voice communications using the internet as the backbone. Programs like Asterisk & Freeswitch which are a free, open source software PBX system, have sparked my interest in voice communications. People are even setting up voice confrences again, now using VoIP.

VoIP is Voice over Internet Protocol which is basicly using the internet to make phone calls. If you have a broadband connection, and who doesn't these days, you can make free phone calls using your internet. To take it one step further you can even make video phone calls. Now there are lots of VoIP solutions. A popular one you may have herd of is Skype. However, there is tons of other options out there as far as hardware, software, protocols, etc.

Now we come full circle. The reason I posted this long winded message in the first place. While I was researching VoIP, I came across one site that is a great leaping off point. If you're looking for info about all things VoIP check out voip-info.org for the latest news, info, protocols, and where to get started. Just thought you might like to know.

December 10, 2008

Broken Promises & Birthday

I know, I promised that I would post again within 24 hours of the last post. I had a rough draft of another post when I made that promise. I figured that if I said I would post again within 24 hours, it would force me to do so. Well, so much for that idea.

So here I am on my lunch break, posting. Last night was my birthday and I was busy celebrating and I never got around to this blog. Just turned 40. Man, that still doesn't sound right. This is the first birthday I wasn't looking forward. I mean, I can't believe I'm 40 already. Where did all the time go.

There were a few suprises this year. Some old friends that I just recently got back in contact with sent me some e-cards and e-mails, which was an unexpected surprise. The IRC channels I hang out in posted a happy birthday message to me in the topic. Members of my World of Warcraft guild all wished me a happy birthday. The DJ at work annouced my birthday on the radio and also gave me a great gift to help me celebrate last night. My parents sent me an awesome Geoffrey Beene sweater. Then my wife an I went over to the local Indian casino to get some money on my player's card. Normally, I don't go to that casino, but they give you $1.00 for each year on your birthday, so for a free $40 I figured what the hell. I only played $10, and didn't win anything, so we left because I didn't want to spend what was left of the night, at the casino. So we came home and ate dinner. Then she dragged out a huge bag, it has a tye-dye print and matching colored tissue paper. Inside it was layer after layer of shirts and pants. As the years have increased, so has my waist and almost none of my clothes fit me anymore. So I was in desperate need of some apparel. While the thought that I've finally hit 40 makes me cringe, at least the birthday itself was pretty good.

Now that it's out of the way, I'll finally get back to the old blog. I'll be bringing you some good sites and programs as well as some usefull computing tips again.

December 6, 2008

This break in posts brought to you by techknowledgy

Yeah, I'm a geek. I earn my living, such as it may be, editing the TV news, doing voice overs for radio commercials, but mainly fixing things. The past couple weeks I've seen just about everything that could quit working at the TV & radio station, do just that. Let's start with e-mail going down quite a bit. Then the whole website. Then there was the radio broadcast computer that quit. One network switch and also a router/firewall died. Not one, but two of the Macs used for editing video, leaving us with only one for a couple of weeks, talk about stress, what happens if the last Mac quits before the replacements show up? Well, it means we cant edit and air the nightly TV news broadcast. Luckly, that didn't happen but I was just getting the new ones configured when, guess what? Two days after we got the replacements in, the video card died on the only Mac that was working previously. Talk about a close call. And then to top it all off, I got a call the yesterday morning that the TV station was off the air and the TV broadcast system wouldn't turn back on. So I had to race in early and fix it. That same night, someone else messed up and aired the news from the previous night. So on my way home I get a call the the news from the night before is running. So I had to turn around and go back to work. Recapture all the news segments. Send them to the broadcast computer so at 8 and 11pm we would air the correct news. Then encode them for the website and replace what was on it.

So let's see if I covered everything that went down the last couple weeks. The local area network, our internet connection, our website and domain, our video editing computers, our radio broadcast computer and our TV broadcast computer. Oh yeah, almost forgot the computer that got a nasty virus and sent out 2 thousand emails after an employee opened and attachment with a 0 day virus. A 0 day virus is one that the anti virus software doesn't detect yet, which makes for a challenging clean up. And guess who had to fix all of it, in between my usual video editing, DVD production and TV show scheduling. Not to mention my own computer repair side jobs after work and on the weekends. Then throw in 3 days of the flu, just to make sure I have that much more work to catch up on.

The good news is, once I finish building a new audio/video production PC this week, I should be more or less caught up. At which point my job shouldn't be so exhausting and I'll have time to start posting here a lot more often. In fact, I promise to post something new in the next 24 hours.... As long as I don't get called in to work to fix something that has crashed. Hmmm, I should turn off my cell phone this weekend. Scratch that, I got 2 computer side jobs this weekend already...