Category: oops

I see you paying me for spam in your near to immediate future.

Getting anything but a higher bill out of companies like Rogers is often times an exercise in futility. But for a guy in Edmonton, that was only half his problem. The other half was not actually signing up for some of what Rogers had decided to bill him for.

Andy Pearcy is probably like most people. You’ve got 80 million things on the go, so when the end of the month rolls around, you take 20 minutes or so, stare at your bills long enough to figure out what the final number is, then fire that final number in the required direction so you can move on with your day and they can’t call you about it tomorrow. The problem if you’re Andy, though, is $10 of that final number was going to a fortune teller he didn’t sign up for. In exchange for the money he didn’t know he was paying, they sent him occasional text messages he thought were your run-of-the-mill spam you just shrug off, delete and forget about in 5 minutes–since, you know, he didn’t sign up for the things.

Naturally, when he found out, he called rogers. Naturally, because rogers, they said he ought to call the guys sending him the text messages–because Rogers and refund are mutually exclusive terms, you know. And naturally, Andy had no interest in asking a company he didn’t sign up with who wasn’t doing the actual billing to stop taking his money. The rest, as they say, is pretty business as usual. I’m no expert here or anything, but I’m thinking perhaps if Rogers had done a little fortune asking of its own, it could have quite possibly avoided a headache. But then, Rogers not asking questions might be a small contributing factor to its picking up half the bill for itself. Yeah, I see a not very smart executive promotion in somebody’s near to immediate future.

Bank of Montreal learns the gentle way why default passwords are bad for you.

This post could have also been titled: BMO is not smarter than a ninth-grader.

It will probably surprise all of no one that there’s at least one version of your typical ATM’s user manual floating around the internets. It’ll probably also surprise all of no one that–at least as of last check–a lot of them are still running Windows XP, which presents its own security issues by itself. So fast forward to the year of the adventurous teen, and what you run up against is exactly the kind of thing that would land you in federal jail on the wrong side of the border.

Matthew Hewlett and Caleb Turon were bored on a lunch break. And, as anyone who knows kids can probably figure out, lunchtime boredom plus access to the internet equals this can only end badly. In this case, it ended with a copy of an ATM user manual. So, the kids did what kids do best–they decided, hey, I wonder if any of this junk actually works. So they show up at a grocery store with a Bank of Montreal ATM, flip open their copy of the manual, and start testing things. They manage to bypass the standard program John Q. Customer sees when he wants to yoink money from the machine, and get into the actual machine OS. Well, or rather, they get to the point where the machine asks them for the OS password.

Now, if these guys are security conscious, the story ends here. They probably guess at a couple different passwords, get told to buz off, and away they go back to class with nothing having been upset. But that would be boring, and if there’s anything I’ve learned it’s that major corporations don’t do boring very well. In this case, major corporations also don’t do security very well.

The manual had a list of possible default passwords for the machine. The kids, because hey, they got this far, decided it’d be fun to just cruise on down the list. And wouldn’t you know, on that list of default passwords would be–surprise surprise–the very one that gave them access.

“We thought it would be fun to try it, but we were not expecting it to work,” Hewlett told the Winnipeg Sun. “When it did, it asked for a password.”

They managed to crack the password on the first try, a result of BMO’s machine using one of the factory default passwords that had apparently never been changed.

They took this information to a nearby BMO branch, where staff were at first skeptical of what the two high-schoolers were telling them. Hewlett and Turon headed back to the Safeway to get proof, coming back with printouts from the ATM that clearly showed the machine had been compromised.

The teens even changed the machine’s greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

Give BMO credit, though–this could have ended a lot worse than it actually did. Rather than, say, jump the gun and haul both kids before a judge (I’m looking directly at you, about 95% of US corporations), they did the smart thing–though perhaps not as smart as, say, changing that damned default password.

The BMO branch manager called security to follow up on what the teenagers had found, and even wrote them a note to take back to school as explanation for why they were late getting back to class.

According to the Sun, the note started with: “Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security.”

BMO has apparently learned from a couple 14-year-olds exactly how important being allergic to default passwords actually is. And from the looks of things, they may or may not have actually done something useful with it–at least one would hope, since given people know this kind of thing’s out there, it’s only a matter of time.

So if your local geek, geek for hire, or tech support employee is standing in the room glaring daggers at either you or your computer monitor while potentially contemplating the quickest way of separating you from your career without getting his hands dirty, stop for 5 seconds and think. “Did I change that standard issue password?” Because odds are pretty freaking good one of you already knows.

And sometimes, law enforcement is an ass.

It’s been a while since I’ve done a one of these. So clearly, somebody somewhere’s due, right? Right. IT’s time to pick on a combination of the US education system and US law enforcement again.

Pennsylvania’s probably an awesome place to visit. Hell, it might even be a moderately decent place to live. But if you’re not the popular kid in school, one wonders how decent a place it is to grow up–particularly when your attempt at doing something about the local schoolyard bully ends with you being the one in possession of a criminal record thanks to wiretapping and disorderly conduct charges.

A Pennsylvania teen, who claimed to have been bullied constantly (and ignored by school administration), made an audio recording of his tormentors using a school-supplied iPad. He brought this to the school’s attention, which duly responded by calling the cops… to have him arrested for violating Pennsylvania’s wiretapping law.

From the source article:

[The student’s mother, Shea] Love says that upon fielding her complaint, Principal Scott Milburn called South Fayette Township police Lieutenant Robert Kurta to the school to interrogate her son in the presence of Associate Principal Aaron Skrbin and Dean of Students Joseph Silhanek. The defendant testified before Judge McGraw-Desmet that he was forced to play the audio for the group and then delete it. Love says by the time she arrived at the school, her son was surrounded by school officials and the police officer and was visibly distraught. She says Milburn defended the teacher’s response to the classroom disturbance.

So, for those of you keeping score at home. Kid’s getting picked on. Kid tells mom. Mom says “record it, bring it to the folks in charge”. Mom hands kid a recorder, then calls the school–because, hey, yall have a problem. School gets the cops involved, kid ends up arrested for–as it turns out, following the expected procedures.

“Normally, if there is — I certainly have a big problem with any kind of bullying at school. But normally, you know, I would expect a parent would let the school know about it, because it’s not tolerated. I know that, and that you guys [school administrators] would handle that, you know […] Because it’s not tolerated, but you need to go through — let the school handle it. And I know from experience with South Fayette School that, you know, it always is. And if there is a problem and it continues, then it is usually brought in front of me.”

Yep. And it was. Just one problem. They done brung you the wrong kid. Now who wants to tell me the system’s not broken? I’ll wait…

I hate moving. In other news, we’re moving.

Every few years, almost as a matter of routine it seems, it comes around to a point where for whatever reason a pack up and move operation needs to happen. I moved to Ottawa nearly 10 years ago to take a job. I moved to Petawawa 2 years later when that job went south. I moved back to Ottawa because Petawawa’s job market sucks. I moved 3 times in roughly 6 months within Ottawa until I ended up where I’m living now. And next week, due to things we can’t control, May and I will be moving yet again.

The rent we’re paying here isn’t cheap by any means. The tradeoff, though, is the place we’re in is freaking awesome. There’s enough in walking distance that if we really needed something to do it could happen. The bus routes aren’t perfect–okay, so on weekends we tend to avoid taking the bus, but who’s counting–but during the week, it’s hard to blame them for not getting us from A to B. Not getting us from A to B on time, on the other hand, is another story–but that’s an entry for when I’m not actually, you know, killing time between classes. The problem with the current situation is a simple one. It’s a math problem, surprise surprise.

If we’d stayed where we are now, at the end of this month our rent would pretty much max out our price range. Factor in that we pay for our electricity here too, and just keeping a roof over our head and heated gets just a teeny tiny bit, well, expensive. So we started the usual routine of wander the neighbourhood, look for a place, slap our name on it.

The good news: the bank, it is not broken. As of next week, at least for the next two years anyway, I won’t be having dreams of my bank account being taken to the side of the road and beaten at midnight by my landlord. And by the time that two years is up, well, it’ll be just in time for this routine to start all over again–so, you know, business as usual and such.

The bad news: Say hello to the return of apartment living. We’re in a two-story house right now. Awesome place. Plenty of space, fenced-in back yard, hardly a disturbance from the neighbours, the works. The last time I spent any amount of time actually living in an apartment, the basement spelled decidedly of weed on an almost regular basis. It’s just a little tiny bit of a downgrade. But, it’s a company I’ve been with before, and we’ve got decent history, so there’s that.

Most of the place is packed, except what’s being used. We officially get the keys next week. After that, all hell officially breaks loose. This on top of school means holy crazy freaking busy if you’re me. Geek in training? Try geek on marathon. I love it. Now, about that 5 minutes I need to breathe…

WTN v 2.0, now with less breakage.

So there is news on the personal front that I’ll get to eventually. But at the moment, I’m up to my eyeballs in geek. The simple explanation why is actually to Google’s credit. The site fell victim to an apparent run-in with a significantly tricky spot of malware. It came in courtesy an exploit in a plugin I no longer use on this site, about a day or two before that exploit was supposedly patched against. It resulted in fun times with google, as they got twitchy about the site any time someone dared come within five miles of it. I took my time with removal, but the thing with a problem like that is once it’s in, it’s in. So every time I’d find something to clean, it would come back somewhere else.

I eventually ended up scrapping the platform entirely, backing up the data (here we go with me being paranoid about backups again), and starting over from the ground up. And now, 8 years of blog posts, comments, and random mockery lives in version 2.0 of this significantly less busted platform. I’ll go into more detail on exactly what plugin is to blame and why you should run far, far away from using it if you’re a WordPress user later. But for now, suffice it to say all things have been cleaned.

Things you’re likely to find in version 2.0:

  • Hopefully slight increase in loading speed. I’m told the site was slower to load than it should be previously. I think I’ve found and killed the cause, but I’ll be keeping an eye.
  • An online calendar, for things I’ll be up to in the near to way far off future. Because sometimes things happen that don’t get posted about. And sometimes I just need a reminder to stop freaking being lazy.
  • Several fewer plugins attached to the site. There was a bunch of extra, useless code kicking around the old version that I haven’t touched in probably a couple years. It was taking up space, and I hate things that take up space. It no longer exists.
  • Probably not noticeable to you, but I’m sure appreciating: a much smaller database. The old database was 120 MB when it was retired. The new one? Try 21 MB all told. That probably won’t last for too long, but it’s nice while it does.
  • And lastly, the option of receiving each individual post by email, rather than just the daily updates. Because on the rare occasion when I post something, it almost doesn’t seem worthwhile to wait for the single midnight update to send it to the folks what read this thing. You’ll still have that option if you want as well, but now, it doesn’t have to be the only one.

I’m still finding the occasional kink, like duplicated content that shouldn’t be duplicated. But, everyone’s here, and no one was lost in the kerfuffle, so I’ll take the duplicated content. And if it breaks too horribly, I do still have the old site on an out of the way strip of hard drive where it can’t be easily located, and it’s healthy enough to survive long enough for me to pull off whatever’s missing. All told, this has been a mighty fine way for me to flex skills I’ll need in the near future. And that leads me into my spot of personal news–which will be an entry later. For now, I’m off to sleep so’s I can finish unbreaking WordPress. But we’re up, we’re online, we’re malware free, and as soon as Google catches on I won’t have to stare at the reminder in Webmaster Tools. Now, where’d I put that other piece of code…

Here’s your sign, v3.0.

Stupid people doing stupid shit will never, ever end. Here’s hoping stupid people being told to advertise their stupid shit by way of a stupid sign lasts even half as long. In the latest episode, we’ve got us a moron from Ohio who thought it’d be fun to mock one of his neighbors and her disabled kids. For his efforts, the judge in the case slapped him with a stupid sign.

An Ohio man is sitting on a street corner with a sign declaring he’s a bully as part of his sentence for harassing a neighbour and her disabled children.

A judge ordered 62-year-old Edmond Aviv to display the sign for five hours Sunday. It says: “I AM A BULLY! I pick on children that are disabled, and I am intolerant of those that are different from myself. My actions do not reflect an appreciation for the diverse South Euclid community that I live in.”

The Northeast Ohio Media Group reports that Aviv arrived at the corner just before 9 a.m., placing the hand-lettered sign next to him as he sat in a chair. Court records show Aviv pleaded no contest to a disorderly conduct charge.

And the trend continues. At least this shmuck had enough smarts to, you know, not bother fighting the thing. Proving once again that even for the stupid, there’s still hope. Until that hope does something productive, however, here’s your sign.

Rock bottom: charging $27 to install free software.

My former employer gets a little loopier every few months, I’m pretty sure. This time, the loopy shows up in the UK, in the form of a nearly $30 charge to install Firefox on some of their business level machines. Now, I’m not above charging someone for basic services–I used to willingly charge people for virus removal, and that became second nature to me after about 6 months. But the difference there is they called me, and their machine really needed help. This is a configuration option the customer had access to when purchasing their new machine. They don’t do such fullishness anymore, but yeah, I can see that maybe creating an issue or five down the road. Guys, you’re losing it…

Quick! Set up a porn filter before I–oops.

The secret’s out. The reasoning behind porn filters has been exposed, at least in the UK. It’s not to protect the children, as is repeatedly and all too frequently tossed out there as a way of silencing the masses of folks wondering just in which parallel universe such a beast would actually prove effective. Nope, turns out the porn filters are entirely designed to help addicts in the government break their habbits. To the surprise of absolutely no one, it didn’t do very well there either.

Given this righteous attempt to legislate morality, it’s a bit ironic then that a scandal has broken out in the UK after Patrick Rock, a top aide to Prime Minister David Cameron and a chief architect of the country’s porn filters, was arrested for possession of child pornography. Cameron himself is taking heat for keeping the February 12 firing quiet, and for the fact that Rock appears to have gotten some advanced warning of his arrest.

Ironic, yes. But probably not very surprising. And as the article says, I wonder if John Q. Citizen would be given that much room to duck and cover before the jail hammer drops. Either way, someone had better double down on their porn filter efforts–at least when it comes to government internet access. Perhaps they’d have seen this whole Scottish independence thing coming, then. Well, or not, but it’s something–and a far better reason than, you know, for the children. Someone please save the government from itself already.

This is not the drug deal you are looking for.

Payment for services rendered has a whole variety of meanings depending on the people involved and the situation in question. Probably depending exactly on the services rendered, if we’re honest about it. In certain parts of Oregon, payment for services rendered apparently means you feed me, and as part of your payment, I slip you a little meth on the side. Somewhere along the way, it was a little bit, well, lost in translation. So taking a shot at fixing that, the waitress who was paid in full took it as a confession. You… can probably take a stab at what happened next.

The Daily Astorian newspaper reports the Oregon waitress contacted police Friday after a couple included the envelope while paying for their drinks.

The responding officer identified the substance and arrested 40-year-old Ryan Bensen and 37-year-old Erica Manley.

Somehow, I don’t suppose their tip money was in the other envelope. You know, the one back at the hotel room.

Police said they found more of the drug when searching Manley’s purse and the couple’s motel and vehicle.

Well, it was worth a shot.

Once more with feeling: Default passwords are bad. Not kidding.

If you’ve been reading this thing for any amount of time, you’ll probably notice I tend to come up with all manner of very strongly worded opinions. Particularly in the neighbourhood of geek things. Like, for instance, when it comes to folks who set up a piece of hardware–like, say, a router, or a server–and decide to leave the default password in place. So your state-of-the-art Lynksys router, which you’ve had for all of 24 hours, has become a hot spot for the local script kiddy and the mass amount of software he’s employing even as I’m writing this so he can expand his porn collection–and all because, well, you didn’t follow the first rule of basic security. Change the goddamn password. That goes double if you run a website for a school district, and its default login credentials are, uh, well, only slightly above no login credentials at all.

A Texas school district is learning the hard way about website security basics. If you’d like to keep your site from being compromised, the very least you can do is reset the default login. According to a post at Hackforums, the Round Rock Independent School District of Austin, TX was using the following name and password for its admin account. (h/t to Techdirt reader Vidiot)

hacked – idiots used default login/pass

u; admin
p; admin1

Needless to say I’m not exactly world’s most qualified hacker, and if it were me on the delivering end of all of that, I figure it’d take me about a minute to gain access. Provided I was 1: doing it manually and 2: not trying very hard. I’m going to go out on a bit of a limb, here, and disprove the theory that you get what you paid for. Whatever the school district paid the folks what set up and apparently didn’t maintain the website, I’m making the offfer right here–not, you know, that I figure it’ll go anywhere, but hey. Take the amount that supposed third-party company brought in. Divide it by 2. Now, write me a check for that amount. Stick it in the mail. Upon receipt, I’ll hand you a website infinitely more secure/stable than that hot mess. No? Well, I tried. In the meantime, for the love of all things holely somebody please provide SharpSchool with a better selection of passwords. Because clearly, they’ve got approximately nothing.

When performing evasive maneuvers, it’s probably best if you maneuver your vehicle…

And not do, say, what the pilot of a 747 decided to do when he thought he up and saw himself a UFO. Rather than pull his plane out of the way of a possible collision with another vehicle, the pilot pulled himself out of the way of said possible collision–by ducking. Fortunately for pilot and passengers alike, if there was a UFO in the area, it missed them. Unfortunately for both 34000 feet in the air is quite probably not a very good time to find out your pilot’s losing his goddamned mind. Next time, might I suggest the bus?

In which my former employer loses its mind. Again.

Every once in a while, I actually miss working at Dell. Not necessarily because I could see myself still doing that exact same job 7 years later, but for what it was, the job was something useful. Besides, I got a ton of free software out of the deal, which never hurts. But I have a pretty good feeling if something like ended up on my desk, I probably wouldn’t be doing much in the way of, you know, working there for much longer.

There are times when big brands with “social media people” might want to teach those junior level employees to recognize that using one of the standard “scripted” answers might be inappropriate. Take, for example, if you’re Dell and a new report has come out suggesting that the NSA has pretty much compromised your servers at the BIOS level with spy bugs, then, when someone — especially a respected security guy like Martin Wismeijer — tweets at you, you don’t go with the standard scripted “sorry for the inconvenience” response. But, apparently, that’s not how Dell handled things this time (thanks to Mike Mozart for the pointer).

Nope, instead, a complaint that your server’s been bugged by the NSA before Dell handed it off to you nets you this response:

Thank you for reaching out and regret the inconvenience. Our colleagues at @dellcarespro will be able to help you out.

Okay, now, granted the only server I deal with is the one this site’s sitting on, but somehow, I’m pretty sure the guys getting paid to deal with servers for way more important reasons could probably do without the standard punt script to the Twitter version of India’s tech support queue–who very likely won’t actually be able to help anyway, and that’s if they’re even allowed to do anything other than deny the existence of any kind of NSA involvement whatsoever in the first place. But, on the bright side, no innocent customer pictures were publicised in this customer service manglement scheme…

System administration. Because the vodka industry needs some love, too.

Warning: the below post is probably long, and definitely geeky. You’ve been warned.

I’ve had this blog and several others hosted on a server I run and pay for since around the neighbourhood of 2010 or 2011. Naturally, this means I go beyond the whole finding random things to post about idea and dip into the territory of the sysadmin. Awesome, insofar as experience goes–not, mind, that said experience gets me any closer to being employed, but you’ll have that. But the more I play around with it, the more I think it gets me ready/comfortable with the idea of actually doing something like this and getting paid for it. Besides, I like a challenge.

So I’ve been running this particular server since August of 2012, or thereabouts. And in that time, yeah there’s been just a tiny little bit of broken here and there. But I usually had some warning or could guess that, hey, what I’m about to do will very likely end in spectacular fashion with me spending the next week and a half picking the pieces off my floor. This time, not so very much.

I maintain a small platform where I can stick random bits of info, like documentation for things I’ve figured out about otherwise less than stellarly documented programs. Or, you know, random things that just might turn out to be useful to me a year and a half later. That platform is powered by MediaWiki, who’s probably best known for being the thing used by Wikipedia. So you know, it’s been poked at, prodded at, tested the hell out of, and generally considered stable enough. Well, that or Wikipedia is partially owned by MediaWiki, but hey whichever. So I figure, why not? It’s scaleable, so my small little documentation platform oughta be no sweat. Which is largely true, until it breaks.

I’d never actually bothered digging into the code, if I’m being honest. I figure eventually I’ll get to it, then things happen, and it doesn’t really get gotten to. You know the deal. Fixing the broken, though, necessitated a quick little dig through the surface layer of code. The bright side: now I know why it’s relatively light on database usage. Can I trade, now?

Here’s a little bit of a primer, if you’re one of those folks who’re on the border of techy but not quite ready to slide across it yet. Most software, like wordPress for instance, pretty much leans on whatever database you’ve set up for it. Everything hits the database, no questions asked. Unless you run some kind of a caching plugin (I do), even the basic trying to access the website hits the database. Database goes down, site goes down. MediaWiki does that, to a point, but there are enough layers between the database and you that it’s not entirely obvious. One of those layers is the extensive use of regular expressions for damn near everything. Almost nothing in the software is actually pulled from the database after, perhaps, the first initial load. Exceptions might be made for things like menus, but that might also be stored in the code itself somewhere and I just haven’t bothered finding it yet. But everything else, like for instance the actual page content? Cached somewhere on disk, then hit with a regular expression. Awesome, in theory. Works perfectly, again also in theory. Until theory goes out the window and they release a server software update that pretty much breaks the place. I applied that server update. Had no idea anything was broken–because barely anyone uses what I’ve set MediaWiki up for, and nothing else went sideways. So all was right in the world. Until my documentation actually needed to be flexed.

In fixing the broken, I learned exactly two things, real quick. Thing the first: Even on non-Windows systems, updates still break pretty–I knew that already, but it’s occasionally nice to have that confirmed once in a while. Especially when you know a few people who’ll gladly insist they’ve never had an update problem with $OtherSystem like they’ve always had with Windows. And thing the second: If you release an update to a pretty significant piece of software that breaks compatibility in new, interesting and creative ways, and pretty much no one sees it coming, you’re doing it wrong.

Let the record reflect I still love the sysadmin gig. Let the record also reflect I’d still love to be paid for the sysadmin gig. But I’m kind of wondering now how many paid sysadmins are sitting in an office wishing they could fire themselves a developer. Other people’s broken is never a fun thing to come home to. Now, I speak from experience.

Right name, wrong number.

If you thought having a class full of Jennifers was hell when you were in school, try having a phone book full of, say, Marty Walshs. Now try having one of them end up elected as Boston’s most recent mayor. You see where this is going, right?

Folks as high up as the vice president were calling up mister Walsh to congratulate him on the election victory. Well, that is, they would have been, if they were dialing the right Marty Walsh. Instead, they congratulated a business executive with the exact same name for an election he didn’t even participate in–aside from, one hopes for the sake of his own safety, perhaps voting in said election.

The thing I can understand here is at least the guy the mayor was confused with lives–or, if not, works–in the city. Easy enough to do. So let’s fast forward to Olympic season. The US has taken to joining the digital world, so when the Olympics happened, this meant the folks they wanted playing for them were told by text message. Awesome. Unless your text message intended for, we’ll say, a Ryan Kesler ends up instead going to a 67-year-old from the wrong country who’s never played a game in his life. Apparently, Kesler had changed his number–and, I guess, forgot to fill out a form somewhere along the way, and the old one was reassigned in relatively short order.

So, you know, Canadian Grandpa gets himself an invite to Canada’s game on behalf of the US, and a CEO gets to run a city he didn’t even campaign for. The American dream at work. Now, if you don’t mind, I think I’ll go triple check my contact info–just in case, you know, I’m not the only James H hanging out in Ottawa. Or maybe I’ll just default most of my contacts to email…

Solving the province’s unemployment problem, one dumb criminal at a time.

The thing about people like Lloyd Charest is at least they have good intentions. Of course the down side about people like Lloyd Charest is they’re living, breathing, braindead proof that the road to hell is paved with said good intentions. Which may or may not have something to do with how he ended up in his current predicament.

Like far too many people ’round these parts, our buddy Lloyd has this employment problem. Specificly, he’s not employed–which, if you’ve got bills and whatnot that need paying, well, is a little bit of a problem. So he figured, okay, let’s show these folks what I can do.

Let me say up front I sympathize with the guy. No, really. I mean he and I are in sort of the same boat. Computer geeks with skills but no professional backing, on account of–well, no one’s hired us yet. So if I’m him and I’ve got skills, I figure okay, let’s show a company who could use my skills exactly why they need my skills. I’ll point out a website with an image file on it which is doubling as an encripted plan for a terrorist attack on a nuclear plant. Because, hey, that’s pretty freaking major stuff, right? Clearly they’ll slam me with all manner of praise, and commendations, and hey maybe even employment. That is, unless I’ve gone and faked the whole mess, at which point for the next 16 months I’ll have no reason to worry about my potential future employment situation on account of I’ll be in jail. Which is probably roughly about the point at which he and I would very likely start drifting away from each other. But hey, at least he’s done his part to nudge the province’s unemployment rate down just that little bit. Thanks for that, Lloyd.

I now pronounce you legally croked.

I can’t say as I’ve ever had to go cleaning up a government snafu of this variety, but two people in a short amount of time don’t get to be so lucky. In Calgary, Tamille Holloway showed up for a doctor’s appointment only to be told she wasn’t supposed to be breathing. No explanation on causes, theories, or exactly who’s ass would be in a sling for gumming up the works, but there it was. The flesh said she’s very much alive, the paperwork said not even.

Skip across the border and all the way to Ohio. Here, Donald Miller got a lesson in what happens when you decide to up and skip out on child support payments. And what happens, more or less, is the government–or your ex-wife–decides to up and have you declared dead. He was in court to try and untangle that hot mess, but as Murphy would have it, death declarations–at least in Ohio–have a statute of limitations and he’s apparently well past it.

Never let it be said that governments and exes can’t team up to put a right royal screwing to your life. We should probably aughta rewrite the expression. Hell hath no fury like a government with amnesia or an ex with a grudge. I just hope if it ever happens to me they’ll invite me to my own funeral. I mean, they’re not gonna get much out of me for benefits, so they may as well let me mourn alongside them.

Here’s your sign, the sequel.

Remember me? You know, the guy that says he’s done with this whole radio silence thing and then falls off the blogging cliff for half of forever? Yeah. Hi.

Remember her? If not, I’ll remind you. She thought it might be fun to take the sidewalk in order to bypass a school bus. The judge she ended up in front of, well, didn’t. And for her efforts, she was handed an idiot sign.

Fast forward a good while. That self same judge is still doing his thing over there in Cleveland. And along comes Richard Dameron to take his turn at it. This particularly pleasant fellow called 911 with threatening the cops in mind. So as a repayment, Judge Awesome ordered him to park himself outside a police station carrying his own idiot sign.

“Actually, I didn’t want to do it,” Dameron told Fox. “But the judge said to do it, so I am going to be the man and stand up.”

Dameron was convicted of threatening officers in 911 calls.

“I was being an idiot and it will never happen again,” says the sign.

I’m long past having any hope this’ll set an example for the next one–I think I sort of thought that about little miss sidewalk, too. But I’m willing to take bets on whether Lugnut over there picked anything up on it. Although, reading that someone’s managed to put together a collection of these might be moderately more entertaining…

The only Heartbleed left now is the NSA.

So pretty much everything exploded this week. If you were paying attention, you were probably warned not to go near things like your online banking site, or pretty damn near anything that advertises itself as having a secure connection. This is because of a pretty lethal bug in the software that provides that secure connection, in several cases, that pretty well rendered your secure connection worse than no security at all. There’s a pretty nice, if a little technical, explanation for it written up by the guys I’m paying for the use of this server, but the cliff notes version is the hole’s a few years old, and can provide someone who knows what they’re doing with access to pretty much any information stored in the memory of a server with the buggy software. So if someone knew how to take advantage of that security hole, they could potentially have access to usernames, passwords, creditcard numbers–basicly anything that happened to be in that server’s memory at the time.

There’s an updated version of that software in the wild now that plugs this security hole (note: not that anything on the server uses secure connections at the moment but I’m running that updated software now anyway), so as people get around to applying it that should be much less of a holy hell what in creation have I done kind of problem. Which is awesome, for guys like you and me. A little less awesome, though, for guys like the NSA.

The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two years, and made regular use of it to obtain passwords and data.

While it’s not news that the NSA hunts down and utilizes vulnerabilities like this, the extreme nature of Heartbleed is going to draw more scrutiny to the practice than ever before. As others have noted, failing to reveal the bug so it could be fixed is contrary to at least part of the agency’s supposed mission:

Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization.

“If you combine the two into one government agency, which mission wins?” asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. “Invariably when this has happened over time, the offensive mission wins.”

So when the smoke clears, the NSA will have at least a little bit less access to John Q. User’s data–at least until they end up mandating another hole in some other layer of security software. But until then, it looks like the fine folks at stalker central will end up being the only ones dealing with a case of heartbleed when it’s all done and dusted. Now if it was only that easy to switch off the exploits they helped introduce.

How I ended up firing Windows XP.

So for anyone who happens to be paying attention, april 7th is XP dies a death day. Microsoft has decided after what’s probably shot past the 10 year mark to drop support for the OS. Which, escentially, means if you’re still running that version of Windows, you’ve just officially volunteered your machine to play host to all manner of new and interesting malware creations–you have probably also had your spamming ass slammed by my oversensitive firewall, but that’s another story. Because it’s me, and because I never turn down an excuse to see how far I can stretch things until they break, my finally tossing XP wasn’t entirely a conscious “this needs to happen” type decision.

I’ll freely admit I put off switching operating systems until almost the last minute. Largely it was lazyness–I have a crap ton and a half of stuff that needs moved from one OS to the next, and when the thought crossed my mind initially I was in the process of throwing together a multiple-part archive of pretty much all of it so the machine I was using at the time could be wiped for the upgrade. But other parts included things like I wasn’t entirely sure I wouldn’t be replacing the machine I was using a ways down the road, or I couldn’t 100% guarantee Windows 7, which is where I was planning to migrate to, would run on that machine–I figured it would, because the thing originally shipped with Vista, but Vista was also 7 years ago so that wasn’t exactly a very stable benchmark either. So I was alternating between holding out until I could find a new machine, and doing the occasional bit of digging to see if my machine would collapse under the OS or not.

Things kind of happened in fairly short order after that. Plans developed that saw May getting herself a new machine, so the Windows system she was using–which at the time ran Windows 8 (don’t get me started)–sort of stopped having any actual use. My machine had started showing its age, and there was a point that I actually wasn’t entirely sure it’d last long enough for me to do what needed doing with it to keep my various crap from falling into system failure oblivion. Fine time for me to start experimenting with new backup systems, right? So I played around with that (that’s another entry), and managed to get things to a point where if the system spontaneously caught fire it wouldn’t do anything more than torch my corner of the office. Which, okay, would have sucked royally, but my stuff was safe.

Okay. So that’s one headache down. Now I was comfortable enough that if the system decided to fry every circuit going, or if Microsoft decided to change their mind, pull support early and launch an update that escentially disabled every system in the place still running that OS, I wasn’t gonna be hurting too horribly bad. That made the next steps very nearly natural. Since May’s new machine was here and set up, May’s Windows machine became my Windows machine. Since I will never willingly use a Windows 8 machine for anything other than something new to put Windows 7 on, my next project became wipe the machine, and toss on an OS that doesn’t make me want to consider buying stock in migraine medication. I spent the next couple days manually rebuilding the machine, including hunting up wireless network drivers that I could have swore Windows 7 had built in when we bought that damn card. Then it was take a better part of the next week or so downloading and restoring the backup from the old machine, and my eventual turned emergency OS swap ended up happening with only the removal of a couple strands of hair.

And for the last couple months or so, well before Microsoft flipped the switch what turns all your XP into hacker heaven–yes, this apparently may or may not include most ATM’s, I fired XP and haven’t looked back. I may kick myself for it in 6 months when I go looking for something I knew I had on the old machine and poof, it forgets to exist, but you’ll have that. And in future, I do believe I’ll start the upgrade process well in advance of potential catastrophic implosions. On the other hand, that was kinda fun. Perhaps I’ll do it again…

Fifty shades of gone.

So I take an age and a half off blogging, again, and that’s the best thing I can come up with? See also: why I shouldn’t take an age and a half off blogging. But since I did, and then I came up with this, I might as well do something useful with it. How about highlighting why it is you shouldn’t take seriously everything you read? Because clearly, taking everything you read as seriously as people in London clearly do results in a call to the fire department because you wanted your very own Fifty Shades of Grey award. The fire department, however, strongly recommends that maybe you should just not.

“I don’t know whether it’s the Fifty Shades effect, but the number of incidents involving items like handcuffs seems to have gone up,” said Third Officer Dave Brown. “I’m sure most people will be Fifty Shades of red by the time our crews arrive to free them.”

Since 2010, London firefighters have treated almost 500 people with rings stuck on their fingers, nine with rings stuck on their penises, and one man with his penis stuck in a toaster.

Rescue crews also helped five people with hands stuck in shredders and 17 children with their hands trapped in toys.

And now we know where today’s education system has lead us. For future reference, when the general rule is “do not try this at home”, they’re probably not kidding. Then again, I suspect neither is the guy with the toaster wang–anymore. Any guesses how many shades of gone in the head you’d need to be to consider some of these an option? I’ll give you 50.

Bad idea: coming away with $20000000 worth of tax fraud success. Worse idea: advertising it.

If it wasn’t for people like Rashia Wilson, I would have a very boring Sunday. Or at least I’d have one less reason to be sitting here snickering. She was probably Tampa’s most successful tax cheat, draining enough money from the government that throwing a $30000 birthday party for her daughter, who wasn’t even old enough to really appreciate it I’m sure, was as trivial to her as running off to the store and buying a case of pop would be to anyone who actually made money the somewhat honest way. Or at least she was, until she stood atop Facebook and declared herself officially the queen of tax fraud. Her highness was granted a reception more than befitting her status, and 21 years of solid servitude. Funny thing, that. Seems no one told her it’d be her doing the serving. But I’m sure that was a minor oversight.

Ottawa loses its mind. Again.

One of the things I miss when I’m behind on things is local braindeadness. Particularly local braindeadness to the tune of let’s screw with traffic more than normal because speeders. So I missed it when Ottawa’s council decided it would be a mighty fine idea to experiment last summer.

People don’t like to slow down in residential areas. This is a problem not just in Ottawa by any means. But Ottawa has decided to take it to new, interesting and quite probably moronic levels. Rather than posting signs warning of the speed limit on residential streets on, you know, the side of the road where–really, who knew–signs of any variety belong, they’ve decided they’d be more beneficial if they were right smack in the middle.

Now, I haven’t seen any major headlines of massive pile-ups on some of these streets where that was going on, but I’ll let you just rifle through any number of the several million possible scenarios wherein this proves to be an absolute dog of an idea. The signs were supposedly spring-loaded, so they could right themselves should a driver end up running them down, which tells me they’ve at least entertained the idea of one of those scenarios already. And yet, this is still a thing.

They say if the experiment goes well, they’ll make a return to doing exactly that starting this spring and on more streets. I love this city, don’t get me wrong, but christ jesus could we maybe talk about something that takes a tiny bit more thought? Like, let’s say, an actual police presence on problem streets? You know that expression there’s never a cop around when you need one? For validation of this expression, consult this brainstorm. Although I suppose if an accident is born out of some driver not expecting a sign to be straight in his path, that’d be one way of solving that problem, at least. But I kind of figured our government would be slightly better at not just replacing that problem with a higher priority one. That’ll learn me.

Criminology 101: some DIY required.

I often wonder if some of the folks who end up doing the kind of things what land them in handcuffs actually have people they go to for, you know, learning’s sake. I mean things like how to get in, get the junk and get out without being stupid enough to get yourself caught. And then I get to wondering, if there were an actual, honest to god educational course on the subject, what would it look like?

If the name wasn’t taken already, I’d think they’d hand it something along the lines of criminology. Hell, some places still might–I mean it’s the study of criminal activity, right? So does it matter much if it’s to study how to counter the activity, or how to pull it off relatively seemlessly? Or maybe they’re kind of one and the same–if you’ve taken the course, you probably know what not to do, so presumedly you wouldn’t be stupid enough to actually do it. Presumedly.

Then I took it a step farther in my internal buildings of the unofficial law breaker’s handbook. If there was an actual course geared towards helping people to be better, less braindead criminals, what kinds of things would it teach? What kinds of things would you already need to possess to actually get into the course? Presumedly you’d need to be the do-it-yourself type, at least for the most part and on at a minimum a basic level. You know, know how to cover your ass at least until you’re away from the place you just robbed and you can slap a bandage on the cut you walked away with after breaking in. Things like that. Some common sense might also be a pretty basic requirement for a course like that–for instance, if injury is obtained during the performance of the following activities, proceed immediately to an authorized–non-law-abiding–medical facility. Do not call 911. Calling 911 will result in your immediate arrest and withdrawal from the program. On the other hand, I suppose the folks what might have developed that idea are probably finding it a little tough to nab some of that there government funding…

Honest officer, I’m not growing weed. Smoking it, however…?

I’m starting to think maybe Tim Marczenko would have had an easier time of it if he’d just admitted to going for a stroll through a Durham area forest to check up on how his pot plants were doing. Sure it might have landed him in maybe a little stretch of legal hot water, but it probably wouldn’t have made him come off quite so much as though he’d maybe been enjoying a little too much of the end result. Instead, he took a sort of different path. He played the searching for Bigfoot card.

A Toronto man claims he was harassed for walking through thick brush in Durham region by a police officer who accused him of being a pot grower.

Tim Marczenko denies the claim, saying he wasn’t growing dope, he was investigating sightings of Bigfoot.

“He asked me, ‘What are you doing out here?’ I told him I was investigating a Bigfoot report and he said, ‘Wow, you’re a terrible liar,’ ” said Mr. Marczenko. ” ‘I know it sounds crazy but I’m not lying about it,’ I said. He kept telling me I was lying about the situation.”

Funny thing, that Bigfoot line, Tim. Couple guys used that one before you. They’ve probably got court dates coming up here shortly if they haven’t had them already. It’s almost like you folks up and got your fix from the same place…

That’s what ya do with a drunken traveller… (*)

So. I get all ready to mock the hell out of another city’s politicians for doing something absolutely braindead stupid, and instead they go off and throw some common sense at me. I mean what’s with that, anyway? Aren’t they all supposed to have given that up as a prerequisit for, uh, being politicians? So what’s the occasion? As it turns out, cab companies in Woodstock get an aweful lot of, shall we say, less than sober passengers on weekends. Who knew? Could probably say the same thing for, say, Toronto. Or Ottawa. Or Kitchener. Or pretty much anywhere that has bars and taxi services. Some of these passengers don’t necessarily have the ability to keep all the booze they’ve slammed before calling their cab where it belongs. Or, for that matter, keep just about any other fluid that doesn’t belong in the back of a taxi cab from, you know, being in the back of a taxi cab. According to folks that are pushing for this, it costs about $120 to have a cab professionally cleaned after one of these alcoholicly fluid-filled episodes. The city’s solution? You break it, you buy it.

The City of Woodstock is looking into imposing a $120 charge on anyone who vomits or leaves other bodily fluids in taxis.

Taxi companies in the southwestern Ontario city have been complaining about an increase in intoxicated passengers on Friday and Saturday nights.

A taxi industry representative recently told council that vomit and other body fluids must be dealt with as a bio hazard and the affected cab must be taken off the road until it is professionally cleaned.

That costs about $120.

The city plans to consult with its solicitor, police and bylaw enforcement officials before coming up with a report on how to deal with the issue.

Of course I wouldn’t place any money on not hearing about this again because someone’s taken the idea to court, but hey, if more cities did this they’d probably not need to be charging the responsible folks so damn much for, you know, being the responsible folks. Yeah, I know–I really aughta stop with this whole thinking thing. But since that’s not gonna happen…

(*): for maximum effect, sing the title of this post to this song and enjoy. Then, see if maybe your city does something similar. And for the love of all things sane if the answer is no, ask them what the hell they’re not thinking.