How Cowboys & Aliens got Smurfed – just OUCH

August 1st, 2011

Ouch.  That hurts.

Cowboys & Aliens, Smurfs Tie at Box Office with $36M Each – TIME
For many, the surprise this weekend was not that The Smurfs did so well but that Cowboys & Aliens had such a wan debut. With a budget of $163 million, plus another bundle for marketing costs, the film mostly attracted the geezer demographic (63% of the weekend audience was over 30), and even with that, it managed only a mediocre B CinemaScore, which bodes ill for the movie’s shelf life. Universal publicist Paul Pflug wrote in an e-mail on Sunday that “the pedigree of the filmmakers and bold concept made the film a bet worth taking.” Yet plenty of indicators could have warned the sponsors of Cowboys & Aliens that this was a sucker’s bet. Here are four:

My concept of geezerhood requires a few more decades.

Debt Ceiling, Dr. Who, Tigger … and more

July 30th, 2011

Tim Harford, The Undercover Economist , has snide comments about our debt ceiling debate.

A handbag away from our debt ceiling

 “It’s not that easy. The percentage of household income spent on handbags has been considerably exaggerated by your weaselly father. Far more important is the mortgage. If we stop the payments, we lose the house.”

Doctor Who at Fawlty Towers

The Doctor and Rose decide to go undercover at Fawlty Tower’s after Mickey reports strange goings on there. But the real threat is yet to come, and only the unlikeliest of heroes can save the day.

Is Your Luggage Safe from airport security?

Think your luggage and personal items are safe? Think again! Here’s how anyone can get in your luggage without you even knowing.

Click through for the video. He also has lots of other interesting looking videos, like

 Ball of fire! Make fireballs you can hold with household items! They are fun to play with! Amaze your friends! Learn how magicians do it!

As my son put it, “What!!! handheld fireballs!?!  Let me see!”

Savage Chickens

Savage Chickens is one of several “cartoons on post-it notes” sites I’ve encountered recently.

Here’s a great visualization of the United States debt

You have to go see it.

Schneier on Security (my italics):

Hacking Apple Laptop Batteries


Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple’s iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries could also be used for more malicious purposes down the road.[…]

What he found is that the batteries are shipped from the factory in a state called “sealed mode” and that there’s a four-byte password that’s required to change that. By analyzing a couple of updates that Apple had sent to fix problems in the batteries in the past, Miller found that password and was able to put the battery into “unsealed mode.”

From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it’s not changed on laptops before they’re shipped. Once he had that, Miller found he could do a lot of interesting things with the battery.

“That lets you access it at the same level as the factory can,” he said. “You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You’d need a vulnerability in the OS or something that the battery could then attack, though.”

As components get smarter, they also get more vulnerable.

Schneier on Security (my italics):

Liabilities and Computer Security

Good article:

Halderman argued that secure software tends to come from companies that have a culture of taking security seriously. But it’s hard to mandate, or even to measure, “security consciousness” from outside a company. A regulatory agency can force a company to go through the motions of beefing up its security, but it’s not likely to be effective unless management’s heart is in it.This is a key advantage of using liability as the centerpiece of security policy. By making companies financially responsible for the actual harms caused by security failures, lawsuits give management a strong motivation to take security seriously without requiring the government to directly measure and penalize security problems. Sony allegedly laid off security personnel ahead of this year’s attacks. Presumably it thought this would be a cost-saving move; a big class action lawsuit could ensure that other companies don’t repeat that mistake in future.

I’ve been talking about liabilities for about a decade now. Here are essays I’ve written in 2002, 2003, 2004, and 2006.

Finally, this hits home.

New Netflix phishing scam

July 22nd, 2011

I just saw this warning on Terry Zink’s Cyber Security Blog. Click through for the details (short version – don’t click it).

I didn’t get one of these emails, but I know some readers who fall into the target audience for this one.

They are lying to you My Dear, from Steve

July 18th, 2011

How many ways can a non-American screw up a scam letter?  Let me count the ways…

Attn: My Dear,

I am Mr.Steve Morgan, I am a US citizen, 48 years Old. I reside here in New Braunfels Texas. My residential address is as follows. 108 Crockett Court. New Braunfels Texas, United States, I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $50,000 while in the US, trying to get my payment all to no avail.

So I decided to travel to WASHINGTON D.C with all my compensation documents, And I was directed by the ( F B I) Director to contact Mr.Kelvin Williams, who his a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE, currently in Nigeria.and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

He took me to the paying bank for the claim of my Compensation payment. Right now I am the most happiest man on earth because I have received my compensation funds of $15 Million Us Dollars Moreover, Mr.Kelvin Williams, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr.Kelvin Williams.

You have to contact him directly on this information below.


Name : Mr.Kelvin Williams


You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing.

The only money I paid after I met Mr.Kelvin Williams was just $290 for the paper works, take note of that.

Once again stop contacting those people, I will advise you to contact Mr.Kelvin Williams so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You and Be Blessed.

Mr. Steve Morgan

108 Crockett Court.

Apt 303, New Braunfels Texas,

United States Of America

 I almost fell for this because of the “very convincing” non-US email address for “agnet” Kelvin.

Link Roundup – July

July 12th, 2011

Here’s to interesting stuff and not enough time:

First Follower

This is an educational voice-over on an old viral video (Leadership Lessons from Dancing Guy).
Follow the link for a transcript.

America’s Worst Mom

A lot of people say she’s America’s worst mom. What do you think? (I think a lot of people are pansies)

Some People Just Won’t Listen
.. or why you shouldn’t bank at Starbucks

If someone sent me a message from my own account, telling me what I’m drinking right now, I’d listen to his advice.

You’d think that with the name scratch, people wouldn’t expect it to be around for a long time

This is funny, because we have a “scratch” drive at work. Our IT guys (who are excellent, by the way) found it necessary to add folders named “___SCRATCH_IS_NOT_BACKED_UP” and “zzzSCRATCH_IS_NOT_BACKED_UP”. I’ll bet the target audience still didn’t get the message.

Some excellent answers to almost any post on any biking forum.

* No bike does everything perfectly. In fact, no bike does anything until someone gets on it to ride.
* The more you ride your bike, the less your *** will hurt.


Great advice in any context:
Maybe the person you waved at while you were out riding didn’t see you wave at them.

This was probably in response to people like this (warning: not polite)

Beethoven’s 5th – Salsa

Don’t need a computer? Finally, there’s a non-computer device for you.

PALO ALTO, CA—Hewlett-Packard announced Friday the release of the first-ever non-computer, a fully unusable device specially designed to address the demands of individuals who have absolutely no need to own a computer.

Best Illusion of the Year

June 2nd, 2011

 These illusions are amazing.  Many involve the effect of motion on perception –click through to check them out, and make sure you play with the settings as applicable.

Let me know what you think in the comments.


Update: check out the finalists from previous years too – links are on the left.

The top illusion for 2010 is amazing.

I can’t resist adding this update on the gorilla illusion (see the 2010 finalists page if it won’t load):

The Sony hack: passwords vs. financial details

May 20th, 2011

The details are coming out about yet another data breach, this time at Sony’s PlayStation Network. Light Blue Touchpaper has the details. (excerpts below, with my emphasis)

Sometime last week, Sony discovered that up to 77 M accounts on its PlayStation Network were compromised. Sony’s network was down for a week before they finally disclosed details yesterday. Unusually, there haven’t yet been any credible claims of responsibility for the hack, so we can only go on Sony’s official statements. The breach included names and addresses, passwords, and answers to personal knowledge questions, and possibly payment details.

… regarding the leaked passwords. The risks here are very real—hackers can attempt to re-use the compromised passwords (possibly after inverting hashes using brute-force) at many other websites, including financial ones. There are no disclosure laws here though, and Sony has done nothing, not even disclosing the key technical details of how passwords were stored. The implications are very different if the passwords were stored in cleartext, hashed in a constant manner, or properly hashed and salted. Sony customers ought to know what really happened.

…this is a serious market failure. Sony’s security breach has potentially compromised passwords at hundreds of other sites where its users re-use the same password and email address as credentials. This is a significant externality, but Sony bears no legal responsibility, and it shows.

This is yet another example of why reusing passwords, and perhaps even user ids is a bad idea.  In this case, part of the exposed data includes the answers to all those secret questions – you know, the top secret ones that give you a free give-me-a-new-password pass?

Read the rest of this entry »

Blame Someone Else

May 13th, 2011

I’m a little late on this one.  It’s not my fault though.

Yep, it’s official. Today is Blame Someone Else Day – the first Friday the 13th of each year. And since there is only one Friday the 13th this entire year, today’s your only chance to blame others all day long. So have at it. You don’t have to take responsibility for anything that goes wrong. And you can blame someone else for all the problems, mistakes and unfairness in your life. According to the Stress Management Center and Phobia Institute in Asheville, North Carolina, an estimated 17 to 21 million people in the United States are affected by a fear of this day. Some people are so paralyzed by fear that they avoid their normal routines in doing business, taking flights or even getting out of bed. According to Wikipedia “It’s been estimated that $800-$900 million is lost in business on this day.”

(thanks to Dan Miller’s 48 Days)

Link Roundup – Crime Fighting With Glass, Peak Oil vs. Manure, Fireflies, and Men are Lame at Colors

May 12th, 2011

Here’s my attempt to pass on some interesting stuff, and leave room to write about something substantial later.

First, some new links that have been forcing me to keep Firefox open for most of a week:

The Sure Don’t Make Pyrex Like They Used To

Most people probably don’t think of Corning as a crime fighting company, but when it sold its Pyrex brand to World Kitchen in 1998, the company accidentally made the illegal manufacture of crack cocaine more difficult—a fascinating example of unintended consequences.

(via Schneier on Security)

Fisher Investments has a good explanation about why we can’t extrapolate the future from today in  A Common Thread Between Horse Manure and Peak Oil.

Second, some old links from the backlog.

Tracking Fireflies in the forest

Cool photography project.  Read the article at Flowing Data.

How Men and Women Label Colors

This is part of the results of an experiment in which visitors were asked to name colors. I find the analysis below amusing, and even less complimentary of my gender than I would have predicted.

His calculation of most masculine and feminine colors is by far the most interesting part of the results, however. Here are the top five feminine colors, by finding the ones that were most disproportionately used by women:

  1. Dusty Teal
  2. Blush Pink
  3. Dusty Lavender
  4. Butter Yellow
  5. Dusky Rose

Not bad, right? The colors are flowery and descriptive. Nothing surprising there. Now here’s the top five masculine colors:

  1. Penis
  2. Gay
  3. WTF
  4. Dunno
  5. Baige

The only real color in the list is “baige” — and it was misspelled. Like Randall, I also weep for my gender. Although, I think these results also say a lot about the type of people who read xkcd (like me).

Star Wars Mashups

April 19th, 2011

 I found this collection of Star Wars mashups via an internal company newsletters (yeah, I work for a cool company.)

(Mashup: “In Web development, a mashup is a Web page or application that uses and combines data, presentation or functionality from two or more sources to create new services.”)

You gotta love Star Wars.  There’s something here to offend every fan.

Star Wars .. and Scooby Doo!  Cool.


Star Wars … and Monsters and BobbleHeads! (This is getting wrong)


Star Wars … and Disney characters.  (Getting Wronger, but check them out!)

Star Wars … and Hello Kitty.  (This is just wrong.)  (especially Chewbacca)


Star Wars … and Dr. Seuss. (Now we’re back to cool.  Check these out – he has more.)

(sorry again about the Hello Kitty)


 Star Wars … and Winnie The Pooh.

Say what you like, but I love this one, ’cause I like Pooh and Eyore as much as I like Star Wars.