So I am now the proud owner of a letter sized drivers license

VA recently changed over to a new secure drivers license, so instead of printing them in the DMZ office, they just take your photo and then mail you the new card. So my drivers license is now a letter sized piece of paper until the new card gets mailed to me.

So I have some issues with this, first lets look at the practical side of this. I now have to carry a piece of paper with me when I drive. The letter sized paper doesn’t fit in my wallet. I could leave it in my car, but I don’t always drive the same car. Someone during this process must have thought, man that’s going to be a pain, lets give them something that will go in their wallet? Now here is the strange thing I know they can do it, when I did a change of address a couple years back I got a card that you could cut it down so it fit in your wallet, and carry with your drivers license.

Then I look at the reason they are going to the new secure printing center, they are doing it in the name of security, that might be all great, and the new card may be more secure, but as part of that they have now introduced a new proof of drivers license that is, 1) printed on normal paper, 2) has my signature, 3) has a rubber stamp on it saying paid, the date, and 6 character identification number on it, and thats it. It wouldn’t be very hard to make a fake version of it. So on one hand you have a nice secure card, on the other you have a piece of paper. So which do you think the forgers are going to copy? The only compensating control is that all the local cops have computers in their car so they can look up the license information, that might bring up my photo as well, but what happens when you are in a dead zone or in a different state, you are now back to proving a piece of paper is really a drivers license.

Finally, what is going to happen when I fly or go drinking. They are going to take one look at my expired license and tell me it is expired, I highly doubt they are going to going to accept a piece of paper as proof that it isn’t really expired, and I am just waiting on a new one.

Another Vmserver 2.0 gotcha

Why change something thing when it aint broke?

I used to be able to run vmware-cmd to start and stop vmware server 1.0 vm’s from the command line it was a simple sort of.

bash# vmware-cmd /usr/local/vm/vm/vm.vmx start

Now is Vmware Server 2.0 I have to do

vmrun -p [password] -u [username] -T server -h https://localhost:8333/sdk start "[storage] vm/vm.vmx"

simple right? oh and you are forced to put your password in the command line which will be saved in bash history and to anyone who can run ps on the sever. I was really hoping that it would follow the mysql convention and prompt for a password, but I guess not

Thanks for the upgrade VMware, you just made the world less secure.

Finaly got sick of the space.live.com spam

I have been getting a lot of spam recently and I spent last weekend cleaning my mail relays so I have complete control over my primary and secondary for all my domains. That didn’t solve my problems so today I added the following to my spamassassin rule sets in /etc/spamassassin/local.cf


header LOCAL_MEDIACOMM_MUA X-Mailer =~ /Mediacomm Communicator/
score LOCAL_MEDIACOMM_MUA 0.1
describe LOCAL_MEDIACOMM_MUA Sent from Mediacomm Communicator MUA


header LOCAL_BAT_MUA X-Mailer =~ /The Bat!/
score LOCAL_BAT_MUA 0.1
describe LOCAL_BAT_MUA Sent from The Bat!


uri LOCAL_URI_SPACES_LIVE /spaces\.live\.com/
score LOCAL_URI_SPACES_LIVE 0.1
describe LOCAL_URI_SPACES_LIVE contains link to spaces.live.com


meta LOCAL_SPACES_MEDIACOMM (LOCAL_URI_SPACES_LIVE && LOCAL_MEDIACOMM_MUA)
score LOCAL_SPACES_MEDIACOMM 20
describe LOCAL_SPACES_MEDIACOMM contains link to spaces.live.com and Mediacomm MUA


meta LOCAL_SPACES_BAT (LOCAL_URI_SPACES_LIVE && LOCAL_BAT_MUA)
score LOCAL_SPACES_BAT 20
describe LOCAL_SPACES_BAT contains link to spaces.live.com and BAT

Hopefully that will catch the spam for the moment.

Bag search on Metro

I read today that metro is starting to do random bag searches, this reminds me of my recent trip to Beijing where all bags had to be x-rayed before being allowed onto the station platform. I am not sure what they were looking for but they weren’t looking very hard. I don’t think I ever saw anybody getting a secondary bag search.

I doubt that this will add much to the safety on the metro other than to generally slow everyone down. Bruce will probably comment about on this as part blog postings on security theatre and the TSA and their security procedures. At least they are going to have a bomb sniffing dog so that they are one step above the useless checks at the Smithsonian Museums.

Bad generic_ata with ubuntu on another computer

So I noticed another of my ubuntu boxes was running slow so I did a

Host:~$ sudo hdparm -t /dev/sda

/dev/sda:
Timing buffered disk reads: 8 MB in 3.72 seconds = 2.15 MB/sec

so it looks like it has the same issue as my other machine

so I did
Host:~$ sudo lspci |grep -i ide
00:0f.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06)
Host:~$ lsmod |grep -i ^libata
libata 159344 4 pata_acpi,pata_via,ata_generic,sata_via

and added the following to /etc/modprobe.d/blacklist

blacklist ata_generic

and the following to /etc/initramfs-tools/modules

pata_via
blacklist ata_generic

then rebuild initramfs


sudo update-initramfs -u -v

After a reboot I now get

sudo hdparm -t /dev/sda

/dev/sda:
Timing buffered disk reads: 164 MB in 3.02 seconds = 54.38 MB/sec

Amazing what this little tweak will do for performance.

Abusive phone calls

I think I may have just resolved the abusive phone calls I have been receiving from blocked caller id and caller id from 0000123456. Jerimia just called from National Financial Systems looking for Frank Edison. He was polite enough to tell me the company he worked for and that their telephone number is 1 800 765 4733. I then explained to him that I did not know Frank and I have had my cellphone number for about 6 years now. He noted that after each call my number had been marked for removal but then went back in the system. He also identified himself as a supervisor so I let him know that I had repeatedly ask to have my number removed and that when I was called at 9:15am on Wednesday that I asked to speak to a supervisor and the caller refused. He said that this was not the way National Financial systems operates, but it seems they have a history of doing this kind of thing. I haven’t decided if I will file a complaint with the FTC yet.

Torn

Knowing the way things are, you have probably already seen this, but incase you haven’t here is Torn from the secret policeman’s ball

(click through for the embedded you tube video if your rss reader doesn’t show you the window)

I call bull shit on CSI miami

I was flipping the channel and came across CSI Miami, they just did a trace on an IP address and it came up 68.34.18.211, technically what the character said is correct, but the graphics are BS, I mean come on its a rip of the Matrix letters dropping in. Oh and the IP address is comcast in MD c-68-34-18-11.hsd1.md.comcast.net.

Vuln in ClamAV

I should do some more reading on this, but I am amused by the US Cert comment at the end

ClamAV PE Scanning Vulnerability
added April 14, 2008 at 09:21 am

US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system.

US-CERT recommends that users do not scan PE files from untrusted sources.

Isn’t the hole point of running an av product to test for viruses in untrusted files?