In a nutshell, the Pale Moon Project is a custom build of Firefox from source that is optimized for 32-bit Windows environments.  The biggest changes between the two projects are Pale Moon does not support ActiveX or ActiveX scripting, any accessibility features and parental controls  nor does it support Intel Processors pre Pentium IV or the AMD Athlon Thunderbird. There are builds for Athlon XP/MP processors, but they aren’t updated on the same schedule as the main Pale Moon project. Furthermore, Pale Moon is only built for stable release builds of Firefox and may skip some incremental releases if they aren’t deemed significant enough. If you want a full rundown of the technical specs (including some performance tests purporting to a 1.25x increase in javascript speed) be sure to read the project’s technical page.

I’ve been running Pale Moon for the last few weeks and I haven’t noticed any problems with it. It  loaded all of my plugins and also correctly located my existing Firefox profile. The browser starts faster than Firefox did and websites seem to load a bit faster, but your mileage may vary. If you’re a on a Windows machine and are unable to use Firefox, I’d suggest giving Pale Moon a try. If you have an alternative you think is better, let me know about it in the comments.

With Google Public DNS, we collect IP address (only temporarily) and ISP and location information (in permanent logs) for the purpose of making our service faster, better and more secure. Specifically, we use this data to conduct debugging, to analyze abuse phenomena and to improve our prefetching feature. After 24 hours, we erase any IP information.

Google goes on to say that they are not tying any information to your Google account, or sharing it with anyone else. They don’t say they aren’t going to use it, though, but any data they retain won’t be personally identifiable. That eases most of my concerns. And it’s far better than most other DNS providers offer. I would not trust my ISP not to sell my information, and OpenDNS openly admits they are selling that information, but claim that it cannot be traced back to individuals.

So far, Google is coming out on top in privacy concerns and adherence to standards. But what about performance? Enter NAMEBENCH.

Namebench is a recently released tool that benchmarks the response time of hundreds of public DNS servers and shows you the best on for your situation. Just open the file and click “Start Benchmark” and after a short wait, it spits out a handy webpage with the results and recommendations. Very easy.

Results may vary.

As for the results…..I ran the test 5 times, and got 4 different results. After another 10 attempts, a clear winner had emerged.

Most people probably aren’t going to notice a difference in speed or stability, but then again, this blog isn’t for “most people.”

Charlie’s Black-Eyed Peas

Ingredients:

Directions:

Yes, that’s right. Go hasn’t even been out to the public for more than a day and there’s already someone taking credit for it. Unlike the absurd claim that was just made against Steve Jobs and Sarah Jessica Parker, this one may actually have some credence. A user calling himself fmmcabe created issue #9 on the Go google code page in which he says:

I have been working on a programming language, also called Go, for the last 10 years. There have
been papers published on this and I have a book.

I would appreciate it if google changed the name of this language; as I do not want to have to
change my language!

A quick google search brought up his book, “Lets Go!” on the self publishing site, Lulu and a perusal of the ACM digital library brings up several hits as well including “Go! for multi-threaded deliberative agents”.

The biggest issue at hand seems to be the semantics between the two names. Google’s new language is named Go whereas McCabe’s is a more emphatic Go!. Go is already a fairly common word and I can attest to the difficulties of using it as a parameter within a Google search. Even a day after the announcement, a quick search for ‘go programming language’ returns hits entirely about Google’s Go including a rudimentary wikipedia article. With the immense popularity of Google, I can easily see McCabe’s language (which is already obscure) being pushed even further into the depths of the internet.

I’m not surprised that Google didn’t know about the previous usage of the name, but I hope Google follows their corporate motto of “Don’t be evil” and let McCabe be the sole user of Go. I’ll even suggest that they fall back on GoLang. Not only is it the official url, but it allows them to retain all the quirky uses of go within their language (ex goroutines ) and puts them in league with another concurrent language, ErLang. Problem solved.

Then one night before you go to bed, your wife decides to throw her favorite pair of pants in the dryer so they’ll be ready for her in the morning. But during the night, that bird’s nest in your dryer vent, which you’ve been meaning to clean up, causes a lint clog. It catches fire while your sleeping, the alarms fail to go off, and you die a slow, horrible burning death.

In order to avoid this type of thing, I got to work and replaced my old smoke alarms.

A Quick Interlude: How Alarms Work

There are two types of smoke detectors: photoelectric and ionization.

Photoelectric detectors are set off when smoke particles pass in front of a light beam. They are better for detecting large smoke particles created by smoldering fires, e.g. your living room couch after you drop that lighter you’ve been playing with.

Ionization alarms are set off when alpha particles in the smoke pass through and disrupt an electrical current. These are better for detecting flaming fires, e.g. the deep fryer explodes in your kitchen.

A third type of alarm detects carbon monoxide levels. These are not technically smoke alarms, but they are still recommended in a home, since you could just be standing in the basement next to that old gas furnace, minding your own business, and suddenly fall over dead.

You can learn more about smoke alarms at the Wikipedia page.

What I Bought

After doing some homework, I chose the Kidde KN-COSM-IB. It is one of the higher rated smoke alarms on Consumer Reports. Some of the features:

• Combination CO/ionization detector
• AC powered (no need to keep replacing a battery)
• Battery backup (you don’t want to burn alive even when the power goes out)
• Interconnectable (a wire connects each alarm, allowing one to set off the others, which means you won’t choke and die when you don’t hear the alarm going off downstairs)
• Voice warnings (sexy)

Installation

Installing the alarms was surprisingly easy. I made sure to turn off the circuit to the alarms, which I double checked with a multimeter (that’s right, I own a multimeter). Then it was a matter of matching up the red, black, and white wires.

After I turned the circuit back on, the system initialized with a self test and a sweet angelic voice called out, “Fire! Fire!”

You’re supposed to install an alarm in each bedroom, but my house is small enough. Besides, installing any more would involve real wiring, something I’m not qualified to do and too damn lazy to learn.

You’re also supposed to install both photoelectric and ionization detectors, but the combination units are expensive, and I don’t value my family’s safety that much*.

My next project is to change the thermostat, something even more potentially dangerous.

*JKLOLLuvyahoney

Note: Not IIS

In most large-scale production environments, there is some sort of load balancing or proxy-ing going on, which will prevent the site from becoming completely unreachable. Small and medium scale environments will probably not have this. While there are some options for lessening the impact of this attack, none are entirely effective at preventing it due to its nature. (You can read about those options here.) While this idea is not original, the way it was packaged is bad news. This script is kind of a big deal for the following reasons:

• Pretty much all standard Apache installations are vulnerable
• There is no patch, as it takes advantage of how Apache is suppose to work
• It’s hella easy to use (enough so that “script kiddies” can use it.)
• One person on one laptop can bring down a website. Not botnet required!

The original script is written in perl. There is also a python implementation called “PyLoris” available here. This is a classic denial-of-service attack running over HTTP against APACHE. This means it will not affect SSH or FTP or whatever else you are running on that server. For the most part, it won’t even eat up system resources too much. For reasons beyond my knowledge, this does not affect Microsoft’s web server, IIS.

HOWEVER:

Any server running iptables (linux) can add the following lines:

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

These two lines drop any new connections after more than 20 connections have been made by the same source to port 80 within the last 60 seconds. These are pretty arbitrary numbers, and could take some tuning, but they prevent this attack from bringing down a website. (At least it prevents one person from doing it)

There is also a way to limit the number of sockets per IP in Apache, but I do not know how. That would probably be a better solution that the one proposed above. If someone know how to do it, please add to the comments.

A NOTE: It rankles me when people use the term “script kiddie.” This term is extremely dismissive, and is used mostly by crotchety IT professionals who forgot what it’s like to have three months off. I understand that there is a difference between “script kiddies” and “teenager hackers” but for the most part, the two are lumped together. People learn by looking at the examples of others. These kids will use these scripts this summer, but next summer, or the year after, they will be writing them, and making even more work for these same “hardened” IT “professionals.” So, bored teenager: go nuts. Have fun. Learn as much as you can. Just don’t be a douche about it.

ANOTHER NOTE: Yes, in case you are wondering, I do make the “quotations gesture” while I talk “IRL.”

ONE FINAL NOTE: I fully support people writing tools like this. There is nothing wrong with a little more awareness. I do find the timing amusing though.

If you have anything to add, or you find something wrong with my solution, please feel free to leave a comment so that I can take your ideas as my own.

P.S. I tried hard, but I couldn’t find any other suitable images to put here. Sorry.

I also made the mistake of assuming that if you are stuck behind an OpenDNS proxy, you probably don’t have the ability to change what DNS servers your computer is using.  Apparently, hotels and other establishments are using it on their “public” wireless.  Ethical and legal ramifications aside, setting your computer to use 4.2.2.1 will bypass OpenDNS filtering. So, again, just to burn these numbers into your mind:

4.2.2.1

Quick instructions on how to change this: (from this guy)

Click on “My Computer”. Click on “My Network Places”. Click on “View Connections”. Right click on the connection that supports your Internet connection and go to “Properties”. Double click on the Internet Protocol TCP/IP option. Make sure “Use the following DNS server address” is selected, and input the above recommended DNS.

To check go to “Start > Run > “cmd” ”. Type in “ipconfig /all” and you should see the DNS you input where it says “DNS”.

Those DNS servers (4.2.2.1-4.2.2.6) are apparently owned by Verizon as a throwback for something. So, they might just stop working one day.

I have grown uncomfortable with using OpenDNS as my DNS provider. While their privacy policy is adamant that they do not keep records, they provide statistics for your account. I’m not saying they are in any way malicious, but after seeing this…

Bum bum ba dum...............

…I am hesitant to send all my traffic to them.

A FINAL NOTE:

OpenDNS remains a solid choice for people wishing to set up easy, potentially effective content filtering for their network. Their actions to stop Conficker and other malware are commendable. They make it simple for people to move away from their using their ISP’s often-slow DNS servers. However, their content filtering should not be considered effective in any environment that does not control which DNS servers machines on that network can use. Also, there are glaring privacy concerns for any one that cares about that kind of thing.

The End………………………………………………………………………?

When I was a kid, I watched a lot of fucking TV.  Like, a lot.  Interestingly, I don’t watch any TV now except for Battlestar Galactica (which I’m way behind on and own only on DVD) and Spongebob Squarepants, which ought to give you some insight on the kind of person I am.  At any rate, the “glory days” were filled – FILLED – with Nickelodeon.  If it was on Nick, I watched it.  Rugrats, Ren & Stimpy, Salute Your Shorts, Wild & Crazy Kids, Legends of the Hidden Temple, Hey Arnold, Kenan & Kel.  Frasier?  Nope.  Seinfeld?  Never.  Everybody Loves Raymond?  Negative.  Family Matters?  I didn’t do that.  Full House?  Not today.  Virgin?  22 and going strong.  Cartoon Karma, maybe?

A big one for me was Doug.  Doug was one of my favorites.  Doug is an “every man.”  I knew a lot of adults who liked Doug, as he is a very real, human character.  Ironically, he is the only person on the show who has that characteristic.

To show the contrast, I typed “Doug Funnie Characters” into Google Image Search, an action I quickly came to regret as I succumbed to a wave of nausea and horror.  SafeSearch is indeed off.

I was able to narrow it down:

You can look at Roger Klotz and inherently know he’s an antagonist, which is cool, but he’s green and apparently has hair made out of bacon.

Not so with our hero:

An average, everyday young man, slightly pudgy, with a big heart.  That’s what American children need.  They have GI Joe and the Transformers.  They need an equalizer, someone they can truly relate to in the world.  Optimus Prime is a great role model, but he’s made of metal and can turn into a truck, and can shoot lasers, a slightly unrealistic goal if you’re 8.  Doug Funnie: the Emblem of American Childhood.  Or is he?

I was sent a link to The Orange Splat, a Nicktoon archive/repository (which apparently was shut down by Viacom less than an hour ago, so god dammit), and watched an episode a while back on a whim, just for fun.  The episode was called “Doug’s Got No Gift.”  After watching it, and several more episodes of Doug, I saw him for who he really was.  The true face of Doug Funnie.

Maybe I’m crazy, but after watching several episodes of the show, I’m convinced that Nickelodeon is getting under-the-table funding from the reds.  Here’s the plot synopsis from Wikipedia:

“Doug unintentionally spends all of his money on a video arcade game ‘Bag a Neematoad’, and now he can’t buy Patti a beetball as a birthday present. So Mrs. Dink gives Doug the idea of making a gift for Patti, and all Doug hopes is that she’ll like it.”

What it should say:

Doug goes to the mall in order to try and find Patti a birthday present.  His idea is to buy her a high-end, name-brand beetball (rugby ball), but he is enticed and distracted by the flashing lights and sounds of the “Bag a Neematoad” arcade game.  After several exciting rounds, Doug becomes obsessed with getting a high score, and discovers that he has spent all his money, and cannot afford the expensive gift.  Mrs. Dink tells doug to make a gift for Patti.  Doug makes her a homemade beetball holder, which Patti loves, after she receieves several varieties of high-end, name-brand beetballs.  Patti tells Doug the holder was her favorite birthday gift this year.

In other words:

Subliminal messages from this episode:

- Malls are crowded places with lots of distractions, all of which revolve around consumption.  By going to a mall, you will undoubtedly spend all of your money.

- Competition for dollars (capitalism) caused Doug to spend all of his money on a flashy arcade game.  Competition is bad.

- Success (being at the top of the high score list) is a function of how many dollars you have (how many attempts you make at the game).  It can be inferred that competiton (more importantly, being on top) is bad.

- Without dollars, the individual is powerless to achieve success (Doug can’t afford to buy the gift).

- Mrs. Dink is the absolute antithesis to Mr. Dink.  Mr. Dink is rich and eccentric, and buys “very expensive” but incredibly impractical gadgets that consistently do not work.  Mrs. Dink is a consistent voice of reason in the Dink family, and always suggests a sensible alternative.  By suggesting to Doug that he make the gift, Mrs. Dink is empowering the worker, and dissuading him from excessive consumption, which ultimately leads to failure.

- Patti favors Doug’s practical gift over the designer beetballs, handing another clear victory to the worker.  Moreover, Doug’s gift is a beetball holder, possibly inferring that the rich are nothing without the workers to “hold them up.”

In other words: don’t spend money.  Competition is bad, capitalism is bad, and  consumption leads to failure.  In the end, only the workers are truly successful in their plight, and they ultimately hold more power than the bourgeoisie.

I realize this may sound completely insane, but watch, if you can, several more of the Doug episodes, and you see this pattern repeat over and over and over.  I especially recommend “Doug Inc,” ‘Doug Runs,” and “Doug’s Career Anxiety.”  Doug Funnie, have you no decency?

Of course it’s all moot now, since apparently Viacom shut down The Orange Splat.  Fuck you, Viacom.  Anyway, I am not a communist or socialist, (unless, of course, the damage has already been done) but this is what I’ve seen, and this is what I think.  Take it for what you will.

I was originally going to title this post “Doug Funnie is Communist Twaddle,” largely because I’ve never really gotten a chance to use the word “twaddle,” but I didn’t want anyone to think this post was about another Twitter client.  Oh God.

FUN FACT: In 1943,  Bell Laboratories coined the term acronym as the name for a word (such as SONAR) created from the first letters of each word in a series of words (such as SOund Navigation And Ranging).

By some definitions, acronyms have to be pronounced as words themselves, such as N.A.T.O. or S.C.U.B.A, whereas P.C.M.C.I.A. would be just be considered initialisms. But no one cares anymore, and they are all just referred to as acronyms. Except for me. I’m going to start correcting people.

There are many different breeds of abbreviations, some of which I will show you now:

Standard

• LASER: Light Amplification by the Stimulated Emission of Radiation
• PEBKAC: Problem Encountered Between Keyboard And Chair
• POTS: Plain Old Telephone Service
• JBOD: Just a Bunch of Disks
• BGP: Border Gateway Protocol, also (Be Gettin’ Paid)
• PHB: Pointy Haired Boss
• TACACS: Terminal Access Control Access Control Server
• YTMND: You’re the man now, dog

The Department of Defense and it’s branches seem to relish in the unpronouncibility of it’s acronyms:

• CDRUSSTRATCOM: CommanDeR, United States Strategic Command
• JFCOM: Joint Forces COMmand

Multilayers, or Nested Acronyms

• NetBEUI: NetBIOS End User Interface
• DITSCAP: DoD Information Technology Security Certification and Accreditation Process

Recursive Acronyms

• WINE: WINE Is Not Emulation
• GNU: GNU’s Not Unix!
• VISA: Visa International Service Associations

Backronym, or Contrived acronyms,

Abbreviations where the words were chosen to fit the awesome abbreviation some senator came up with and had his interns stay up all night coming up with the words to fit it. The best example I can think of is this:

• USA PATRIOT Act: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

Most of this information was tastelessly ripped from Wikipedia.

POST YOUR FAVORITE IN THE COMMENTS. QUIZ ME. I DARE YOU.