June 2012

There were 46 posts published in June 2012 (this is page 4 of 5).

World music

AfroCubism


I kicked myself when I found out the world music supergroup AfroCubism played at the North Carolina Museum of Art on Sunday and we missed it. I’ve been on a world music kick for a few years now and it doesn’t get much better now than AfroCubism.

In surfing the art museum’s concert page, I noticed it was sponsored by a group called Friends of World Music. I’d never heard of this group but was delighted to learn it is a Raleigh-based non-profit that works to bring live world music to the Triangle. I’ve often mused that my “second career” would be being a world music promoter and Friends of World Music seemed like a serendipitous find.

On a whim I called the number listed, began leaving a rambling message on their machine, and soon the longtime executive director, Jessie Cannon, picked up and spoke to me. It turns out I may be just the person the group is looking for, she said, telling me the group used to put on more shows in prior years but haven’t been able to keep up that pace in recent years. Jessie and I are meeting for lunch on Friday to discuss the possibilities.

Kelly tells me I need another project like a hole in the head and she’s got a point. I see this one as a long-term thing that I’m happy to be patient about and grow at my own pace.

Again, I’m open to the possibilities. We’ll see where it leads.

South Meck reunion

After my friend Mitchell Franseth invited me a few months back, I decided to attend the South Meck High School Class of 1987 reunion later this month. I left South Meck near the end of my junior year to move to Great Falls, VA, so I’m not officially a part of the class of 1987. Even so, I spent more time at South than I did at my last high school, Herndon High School in Herndon, VA.

My time at South Meck was a challenging one. I was a poor student, feeling hopelessly and embarrassingly lost in my math classes (due to my laziness coupled with my frequently-interrupted educational experience, I think). I was a geek before geeks ruled the world. The closest friends I had moved away before I did. My best friend attended a different school. It was also the first time that my older sister, Suzanne, didn’t attend a school before me, which I think tended to help me know what to expect. Charlotte in those days wasn’t as accepting of newcomers as it is today – certainly not as welcoming as the Northern Virginia suburbs where I’d soon live. I found it challenging at South to find my identity.
Continue reading

Your Paypal.com transaction confirmation.

I got a realistic-looking but fake notice in my email purporting to show someone spending money from my PayPal account. Needless to say, this is a phishing scam.

PayPal logo Transaction ID: 33746045
Hello supercoolguy@supercoolguy.educomnet,

You sent a payment of $357.48 USD to Xavier Parrish

Thanks for using PayPal. To see all the transaction details, Log In to your PayPal account.

It may take a few moments for this transaction to appear in your account.

Seller
Continue reading

A world without secrets

I felt compelled to read up on a recent email thread on the Triangle Linux User Group list that discussed the recent LinkedIn password fiasco. While the discussion didn’t really tell me anything I didn’t already know, it did get me thinking.

I decided that LinkedIn could be cut some slack for their outdated notions of what constituted password security, because the truth is that 99.9% of us also hold outdated notions of password security. That is, the vast majority of us still believe in password security when in fact there is no such thing!
Continue reading

NC-20’s stunningly-ignorant climate change memo


I was drawn to the memo from the NC-20 group pushing the state to ignore climate change research and, quite frankly, I’m stupefied that otherwise-rational people would take this stance. The memo was helpfully provided by Laura Leslie at WRAL [PDF] as part of her story on the group’s science advisor, Mr. John Droz, who apparently knows as much about climatology as I do.

The whole thing reminds me of the mayor in the movie Jaws, who knows the killer shark is out there but refuses to tell the tourists because it would scare them away. I’ve highlighted some of the more outrageous statements in it below.

I swear it seems like North Carolina Republicans have declared a war on science itself.

MEMO: NC 20 Members
FROM: Tom Thompson, Chairman
DATE: December 2, 2011
SUBJ: Sea level Rise Negotiations

As all of you know, the State has been pushing hard to declare a 39” (1 meter) Sea Level Rise (SLR) by 2100 a fact. The CRC came within 24 hours of mandating it for NC 20 counties Land Use Plans. Larry Baldwin and I met with Bob Emory, CRC Chair, the night before the key meeting and persuaded him to retract the mandate. To his credit and our relief, he did.
Continue reading

Wade CAC getting back on track

Remember that neighborhood crisis I mentioned earlier? Well, last night was the night of the first “special meeting” to try to get the CAC back on track. Neither Dwayne Patterson and Luis Olivieri-Robert from the city’s Community Services department nor I had any idea how many members would attend the meeting, held at the Unitarian Church. It turns out that around 70 people showed up, which isn’t too shabby for a week’s notice.
Continue reading

More on the LinkedIn password breach

I found this analysis from a fellow network security geek in the UK to be quite interesting:

…which lends a little weight to the theory that the file primarily contains hashes which some script kiddie could not crack with basic tools, and hence makes us wonder what he’s done with all the ones which he did crack – and how much of the LinkedIn corpus that would represent?

He’s got a point. So many tools exist to easily crack these password hashes. I just tried hashcat on them using the standard Ubuntu dictionary file and cracked 20,000 of them in seconds using just my lowly laptop. So why would the hacker pretend to need help cracking them? Why post to a hacker forum where one is certain to face ridicule?

This leads me to speculate that the hacker is either enormously clueless or (perhaps more likely) aiming to embarrass and/or blackmail LinkedIn. Was this a staged demonstration of a hacker group’s power to disrupt a high-profile site? A warning to others, like Facebook and Google?

Another amusing aside is that just yesterday I used LinkedIn to send a message to a stranger who might know an old friend of mine. I tried several times to leave my email address in LinkedIn’s contact message but finally gave up: LinkedIn’s anti-spam measures are quite clever and blocked every iterations of email address obfuscation that I tried.

It’s amusing that LinkedIn can be so good at blocking spam to its users while being so bad on keeping their accounts secure!

LinkedIn password leak is confirmed

I did some hunting for the password hash list which reportedly includes the passwords of 6.5 million accounts. After downloading the file, I did a quick search on my password “tXrNNb706+” (which has since been changed, duh):

grep -n `echo -n tXrNNb706+ | shasum | cut -c6-40` hacked.txt

This spit out the following:

4096152:b0a6f8fba1a954de7d60bf4dbc3805d1056cf443

Boom! My hash appears on line 4,096,152. Yikes!! It’s a good thing I use unique, strong alphanumeric passwords for all of my accounts! That password was only used for LinkedIn, so I know the hash list was collected from LinkedIn.

But why is this file only 6.5 million hashes, if LinkedIn has over 161 million users? My guess is that an exploit was placed on the LinkedIn servers during a certain timeframe and during that time it collected the hashes of these 6.5 million users. My compromised LinkedIn password was last changed in December 2011, about six months ago.

The whole incident has given me reason to rethink the password problem, and the problem of authentication, to see what better methods exist for proving identity in a digital world.

Bonus link: read this detailed analysis on YCombinator (warning: heavy geek quotient).

Bad Day For LinkedIn: 6.5m Hashed Passwords Reportedly Leaked

This is bad. Very, very bad. Unhashed passwords are a no-no. I’m shocked that LinkedIn has been so careless.

If you have a LinkedIn account, you should change your password immediately!

And always, always use a unique password for each and every service you use.

Already in the spotlight over concerns that its iOS app collects full meeting notes and details from a device’s calendar and sends them back to the company in plain text, LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked.

Norweigan IT webite Dagens IT reported the breach, with 6.5 million encrypted passwords posted to a Russian hacker site. Security researcher Per Thorsheim has also confirmed reports via his Twitter feed, stating that the attackers have posted the encrypted passwords to request help cracking them.

via Bad Day For LinkedIn: 6.5m Hashed Passwords Reportedly Leaked.

House Creek Greenway opening in September now

I got the word about why Raleigh’s much-anticipated House Creek Greenway will be opening in early September now, rather than the July 19th I had initially mentioned. The delay comes as a result of the contractor needing to put up over 3,000 feet of railing along the top of the retaining wall.

House Creek Greenway covers some challenging topography. It’s a big project that has been anticipated for many years. While it would be great if it was open now, another few months are worth the investment to get it right.