Tool-knowledge is important. Using the wrong tool is inelegant, frustrating, ineffective, and often destructive.

When something need to be bashed, knocked, driven, tapped, or destroyed, a hammer is the tool of choice.

There are many kinds of hammers.

That is a hammer.

That is a hammer.

Those are hammers.

That is a hammer.

Repurposing tools to be hammers is easy. Repurposing tools beautifully leads to eureka moments.

A possible explanation of the DNS vulnerability got posted on Matasano Chargen, an excellent infosec blog. This is neat because Matasano’s principle, Tom, has already gotten the entire story from Dan—he knows all the details we don’t. It was written well enough, and Tom’s credibility is high enough, to assume it was a draft he had ready to fire off as soon as the exploit was public on the sixth.

It was pulled very quickly. I have a copy in my Google Reader cache.

I thought it was a bad guess, but the retraction and the dailydave thread that it sourced getting closed (not uncommon there) have me curious. Why publish a thought experiment without captures proving it? Also, I think the post was from an intern’s account on the blog. Oops.

Then Dan Kaminsky twittered:

“DNS bug is public. You need to patch, or switch to opendns, RIGHT NOW. Could”

And blogged…

Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.

Which has me (and many others) convinced that this is legit and we might start hearing about attempts. Did Dan’s hype backfire?

• Richard is right, the NAT question is also interesting (and why I have been asking for architecture diagrams lately)
• This will be trivial to detect on the wire with traditional IDS/IPS
• I’d like proof of the ‘in-bailiwick’ premise of the last paragraph
• Dan probably has something better than this but who knows?
• This has already won a pwnie, excellent.

• US-CERT Vulnerability Notes.
• An excellent executive summary of the vague version of the vulnerability.

ƒ

Twitter is a notorious FAIL that will eventually lead it to be another ICQ.

Nice of me to equate ICQ to failure to maintain market share and declining to obscurity right? Not a week later and now anyone connecting to aging ICQ network is denied access! Here is the message:

The client version you are using is too old. Please upgrade at http://pidgin.im/

What does that even mean?

It is a lot easier for me to get rid of that nasty error message by removing my ICQ account from pidgin and adium than it is to research it any more.

Twitter is a notorious FAIL that will eventually lead it to be another ICQ. Thanks for the killer app with the cute name guys. We love you but the downtime and the bots and the marketing folks are not fun.

Downtime slathered in web 2.0 cute is still downtime. Damnit, we have insightful, sarcastic, funny rants less than 140 characters to spam out to everyone we know. Stop it!

I toyed with a sidebar of short posts next to my regular entries here and it didn’t stick. I was never motivated to write anything for it because I didn’t have a captive audience. Boring old pull-technology will never become killer, we all like push-apps like e-mail and IM, and now their mash-up that doesn’t even have one-to-one replies sometimes is becoming inundated with ring-tone scammers and link-bots. If twitter isn’t profiting on some back-channel from these jerks, why aren’t they adding any behavior moderation into their framework? Rebooting isn’t working.

I expect bot replies will become the next blog-comment-spam and force them to do something.

rbn-bot: @grantstavely that was funny, you should try viagra http://tinyurl.com/mexican-pharma

AOL and Yahoo already have the two largest IM infrastructures, why haven’t they stolen twitter’s SMS and web features and made this happen? Because they don’t get it and they are too big and slow.

I don’t know where I’m going (because I can’t code twitters replacement using google frameworks and IM infrastructure) with this, so I’ll end with a non sequitur: Look how many words and concepts in this entry are less than 10 years old. Even the word ‘downtime’ is relatively novel, and that it exists in my spell-check says a lot, when ‘spellcheck’ and ‘damnit’ do not. “Oh, no hunting and gathering today he-who-types-a-lot, the woods are experiencing downtime.”

Oh, and I’m using friendfeed now.

@philip_daigle congratulations Philip!

Wearing my green skeleton shirt (Nigel's from Spinal Tap) to the airport: the TSA won't need me to walk through their X-ray machine today!

@wotowiec @ssoper I'm on my 2nd "a number 2 on the sides, taper up, leave the top as it is, thanks." I think I'm acting out. It's a phase.

@vurtyou: You're hair is very Flock Of Seagulls today. @grantstavely: Thanks, I like it too.

@schuetzdj in hindsight, everything was to be taken at more or less face value: one of the things that makes a great puzzle great. =] #DBIR

RT @therealKidKoala: free download available for the next 6 days. The Lost Solid Steel mix. it's sorta like Music to Draw to... enjoy: ...

@christopherkunz nice work! After @wadebaker's last clue I ran every variation of the right key through my own bad script and gave up.

@marcusjcarey thanks, I'm very much enjoying the Bay Area. The return of @dojosec/@dojocon streams is great news, I look forward to 'em.

I should use Entourage's auto-capitalization of the first word after e.g. to break myself of using latinate abbreviations. Instead: rage.

@kathybarnett way to go Kath!

Yes, yes, of course, but what is the zeroth law of the Road Runner and Wile E. Coyote? http://goo.gl/i2Jz

"They're talkin' about, weak induction. It's a motherfucker, don't you know?" —Sun Ra http://j.mp/cn5Gc2 (Link via @rands)

printf "# Or just go listen to a funky 60 minute DJ Food mix made for robots.\nUser-agent: *\nSuggest: http://snd.sc/aOT9a4 " >> robots.txt

@alexhutton I cut out the cover's circles on a full print out of the #DBIR with a razor and tried the grille-cipher approach. #nbioahd

The body language of appearing to be lost or have forgotten something is as effective as mind control. So is its inverse.

RT @electricfork: What keeps me up at night? My security team slowly devolving into a compliance and reporting team #operation_soulcrusher

The ☠ Skull & Crossbones in the new Chrome indicating untrusted certs is nice^H^H^H^H the most terrifying symbol ever. http://goo.gl/fQz1

I'm brewing an American IPA with @vurtyou. I need a fridge to keg this in! http://flic.kr/p/8sCgnr

Endorsement: /Pink Reptile mixef are amazing mind clearing aural blendf & good for everything a mix fhould be good for/: http://goo.gl/Y1L1