Beer, Crops, Laptops Browsers & Retailers Under the Fedora

Apparently a small beer company in Seattle is making beer with the Acronym APAB (all Police are bastards) on each can. The owner says he’s happy to lose customers that disagree.

The irony here is palatable he is free to put whatever message he wants on the beer, other are free not to buy it, that’s free market capitalism at work.

The bigger irony? He is free to do so because he doesn’t have to worry about those who disagree torching his brewery, thanks to police.

In something right out of the movie The Devil & Daniel Webster, between 180 and 270 million bushels of corn in Iowa were likely damaged by hurricane force winds and rain that hit the state. Given that Corn is the basis for a lot of what we make and eat expect food prices to go up fast.

As Glenn Reyonlds put it: We’re lucky to live in a country where news like this doesn’t presage a famine.”

Thank capitalism.

I finally got that replacement laptop I was talking about. I ended up buying a HP from my local Staples vs the Acer I was going to buy on Amazon because it seemed to me that every single laptop being sold there was from a 3rd party seller and the number of bad reviews of the specific sellers seemed awful high to me so I decided I’d rather buy somewhere so if there is a problem I can go to an actual person in an actual store face to face (or these days mask to mask) for relief rather than go to court.

It’s nice having choices like this rather than having to go through a monopoly like Amazon.

Thank Capitalism

Counting the new laptop that is still in its box I now have 3 laptops functioning. All of my email in done on the oldest. This one is going to get hooked up to ann old screen with an HDMI cable as soon as I find one and the new one will be for my general work. Interesting point. Didn’t have brave on the oldest laptop and because I wanted a link for an email opened a site I visit regularly in chrome.

The number of ads and popups was astounding. You don’t really appreciate the joy of running a brower like Brave until you do without it.

Thanks free market.

Finally apparently Macy is leaving its location in Chicago’s “Magnificent Mile” where it currently has 8 levels with 170,000 square feet but has been hit twice during riots.

Everyone is insisting that this has nothing to do with the riots or police response I’m sure Amazon’s moves to get people out of Seattle and into the suburbs have nothing to do with the riots either.

But that’s the thing about the free market, people respond to incentives whether they are taxing to the pocketbook or hazardous to one’s health.

Someone might want to warn Austin Texas about this.

Taking a Scalable and Sustainable Approach to Vulnerability Management

The number of vulnerabilities contained within production code is growing rapidly. As a result, organizations struggle to keep up with their patch management. This inability to patch vulnerabilities poses a significant threat to website security.

Organizations must adopt a more scalable approach to patch management in order to keep up with the growth of exploitable vulnerabilities. The use of prioritized patching and virtual patching are essential to minimize an organization’s exposure to cyber risks.


Vulnerability Numbers are Growing Rapidly

Software is written by human beings, and humans make mistakes. As a result, it should come as no surprise that software contains bugs. While some of these software errors are minor and have little or no impact on the software’s operations, this is not true of all of them. Some bugs are vulnerabilities that can be exploited by a malicious user to force the software to take actions not anticipated, intended, or desired by the software’s developer.

Over time, the number of these vulnerabilities that are discovered in production software are growing rapidly. In 2019 alone, 22,316 new vulnerabilities were discovered and publicly disclosed. Of these, over a third had a Common Vulnerability Scoring System (CVSS) v2 score of 7 or above, meaning that they are labeled as high severity.

Organizations Cannot Keep Up

As the number of software vulnerabilities grows, organizations can no longer keep up with their patching requirements (if they ever could). With over 22,000 new vulnerabilities discovered in 2019, over 60 new vulnerabilities are reported each day on average.

Not every newly discovered vulnerability will impact an organization since it will not be running every affected piece of software. However, determining if the organization is affected by any of the day’s 60 vulnerabilities and addressing the fraction that are relevant can create a significant burden for an organization.

For many organizations, patching a vulnerability is not as simple as allowing the update to run on every employee’s workstation. Several factors can affect the update process, including:

  • Vulnerability Location: If a vulnerability exists in production code, then addressing the issue could require a new software release. The new code must be created and fully tested before being deployed to production.
  • Patch Compatibility: Any software update may include deprecating some functionality provided by a program. If an organization’s existing software depends upon deprecated functionality, then applying a security patch may require a potentially expensive and time-consuming rewrite of the software.
  • System Stability: For organizations with high availability requirements, such as critical infrastructure, it is essential to ensure that a patch does not break any critical functionality. This requires extensive validation in a realistic test environment.

Not every vulnerability that exists within an organization’s systems or the software that it uses has these issues. However, every software update carries some overhead, no matter how small, and applying some updates requires significant time and resources. As the number of vulnerabilities to be addressed grows, organizations can quickly and easily fall behind in their patching processes.

Prioritized Patching is Essential

With the rapid growth of vulnerabilities, organizations cannot keep up and need to find a way to effectively manage their cyber risk. Patching every vulnerability is difficult or impossible, so vulnerabilities should be patched based upon the risk that they pose to the organization.

The risk associated with a vulnerability is usually quantified based upon two factors. These are the probability that the vulnerability will be exploited and the impact if an exploit occurs. The impact part of this equation is readily available for any vulnerability. The CVSS scoring system labels vulnerability severity as low, medium, or high in version 2 and low, medium, high, or critical in version 3.

The probability of exploitation can be more difficult to determine. Not all vulnerabilities are actively exploited by cybercriminals, meaning that a “critical” vulnerability on the CVSS scale may pose little or no real-world risk to an organization. Of the over 22,000 vulnerabilities disclosed in 2019, 37% of them had known exploit code or a Proof of Concept that would make it easy to develop a workable attack. Prioritizing these vulnerabilities in patching would be a good idea.

However, even more detailed information is available regarding the risk of certain vulnerabilities. In May 2020, the FBI and DHS CISA published a list of the top ten most exploited vulnerabilities over the last four years. This report indicated that cybercriminals commonly target Microsoft Office products, Apache Struts, and vulnerabilities within VPN products. Prioritizing these particular vulnerabilities – and generally any vulnerability in these types of software – enables an organization to dramatically decrease its risk of exploitation.

A Scalable Solution to Vulnerability Management

The problem with even a prioritized approach to vulnerability patching is that it is not a scalable or perfect solution to the problem. As the number of vulnerabilities in production software grows, organizations will be increasingly unable to keep up.

Virtual patching, a function offered by web application firewalls (WAFs) and runtime application self-protection (RASP), is a potential solution to this problem. Rather than applying patches to vulnerable applications, virtual patching trains the WAF or RASP solution to identify and block attempts to exploit the vulnerability. Since a virtual patching solution’s list of vulnerabilities is easier to update than the applications containing these vulnerabilities, this provides a more scalable solution to organizations’ vulnerability management problem.

The 86 Million Potus Carpe Dorktum Twitter Advertiser question

While I remain unimportant enough a voice that Twitter hasn’t gotten around to banning me yet (although I’m doing my best by speaking plainly) Twitter’s decision to ban Carpe Dorktum presents a problem for their shareholders which can be explained in two screen shots:


One is the low end and one is the high end of followers.

Donald Trump and Donald Trump JR have already shown a willingness to retweet Carpe Donktum videos. It is unlikely that this will stop just because he is off twitter, but now there will be a difference.

Last week when Donald Trump or Donald Trump JR retweeted Carpe Dorktum 5-82 million potential customers of the advertisers of twitter had a chance to see any ads placed on or near the said account when a user clicked on it.

This week if Donald Trump or Donald Trump JR tweet out such a link those 5-82 mill potentials those who click on that link will end up off of twitter which means twitter’s advertisers will not get those eyeballs. They will go to Parler or facebook or maybe to the Carpe Dorktum youtube channel.

I’d bet real money that those twitter advertisers could by ad space with him fairly cheap.

Now if I was an investor in twitter I’d not be all that happy about losing those eyeballs and the ad dollars that will go elsewhere and if Twitter was operating like a business rather than a polictical pac whose primary object is to elect Democrats they might be worried too.

Vets, Asheed, Cleese, Idle and Cellphones Under the Fedora

It’s Veterans Day a holiday everywhere (except where I work of course). On on this day we take a few minutes to remember the folks to whom being “triggered” meant someone trying to kill them rather than someone saying something they don’t like on social media.

It never ceases to amaze me how so many Americans squander the freedom these men and women bequeathed them but in a society so narcissistic it’s to be expected. I wonder how many of our long dead vets if they saw what the society they had fought for had become, might have had 2nd thoughts about defending it?

Is light dawning on marble head?

If the Democrats aren’t scared of stuff like this they should be, but then again as long as their paid machine cronies are counting the votes in black area they will be able to disenfranchise black republican votes as they did in the days of Jim Crow.

Don’t think for a minute they won’t try.

I note the daily beast interviewed Eric Idle and John Cleese for the 50th anniversary of Monty Python and they of course had plenty to say against those of us who support Trump

“It’s been quite clear to me from the very beginning that he is not mentally balanced,” Cleese says of Trump. “He is an extraordinary caricature of an asshole; a person who has no interest in anyone else except himself. Every time he makes a decision, no matter how impulsive it is, it’s the one that makes him feel best about himself for the next 20 minutes.

Contrast that statement with the one above it and your irony meter will explode.

That doesn’t make him and them any brilliant when it comes to comedy.

One more Python quote from Eric Idle on Trump that made me laugh

Idle admits that, during a break from his busy schedule, he recently became addicted to MSNBC.
“The problem is, the way they cover everything, you constantly think, ‘They’ve got him!’” he says of the coverage of Trump’s travails. “Like they’re coming for him with the handcuffs. The golden handcuffs, of course.”

reminds me of a song…

Funny how Trump the supposedly Nazi/Racist dictator isn’t censoring them?

Finally This whole conversation is a pet peeve of mine:

Ms. Zideyah said that she and many of the women who attended the Ignite training were aware that they had to be careful about their social media posts, but worrying about what was stored on their phones was new.
“As an online human, you don’t think that those kinds of things are going to be used against you or leaked, especially from people that are closest to you,” Ms. Zideyah said. “But I do think that now that sort of training has to be implemented, because what you should keep on a phone is becoming a serious issue.”

via hot air headlines.

I’ve been saying this for decades but let’s try one more time.

Don’t put any image or thoughts on a phone or an email or a computer or any device that a computer is linked to that you would be ashamed to show to your grandmother.

I used to say “from your mother” but where you do think this generation got that idicoy from?