Friday, October 31, 2014

Rick Marciano for State Representative in Beverly, Massachusetts

In the 6th Essex race the Salem News editorialized: “... Parisella has certainly earned another two-year term...”  Apparently the editors have not been reading the excellent reporting of Paul Leighton who detailed the conflict of interest complaint filed against Parisella and his subsequent quitting of his job.

And though that weighs on my mind, I’m voting for Rick Marciano because of 3 votes Jerry made.  

24 Hour Review Time for Bills Vote # H2015.1

This was a vote on Amendment #1 to the Joint Rules for the years 2013 and 2014 (H2015). Supporters sought to require the budget to be posted online for 24 hours before a vote, after it emerges from the Conference Committee. -  Rep. Parisella voted against this

Requiring Committee Votes to be Published Online Vote # H2015.3  

This was a vote on Amendment #3 to the Joint Rules for the years 2013 and 2014 (H2015). Supporters sought to require committee votes be published online. Rep. Parisella voted against this

Require Six Public Hearings Before Raising Taxes Vote # H3700.234

This amendment would have required six public hearings before legislation containing new taxes or tax increases could be voted on.  Rep. Parisella voted against this.

These three votes I think would have improved accountability and transparency  in our state government.  These votes however indicate clearly that those in power do NOT want to be accountable or transparent.  

I don’t blame the Representative for voting as leadership instructed him -- this is how Massachusetts government has been played for many years now -- and Democrats who cross the speaker are in a dangerous position.

That is why I’m supporting Rick Marciano for State Representative.  Rick can be counted on to speak his mind and vote his conscience.  He will not “play ball” with the speaker to hide the things that they would prefer to sweep under the rug.  Scandal after scandal has tarnished our state government, with the probation department scandal having recently convicted 3 more government employees.

I’m voting for Rick because I want someone who owes nothing to the speaker or the governor or either party -- but instead is independent and works for Beverly. Rick won't have to quit a job because of a conflict of interest. Rick has committed to working ONLY the State Rep job and giving the people of Beverly full time representation.
Sincerely, Daniel Fishman

Tuesday, September 30, 2014

Apple is giving away all your stuff in the iCloud

I've used the login name "fishdan" since 1996 -- I own it about everywhere it's worth having.  Because I'm old, my primary usage is via yahoo, but I'm also fishdan@gmail, It's my primary interface to all things google, including my google+ account and the account I sync my android phone with.

Because I'm a good doobie I use 2 Stage verification with this account.  This has been a minor pain in the ass, but it always seemed like a good idea, and I'm rarely that far from my phone.

But because it's not my #1 account, I only check the email every other day or so.

Imagine my surprise when I looked at it today and saw the following:







Yep, 20 emails from Apple.  I knew that wasn't going to be good.

Here's the first one:



Full disclosure -- I don't own an Iphone and I'm not really a consumer of anything in the ITunes Universe.  I do have a few AppleIDs,  the most critical being professional ones related to being in the IOS developer's program and other professional things like that.  That one is linked to my yahoo email address.  I don't remember why I created the gmail apple account, but I certainly would not have hesitated to do so.  Probably for apps.

So, I'm troubled as soon as I read the email.  Someone was able to sign into my iCloud account from an Iphone?  I don't have an iCloud account!  You can see in the image above that then there was another email saying that my AppleID was used to sign into facetime and iMessage.

And immediately after that, 11 emails like this:



I suppose being charitable, I could assume that someone had perhaps fat fingered their email address and they were dishman@gmail.com.  Still, 11 requests to reset the password??

As it turns out, that was only for yesterday.  Today (starting at about 9 this morning) they made 6 more attempts to verify the email address (which is also in the first photo).  Of course I didn't respond to any of them (I hadn't even seen them yet), so my account could not have been verified right?  The last attempt to verify was at 9:08am and went unanswered.

And then at 9:28 this gem!



Seriously Apple?!?  With no verification, you allowed changes to my account, including the Apple ID, the password and the email address???

So I noticed this a few hours ago.  I went to Apple to try to reset my password.  Guess what!  If there was a reset password email, it was no longer being sent to my gmail account.

I tried to get in touch with apple, but they best they can do it to call me tomorrow morning -- we'll see how it turns out.

I feel confident my gmail account is secure because of two factor authentication.  I only use virtual credit card numbers online, all of which I set to expire one month after I use them, so I'm not too worried about there being a credit card number associated with the ITunes account.

What I am really unhappy about however is that whatever WAS in that account -- perhaps some apps -- perhaps photos?  Is now apparently gone to someone else.

I did nothing wrong here (and I would argue many things right) and STILL Apple allowed themselves to be socially engineered into giving up an account, even after they were exposed two years ago and deleted all of a guys photos of his kids, his collected works...


Bottom line?

You would have to be crazy to trust Apple or ICloud with anything sensitive, or anything you wouldn't want to lose!

I suspect that if I had had an ICloud account or an Iphone, my vulnerability would have been even worse.




















Tuesday, August 19, 2014

seeing the progress of Windows Update in windows 8

Just upgraded to windows 8, and I'm not happy about a lot of it, but I kept digging to see if the answers I wanted are perhaps in there somewhere.

Most particularly I was very frustrated that I could not see the progress of windows update as it ran from the app.  It took me a long time to figure this out, but if you go to the control panel in the desktop and look at windows update there, you get to see it all as it happens!







Wednesday, May 14, 2014

Charity must begin at home

We have changed ourselves as a country and as a people when we think that the social safety net MUST come from government. When my grandparents came to Lynn in 1904 they came to a community that took them in and shared responsibility for them. If a kid was misbehaving, the first adult in the neighborhood to it would pass that information on to the parent. If someone was struggling their family was invited to dinner. Simple concepts that are rarely practiced any more.
Charity does more than help the recipient -- it integrates the giver into the community. We learn more about ourselves and our communities through our own acts of charity. In particular we learn that our society is not as hopeless as the doomsayers would have us believe. If we can all find a way to be a little more involved and have a closer relationship with our neighbors, we would find that we can solve more problems.
Sadly, some people would rather wash their hands of the responsibilities of humanity. When I hear people say "that's what I pay taxes for" as an excuse to look the other way -- it bothers me. There's a lot about our system that can be remedied if we can just work a little bit at being good towards each other and finding a way to be give of ourselves.
And that's what bothered me about this story. I think there is a concerted effort by some to make the social safety net be solely the responsibility of government. This doesn't work because government is whimsical. Today's charity is tomorrows pariah with a new majority in power. Republicans won't allow government funds to Democratic causes and vice versa.
But hopefully our hearts ARE constant. Where people want to step up and engage in charity, we should not punish them.

Friday, October 25, 2013

Public OpenPGP key of Daniel Fishman

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsBNBFJnxlkBCAC9lUd4l1rYa4WGb8SqvHsYRKm3IVWc2nhUj5feBNBsOXNZ
Dtg2oSjASXfiUQFiv18SX7NM8IeJjYX4GaU6zxJP3VjhieqU02nvty1qZixt
D6IPwQ7Bqyoh2n5w5Gcp+afRmy2Jh4/XRMgbMmPEhkFITZIUYVt55kv6UJhD
tGa/GLSCD1H7LfL6neFOOP2kKjU7cOFlKbPbQT9mZBphPkGEouHD2HK29ytz
WnI4RC8BXjNAgLgMrQQNYl/WvoPABCI/Nyp3Y0I2Rl+H7JvL4ge+6fUuB7CQ
JTUViylF3aPAETL4P0rlLPfndhQez/RUupESokLHGg5MxxlKOl7CgSuHABEB
AAHNIkRhbmllbCBGaXNobWFuIDxmaXNoZGFuQHlhaG9vLmNvbT7CwFwEEAEI
ABAFAlJnxlwJEHFfiQpx5t5BAADg/wf+IyR4JWJtRP9foenLKQa17Iriuvuf
+gMZ7cW/0SYSEWQ6tMvvJguF9+z+CvpEhQBVnK6GW1qjnY11rw1Qi8xvWz70
3gQqfNJfa/DLB49pUAivwfQmKVoS3LIauNTHY+XIDpqZt3Sh9PjqkCdsNjrh
qXvAAdRJQcjPC/+WdG8t7yAhu/bI+7bv0u/bqXSqsq6SzBAsK3d5xWJZlGjy
RT77HGhROdk0cip13xlcW8R73AHyTHyh1U8VocwFIb3NRRVf3y9zmvwF5QdX
jrvJVbTC/AtWKEJhjircXP2TJostQ2udd+rm0S1bx2IKZNPgl8XuQT9gLheB
bUfzbXa5yubyCg==
=wSrX
-----END PGP PUBLIC KEY BLOCK-----

*** exported with www.mailvelope.com ***P key of Daniel Fishman

Saturday, April 28, 2012

OSX single user repair permissions 10.6



After the Command-S startup, type the following on the command prompts, allowing time for each to do its thing:



 
/sbin/fsck -y<return> 
/sbin/mount -uw /<return> 
/sbin/autodiskmount -va<return> 

launchctl load /System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist
/usr/sbin/diskutil repairPermissions / 

Thursday, March 08, 2012

mcp -- copying a file to multiple machines via scp

I have a series of 6 machines that I need to occasionally deploy the same file to in exactly the same place.  I got tired of it being such a pain so I wrote this little script I call mcp.sh  It's certainly easy enough for a shell script master to do this, but for me?  I struggled for 30 mins to get this right -- hopefully this saves you some pain.

I assume you have already passed your ssh key to the machines you want to connect to so you can scp without a password.  If not please read  http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/

You call mcp.sh with the absolute path to the file you want to copy, and it will copy it to exactly the same location on the target machine.

Put names of the machines (one per line) you want to update in the file hosts.txt

#mcp.sh

firstChar=`expr substr $1 1 1`
if [ -z $1 ]; then
        echo "usage mcp </absolute/path/to/file.txt>"
        exit 1
fi
if [ $firstChar  != / ]; then
        echo "Must use absolute path"
        exit 1
fi
for line in `cat hosts.txt`
do
 `scp $1 root@$line:$1`
done


improvement comments welcome