Category: Internet Ephemera

Ebony’s name is ENOBY

Tom Bombodil and the Goffs

Call me easily amused, but the TV Tropes page on the mind-bendingly awful Harry Potter fanfic My Immortal sent my into hysterics today.

Literally, hysterics. The misspelling of “Reader Discretion” in particular had me slumped in my chair, screaming with laughter for about five minutes. My neighbours probably thought I’d gone insane and (once I recovered enough to breath) I discovered I’d given myself a nasty case of the hiccoughs.

I have no intention of reading the source material – the text parser in my head would break under the assault – but the summary is pure, radioactive comedy dynamite.

I want Hermione Granger and a Rocket Ship!

Take a ride on Rumbleroar!

I’m definitely coming late to the party but if you’re any kind of Harry Potter fan you owe it to yourself to check out A Very Potter Musical – an incredibly silly, completely unauthorised musical “reinterpretation” of Harry Potter put together by students at the University of Michigan last year. I could go on and on about how great it is, but all I really need to say is that it features a tap-dancing Lord Voldemort. You hear me? A tap-dancing Lord Voldemort. What the hell are you waiting for? (And what the hell is a Hufflepuff?)

The downside is I now have a crush on Draco Malfoy. Before anyone gets out Scarf of Sexual Preference I should point out that I have a crush strictly on the AVPM version of Draco Malfoy who is played by the very cute and downright hilarious Lauren Lopez (I have no idea why was she continually rolling around the stage but it was extremely amusing).

Anyway, tomorrow’s Australia Day (Boo! Hooray! Boo! Hooray! Call me when you’re finished) so you can expect an entry on how crap the Hottest 100 turns out to be at least 😉

ME GO TOO FAR!

Me am play gods!

There’s a new Dresden Codak out! Strange and wonderful as usual.

Poking around in the archive (because reading one Dresden Codak is never enough) I came across the Caveman Science Fiction strip which remains one of the funniest things I’ve ever read. Go on, take a look.

My obsession with FreakAngels has finally broken my mind. How else can you explain this? I mean, I could be out there living an amazing life of action, adventure and fast women, but instead I sit in the dark customising a mediawiki installation and combing through webcomic panels for every last, insignificant, tiny detail. I’m clearly insane.

Image (S)Hack

At the very least you could have posted your manifesto in *text* guys.

(I would like to apologise in advance for this post – it’s full of ill informed ranting. This is nothing unusual of course, but in this case it’s pretty bad. Hey, why don’t you go and read some other, more sensible post instead? Please?)

Apparently overnight the image hosting site Image Shack has been hacked by a group of people calling themselves “the Anti-Sec movement”. They’ve replaced (presumably) tens of thousands of images hosted on the site with a manifesto opposing the “full disclosure” method of publicising security flaws, and threatening “through mayhem and […] destruction” to force the abandonment of the same.

Well.

On the one hand I have to agree with some of their points. Full disclosure does have its share of problems – the main one being that the black hat hackers and the software companies get the same information at the same time, starting a race to patch the issue before it can be exploited (a race that the black hats usually win). That said, I do have some issues with the Anti-Sec manifesto as it currently stands.

(Edit: As it turns out that’s actually wrong – full disclosure policies almost always have a delay built in so that the companies responsible are told first and get time to patch the hole before the black hats find out about it. So Anti-Sec are basically talking out of an orifice other than their mouths.)

The first is the problem of security through obfuscation. Anti-Sec seems to be suggesting that if you discover a security hole you should shut up and sit on it so that no one can exploit it. This would work fine if it could be guaranteed that you’re the only person who would ever find it. This is, of course, ridiculous. Someone else will discover the same exploit and they may not have the same, upstanding community attitude that you do. The sensible thing would be to report the flaw to the company responsible so they can patch it before the knowledge becomes public. Anti-Sec may well support this method, but their manifesto says nothing about it.

(Edit: Actually they’re actively opposing it.)

The second problem I have is with their methodology. Let me quote…

It is our goal that, through mayhem and the destruction of all exploitative and detrimental communities, companies and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.

How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits… “you are a target and you will be rm’d. Only a matter of time.”

This isn’t like before. This time everyone and everything is getting owned.

Right. Well, opening a debate is one thing. Opening a debate and then forcibly silencing everyone with a dissenting viewpoint is completely another. And when that forcible silencing is achieved via threats and “unrelenting, unmerciful elimination” it’s basically terrorism.

So, it’ll be interesting to see how this thing plays out. If indeed it does play out and Anti-Sec don’t just vanish into the digital woods they suddenly emerged from like so many other online ‘movements’.