Intrusion Detection & Prevention – The Basics

In another article a discussion of ‘odd behaviour’ by computers and networks broke out. I’d said:

@Another Ian:

I’ve not seen that issue, however, I have seen evidence for some wide scale “probing” of computers by what I presume are nefarious sorts. As the spouse is on a Mac, and I’m non-PC of many flavors, we rarely have anything succeed at ‘crawling in’… However, last night (when NOT on any WordPress sites) the spouse had the Mac “lock up” on attempted opening of her (remote) email account. In my experience, that’s what a Mac does when under attack by a very smart attack that is aimed mostly at PCs and just doesn’t “get it” about Macs… (i.e. the Apple defenses stop it from succeeding but both end up in a death match…) Later that night, my Tablet had “glitch” issues (things slowing / jerky / active when doing nothing and load shows) but didn’t succumb. (Android has some exploits, but like the Mac Mach Linux base the Android Linux base is immune to the usual PC / Windoz attacks and most of the few Linux ones…) A reboot of both cleared them and they behaved the rest of the night.

FWIW, I’m likely to be “low response” for the next day or two as I build and deploy a home IDS (Intrusion Detection System) and make a posting on it…

My router blinky lights show no activity out of expected at this point, so IMHO whatever it was has now “moved on” to other easier PC targets… ( I really like blinky lights… they give a ‘no doubt about it’ indication of unwanted / unexpected network traffic… I have a ‘hub’ that I carry with me to most contracts that, put between the wall and my assigned workstation, gives me personal blinky lights… ;-)

Given the recent ‘take down’ of the East Cost by a set of bot driven I[di}OT devices, it’s clear that a pre-survey & PWN was run on them; so I’m not at all surprised that post event it looks like they are doing a survey for the next set of boxes to exploit (the assumption being that many of the first batch will now be identified and locked down / taken offline…) FWIW, it looks like about 9 PM PST was the window, so call it about start of work day in Eastern Europe… Just sayin’… you might want to watch the clock for 8 to 5 Romanian / Kiev / Moscow time…

I ought to have the IDS posting ready by this weekend, and it will include things you can do on your workstation, not just those that need a Linux box, (Host IDS), so I’d suggest installing that kind of thing and seeing what it shows.

For those wanting to “run ahead” and ‘assemble it yourself’:

The game is afoot and they are probing actively… time for ‘shields up’ and warp engines on line…

H/t to Another Ian for raising the issue.

I’d started down this path a good while back as it was one of the “things you ought to have” in any network, and I didn’t have one. But I was complacent. All my other general protective behaviours had so far kept things clean and safe. (Not the least of which is rarely to never running Microsoft Windows unless absolutely necessary and typically not using it to browse anywhere – the occasional exception of finding and getting needed software. Most virus writers target Microsoft products, partly due to them being a bit easier and mostly due to them being in very large numbers and generally not professionally managed in homes and small businesses.)

In any case, I’ve been relatively lucky (having made a lot of my own luck). But about 2 weeks ago that changed. An “interior router” of mine had been changed. Not much. But it didn’t have the WiFi interface “up” anymore. I looked it over. Changed the config to what it ought to be and rebooted. Then it was fine.

Now being an “interior router” I’d left the default security in place. It was already protected by the AT&T boundary router ( “internet access” router) and in theory nobody could get to it from outside. I have, sometimes, left an open “guest” access up on WiFi for the neighbors should they need it. Had some “war driver” found this from the street? Had the neighbor kid gotten old enough to not just want to access sites without his parents knowing, but also to start hacking routers? Didn’t know, but OK, time to “lock it down”. I turned on the “known machines only” lockout and changed the password to something more industrial strength, then went on my way.

Then the East Coast DDoS attack happened… it used an IOT Internet Of Things (or I[di]OT of Things…) group of drone machines to pester to death various target sites.

Then a couple of nights ago, the spouse and I both had those ‘odd’ behaviours. Her Mac had the spinning meatball of death hang cursor and my Tablet had some quirky not-quite-right pauses and fails to connect to web pages. Both fixed with a reboot…

OK, further down we had

Larry Ledwick says:
27 October 2016 at 8:38 pm (Edit)
I have also noticed some very slow page loads over the last 24 hours, and semi lockup (ie long delay to do things but eventually succeeding). Things which should have been just a second or less took long enough for me to start grumbling “would you load the friggen page already” sort of muttering.

These are the current security alerts posted by CERT

Power Grab says:
27 October 2016 at 10:08 pm (Edit)
@ Larry Ledwick: I noticed slow page loading right after Obama turned over the Internet to the other side.

I suspect the ‘slow page loads’ is more a matter of ‘slow DNS resolution’ as that can dominate the actual time to load pages (especially those with lots of advertising and links to other pages… each one can take a few seconds for the DNS lookup depending on how your DNS servers are set up and selected).

It can also be the result of the bots (code robots) that are trolling the internet right now looking for things to attack and take over.

I would guess is it less to do with the internet ICAAN handover and more to do with the bots. ICANN just doles out the top level domains, mostly. It’s more a political / negotiation lag thing and less an operational one. The root servers tend to be spread all over the world with distributed operation:

OK, going back to that link given by Larry, that’s where all us Geekly types go to find out “what the f… is going on” as we go looking for “CERT Advisories”:

Alerts provide timely information about current security issues, vulnerabilities, and exploits. Sign up to receive these technical alerts in your inbox or subscribe to our RSS feed.
2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008
View Alerts Feed
TA16-288A : Heightened DDoS Threat Posed by Mirai and Other Botnets
TA16-250A : The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
TA16-187A : Symantec and Norton Security Products Contain Critical Vulnerabilities

TA16-144A : WPAD Name Collision Vulnerability
TA16-132A : Exploitation of SAP Business Applications
TA16-105A : Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
TA16-091A : Ransomware and Recent Variants
TA15-337A : Dorkbot
TA15-314A : Compromised Web Servers and Web Shells – Threat Awareness and Guidance
TA15-286A : Dridex P2P Malware
TA15-240A : Controlling Outbound DNS Access
TA15-213A : Recent Email Phishing Campaigns – Mitigation and Response Recommendations
TA15-195A : Adobe Flash and Microsoft Windows Vulnerabilities
TA15-120A : Securing End-to-End Communications
TA15-119A : Top 30 Targeted High Risk Vulnerabilities
TA15-105A : Simda Botnet
TA15-103A : DNS Zone Transfer AXFR Requests May Leak Domain Information
TA15-098A : AAEH
TA15-051A : Lenovo Superfish Adware Vulnerable to HTTPS Spoofing
TA14-353A : Targeted Destructive Malware

Each of those is a live link at the CERT site. For more info on any one, ‘hit the link’… For now, just notice that Lenovo is called out by name one up from the bottom for a factory installed “Superfish” adware malware that is prone to being taken over. IMHO, just avoid all Lenovo products (really, anything from China if you can). Up at the top, there’s that line about DDoS (Destributed Denial of Service – think being attacked by a million 1st graders all yammering for attention… you get nothing done..) using “Mirai” and botnets (network of roboticly run machines i.e. the stuff in your home used by others to do the attacks). That’s the thing that’s likely causing the slow down in places. Looking inside it:

I’ve bolded a couple of bits. This is a typical alert. Tells you what is wrong, who / where it is coming from if possible, what it does, how to protect against it if known, etc. The date is about right for when the odd things were happening at home.

Alert (TA16-288A)
Heightened DDoS Threat Posed by Mirai and Other Botnets
Original release date: October 14, 2016 | Last revised: October 17, 2016

Systems Affected

Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data


Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can execute crippling distributed denial-of-service (DDoS) attacks. IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.


On September 20, 2016, Brian Krebs’ security blog ( was targeted by a massive DDoS attack, one of the largest on record, exceeding 620 gigabits per second (Gbps).[1 (link is external)] An IoT botnet powered by Mirai malware created the DDoS attack. The Mirai malware continuously scans the Internet for vulnerable IoT devices, which are then infected and used in botnet attacks. The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices.[2 (link is external)] The purported Mirai author claimed that over 380,000 IoT devices were enslaved by the Mirai malware in the attack on Krebs’ website.[3 (link is external)]

In late September, a separate Mirai attack on French webhost OVH broke the record for largest recorded DDoS attack. That DDoS was at least 1.1 terabits per second (Tbps), and may have been as large as 1.5 Tbps.[4 (link is external)]
The IoT devices affected in the latest Mirai incidents were primarily home routers, network-enabled cameras, and digital video recorders.[5 (link is external)] Mirai malware source code was published online at the end of September, opening the door to more widespread use of the code to create other DDoS attacks.

In early October, Krebs on Security reported on a separate malware family responsible for other IoT botnet attacks.[6 (link is external)] This other malware, whose source code is not yet public, is named Bashlite. This malware also infects systems through default usernames and passwords. Level 3 Communications, a security firm, indicated that the Bashlite botnet may have about one million enslaved IoT devices.[7 (link is external)]


With the release of the Mirai source code on the Internet, there are increased risks of more botnets being generated. Both Mirai and Bashlite can exploit the numerous IoT devices that still use default passwords and are easily compromised. Such botnet attacks could severely disrupt an organization’s communications or cause significant financial harm.

Software that is not designed to be secure contains vulnerabilities that can be exploited. Software-connected devices collect data and credentials that could then be sent to an adversary’s collection point in a back-end application.


Cybersecurity professionals should harden networks against the possibility of a DDoS attack. For more information on DDoS attacks, please refer to US-CERT Security Publication DDoS Quick Guide and the US-CERT Alert on UDP-Based Amplification Attacks.


In order to remove the Mirai malware from an infected IoT device, users and administrators should take the following actions:

Disconnect device from the network.

While disconnected from the network and Internet, perform a reboot. Because Mirai malware exists in dynamic memory, rebooting the device clears the malware [8].

Ensure that the password for accessing the device has been changed from the default password to a strong password.
See US-CERT Tip Choosing and Protecting Passwords for more information.

You should reconnect to the network only after rebooting and changing the password. If you reconnect before changing the password, the device could be quickly reinfected with the Mirai malware.

Preventive Steps

In order to prevent a malware infection on an IoT device, users and administrators should take following precautions:
Ensure all default passwords are changed to strong passwords. Default usernames and passwords for most devices can easily be found on the Internet, making devices with default passwords extremely vulnerable.

Update IoT devices with security patches as soon as patches become available.

Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.[9]

Purchase IoT devices from companies with a reputation for providing secure devices.

Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it to operate on a home network with a secured Wi-Fi router.

Understand the capabilities of any medical devices intended for at-home use. If the device transmits data or can be operated remotely, it has the potential to be infected.

Monitor Internet Protocol (IP) port 2323/TCP and port 23/TCP for attempts to gain unauthorized control over IoT devices using the network terminal (Telnet) protocol.[10 (link is external)]

Look for suspicious traffic on port 48101. Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor.

Now as you might guess, slugging a Tb/second or so of traffic around, especially if focused on internet service devices, DNS servers, web servers, or just loading up routers with crap, etc. will cause sporadic slowdowns, failure to load, and other quirky behaviour. It can also happen if the botnet is actively probing your gear and trying to take it over.

This is why, when there is an unexplained fault, sloth, lots of ‘blinky lights’ that can’t be explained, etc. I typically down my internet connection (just pull the wire…) and shut down my devices. Then I can do an orderly bring up and asses on them.

Was my interior WiFi router compromised by this code? I don’t think so. Looks more like the neighbor kid learning the limits of hacking… but maybe. In any case, I’d done the right thing in recovering it due to my own habits.

Was the spousal laptop and my Tablet hit by this? Most likely. As a DDos or perhaps as folks pinging the world with Mirai software now that it is public trying to recruit our machines into their own botnet. In either case, my behaviour cleared the machines and after that they worked as expected. (Both powered down for about 20 minutes, then repowered and assessed.)

But the key bit is those last two lines. Where it says things like “Monitor Internet Protocol (IP) port 2323/TCP and port 23/TCP for attempts”… That’s where an Intrusion Detection System comes into play. It’s the thing that does that kind of monitoring. As noted in my first comment on the other page, you can do some ‘light reading’ here:

CNET has soem IDS things you can download or assess on your own:

And of course there’s a formal paper on it all:

Finally, this is the IDS I’ll be installing this weekend:

This posting is the “background” and not the “how to”. I have to do it first, then I can write the ‘how to’ ;-)

FWIW, this article does a great job in a readable format of going through various IDS / IPS choices, explaining what makes them different, doing a sketch of strengths and weaknesses, and chooses their favorite. That just happens to be Suricata…

I doubt I could improve on it much, so just hit the link and read it. Really. Do it now. I’ll wait…

What’s the only reason for not running Snort? If you’re using Suricata instead. Though Suricata’s architecture is different than Snort it behaves the same way as Snort and can use the same signatures. What’s great about Suricata is what else it’s capable of over Snort. It does so much more that it probably deserves a dedicated post of it’s own. Let’s run down a few of them:

Multi-Threaded – Snort runs with a single thread meaning it can only use one CPU(core) at a time. Suricata can run many threads so it can take advantage of all the cpu/cores you have available. There has been much contention on whether this is advantageous, Snort says No and a few benchmarks say Yes.

Built in Hardware Acceleration – Did you know you can use graphic cards to inspect network traffic?

File Extraction – Someone downloading malware? You can capture it right from Suricata and study it.

LuaJIT – It’s a lot of letters yes, but it’s also a scripting engine that can be used with information from the packets inspected by Suricata. This makes complex matching even easier and you can even gain efficiency by combining multiple rules into one script.

Logging more than packets – Suricata can grab and log things like TLS/SSL certs, HTTP requests, DNS requests

So much more…

I’m more familiar with Snort, but this does look superior, so I’ll be getting it set up for myself.

Now maybe you don’t have a dedicated machine to set up to inspect your network traffic, or don’t have a hub handy so that all traffic to your desktop can be duplicated on the interface of your IDS box. You can run Suricata on your desktop directing inspecting the traffic to / from it. This is a little less secure, since the IDS box is more secure if it isn’t actually doing anything else and is so locked down it’s useless as a desktop, but it is still pretty darned good. Especially for a laptop at Starbucks…

The other half of the solution is inspecting inside your computer to make sure things there are not changed. For that, you use a Host IDS.

Host IDS – Host based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host.
HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. The first HIDS systems were rather rudimentary, usually just creating md5 hashes of files on a recurring basis and looking for discrepancies (File Integrity Monitoring). Since then HIDS have grown far more complex and perform a variety of useful security functions. Also if you need to become compliant to one of the many standards (PCI, ISO, etc..) then HIDS is compulsory.


In the realm of full featured Open Source HIDS tools, there is OSSEC and not much else. Go ahead and google away, I’ll wait. The great news is OSSEC is very good at what it does and it is rather extensible. OSSEC will run on almost any major operating system and uses a Client/Server based architecture which is very important in a HIDS system. Since a HIDS could be potentially compromised at the same time the OS is, it’s very important that security and forensic information leave the host and be stored elsewhere as soon as possible to avoid any kind of tampering or obfuscation that would prevent detection.

I’m not that familiar with OSSEC and may try installing it. “In the old days” we ‘rolled our own’ Host IDS. Doing “hash” computation on key files in off hours, comparing file sizes to saved sizes, checking that file system permissions had not changed from the archived set. Now you can get all that pre-made, and more.

While there are lots of other tools and software and very expensive dedicated hardware you can use industrially (I’ve used more of that…) this looks like a good set for the typical home installation. Suricata and OSSEC.

The next posting will be looking at installing and configuring one or both of them to set up a minimal intrusion detection system for home use. I’ll be doing it on a Raspberry Pi, but might give it a try on the laptop just to see how hard / easy it is under Windows.

As a small ‘look ahead’, here’s the basic setup wiki for Suricata:

It doesn’t look all that hard (at least not to an experienced sysadmin…) I note his bit, though:

sudo cp suricata.yaml /etc/suricata

Setting variables
Make sure every variable of the vars, address-groups and port-groups in the yaml file is set correctly for your needs. A full explanation is available in the Rule vars section of the yaml. You need to set the ip-address(es) of your local network at HOME_NET. It is recommended to set EXTERNAL_NET to !$HOME_NET. This way, every ip-address but the one set at HOME_NET will be treated as external. It is also possible to set EXTERNAL_NET to ‘any’, only the recommended setting is more precise and lowers the chance that false positives will be generated. HTTP_SERVERS, SMTP_SERVERS, SQL_SERVERS, DNS_SERVERS and TELNET_SERVERS are by default set to HOME_NET. AIM_SERVERS is by default set at ‘any’. These variables have to be set for servers on your network. All settings have to be set to let it have a more accurate effect.

Next, make sure the following ports are set to your needs: HTTP_PORTS, SHELLCODE_PORTS, ORACLE_PORTS and SSH_PORTS.

Finally, set the host-os-policy to your needs. See Host OS Policy in the yaml for a full explanation.

Yet Another Markup Language… Oh Joy, another “language” to learn… It doesn’t look very hard, and is close to many others, so more like a dialect really. One of those things I’ve avoided. Until now. Oh Well.

YAML (/ˈjæməl/, rhymes with camel) is a human-readable data serialization language that takes concepts from programming languages such as C, Perl, and Python, and ideas from XML and the data format of electronic mail (RFC 2822). […] Originally YAML was said to mean Yet Another Markup Language, referencing its purpose as a markup language with the yet another construct, but it was then repurposed as YAML Ain’t Markup Language, a recursive acronym, to distinguish its purpose as data-oriented, rather than document markup.

Lucky for us Systems Admin types, we usually don’t need to learn the whole thing, just a few key sentences and how to change the nouns in them… or the occasional verb.

OK, with that, you now got to see what an evening the life of a sys admin looks like when something goes ‘bump in the net’ and their phone rings or the router hangs or “the internet is down” ;-)

After I’ve digested all this (and cleaned up the kitchen and…) I’ll make my first install / config tests. But that will be for another posting.

Subscribe to feed

Posted in Tech Bits | Tagged , , , , , | 9 Comments

Earnings Report Impression

Just a little ‘stream of consciousness’ report on my impression of earnings reports so far. That is, no links or cites.

There’s a pattern shaping up in earnings reports. Things you and I might buy, sales are down and profits falling. Up? Military and Armaments companies that sell to the government. Up hard over the last year, but now flattened and threatening a fall on profit not materializing to support the run up, medical and insurance companies wanting to cash in on Obamacare Monopolies…

Some specifics:

GM – everyone excited as profits are up! On falling sales… (Oh Dear… )

Apple – Failed to have sales growth and profit growth as expected. Talk of “is it a commodity now”?

Chipole – MAJOR miss with 95% or so drop in profits (lots of give aways to get volume back up, but not working)

Retail in General – falling sales…

Arms Merchants – great profits on lots of sales (Saudi Deal anyone?…)

It’s an interesting pattern. “Friends of Government” and “Suppliers to Government” sales up. Tax payer buys, sales down. Hmmmm….

So just how long can that pattern continue?… I’d say to about January 20th or so.

Subscribe to feed

Posted in Economics - Trading - and Money | Tagged , , | 20 Comments

Voter Fraud & Voting Irregularities

Well, I was watching Fox News (having finished RT but not yet finished my espresso…) when they had a ‘tease’ about voting machines in Texas changing Trump votes to Hillary votes.

That prompted me to remember this request:

Glenn999 says:
26 October 2016 at 1:26 pm

How about a separate thread on documented/suspected cases of voter fraud/cheating, irregularities, etc.?

So h/t to Glenn999 for being way out ahead of the pack (and of me…) on this one. Glenn, Here’s your thread!

My response, in retrospect, looks a bit lame:

Sounds like an interesting thread, but from where would I get information? Or maybe just open it up for a “you post it” collection…

How about “Hey, you, guy looking for clue, how about you just watch Fox News or even just do a little web search…” (note to self…)

OK, saw the tease on Fox, but didn’t turn it up in a web search on their site. Maybe later after they’ve finished their broadcast tease?… But, did find this reference:

They have the “Idiot Block of Mark and Copy” set on the story, so I’ll have to capture by slightly more complicated means… Here’s the quote from the comments:

Shandy Clark
on Monday
Hey everyone, just a heads up! I had a family member that voted this morning and she voted straight Republican. She checked before she submitted and the vote had changed to Clinton! She reported it and made sure her vote was changed back. They commented that It had been happening. She is trying to get the word out and asked that we post and share. Just want everyone’s vote to be accurate and count. Check your vote before you submit! Mary Sims-Beckham and Bradina Benson do y’all know how to report this?
Edit: this happened this morning In Arlington TX. Mon, Oct 24, 2016, which is also when I posted!

Lisa Houlette
on Monday
Gary and I went to early vote today…I voted a straight Republican
ticket and as I scrolled to submit my ballot I noticed that the
Republican Straight ticket was highlighted, however, the clinton/kaine box was also highlighted! I tried to go back and
change and could not get it to work. I asked for help from one of
the workers and she couldn’t get it to go back either. It took a second election person to get the machine to where I could correct the vote to a straight ticket. Be careful and double check your selections before you cast your vote! Don’t hesitate to ask for help. I had to have help to get mine changed.

Looks like “Straight Republican” ticket is a vote for Hillary… (Maybe they got their advice / settings from the RNC or Speaker of the House Ryan…)

Subscribe to feed

Posted in Political Current Events | Tagged , , , | 50 Comments

AT&T / DirecTV via Internet Has A Brain Fart

So I was watching WestWorld (HBO) after having seen a review of it and realizing that it wasn’t the old Movie I was seeing come around on the HBO menu, but an HBO Series. The two episodes I watched were interesting enough to lead me to think it might be worth it, but I was about 4 episodes in and didn’t have a clue of the various ‘back stories’ they were weaving and a bit behind on the character development. OK, no problem.

I’d used DirecTV on my Samsung Galaxy Note 10.1 Tablet before. It was a bit painful (they run you through way too many images and choices to get to the one thing you want) but generally worked. When “on the road” I’d kept up with Dexter that way. But the Tablet had taken a ‘reset’ since then, so I needed to ‘reinstall’ their “Ap”… OK… so I’ll be 10 or 20 minutes late getting started…

Nope, first I need a Google Login to get the Ap Store to get the Ap to get the show… So about 1/2 hour late… except all those repeated 10 steps to get to the ‘install ap’ choice, and then it didn’t work on Opera, or Pale Moon, or… eventually on FirePhoenix (a FireFox clone) it was OK with the install and I got to DirecTV Ap page in the Ap Store and… “This Ap is incompatible with your release”.. or some such… Welcome To Dependency Hell!.

Sidebar on Google Captchas: On the “set up yet another account you won’t remember page”, Google uses the Capchas from Hell setting. It gave me something like a half dozen in a row. They were not any words I could make out, and the letters were things like a U with the second leg crossed. Is that U, or UT, or T or … Eventually I guess I got one right and it set up… well, some new account that I hope I wrote down somewhere… Something like “DirecTVsucksAndIJustWantTheAp”…

Now I’d kinda sorta thought I’d like to watch this while laying on the couch in the living room, with the spouse doing something else in her lounge chair; that whole ‘sharing time sort of’ thing. But, OK, I’m not going to get sucked into upgrading the tablet, backing up files first, hoping it doesn’t break too many other things that then need to be re-installed, etc. etc. It would be noon tomorrow before I was done..

So I decide to just “hit the Chromebox” that does Video Just Fine for everything else. Youtube. HTML5. Flash. You name it. Besides, Chromebooks are now outselling everything else into schools here. It’s essentially a main stream product now and with lots of focus on assuring video is functioning well. Mine has an Intel CPU too, so no worries about ARM chip and op code issues. I sit down and… back to login to Google / Chrome / DirecTV / Oh God Just … and then to the “need DirecTV Player” as they have their very own player… and it gives the URL from Hell that just hangs… Here it is:

Someone is just trying way too hard to be cute and complicated… OK, I hit the web search and find the link to how to just install their player directly:

What is the DIRECTV Player and how do I install it on my computer?
The DIRECTV Player is FREE software required for watching movies and shows on on your computer. Installation is quick and easy. If you’ve downloaded and installed other software from the Internet, the process for the DIRECTV Player is essentially no different. Once you’ve installed the software, you can start enjoying thousands of movies and shows online, anytime, anywhere.

Here’s a step-by-step for installing the DIRECTV Player for PC or Mac.

What type of computer do you have?


Notice anything missing?

No Linux, so my half dozen or dozen Linux / BSD machines need not apply.

No Android, so my Tablet need not apply (tied to Ap store and the non-compatible releases)

No Chromebox or Chromebooks, so those tens or hundreds of millions of folks need not apply…


No, I’m not going to dig the old HP Laptop Windows 7 out of the “old computers” bin and get into Upgrade Hell with it, too. Just to catch a couple of old episodes of a series I’m not sure I really want to watch long term.

No, far far far easier to just “move along” and forget about trying to use DirecTV / AT&T TV on my 3 main computers. It just ensures that when the present lock-in period is over (or perhaps before and take the penalty – given my present rate of ‘moving off it’ and progress on cord cutting…) I’m not going to renew the “service”.

I clicked the “contact us” page, and got a bunch of phone numbers and snailmail addresses, and a ‘chat’ choice. No “bitch here and be done” email choice…

So, silly me, I clicked it.

I then proceeded to launch / watch RT Russia Today news and a bit of France24 news via the internet. They work fine… DirecTV not so much… Eventually the ‘in queue’ number works down from 16+ to 1 to Me! The conversation follows:

Ashley W. (STK0775) DIRECTV:Hi, my name is Ashley W. (STK0775). How are you today?

I commence to type. I type really fast. About 50+ WPM on this kind of stuff, sometimes faster. Inside seconds I get:

Ashley W. (STK0775) DIRECTV:If I don’t receive a response within 2 minutes I will go ahead and end this chat. If the chat is disconnected, you may contact us back or please feel free to visit us online at

I finish the last sentence and hit send on:

EM:I’d be happier if DirecTV actually worked on either my tablet or my Chromebox. It fails to install on both, despite having worked on the tablet a year or two ago. No, I’m not going to upgrade my OS nor get into Browser Wars just to watch a couple of back episodes of WestWorld. It’s easier to just “move on” to all the internet TV that runs Flash or HTML5 and isn’t too cheap or lazy to make their product work cross platform and multi-browser.

Then read the ‘expedite’ line and send:

EM:Saying you’ll “dump my ass” if I don’t type fast enough doesn’t improve the customer experience, either…

Time passes…

EM:BTW, I’m a programmer for a living, have done help desk support, and know just what’s wrong with the support and app design. It’s dumb management choices. Not everyone is on a PC or Mac and Chromebooks outsell Macs and PCs in the classroom now.

More time passes…

EM:Anyone there? BTW, I have a blog and I’ll be posting my experience. Just FYI.

More time passes…

A conversation eventually starts:

Ashley W. (STK0775) DIRECTV:Can you tell me the exact error message on the screen please.

EM:No, I’m not going to get into a Q&A over something that is never going to work. On the Samsung Galaxy Note 10.1, that worked but got reset so needed a reinstall, it complains about being incompatible with the release level. On the Chromebox, I get sent off to nowhere (some ‘metrics’ url that hangs) and going to your web site just gives choices to install on PC or Mac. Dumb, that.

Ashley W. (STK0775) DIRECTV:I will escalate your concerns up.

EM:Thanks, but I’m busy watching TV elsewhere… RT Russia Today news has 700 million viewers at the moment and works on ALL my systems and browsers. I think they are HTML5. France24 news also works everywhere. After I’m done with that, I’ll likely watch yet other non-AT&T product / Non-DirecTV product. BTW, I’m headed to being a ‘cord cutter’ in about a year, given this. I’ve found plenty else. So just escalate and fix it, or count your losses.

Ashley W. (STK0775) DIRECTV:Do you have any other questions or concerns did you have for me today?

EM:I’m Outta Here… and have written off DirecTV via Internet. IFF you fix it, within the year, I might change, but as of now, other things work and your product doesn’t. Just make sure someone who can deal with it hears that.

Ashley W. (STK0775) DIRECTV:I will escalate your concern up.

Ashley W. (STK0775) DIRECTV:Thank you, EM! I’m glad we got that taken care of for you. Again, my name is Ashley and I want to thank you for being a DIRECTV customer and chatting with me today so I could help! I’ll note your account and send a copy of this conversation to your email for you. When you are ready, you can end the chat by CLICKING “End Chat”. Or if you’re using a mobile device, simply use the “x” on the left hand side. If you do have additional questions or concerns you man contact us back or please feel free t visit us online at Have a Marvelous day, and thanks for choosing DIRECTV/AT&T. :-)

EM:Thanks, Bye

So the usual essentially useless ‘help desk’ that isn’t help and just consumes time to tell you, eventually, that doesn’t work. Since I knew already ‘that does not work’ and was NOT going into Upgrade Hell on the Tablet, all I really wanted was to let them know the consequences of their poor ability to support standards based video.

Who knows if it goes anywhere beyond a check box of ‘customer given help and call closed without a trouble ticket’…


There’s a reason for Standards and Backwards Compatibility. The reason is to avoid Dependency Hell and Upgrade Hell and have happy customers who are not forced into upgrade cycles at prime time TV hours… They won’t go there, and I didn’t. There’s way too much of the ‘competition’ that works Just Fine. Heck, I’ve still not worked through most of my ‘starter list’ of stations and aggregators:

I’d been planning to cancel the HBO option on DirecTV prior to the ‘forced upgrade’ from my DSL dying, and now that it’s got a “lock in” 2 year clause (NOT disclosed in the “support call” for the broken DSL…) I’m sort of stuck for the next year, but I’m NOT going to be renewing. No reason. Less as of today…

Oh Well, as they say…

Sidebar on Westworld: The basic plot, near as I can tell it, is a Jurassic Park / Westworld-the-movie mash up. Even has the Grey Hair Scientist who makes it work and doesn’t realize the fail coming as it turns on the ‘guests’ in the ‘park’… The Westworld part is an “old west” stereotype ‘park’ where guests can run wild shooting up robots and doing all sorts of things illegal in the real world with real people (plot line from some other robot movie I saw recently… where those robots also gain sentience… ) With the same ripped off plot of ‘wiping the memory’ at the end of each day so the robots (called “hosts” for some ill described reason) don’t remember the horrors done to them the prior day.

Needless to say, some of the robots start to have fragmented memories of the violence and sexual assaults, and start to have human like concerns… Same plot as that other move, different setting… old west park instead of super-casino-skyscraper… (That movie, who’s title escapes me, ripping off the Robot to Human plot from a half dozen before it, including Millennium Man and others… exploring the boundary between machine intelligence and human is old hat these days… building it is still a bit interesting, though.)

Neither the setting nor the plot will save this show. Both ripped off re-dos. It’s only the particulars of the character development and acting that can make it ‘hot’. I found it “good enough to watch, maybe”, but to get that character angle it really wants you to brush up on the prior episodes… Soaps are like that… With that now out of the question, I’m not seeing the draw anymore…

It does have some “light nudity” in that the robots, er, hosts, are seen in the maintenance shop sitting on stools naked. Artfully positioned cameras making sure it doesn’t violate whatever passes for standards. Oh, and they have a fly fetish. Fly Wrangler on staff, so you occasionally get flies on dead and dying in the Out West shots, and a fly or two crawling over the nudish ones in maintenance. If flies bother you, you are warned.

The staff doing field maintenance use some interesting video effects to imply interesting tech, like a tablet with a 3-d display above it (IF I saw that right). There’s also lots of special effects showing heads on tables with moving eyes while the legs are metal frameworks ending about the knees … shades of about 1950 ‘guy under the table with head up a hole’ special effects… but doubtless done digitally today. Special effects are nice, but they lose their punch after a few days…

Will I miss it? Probably not. We’ll see. It’s not on my “catch up and then watch regularly to see if I get into it” list anymore. Now it’s just “maybe if I’m not busy with other stuff or other channels”… Which, given that it’s on the TV now, and spouse has gone to bed, and I’m not watching it… well, I think that shows how “compelling” I feel it is at the moment.

Besides, Netflix has a few dozen things that I found interesting, but haven’t spent time to watch yet. Oh, and Netflix works on my Tablet and on the Chromebox and didn’t require me to go through Ap Hell nor Update Hell nor Dependency Hell nor… It just worked. Their programmers seem to understand standards based programming…

Well, I’m headed back to the TV tab on the Chrombox, as the news I’ve been listening to as I type, sounds like the video part is interesting… Later.

Subscribe to feed

Posted in Human Interest, Tech Bits | Tagged , , , , , , , , | 22 Comments

Not In My Lifetime – Cubs

OMG! Has Hell become covered in ice? Do we have politicians telling the truth? Has peace come to the Middle East?

Perhaps not those things, but something equally as impossible has happened.
The Cubs are in the World Series…

Cubs reach first World Series in 71 years

By Ray Sanchez and Madison Park, CNN
Updated 5:15 PM ET, Sat October 22, 2016

(CNN)The Chicago Cubs finally ended their 71-year absence from the World Series by pushing aside the Los Angeles Dodgers 5-0 in Game 6 of the National League Championship Series.

Long the subject of a so-called curse, the Cubs continued their spectacular season at Wrigley Field late Saturday.
They now head to Game 1 of the World Series in Cleveland, where they will face the Indians on Tuesday.

The Cubs have been a perennial fail for as long as I have been alive, and then some. Now this? What happened? Did someone put a goat in a box seat? Has the last of the cursed players, owners, vendors, whatever finally ‘passed on’ ending the pall? Did they players actually practice to win instead of show?

Somehow I never thought I would see the day that “Cubs in World Series” would be a legit headline…

OK, I’m going to be bold here:

I think it is because my Son has moved to Chicago and my Grandson was born there. A new vitality based on faith, honesty, and good works. (Their church sent a small mission of folks to Chicago to set up a church, thinking it was where there was the most good to be done… in the heart of the beast.) So I put it all down to that. The time for change is now, and the right people are doing it.

Now I know everyone else will have other reasons, and I’m sure they are just as right as I am. But in true Progressive fashion, this answer pleases me more, so it’s the one I’m going with. When The Cubs win the World Series, you can thank me and mine for it.

Heck, who knows, if that happens we’ll have to warn airline pilots to watch out for flying pigs and start withdrawing troops from global bases as world peace will have broken out, turning tanks into tractors… Heck, we can even expect to see Vladimir Putin and Hillary dancing at the UN Ball together…

The world has come unstuck, all is a spinning unanchored swirl, chaos reins in our foundations: The Cubs are in the World Series.

May miracles never end, praise The Lord! (and pass the beer…)

End Note

/sarc; and humor for those needing a whack with the clue stick…

Subscribe to feed

Posted in Human Interest, Humor | Tagged , , | 11 Comments

Egypt – Part 4 Revolution Redux?

Watching France24 and wandering around their web site, there was this story about Egypt:

Signs of dissent, desperation amid food shortages and rising prices in Egypt

Latest update : 2016-10-16

Despite a widespread government crackdown on dissent, some Egyptians are resorting to drastic measures to express their desperation over the food shortages and double-digit inflation that have made many of life’s necessities hard to come by.

Nearly six years ago, a frustrated and destitute Tunisian street vendor, Mohamed Bouazizi, set himself ablaze, sparking a series of popular revolts across the region now collectively known as the Arab Spring.

Following on the heels of Tunisians, Egyptians took to the street in January 2011 and succeeded in overthrowing President Hosni Mubarak, the repressive military dictator who ruled the country for almost 30 years. But whereas Tunisians managed to build a functioning, if flawed, democracy in the aftermath of their revolt, Egyptians today find themselves under an even more repressive military regime coupled with dwindling food supplies and skyrocketing prices. The price of rice has gone up by 48 percent over the past year while the cost of cooking oil – which is increasingly hard to find – has gone up 32 percent.

And despite a draconian clampdown on dissent, Egyptians are increasingly expressing their desperation.

On Saturday, a 30-year-old taxi driver named Ashraf Mohammed Shaheen self-immolated in front of an army centre in Alexandria. According to press reports citing witnesses, he criticised the government and rising prices before dousing himself in gasoline and setting himself alight. He suffered burns on 95 percent of his body and was rushed to a nearby hospital. News of the incident spread quickly on social media under the Arabic hashtag #Bouazizi_Egypt, a reference to the Tunisian vendor who took similarly desperate measures nearly six years earlier.

Gee… haven’t we seen this movie a few times already? Has nothing been gained for all the suffering and strife of the first couple of turns on the wheel?

Shaheen’s desperate act followed an interview with a tuktuk driver that went viral this week after he spoke for much of the country in expressing his rage over the dire economic situation. The unidentified driver slams the government for spending millions of dollars on lavish ceremonies and mega-projects while ordinary people suffer.

“Before the latest presidential elections [in 2014] we had enough sugar, enough rice, and we even used to export it. So what happened? Where did the sugar go?” he demands. “They waste our money and spend it on so-called national projects, which are useless, and education in Egypt is very bad, even worse than you can ever imagine.”

“This country will rise if there is enough care for education, health and agriculture to provide us with food,” he says.

The interview was aired on the private, pro-government Al Hayat television channel on Wednesday evening and immediately went viral, hitting 6 million views on the channel’s official Facebook page in less than a day, according to Al-Ahram newspaper.

Al-Hayat quickly pulled the video, but by then it had been uploaded elsewhere. On another Facebook page the video racked up 2.2 million views by Thursday night, according to the Associated Press. By Sunday that number had risen to 4.4 million, with the video being shared more than 230,000 times.

They have that video in the original article and it is well worth clicking over and watching it. A regular ‘man in the street’ who drives a tuktuk – one of those almost miniature truck / car with a motorcycle sized engine in it and maybe a top sometimes…

The host of the show that aired the footage has since left for what the network is calling a three-week “personal vacation”, according to Egyptian media reports.

I guess he wanted more “time with the family”…

Rachel Scheier, editor-in-chief of Business Today, an English-language monthly magazine based in Cairo, told FRANCE 24 that the tuktuk driver merely echoed what she has been hearing on the streets. “People in Egypt have been getting steadily poorer since the revolution, and in the meantime prices have gone crazy,” she said.
“After Morsi was removed there was a feeling of goodwill and hope,” Scheier said. “But six months ago there was a palpable shift … All the government does is talk about these mega-projects; meanwhile, people can’t find enough sugar or cooking oil. You can’t buy basic foods at a reasonable price anymore.”

Gee… isn’t something just about like that happening in Venezuela?

And isn’t Europe headed that way, though more slowly and more ‘patchy’, with nations like Greece and Cyprus in the lead, France and Germany catching up more slowly…

Maybe it’s time to reconsider that whole “Government Knows Best” and “Socialism, that’s the ticket, this time for sure!”

If printing money and zero interest rates were able to fix anything, Europe would be thriving, Egypt would be a paradise, and Japan would be rolling in 12% growth.

They aren’t, so it isn’t.

Calls for protest on November 11

Over the weekend another video surfaced on social media sites of a woman blaming the army for the rise in food prices – a brave move in a country where even the slightest hint of criticism of the ruling regime can land one in prison.

“What does it mean that the army says it will subsidise red meat?” She demands. “Why does the army control electricity? Why do they control gas? Why do they control the sewers?”

A Facebook page called Revolution of the Poor has been calling for mass protests on November 11, but it remains to be seen if such demonstrations can go forward in the current climate of repression.

Remember that the Army in Egypt has been considered a guarantor of the people when governments get too draconian… and here we have people getting fed up with them, too. If Central Authority could make economies run just dandy, Egypt would be thriving, since little is more Central nor more Authority than Military Control.

“On the one hand, people are angry and there’s palpable discontent,” Scheier said. “On the other hand, I don’t think anybody thinks the military government is going to allow this protest to actually go anywhere.”

And the public simply may not have the stomach for another popular uprising.

“Things can change quickly in Egypt – so perhaps November 11 will surprise us all. But as of yet, it doesn’t seem like there is a lot of momentum behind them,” Hellyer said. “I think that is testimony not to the idea that the population is not hurting – it is hurting via the economic pressures – but that the space for political organisation has shrunk, and that the population is less inclined to go down the route of mass protests anyway after the tumultuous period of the last five years.”

So let’s see, we have an 11/11/2016 protest scheduled, Egypt about to erupt again, rampant inflation and a collapsing economy. In Venezuela we’ve had similar protests, rampant inflation, and a collapsing economy. Care to place bets on their collapse, what with oil prices staying low, Saudi pumping a lot, and their main customers not interested in buying as much?

Then the Russian Fleet is steaming across the Mediterranean toward Syria. They already have advanced air defenses in place and are busy helping Assad retake his country, while ignoring the USA and NATO, and while cutting deals with Turkey (who has expressed interest in their former Ottoman Turkish Empire parts of The Levant…)

Oh, and don’t forget Saudi Arabia borrowing, what was it, $17 Billion? to fund a nice little religious war in Yemen against the Shia, while Iran has $150 Billion new from the USA to buy toys to support the other side, and put their ships off the coast of Yemen in the grill of the US Navy.

During all this, Obama is playing golf and campaigning for Hillary; while the Trump & Hillary show is more interested in sex stories and email demonstrating corruption for a price with $White $House $Favors $For $Sale $Soon! from Hillary and Trump interested in USA Economic Navel Gazing…


I’d go pour a glass of wine but the box ran dry yesterday… It’s been a hard week in the International News Flow.

IMHO, it will be a miracle if we don’t have a hot war with the destruction of a few more nations on a front running from Tunisia through Libya and Egypt, Gaza, and on to Turkey through Syria, Iraq, and Iran by Proxy; and with the USA and Russia taking hits and trying NOT to shoot down more than a couple of each others planes.

Frankly, it all is starting to remind me of W.W.I and the only thing I can’t figure out is who is Archduke Ferdinand this time…

Subscribe to feed

Posted in Political Current Events, World Economics | Tagged , , , , | 31 Comments

East Coast Attack and Musical Escape

So there was a DDoS (Distributed Denial of Service) attack today mostly directed at East Coast sites (Amazon, Facebook, Twitter, etc.) and using the I[di]OT Internet Of Things for the attack (using devices like web cameras and such that have poor and static defenses) as the toolz to do the attack. OK, it could be something truly evil, or more likely since it was very focused on East Coast Money Makers an attempt at “education by demonstration” to get those of TPTB to actually listen to “folks like me” when we say things like the Internet Of Things is a Very Bad Idea or that “if it doesn’t NEED to be on line, don’t PUT it on line” or even just “don’t f-ing use Microsoft and Lenovo Damn It!”…

Who knows the motivation… yet there it is.

OK, Larry and Phil need a h/t in “Tips” for discussing it. You can read their names just by hitting the tips thread and reading starting here:

So this thread is about that, the attack, and about the general nature of all things tech, and about the culture of those of us who fight the cyber war Every Single Day… I’ve spent way too much of my life in it. The Necessary Paranoia shows in my postings on computer security and how I constantly am on the move from OS to OS (Operating System) and from device to device and from browser to browser. A constantly moving target…. At least a dozen browsers on at least 4 hardware platforms on at least a half dozen different OS types…. Paranoid? “I’m not paranoid, I’m the Systems Admin., they ARE out to get me!!” is the pro forma response….

When you hold “The keys to the city” with full root privilege everywhere, AND know how to break into all sorts of “impossible” things, well, lets just say it gives you a certain “different perspective” on things along with a giant target you know is on you at all times.

God I want those contact lenses ;-) (That as someone who is already ‘startlingly blue’…)

Not too surprisingly, as Guy Geeks outnumber Girl Geeks about 4 to 1, I’m in love with that girl… (No Worries, guys fall in love about twice a day… we learn not to act on the impulse… well, most of us do unless we are named Clinton…) She’s a natural brunette I think. There’s nothing quite as hot as a brunette in blond dress, don’t know why, but if you look at iconic “hot blonds” in the media, many are not natural blonds. Go figure… then again, is blue a class of blond?…

For those not Geekly Inclined, many of the phrases in that song are related to Geekly Things. “Rip It” being ripping DVDs and CDs to get free music. Re-write it and burn it being what you do daily. Drag and drop? Do I need to explain? Break it fix it? Day in the life. Being “up all night” being part of the turf… The ‘working harder’ and ‘make it better’ is the whole gig…

Yes, I’m “way over the top” fond of this video… even though they are musicians and not real geeks… It’s the thought that counts…

The thing being “covered”:

My “old college roomie” is teaching robotics to high school kids in his retirement. I’m preparing for the ‘recovery from the collapse’ as a bit of a retirement hobby. The Political Class and TPTB can’t STAND that they are utterly dependent on systems WE built and control (as we are not fond of them and the abuses they use these systems to force on ordinary people). Thus the incessant “cracking” of their email. Here’s a clue: YOU TPTB despise us and we know it. So “we” arrange for your most necessary communications to be ‘weak’ and ‘accidentally’ ‘hacked’ by ‘that bad guy over there’… And, most importantly: There’s not a DAMN THING YOU CAN DO TO STOP IT.

We are Anonymous and we own you.

Hey, it’s a cultural thing… you are sociopaths with high social need rank and we have near zero social need strength and are altruists.

Why does Socialism fail? Because “people like you” gain ‘power’ and ‘authority’ and people like us ‘arrange for you to fail’… We blow smoke up your skirts and you think it is praise. All the while that shiv in your back that came from nowhere was a complete surprise to every one but ‘folks like us’… so “Ooops I did it again”

We puff you up for our own gain, but then you think we really believe in your “cause” or buy all that BS you spout at us.


We just know that if we smile at the right times you buy it.

So, Ms. Hillary, please note that you depend on us, those “geeks” you despise… us of the Deplorable Class… and we know it.

You think us stupid and unaware, and we let you…

but don’t ever confuse sweet words with agreement…

Dear Secret Service and NSA and other TLA’s: The following is solely political speech directed at the general power structure and political class and not, in any way, to be thought of as an intent to any action in The Real World or directed at any individual person. I have no desire nor interest in anyone having any bad experience, nor certainly anything involving bodily harm let alone death. (One might ponder a moment about the current legal circumstances that require that disclaimer…)

Please please please, do not push us Deplorable’s too far…

You may not like the result…

Just sayin’ you might not like what your maid thinks…

Se podría pensar que usted es más deplorable que ella … no?

Now I’m not a Texan. I’m only an honorary Texan as I married into a Texan Family. But I take my responsibilities serious like. My Uncle Ken tol’ me that “if you eva’ do anythin’ to hurt that little girl, I’m a gonna hunt you down an’ kill you sohn. Welcome to the family…” now him, being a retired guard from a Federal Prison, kinda impressed me. So I take my responsibilities as an Honorary Texan right serous like. And “anythin’ to hurt” her I interpret to mean letting a run away Federal Government screw up the world, sell out to Soros, and generally be, well, Clinton Like in their view of Law and Order, to be a ‘harm’. So I suggest you think on that a bit.

Jus’ sayin’…

When you are looking down at us, just remember you need us much much more than we need you, and we are much brighter than you think.

We let you ‘take power’ so we don’t have to deal with the shit that is day to day politics and ‘international affairs’ so we can do important things like listen to music and spend time with our children and grandchildren. Do not confuse that with any idea that we think you competent or that we think your ‘decisions’ have merit. All we really want if for you to not screw up too much and kill our kids in stupid wars. Even that, you can’t get done right…

So just realize one off-tune flute or baritone player, and you are in the dust bowl of history. Just sayin’… maybe actually thanking us for what we do, or at least not pissing on us, and you might not have the Leaks From Hell….

If not, well, we can play both sides…

I ought to have been an oboe player… or maybe a Blade Runner…

Subscribe to feed

Posted in Arts, Political Current Events | Tagged , , | 33 Comments