December 16, 2003
So a friend of mine said that since I already tackled men and guys, I should do women. I heartily agreed. Then I realized she meant writing about them...okay, that's fun too.
This turned into something different, but I can't write about women the way I write about men. Different POV. Anyway, here you go Mel, just remember, you asked for it...
First off...I'm not a woman. Not even close. Never dressed in drag more than one drunken Halloween thing. I don't know what hormone cycles are like. Mine have one setting:
I'll never know what giving birth, having a period, having boobs, or multiple orgasms feel like. Then again, I can pee in cursive, and if i drink enough beer, the entire Preamble to the U.S. Constitution. So we all have our unique abilities.
Physically, females are FAR more complex than men, and they're raised with some really odd (to men) ideas on things.
So does this mean that men and women are doomed to never communicate well, get along well? Only in Dr. Phil's fevered dreams.
We really aren't that different.
Physically, all that complexity is due to one-quarter of a chromosome. That's it. Everything comes from there.
So we're not that different, but we aren't that much the same either. It's enough to make your head hurt, and definitely enough to cause a lot of "da FUCK?" moments. You know what a "da FUCK?" moment is. It's one where you're sitting there all calm, and she's losing her shit over something that you can't imagine being pissed at. So you say "what da FUCK?" to yourself a lot.
But that's the problem. Men are socialized, in general, to be different from women. To think of them as strange, mysterious creatures, who we'll never be able to totally relate to. We can have fifty-year relationships with them, but we're taught that there will always be insurmountable distances between us.
Which I think is a damned shame. Because, by and large, the women I've known rule. Now, obviously, I can't speak about every woman. So any generalizations I make are based on the subset of all women that are the women I've known, and known today.
I like strong women. Opinionated women. Women who take shit from no one, and wreck havok on those stupid enough to fuck with them. These are the women in the bar beating the shit out of the loser who called them a cunt. These women get shit done. They don't need a man. They may want one, they may love one, but they sure as shit don't need one. They like men, they love sex, but they also have standards. They aren't about to get naked with some dork with a good line. They understand that bad boys are just that: Bad, as in Bad News. They may have friends dating bad boys, but that's it. And when the relationship blows up, they're the ones the friend turns to, and they avoid saying "I told you so", because while they're willing to be harsh when needed, they aren't mean.
I do agree with one bit of popular wisdom. The one that says a man's mom really shapes their opinion of women. My mom was nothing if strong. In 1970 or so, my dad got fired from his job in Chicago, and we had to move to Florida, thanks to my continual ear infections in the Chicago winters.
My mom hated Florida.
Hated every square inch. Which is ironic, because while I haven't lived in Florida since 1995, and was out of the state between 1986 and 1993, it's home in a way that no other place will be. Don't get me wrong, I LOVE the place i'm in now. Kansas City, Mo is in a lot of ways, the nicest place i've ever lived. But in the cold night, there's a part of me that misses Florida, that only feels completely at ease there.
My mom felt the same way about Chicago. To her, Miami was always this pissant redneck tourist town, too chintzy to afford a proper transit system. But, it was where I needed to be, so she gave up everything she loved, and never went back for anything but short visits.
That's a strong woman.
In 1978, my dad was mangled by a car, and was never really able to work again. So my mom took over all of that. It wasn't easy, and I think in the rare moments she was alone, she wondered how it would ever not be hell. But she went to work, and kept her family together, until I joined the USAF in 1986, and my dad died in 1991.
That's a strong woman.
She gave me a near-pathological desire to read, well, everything. She taught me to think for myself, to do laundry, and cook. She told me my first dirty joke, and got me a subscription to Playboy, then made me wait every month until she was done with it.
That's a strong woman.
And one time, in a little "Cheers"-like place, where we'd go, and my folks would argue politics all night, and I'd do my homework, have my dinner, and learn that indeed, both conversation and Scrabble are full contact sports, I watched what happened when you pushed her too far. Some twenty-something made what she considered a rude comment, and she told him so. He called her a very rude name. She backhanded him so hard that he lifted off the floor, and landed ass-end up in the booth next to the one I was sitting at. I was twelve. I kneeled on the seat of my booth, leaned over, and as I beheld this stupid fucker laying there, all confused, with a broken nose, I said, "Don't mess with my mom..she'll kick your ass."
That's a strong woman.
She loved to laugh too. Especially when she was with her sister. My dad and I loved it when they got together, because they would laugh so hard, they'd occasionally piss themselves...then they'd laugh at that too. Yes, I know to most, that's not anything to laugh about. But you gotta understand some things. My mom's dad ran out when my mom was born. My grandmother had a nervous breakdown, so my mom, my aunt, and my uncle were raised in a catholic orphanage. In the thirties. She had the scars on her knuckles to prove it. She never told me about this. I only found out from my aunt after her death. To my mom, it was the past, and it didn't matter anymore. From my older cousin, I found out that my mom worked in Japan in the late 40s-early 50s for the Air Force. I had known that. What I didn't know was that she had evidently spent a lot of time near Hiroshima, and came home with her hair falling out, desperately ill and sickly. Radiation sickness was not something you looked for then. She came home, got better, and went on about her life. She traveled constantly. I have pictures of her, as a single woman in the 50s and 60s in damn near every place in this country worth going.
In the mid to late 60s, she met my dad. In Nov. 1966 they were married. In March of 1967 I was born. Do the math. My dad's family was a proper Illinois Irish family. They never treated my mom worth a crap, but until I found my folk's marriage certificate, I never knew why. Bastards. Fuck 'em. My mom was worth thirty of their gossiping petty asses. In between Japan and me, she ran her own business, worked on the SRA standardized tests, and generally had a very cool life. Then I came along, and she put all that down.
That's a strong woman.
Which is why I love strong women. I was raised by one. They're normal. When I see women who let their husbands or anyone really, beat on them, or abuse them in any way, I wonder: "WTF? Kick his lame ass, dump the body in a river, and move on." Because that was what I was raised with. My mom and dad would fight all the time, but my dad was never stupid enough to raise a hand to her. She would have mangled his ass. She demanded respect. It was her right, and woe to any who didn't give her that due.
Now, I'll admit, that being a strong woman in our society sucks ass. As a people, this country is not terribly kind to strong women. They're bitches, ball-breakers, cunts, dykes, etc. Hell, at one point, the Navy used the same criteria to define both outstanding officers and potential closet lesbians! Talk about not even getting a reacharound!
Bimbos and little weak things seem to have it easy. They may indeed have it easy for real. But at what price? Is it worth it subsuming yourself for someone else's satisfaction? Is it worth it to dismiss your dreams for someone else's? Note, there's a difference between choosing to help someone you love follow their dreams because you want to help them. I'm talking about forgetting you even had dreams. It happens to women a lot. Because, to a certain extent, our society still views women as an adjunct to men.
It's really evident in our attitudes towards sex. Women who like porn are seen as being perverted. Not in the kind of fun, "Well, look who's a dirty girl" kind of way that is similar to how you tease guys about liking porn. I mean perverted in the creepy Michael Jackson kind of way. If a woman really likes sex, she's still seen as a ho of some kind. That's just so wrong.
Christ, from my POV, and most of my male friends, we LOVE women who like sex. I mean women who, pardon my french, know how to fuck, and like to...a lot. We love a woman who is going to expect that you show some friggin' passion, because she's going to. Who tells you what she wants and how. Who expects that you, as a man, have some knowledge of female anatomy, because by god, she knows all of our buttons. These are women who, if you're exploring each others likes and dislikes, and you hit one of the latter, is not going to make you miserable for a month, but simply move your hand, penis, whatever, to a better location. Who when she is having an orgasm is comfortable enough to let go and have one. Not some bullshit screaming, but not trying to minimize it either. When you can see the waves going through her body, that's a good woman. Oh, and they don't fake orgasms either. Why bother? Sometimes, it just ain't happening. So they make sure that the man gets off, and then they enjoy that, because they like the feeling of power. They like having that "Yeah...that's mine and don't you forget it." Here's a hint...strong women have vibrators, and the like men who are secure enough in themselves to enjoy adding toys to the mix.
One thing though...if you're going to have sex with a strong woman, don't be expecting her to do all the work. She wants a man who's a wolf, not a whining wuss. You have to be able to get things done, without asking "is this good" all the time. Do that too much with a strong woman, she's kicking your ass out of bed and taking care of herself. They expect their men to have their heads in the right places. You can't be asking her "how'midoin'?" after every stroke. Shut up and screw. Well, don't shut up. Make some damned noise. Man noise. React. You know how we hate it when you're going down on a woman, and she.won't.react? Well, if she's giving you her best hummer, you better twitch and make some damned noise to show her that yes indeed, your eyes are free-rotating and you'll do anything if it means her blowing you a little longer.
You know what else rules about strong women? You can compliment them easy. You can tell them, "Damn, but your ass looks fine tonight" and they get what you mean. They don't get offended, because they know you respect them as people. They wouldn't be talking to you if you didn't. You can tell them dirty jokes. They probably have a raunchier sense of humor than you do.
Yeah, strong women expect a lot. But if you can live up to it, you get a lot in return. You get someone who won't mind if you go out without her. She's sure as hell going to go out with her friends and leave you to your own devices on a regular basis, so you can do the same. Why? Because she understands that you need other people in your life. It's not that she doesn't care about you, or vice - versa. But you can't only have one person in your life. You'll go nuts. So every so often, a carload of crazy women takes her off for a night of fun that doesn't involve you. Enjoy it. Just don't give her a hard time about it. Because she'll never forget that, and you'll be on your way out soon after. Independence is critical to a strong woman.
That's also not to say they never need you to be a little stronger for them. We all have weak moments. Life can just pile up on you, and you need someone to be a rock for a little while. When that happens, they expect you to be there for them. Because they're always there for you. Besides, if a woman like that turns to you when she needs a rock for a while, that's probably the single biggest honor you'll ever get. That's trust man, that's a woman who can do it all saying, "Just shut up and let me hang on to you for a few hours, my feet need to find the ground again." That's her saying she trusts you enough to let you share your strength with hers. That's major, and if it happens, you damn well better feel honored. You also better be there. Besides, when you talk about a strong woman, it doesn't happen often. It doesn't happen because Lancomb discontinued their favorite lip gloss. It happens because the pressure they put themselves under is a little much, or they just got out of the hospital, and need someone for a bit. She doesn't need you to solver her problems, she already knows how to do that. Just...be there, and listen.
Look, it's easy to find bimbos. It's not hard to find someone who will live their life for you. But then, they expect the same in return. Is your fear of a strong woman worth that?
I say no, it isn't. I've only dated strong women. I'm still friends with all of them. Even the ones I never saw naked. They're some of my best friends and closest family. They hug me when I need it, and kick me in the ass when I need that. They send me odd things for my birthday, or christmas, or father's day. The following gifts have all come from strong women: A Darwin Fish. "How the West Was Won" by Led Zeppelin. The Led Zeppelin DVD set. A pair of spiccoli Vans. A shirt with a big "How about a nice cup of shut the fuck up" on the back. "Spend the night", by The Donnas. Krispy Kremes hand carried from Memphis to Boston. A really comfy sweater.
None of these are particularly expensive. They're not hard to find. But they are all examples of how these wonderful women took the time to get me a present that was from the heart, and showed me that they really do know *me*. Not some phantom they want me to change into. But me, with all my faults and foibles. Because strong women want the reality, not the fantasy. Strong women don't try to change you, they don't try to make you over. They want you for who you are, inside and out. They won't leave you because you don't have a six-pack. They won't dump you for someone with more money, or a better job. When they say "I love you", it's not a trap. It's a gift. You don't get that from weak women.
I don't know what I've ever done to deserve their friendship, their caring, or in some cases, love. But whatever it is, I'm grateful beyond words for it. So, stupid people of the world, you can keep your victims, your bims, your weak-willed women. I'll stick with strong women. They rule, and I love them all.| Comments ()
December 11, 2003
What happens when you don't understand the problem
Well, thanks to William Carrel, and his advisory, the Mac community is now getting slings and barbs from the PC community, who are now starting to say "See...Macs are vulnerable too, ha-ha!" In fact, there's been one article in PC World that has almost that exact Title: "Eureka, Mac's are not invulnerable", by Lance Ulanoff. Lance has a fine time dishing up all the crow he expects Mac users to eat. In fact, he ends his article with "...How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here."
Lance's apparent inability to deal with the proper use of an apostrophe aside, he's missing many points in his "neener-neener" article. First of all, the Mac community has never, (Well, not the sane members) claimed that Macs are invulnerable to crackers. What they have claimed, and correctly so, is that the Mac OS is far harder to crack than Windows. But since Lance and some others are having a good time with their new-found realization that the Mac OS is a computer operating system, not a magic spell, let's take a look at the problem, something Lance and a few others haven't bothered to do.
The heart of the problem is that by default, the ability to bind to an Open Directory system that is discovered via DHCP is enabled in Mac OS X. This is nothing new. Being able to bind to a directory with no manual configuration out of the box has been a feature of Mac OS X since it was still NeXTSTEP. This is something that is a great convenience to any network administrator, the ability to have a machine be a part of your directory structure with as little work as possible. Since DHCP allows for the integration of LDAP as a part of the spec, Apple takes advantage of this, and so you have LDAP binding via DHCP, automagically.
That's an important point, so let's stress it.
Apple's implementation is in compliance with RFC 2131, the DHCP RFC.
They are not doing anything non-standard, nor are they extending the standard in a proprietary fashion, ala Microsoft and Kerberos. The reason this is important is because it points out the real source of the vulnerability. Not Apple's code, or really even their implementation.
It's the DHCP standard itself. DHCP, as defined by RFC 2131, has no security. None. In fact, I'll quote you the entire security section of 2131, section 7:
"7. Security Considerations DHCP is built directly on UDP and IP which are as yet inherently insecure. Furthermore, DHCP is generally intended to make maintenance of remote and/or diskless hosts easier. While perhaps not impossible, configuring such hosts with passwords or keys may be difficult and inconvenient. Therefore, DHCP in its current form is quite insecure. Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in place, an attacker can further compromise affected systems. Malicious DHCP clients could masquerade as legitimate clients and retrieve information intended for those legitimate clients. Where dynamic allocation of resources is used, a malicious client could claim all resources for itself, thereby denying resources to legitimate clients."
Just in case you aren't getting the deeper implications of this: Anyone running DHCP has a security hole on their network. Now, there are ways of restricting who can get a lease from a server. But that's not security. That's access restriction. That's no more security than not allowing people in the door who don't work there.
It's kinda security but not really. You still aren't verifying that the server you're getting your configuration information and settings from is the server you're supposed to be getting them from. You plug into the network, (virtually in the case of wireless) and get your configuration from the first server you find. If it's the right one, hooray! If it's the wrong one, you're screwed.
Any competent network administrator knows this, or should. That's why you make sure that your users know there are dire consequences for setting up a rogue DHCP server. It also doesn't take long to find a rogue DHCP server on a network. Usually, about five minutes after it goes up, you get calls from users complaining the Internet is broke. (Amazing how a human being can crawl three miles after their arms are ripped out, but five seconds without Amazon, and you'd think they were on the wrong end of the Spanish Inquisition.) So, who's at risk from this lack of security?
Well, everyone using DHCP is. No, really. I'm serious. The only difference to Apple is that they also use DHCP for LDAP discovery. But even if all you use DHCP for is IPv4 addressing, and DNS, you're still at risk on a rogue server, because that server now has your IP address, and your MAC address, which can be of great convenience to a cracker.
But the truth is, Apple's not that unique in using DHCP for more than just assigning TCP/IPv4 information. Microsoft does it too, in particular for RIS, or Remote Install Services. This is a process by which you can boot from your network card, and if you have a properly configured DHCP / RIS server on your network, the network card, (NIC) binds to the RIS server, and commences to installing software. This can include the OS. RIS can repartition your drive, and format your drive too. It can set the Active Directory domain your PC binds to. It can do this all unattended. All it needs is a DHCP server with the right settings. There's no picking the DHCP RIS server. You don't verify that you're on the right server. You reboot your machine from a PXE-Enabled NIC, and you're RIS'd.
Why would anyone do this? Heck, why doesn't Apple do this now? I mean, NetBoot's almost there. Look, I've used RIS. It rocks. It's amazingly handy. As a network administrator, I always cringe at what PC vendors decide I need on my machine by default. But face it, even with a fast external drive, reconfiguring a hundred machines sucks. You can only do one or two at a time. Not with RIS. WIth RIS, you boot from the NIC, and go start the next machine. RIS lets you customize a hundred machines in the amount of time you can do one manually. What network administrator doesn't love RIS? Only the ones who don't know about it. But what happens if someone inserts a rogue DHCP RIS server on your network, and you don't realize it?
Well, you're screwed. Not only does the cracker own that machine, but they have their own custom OS installed. All it takes is for that machine to be set up for real evil, and your network could be quickly hosed, hard. So do you never use RIS or take advantage of PXE booting? Don't be silly. You simply spend some time making sure that you don't have rogue servers on your network. You do the basic security things you should have been doing before the Carrel warning.
So now we have Microsoft, (and Intel too, PXE is their baby) creating a potentially bigger problem. So how do they fix this? Well, honestly, right now they can't. The problem isn't DHCP, RIS, or Open Directory. It's that DHCP, the basis for all this convenience is insecure. Now, Apple, or Microsoft, or Intel could create a bunch of proprietary extensions to DHCP to provide for authentication of the server to the client. Of course, that creates multiple incompatible DHCP implementations, and the advantages of DHCP quickly die off. There is a proposed standard for securing DHCP. It's RFC 3118, and its been in work since 2001. It is designed to allow for authentication of servers to clients and vice versa. Now, 3118 isn't the ultimate answer, but it's a darned good idea.
However, even if it were ratified the second you read this article, it would still take a massive effort on the part of hardware and software manufacturers to rewrite and update both DHCP server and client software and implementations, along with management software. So it would be a year at best for updates, and that's assuming that there would be no bugs, etc. I'm pretty sure that Apple is taking a hard look at this, but in all honesty, the best thing they can do is work with the IETF and other standards bodies to fix the real problem, aka the lack of security in DHCP. What they should not do is create some bizarro DHCP implementation that only works right with Mac OS X - based DHCP servers. They've correctly pointed out the simple way to disable the DHCP discovery of LDAP servers. They may consider turning that off by default in the future, but that's got implications of its own as well.
Look, if you use DHCP, you need to read RFC2131 and understand the risks. You need to communicate with your peers and keep up on new techniques of discovering ways to subvert DHCP networks. You need to prod your DHCP server and client vendors to help get RFC 3118 ratified and implemented. Carrel didn't find anything "new". They found something that has always been there, but they hadn't thought about. So while they may get points for highlighting the computing world's reliance on an insecure protocol, they lose points for acting like they're some kind of hero. Because if Apple has a "massive security hole" because of DHCP, then so does Microsoft, Intel, and everyone else. And they always have.| Comments ()