Archive for January, 2019

On Cinema Live in San Francisco

January 13th, 2019


 

Last night I went to a show I’ve meant to see for ages: On Cinema Live. This particular event was at the Palace of Fine Arts and is the first of On Cinema’s upcoming live tour — for that reason I’m going to try my best to avoid major spoilers of the live show here. That said I’m dropping many spoilers of On Cinema overall so stop now if you’d like to go back and watch it all first.
 

What is On Cinema? Well… it’s tough to explain. At the core it’s a dark, slow burn comedy disguised as a Siskel and Ebert style movie review show. The two main characters are:

  • Tim Heidecker (best known as half of the Tim & Eric comedy duo) plays a version of himself as a blowhard conservative with no attention span. He’s a big fan of Trump and also alternative medicine — but only because it’s not covered by Obamacare. Tim rarely watches the movies he reviews, and often struggles to pronounce the names of well-known actors.
  • Gregg Turkington (best known as off-the-rails stand up comic “Neil Hamburger”) plays a version of himself devoted to movie expertise. In practice he cares more about quantity than quality such as when he set out to watch 501 movies in 501 days. His pride and joy is his extensive collection of VHS tapes. Unfortunately for Gregg, Tim regularly destroys these VHS tapes; often accidentally. Gregg is simply billed as a “guest” rather than a co-host due to Tim’s out of control ego.

The best way to watch On Cinema is to start with Season 1 and work your way up to the latest episode. If you don’t want to invest the time just yet here’s a brief recap.
 

The story so far

First go watch this YouTube video. It quickly sums up the first eight seasons better than I could.

Since that video was put together a few things happened in the On Cinema universe.

Tim was put on trial when 20 teenagers were killed at his “Electric Sun Desert Music Festival” after using Dr. San’s vape system (Dr. San himself committed suicide before the trial.) Once in court Tim decided to represent himself. Tim wasted most of his time settling scores including bringing Star Trek writer Nicholas Meyer to the stand in order to best Gregg in a long standing debate about which Star Trek movie takes place in San Francisco. Eventually Tim “won” the trial due to a hung jury. Gregg didn’t buy it and accused Tim of bribing a juror.

Frequent collaborator Mark Proksch nearly died during the show’s most recent Oscar Special, and has been on life support ever since.

In the 10th season of On Cinema, Tim went full Alex Jones with a sponsorship from Rio-Jenesis, a questionable company promoting germ removal products. Partway through the season the show switched to “virtual reality” which gave viewers a 360 degree view. Clever viewers discovered if you flip around in Gregg’s filthy closet you can spot Mark Proksch in a vegetative state on a hospital bed. The season ended when the family of one of the the victims seized Tim’s assets including his sponsorship income. To add insult to injury, the new owners handed control of the show to Gregg. Tim lost it, destroying the show’s set in a fit of rage and angrily announced his run for district attorney of San Bernardino County as vengeance against the current DA who nearly bested him in court.

Following Gregg’s cameo in the first Ant-Man movie, Tim had a cameo in the sequel Ant-Man and the Wasp.
 

The live show

Some first impressions: the place was packed. It hadn’t technically sold out but there weren’t many empty seats. I had no idea On Cinema had so many fans in the Bay Area.

In typical sketch format the show alternates between live performances and prerecorded videos to allow time for costume and stage changes.

My general observations:

  • Aside from Tim and Gregg, Joe Estevez appears on stage along with Tim’s Dekkar band mates Axiom and Manuel. Other characters appear on video.
  • Much to Gregg’s annoyance Tim insists on several music performances. Dekkar performed their “hits” along with two covers. Tim’s act as an incompetent rock star faking his way to success seems even funnier after someone tried to do this in real life.
  • The merchandise stand integrated into the show. Even if you don’t want a t-shirt or a hat it’s worth stopping by to participate.
  • The pacing was absolutely perfect. A lot of the show is improvised and some of the audience’s biggest laughs were Tim’s repeated failures to stifle his own laughter at Gregg’s potshots.

Some observations about On Cinema coming to San Francisco:

  • Predictably Tim and Gregg bickered about whether it was Star Trek II or Star Trek IV that takes place in San Francisco. I’ll let you decide.
  • Tim joked about taking one audience member to North Beach for an Italian meal. Gregg said fans could find him tomorrow at the Sundance Kabuki.
  • When Joe referred to mayor London Breed as “he,” Tim immediately stepped in to correct him.
  • Tim ended the show in character complaining about “San Francisco values.”

 

In honor of Gregg’s fascination with running times, the show ran about two hours and twenty minutes including an intermission.

Overall this is the funniest live show I’ve ever seen. Somehow the sheer absurdity of On Cinema is full throttle at a live show, yet unless you’ve watched the YouTube series and the companion show Decker there’s a lot of material that may fly over your head.

The live show brought its tongue-in-cheek online bickering into the real world. On the internet fans typically either side with Tim (Timheads) or Gregg (Greggheads.) Hardcore fans in the audience ate this up, frequently shouting at the stage to support their favorite character or to scorn the other.
 

My recommendation: The live show is a perfect extension of this quirky series — fans will love it. If you’re unfamiliar with it, each episode of On Cinema is only around ten minutes. You’ll know if this is for you or not after watching a couple episodes.

I received the laziest ransom email of all time

January 6th, 2019

Every now and then I check my email’s spam folder to see if something slipped through. Most of the time there’s little to see: lots of spam and the occasional newsletter I signed up for but immediately forgot about.

But today I found something that caught my eye immediately: the subject line was “Password” followed by a password I used to use years ago. Out of curiosity I opened and read the email. To be clear I don’t recommend opening unknown email unless you know what you’re doing.

Here’s the email as it appears with some minor redactions:

Subject: Password – [redacted password]
Sender: 196.181.140.173
To: [redacted password]
 

[redacted password] one of your pass word. Lets get directly to point. You don’t know me and you’re most likely wondering why you are getting this e mail? No-one has paid me to check about you.
 

In fact, I installed a software on the 18+ vids (porn material) web site and you know what, you visited this website to experience fun (you know what I mean). When you were viewing videos, your browser started operating as a Remote control Desktop with a key logger which provided me access to your display screen as well as web camera. Right after that, my software gathered your complete contacts from your Messenger, FB, as well as emailaccount. And then I created a double video. 1st part displays the video you were watching (you’ve got a good taste ; )), and 2nd part displays the recording of your cam, yeah it is u.
 

You do have 2 solutions. We will check out the possibilities in aspects:
 

1st choice is to ignore this message. Then, I most certainly will send out your video recording to every single one of your personal contacts and you can easily imagine about the awkwardness you experience. Not to forget in case you are in a committed relationship, exactly how it is going to affect?
 

Other option is to give me $991. I will call it a donation. Consequently, I most certainly will instantly discard your video footage. You can resume your way of life like this never occurred and you will never hear back again from me.
 

You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
 

BTC Address: [redacted Bitcoin address]
[CASE SENSITIVE, copy and paste it]
 

If you have been thinking about going to the law, good, this email cannot be traced back to me. I have taken care of my moves. I am not looking to ask you for money so much, I just like to be paid.
 

You have one day to make the payment. I have a special pixel within this mail, and right now I know that you have read this email message. If I do not receive the BitCoins, I will definitely send out your video to all of your contacts including friends and family, co-workers, and so on. Having said that, if I receive the payment, I’ll destroy the video immediately. If you really want proof, reply Yes! then I definitely will send your video to your 10 contacts. It is a nonnegotiable offer that being said don’t waste my time and yours by replying to this email.

So it’s a ransom attempt and Gmail flagged it as spam. Normally I’d think of spam as a Nigerian prince who wants to make me rich rather than extortion. At first glance this looks personal, but diving in there’s less to see here than meets the eye.

 
Breaking it down

Before I get into the technical details let’s go over this email line by line, shall we?

[redacted password] one of your pass word. Lets get directly to point. You don’t know me and you’re most likely wondering why you are getting this e mail? No-one has paid me to check about you.

Yeah, I’m not really wondering. That was my password on a few sites back in the day, including a major one that got hacked. Someone managed to get the email address and password I used on that site — admittedly over a decade later — and is now sending a spam message to everyone in that database.

Given that the password isn’t easily guessable and appears here in plain text, I’m pretty sure I know which database hack it came from.

In fact, I installed a software on the 18+ vids (porn material) web site and you know what, you visited this website to experience fun (you know what I mean). When you were viewing videos, your browser started operating as a Remote control Desktop with a key logger which provided me access to your display screen as well as web camera. Right after that, my software gathered your complete contacts from your Messenger, FB, as well as emailaccount. And then I created a double video. 1st part displays the video you were watching (you’ve got a good taste ; )), and 2nd part displays the recording of your cam, yeah it is u.

These are some pretty wild claims. Based on the email address and password I used a long time ago, this person installed some kind of hack on an unspecified porn video website that allowed them to control not only my computer, but also hack into my Facebook and email accounts. That sounds like something the NSA might be able to do — in a bad movie. The line “yeah it is u” is a little tricky to believe since so far they haven’t used even my first name in this message, how could they possibly identify me from a video?

Some other minor problems: I don’t tend to watch porn videos, or worse — use Facebook.

You do have 2 solutions. We will check out the possibilities in aspects:

The classic sales technique of limiting the options! Oooooh, I can’t wait to find out what the options are.

1st choice is to ignore this message. Then, I most certainly will send out your video recording to every single one of your personal contacts and you can easily imagine about the awkwardness you experience. Not to forget in case you are in a committed relationship, exactly how it is going to affect?

A couple tips:

  • If you’re going to make a threat it should be very specific. Name the target’s personal contacts, and brush up if they’re in a relationship or not in advance.
  • It’s hard to take a threat seriously with such poor grammar. Proofreading is important.

Other option is to give me $991. I will call it a donation. Consequently, I most certainly will instantly discard your video footage. You can resume your way of life like this never occurred and you will never hear back again from me.

A donation? Nice, so not only with this threat go away, but I can write this off on my taxes. And thanks for making it $991, what a bargain. If it were $1,000 I’d have second thoughts about making the payment.

You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
 

BTC Address: [redacted Bitcoin address]
[CASE SENSITIVE, copy and paste it]

Bitcoin? We all know that’s a huge pain to use, right? I have better things to do, maybe just send everyone the videos already.

If you have been thinking about going to the law, good, this email cannot be traced back to me. I have taken care of my moves. I am not looking to ask you for money so much, I just like to be paid.

“Hello, Internet Police? I’ve got a half-hearted ransom scam email to report.”

You have one day to make the payment. I have a special pixel within this mail, and right now I know that you have read this email message. If I do not receive the BitCoins, I will definitely send out your video to all of your contacts including friends and family, co-workers, and so on. Having said that, if I receive the payment, I’ll destroy the video immediately. If you really want proof, reply Yes! then I definitely will send your video to your 10 contacts. It is a nonnegotiable offer that being said don’t waste my time and yours by replying to this email.

Sounds like there’s a tracking pixel in the email (a surprisingly common trick/hack for read verification) and asking for proof of anything said here will have negative consequences.

Wonder who those 10 contacts are… can’t even name one of them?

 
Technical details

Gmail flagged this email as spam. It’s unclear why as Google’s spam filter is proprietary, but this email presumably set off some red flags. Namely there’s a lot of common text between this and other emails, the sender is a seemingly fake IP address, and it was sent over an insecure connection.

But it gets worse. The headers show the email allegedly came from the email server at mixedthings.net. This domains is known for sending spam according to a quick web search. Reports include similar ransom emails going through the same email server.

If there’s a theme here it’s laziness. The email was easily flagged as spam and contained so little personal information I doubt the sender even had a full database dump.

The saddest part though is the tracking pixel. The email was sent as base64 encoded text. Decoding base64 text is trivial — otherwise we wouldn’t be able to even read the email — but the resulting HTML text is the most telling aspect.

A tracking pixel is an image linked from an HTML email (traditionally a 1×1 pixel image, hence the name) containing a secret identifier linking the sender to the individual reading the email. This is used in advertising all the time to determine if someone opened an email. The HTML in this ransom request did not contain a tracking pixel; not even a fake one. Would a lazy scammer bother? Apparently not. Gmail’s web interface blocks all images from loading if an email is marked as spam so it’s a moot point here anyway.

Then again, why would a ransom request come through email at all?

Think about it — if someone really hacked your computer to demand a ransom, would they email you or lock you out of the computer until you paid? The later is called ransomware and it does happen from time to time. Some people unfortunately (though understandably) do pay the ransom to restore access to their computer.

This lazy email is not ransomware; just an empty threat.
 

Summary

As technology gets easier it also becomes easier to abuse. A few takeaways:

  • Email security is important. Even if you reuse other passwords the password to your email is the key to the kingdom. Email can remotely reset passwords to other websites.
  • Likewise, your computers/phones/devices should use a different password from your email. This is especially important if you use a cloud account (Google, Microsoft, Apple, etc.) to sign in to your devices.
  • On other websites your best bet is a password manager — and to only use that password manager on trusted devices. NEVER use your password manager on someone else’s computer.

Carl Sagan once said “Extraordinary claims require extraordinary evidence.” Isn’t a ransom claim extraordinary?

This scam is simply so lazy it’s embarrassing. That said unless people learn their lesson future ransom emails will only become more sophisticated.

My biggest surprise returning to San Francisco

January 3rd, 2019

Given my short holiday vacation I was surprised to return to San Francisco to notice a few rather obvious changes. On the smaller scale, the Muni Metro electrical substation upgrade seemed to have progressed faster than expected. The biggest physical change is at Moscone Center where the new structures appear to be nearly complete. If anyone worked over the holidays I hope they were well compensated.

But those changes have been in the works for years and were expected to some degree. The biggest surprise was what didn’t change: the ping pong table at 16th and Mission BART is somehow still there.

 
The People's Table The People's Table
 

The existence of the table was first reported by Mission Local on December 21st. Depending on your perspective that the ping pong table is still there is either due to its whimsical benevolence or the anarchist nature of BART’s public spaces. There’s no official statement from BART.

Though I’ve yet to see anyone play ping pong at this particular table during its short duration at 16th and Mission, perhaps it could be a new venue for the “Berlin style” ping pong once promoted by Mission Mission? Time will tell.

Beverages and bites in downtown San Diego

January 2nd, 2019

Downtown San Diego features many amazing places to eat and drink. By no means did I visit all of them, but here are three that I’d suggest to any tourist.

 
Bean Bar
 

Bean Bar

This small coffee shop is across the street from the Central Library and a block or so away from Petco Park. It’s run by a friendly young husband and wife team. Aside from coffee they also serve a small, seasonal food menu — I highly recommend the avocado toast.

A few people sat around doing work on laptops so I assume they have wifi. But the owners seemed happy to chat with anyone who wandered in.

 
Quartyard mural
 

Beer at the Quartyard

The Quartyard is a popup space near Park & Market, designed to fill an empty corner lot while the city plans what to do with the property long term. In the meantime it features a bar with an amazing selection of local craft beers on tap. They offer a menu with various burgers and other items — I had the grilled cheese. Wasn’t bad for a beer garden, and a pretty good deal if you order during happy hour. To be honest I wasn’t expecting to eat here but I stayed for a while as I was reading a book I couldn’t put down.

During the day the Quartyard has a cafe facing the sidewalk, but I can’t really recommend it — you can easily find better coffee nearby. Stick with the beer.

 
Tocaya Organica Tocaya Organica
 

Tocaya Organica

This fast casual Mexican restaurant chain has various locations in southern California. According to online reviews it’s a favorite in the Gaslamp, and it’s easy to see why. The taco combo includes two tacos, two side dishes, and one beverage for only twelve bucks. Many of the side dishes are sharable.

The San Diego location is located next to a perpetually empty TGI Friday’s. It’s telling when a small chain serving fresh Mexican food close to the border can poach customers from a mediocre chain of American diners. Who wants microwaved appetizers when delicious spicy tacos are next door?

The murals of Chicano Park

January 2nd, 2019

Chicano Park
 

Every now and then some boring government official decides what to do with a boring piece of land under a boring freeway overpass. More often than not the land ends up as a parking lot or some other type of storage — and that’s almost what happened with a stretch of land in the Barrio Logan neighborhood of San Diego in the early 1970′s.

But when the mostly Latino neighbors found out about the plan, they organized and pressured the city to put a park there instead. Gotta love a story where the little guy wins. For more details on the history of Chicano Park head over to Wikipedia.

A key element of the park’s development happened early on when an artist came up with the idea of using the freeway pillars in the park as surfaces for murals. Today the murals themselves seem like more of an attraction than the park.

 
Chicano Park Chicano Park Chicano Park Chicano Park Chicano Park
 

Even the trees and benches are painted with park’s theme:

 
Chicano Park Chicano Park
 

The park includes a few skate ramps, complete with corresponding skate-themed murals:

 
Chicano Park Chicano Park Chicano Park
 

One archway seems to implore the park to extend “Hasta la bahia” or “All the way to the bay.” Several murals appear on freeway posts outside the boundaries of the park. It remains to be seen if the park itself will extend further over the years.

 
Chicano Park Chicano Park
 

The original intent for this blog post was to just throw together a photo gallery of street art in San Diego. But after looking at all the photos, it was pretty clear Chicano Park was the star attraction. While you can find plenty of great street art all around San Diego, Chicano Park has many great murals in one place — and an inspiring story too.

Photos of downtown San Diego after dark

January 2nd, 2019

Due to early evenings this time of year, I spent a lot of time walking the streets of San Diego’s downtown after the sun had set. These are my favorite photos I took after dark.

Gaslamp Quarter

Gaslamp Quarter at night
 

Gaslamp Quarter welcome sign over the southern tip (and ultra-touristy part) of Fifth Avenue.

 
San Diego Convention Center at night
 

The Convention Center just across the street looks like a glowing tube at night.

 
Horton Plaza Park at night
 

The U.S. Grant Hotel and Horton Plaza Park all lit up for Christmas.

 
Horton Plaza Park at night
 

Christmas tree in front of the mural at Horton Plaza Park.

 
East Village

Historic Streetcar in San Diego
 

Historic streetcar arrives at Park & Market station.

 
"Haunted" house at night
 

This spooky house near the Park & Market trolley stop is in fine shape, the ghosts haunting it must be keeping it up well.

 
Half Door Brewing Co.
 

Half Door Brewing Company, a new brewpub in an old building.

 
Quartyard at night
 

The Quartyard, a cafe, beer garden, and doggie play area on a slow (and chilly) evening.

My missed travel opportunities in San Diego

January 1st, 2019

Historic streetcar
 

Now that I’m back from my second trip to San Diego I thought I’d list out some of the opportunities I had but completely missed. Or to put a positive spin on it this is what I’m saving for next time.

  • Museum of Man and the California Tower at Balboa Park. I had a couple chances but blew ‘em both. It’s best to book this one in advance, especially if you want to climb the tower. There’s no elevator in the tower and you need a timed ticket to climb the stairs. The tower ticket includes admission to the museum.
  • Little Italy food tour. Walking through Little Italy on my own was a letdown. The neighborhood is uncomfortably crowded in the evening and largely caters to tourists. I’m sure there are great places to eat but I didn’t know where to go — definitely would have gotten a better impression with a guided food tour.
  • UC San Diego campus. This college campus has some interesting spots to visit according to online sources such as Atlas Obscura, but it’s also quite far from downtown San Diego. I actually crossed this off my list long before the plane landed. Oh and don’t be fooled — despite the name the “UC San Diego Blue Line Trolley” goes nowhere near the campus (but it does take you to Mexico’s border.)
  • Giant Dipper at Belmont Park. On the same topic of places to visit that are a little far from downtown, Belmont Park is an old theme park with a big wooden roller coaster. Not the biggest park by any means, but I’d ride the Giant Dipper if I were in the neighborhood. Unfortunately I wasn’t.
  • Ghost tours. I had a ghost tour of the Gaslamp planned, but it was cancelled by the tour operator at the last second. Too bad. There’s also a night tour of the Whaley House in Old Town that looked promising. Don’t believe in ghosts? Not sure I do either, but it’s the only tourism-friendly way local guides tend to discuss a neighborhood’s dark past.
  • Take a sunset cruise. Like any waterfront city there’s plenty to see and do on a boat in San Diego. I mentioned this one in the last post too, but personally my ideal sunset cruise would be on a small sailboat with a glass of wine — and my phone to take photos, obviously.
  • Ride on the historic streetcars. San Diego’s historic streetcars run in a convenient loop downtown. Though to my eyes they don’t quite look like historic streetcars. Why? Their original trolley poles have been replaced with Z-shaped pantographs — see the above photo. Had no excuse to miss this one as they stopped half a block from my Airbnb as well as the waterfront near the USS Midway Museum.
  • Brewery tours. San Diego is the indie beer brewery capital of the world, no matter what anyone from Portland tries to claim. Many brewers are too small to offer a real “tour” because you can see it all in less than a minute. But there are many guided tours that take you from one brewery to the next and include beer samples. I walked past so many breweries downtown I could have easily made up my own “tour” with little effort.
  • Learning to speak Spanish. I’ve saved the biggest for last. Tijuana’s about the same size as San Diego, has just as much going on, and it’s right across the border. Many of the locals speak little to no English so if you hope to visit you either need to speak Spanish well or stick with someone who does. Keep in mind language is only the first hurdle; Mexico has its own cultural quirks that often seem confusing or even hostile to foreigners.