Bush Pilot’s Private Reserve Whiskey

Bush Pilot’s was the best whiskey I ever tasted. It then suddenly and completely disappeared from stores in America around 1998.

I later found a bottle in 2000 on the menu at Skates on the Bay and I begged them, no pleaded, to sell the whole thing to me. They of course refused (claiming regulations) but I don’t think they realised at the time they may have been one of the last known places to have an accessible bottle.

Fortunately I don’t think anyone else realised either because I often went back and always found a bottle of Bush Pilot’s waiting for me. The day it finally was emptied I held a little farewell on the pier. Unfortunately they refused to sell me their empty bottle. It was the laws, again they said, that prevented it.

So then I was left to wonder how such an amazingly smooth 13-year-old corn whisky with hints of oak and vanilla could disappear. I called in friends and family in the search. Distributors, distillers, caterers, all came up empty-handed. One caterer swore he could find anything. But no Bush Pilot’s was found and I gave up hope.

Finally I have answers for Bush Pilot’s demise from CanadianWhiskey.org.

Someone at the St. Louis-based beer giant, Anheuser-Busch, took exception to the name “Bush Pilot’s,” claiming it was too easy to confuse with Busch beer. At first the charges seemed so ludicrous that Smith and Denton just forged ahead. But eventually, realizing that Anheuser-Busch was dead serious about forcing Bush Pilot’s off the market and had the money to do it, they acquiesced. With that decision, Bush Pilot’s soon disappeared from the shelves and a whisky that was a legend in its own time became the Canadian whisky aficionado’s Holy Grail.

What they mean is a big-box corporation was ready to spend a huge amount of money to prove that Americans are unable to distinguish a plant from an airplane.

The big-box probably would not have won the case (pun not intended) on merits but that didn’t matter since they could just threaten the small whiskey brand into financial oblivion from legal fees alone. Such a sad story, it begs the question whether Bushmills, a distillery traced to the 1600s, should force Anheuser-Busch to change its name?

Alas, now the world is without one of the most innovative and best whiskies ever sold. Another sad example of American regulation of food gone awry (pun not intended).

Actual story behind the name:

Marilyn Smith created Bush Pilot’s Private Reserve (BPPR) as a tribute to Fred Johnson, her adventurous industrialist father who started an airline for trips into the Canadian bush. Johnson was a Danish immigrant to America in the late 1800s who worked his way up from nothing to holding numerous patents and running a sizable empire of manufacturing tech firms. His fortunes boomed from the industry demands of WWII, creating Progressive Welder and then Detroit’s “secret concept car builder Creative Industries“.

Just after WWII ended Johnson started a Great Northern Skyways as a hobby (See Creative Industries of Detroit: The Untold Story of Detroit’s Secret Concept Car Builder by Leon Dixon).

It flew from Detroit to remote resorts Johnson built near Ontario’s Blind River for hunting and fishing. Smith recalled her father telling stories of backwoods campfire drinking out of plain bottles of whisky the pilots would bring with them, which became the inspiration for re-creating a whiskey in his honor. A CBC interview from 1963 provides some first-person bush pilot perspective on what life was like.

No radio, no weather reports, and maps were sketchy…just topographical features.

Bob Denton, Smith’s partner, ran an independent spirits company in Michigan and in 1982 he was purchasing bulk Canadian blended whisky when he discovered a cache of well-aged corn whisky at Potter’s distillery in Kelowna, British Columbia. The distiller had produced it to sell to an old Canadian blend yet Denton convinced them he should buy it instead. Denton then bottled it unblended and single batch for Smith’s tribute to her father. In 1994 it was marketed as BPPR by Milton Samuels Advertising, becoming one of the rare whiskeys straight out-of-the-barrel to be bottled at barrel strength.

Today in History: 1945 Warsaw Liberation

On this day in 1945 the city was liberated by the Allied forces but found completely devastated. Over 1.3 million people lived in Warsaw, Poland at the start of war with Germany in September 1939; at least 350,000 were Jewish.

When Soviet troops resumed their offensive on January 17, 1945, they liberated a devastated Warsaw. According to Polish data, only about 174,000 people were left in the city, less than six per cent of the prewar population. Approximately 11,500 of the survivors were Jews.

Warsaw Rising Museum “City of Ruins” Trailer (MiastoRuin.pl):

Also on this day, three years earlier in 1942, the Nazis began the forced deportations from ghettos to the Chelmno extermination camp to carry out mass killings of their “Final Solution”, as described by an escapee with details and reported to London by June 1942.

Minemu: VM DTA

The ability to monitor code as it is executed and measure against predefined sources of input, known as dynamic taint analysis (DTA), is a very common method in information security. However, it can lead to serious performance degradation as mentioned by the authors of Dynamic Taint Analysis for Automatic Detection, Analysis and Signature Generation of Exploits on Commodity Software

Using TaintCheck to monitor a process’s execution exacts a 1.5X to 40X performance penalty

A new paper uses a virtual machine with software DTA, called Minemu, to speed performance and detect memory exploits.

The research question we address in this paper is whether the slow-down is a fundamental performance barrier, or an artifact of bolting information flow tracking on emulators not designed for it? To answer this question, we designed a new emulator architecture for the x86 architecture from scratch—with the sole purpose of minimizing the instructions needed to propagate taint. The emulator, Minemu, reduces the slowdown of DTA in most real applications to a factor of 1.5 to 3. It is significantly faster than existing solutions, even though we have not applied some of their most significant optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.

Minemu Perf Graphs

SEC Social Media Risk Alert

The SEC has released a brief on Investment Adviser Use of Social Media

Firms’ use of social media must comply with various provisions of the federal securities laws, including, but not limited to, the antifraud provisions, compliance provisions, and recordkeeping provisions.

The SEC points out several staff observations that should help clarify their concern with the social behavior of registered investment advisors (RIA) or firms.

  1. Unclear procedures reduce the accuracy of compliance program measurement
  2. Sites that allow third-party content need policies on what is permissible
  3. Social media communication often falls under required record retention and accessibility rules

OpenSSL Fixes Six CVE

OpenSSL has announced fixes for the following six security flaws for versions 1.0.0f and 0.9.8s. The first is the notorious “extension of the Vaudenay padding oracle attack on CBC mode encryption”.

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108)
  2. Double-free in Policy Checks (CVE-2011-4109)
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576)
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
  5. SGC Restart DoS Attack (CVE-2011-4619)
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027)

The last CVE has an “original release date of 01/06/2012”, yet the OpenSSL security advisory was released “04 Jan 2012”.

Breaking Human Limits

Radiolab has a humorous hour of interviews about how humans can exceed their own limits by studying them and then breaking through (e.g. hacking the body, mind and knowledge)

On this hour of Radiolab: a journey to the edge of human limits.

How much can you jam into a human brain? How far can you push yourself past feelings of exhaustion? We test physical endurance with a bike race that makes the Tour de France look like child’s play, and mental capacity with a mind-stretching memory competition. And we ask if robots–for better or worse–may be forging beyond the limits of human understanding.

Technology and the Workplace: BYOD

The latest buzz word or acronym around the water cooler is BYOD or bring your own device. Use of mobile devices has sky rocketed over the last year with the iPhone, iPad, tablets, Android, etc. Everyone wants the latest and the greatest. But, who wants to carry around two devices, the company’s and your own? Even if you don’t mind carrying the extra device, how many man-hours do employers lose when employees are exploring and surfing their new mobile devices at work?

It may be better, depending on the business, to just allow employees to use their personal devices for work. This issue is similar to the controversy over whether to allow employees to use social media. On that one, cat’s out of the bag. They are. So put a policy in place to set parameters to benefit and protect the company. But BYOD, whoa, how many privacy, security and legal issues does this generate? A lot!

As an employer, what can you do? Again, put a policy in place and do it now. Don’t just throw something together piece meal as you go along, do it right.

Now, this may sound a little self-serving, but, commonsense dictates having it drafted by a lawyer who is familiar with the technology, privacy, and other issues to ensure your company is protected, and consequently so is the employee.

The policy or policies need to address questions such as can you monitor the personal device; implement encryption; require anti-virus; tracking, secure wipe; use of passwords; etc.? The answers, by the way, are yes, yes, and yes.

Best plan is to have a monitoring policy and a mobile device use policy, or BYOD policy, and give employees the option: “if you wish to use your personal device at work you must agree to the terms of the policy.” The alternative would be to use the company device, aka “the brick”, if they are not willing to accept the terms.

Bottom line: a well thought out and well drafted policy or policies are the key! Watch for the next installment of “Technology and the Workplace.”

UCLA Breach of Encrypted Drive

Here’s an interesting breach notification case from 2011.

The UCLA Health System is notifying thousands of patients by mail that on Sept. 6, 2011, an external computer hard drive that contained some personal information on 16,288 patients was among a number of items stolen during a home invasion. Although this information was encrypted, the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located. There is no evidence suggesting that the information has been accessed or misused.

And now for the punch-line:

The individual whose hard drive was stolen, left employment at UCLA in July 2011.

It was their own personal hard drive with three years of data. Not sure if it’s worse to know that a current employee/user is so careless with a password to the encrypted data or that a former employee has retained encrypted data and a password to still decrypt it.

Kudos to UCLA for their reporting (a better response now than what we saw from them in 2008, which resulted in AB 211 and SB 541).

I suspect they will be looking at whether large data sets really need to be on personal removable equipment instead of remotely accessed on virtual desktops and how they should rotate/expire encryption keys. My guess is the user was given the encryption capability for the data so their key should have been revoked (rendering the password paper useless) when they left employment.

Rooting the Samsung Infuse: Change a File Permission

One of my favorite projects last year, I have to confess, was rooting the Motorola Defy. It came bundled with all kinds of crazy software that tries to force the owner to link their email accounts and data into “Blur”, Facebook, Gmail, yada, yada before you can even power on and use the phone for the first time. Instead, I shut it down, connected it to my computer and fifteen minutes later I had Cyanogenmod running on a beautiful new machine.

Liberating the phone felt like going to the gym and in no time turning 40 pounds of fat into pure muscle…a bit like what installing Linux used to feel like.

I wasn’t going to mention my joy tinkering with the Motorola. It felt like a Rubik’s cube solution story. I mean taking it over for fun to install a more open system seemed like what you’re supposed to do with one (for real phone use I’m still loving my N9).

Michael Coppola drives that point home in a beautifully written and well documented case of how much joy he found in finding a simple file permission change to root the Samsung Infuse, and how you can do it too.

The interesting thing here is that the .wmdrm directory is also 0777, so we have full control over its contents. Let’s create a symlink to /data where sample.hds is supposed to be and reboot…Success!


A one-click root script for Linux is available here: http://www.poppopret.org/dl/Infuse4G-root.tgz . If this exploit works for other phones, contact me and I’ll update the post.

On the one hand we could say Samsung should have caught such a simple, known issue. Their security review is suspect. On the other hand, it is so obvious it could be argued they must have put it in place to be found by those who are curious and want to get the most out of their hardware. Rooting a phone is not illegal in most cases, as stated by the U.S. Congress.

…where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

All that being said, if you’re not into playing games, the N9 just gives you a radio button for root access.

the poetry of information security