Shared posts

05 Feb 18:36

A Filipino Melon Drink To Rock {Melon} Your World! Low Added Sugar!

Fergus Noodle

I love u rockmelon

Low sugar, plenty of fresh fruit and pure water? That's what makes up this incredibly refreshing rockmelon drink! Originally a Filipino recipe, a melon scraper makes ribbons out of the flesh of the rockmelon and you also make use of the seeds as well as the super soft and candy sweet membrane. It transforms overnight into the most refreshing drink for summer! Especially now as melons are at their sweetest and best.
01 Feb 21:41

Photo

Fergus Noodle

creepu



02 Feb 15:21

In Which Chip Baskets Has Lost A Considerable Amount Of Body Fat

by Durga

Renwah

by ALEX CARNEVALE

Baskets
creator Louis CK, Zach Galifianakis & Jonathan Krisel

Chip Baskets' mother (Louis Anderson) has these plants in her house with large fronds. She won't trim them because it would be like doing harm to something she loves, no matter how much they get in her way as she attempts to ascend the stairs of her home. This is the kind of compassionate, dispassionate attitude assumed by virtually everyone in the brilliant new FX series Baskets, except for its central character: a California clown named Chip Baskets (Zach Galifianakis). Unlike the rest of the people in his life, he knows exactly who he is.

Chip's identical twin brother Dale runs a correspondence degree mill that pumps out certificates in occupations like middle management and cell phone repair. He is used to his brother coming to him for money, and doesn't really resent the imposition. Chip asks him for $40, money he plans to use to fund the HBO subscription of a French woman who no longer has any interest in him.

Louis CK recently released the painful first episode of Horace and Pete, a three camera comedy that stars himself and Steve Buscemi as white brothers running a bar. You can feel CK's presence in Baskets, but it is more in the subtle diassociation from reality.

CK has not received enough credit for bringing some of the character of live theater to television; in Horace and Pete this melding such a disaster the show feels like a parody of Death of a Salesman. On his own HBO series, Louie, this unique feel to the television product made it seem vaguely otherworldly, and the same effect is achieved by the marvelous Baskets.

Chip Baskets' world is Bakersfield, California, which consists of the places he ventures as he rollerblades from the rodeo to his home base and back again. He only goes somewhere else when he is escorted, since he cannot afford a car and a bee caused him to crash his scooter.

Galifianakis is at his best when he is not playing too weird. The fact that he is about half the man he once was made him look like a turtle without his shell in recent performances. By now we are used to the slimmer version. At base, Chip Baskets is the kind of good-natured simpleton, but Galifianakis plays Chip with a depth the character sorely requires and maybe does not deserve. As Chip fails out of French clowning school because he amusingly speaks no French whatsoever, we have quickly finished sympathizing with his naivete: the man is no charity case, he simply needs to figure things out.

To set him on the garden path, his mother purchases him a Costco executive membership from Chip's only friend, a woman named Martha (Martha Kelly). The role of Chip's buddy is written exactly to suit the stand-up comedian, whose deadpan, unenthusiastic delivery never exactly made her a roaring hit onstage. Some of the ways Chip dismisses Martha seem a little too pat, but Baskets works better as a personal journey rather than a love story anyway. Chip responds well to Martha's understated nature and tries to ape it in his clowning, and eventually in his life.

Although Chip performs at a rodeo, lots of obvious jokes are avoided in favor of more personal storylines. In the show's second episode, Chip takes an interest in the clowning career of a Juggalo (Adam William Zastrow) with no experience in the art. Through Chip's intervention, the young man is able to pursue a fruitful career as a cashier at Arby's. Amidst the dark humor involved with Chip's maudlin existence in Baskets, there is an inspiring undercurrent about what positive things we can absorb from other people without even meaning to do so.

This is maybe not the hilarity audiences would expect from Zach Galifianakis as a clown, but who cares? There has not been a comedy as good as Baskets on television for a long time. Watching other comedies becomes the observation of a race towards a singular joke. Once achieved, the entire paradigm is thrown away for some other gag. Angie Tribeca, a horrid series which recently premiered on the equally unwatchable network TBS, at least attempted to turn this into a Mel Brooks-type zaniness.

Unfortunately Mel Brooks is not funny unless you are under ten years old or substantially more interested in puns than you ought to be. Rashida Jones is wasting her career as the titular detective, and honestly she was never really cut out for these sorts of gagfests anyway.

What comes across in Baskets is the same sort of basic humanity that is represented in everything Louis CK admires. He honestly appears to respect regular people a lot more than he does his actual friends and peers, so he casts them in the roles of working class individuals. Horace and Pete descends too far in this direction; it is too obvious that the entire cast not who they appear to be. The show even makes Rebecca Hall resemble a regular person, forcing her to kiss Louis CK on the lips as part of the show's opening moments. Although this dull sense of normalcy is more deftly done in Baskets, on the whole this humbling is a welcome change.

Alex Carnevale is the editor of This Recording.

"You're Mine" - Lola Marsh (mp3)

02 Feb 18:29

All Aboard The Mezzatrain, Mascot

The sushi train concept gets a new twist with the new Mezzatrain in Mascot. Instead of nigiri and maki going around in a loop, there are mezze plates from dips, pastries to salads. All of this in a residential neighbourhood just 15 minutes' walk from Sydney's Domestic airport!
26 Jan 07:18

10 William St, Paddington [7]

by Susan Thye
Fergus Noodle

Let's go


So like, I’ve still been having dreams about the tiramisu at Fratelli Paradiso so the boy and I decided to go to its sister restaurant, 10 William St in Paddington for a lazy Saturday lunch.

On a previous visit, back when Dan Pepperell was at the helm, I’d fallen in love with the Whipped ‘bottarga’ pretzel ($14) and I’m glad that current chef Luke Burgess has kept it on the menu. The crusty pretzel is studded with all the seeds of the rainbow and has a deep caramelised flavour but it’s that whipped bottarga dip that has us in raptures. Btw I just googled the recipe (here) and had no idea that there’s bread in the actual dip! Along with a buttload of garlic, lemon juice, mullet roe, olive and grapeseed oil but oh man it was so freaking delicious and so light and fluffy that you can’t help but load as much as you can onto a piece of pretzel!


The Guanciale ‘sangwich’ ($10) contained a slab of melt in the mouth pork cheek that had been crumbed and deep fried to a satisfying crunch with curls of pickled cabbage to offset the richness.


We were asked if we were sharing everything and replied yes but it never occurred to me that they would split our pasta for us, so this here is half a serving of Busiate, Balmain bug, bulls horn peppers, tarragon ($29) with Noods’ serve in the background. Busiate pasta is my new fave at the moment, the twisty pasta is able to hold so much sauce in one spiral but doesn’t feel like you’re eating too much dough/carb compared with other pastas? I love pasta but that sauce ratio is important to me haha anyways moving on! There was a pretty generous amount of juicy bug meat and I absolutely loved the amount of butter that was in the sauce mmm dat flavour win!


The Pappardelle, buffalo mozzarella, sugo, sobresada ($26) wasn’t quite as amazing as Pepperell’s Pappardelle Bolognese, the silky ribbons of pasta was still on point and I loved the amount of melty mozza but the sauce was on the oily side.


I was reaching max capacity but we all know there’s a separate stomach for dessert! The Tiramisu ($11) is hands down my favourite in Sydney, ridiculously fluffy layers of coffee soaked lady fingers and creamy mascarpone ooh baby! And that splodge of dark chocolate for that extra oomph in deliciousness :D


10 William St is pretty tiny and they don’t take reservations so be sure to get there as soon as they open. Also, word on the street is that the fine people of Pinbone will be moving into 10 William St in Feb!

10 William Street Menu, Reviews, Photos, Location and Info - Zomato

23 Jan 21:30

My weekend and the week before.

by noreply@blogger.com (Merlesworld)
Fergus Noodle

Most photos in focus


 This Friday I went to visit my friend, and spent the night at my daughter's and her fellows place on the way home we went to IKEA for the bathroom furniture.
But that's another post as that stuff is like a jigsaw puzzle, you bring it home in a box and spend the next couple of days trying to put it all together,  anyway wish me luck with that.
This is the Goodwin Building, looks like it should be in a country town but it's only 6 klms from the centre of Sydney, a protected building, not many like this left in Sydney, all new buildings are big blocks of units, we are running out of room so all are now going up now.





 We had a few wet days lately this was about 4pm in the afternoon, big storm and so dark.
 Boo peak picked up these pictures at a garage sale, in this case they were give aways, they all fell over in the big storm .
 They were a bit unusual, he wants me to pain over them but they are much larger than I normally use but we will see, maybe.

 Large spider, these fellows are harmless and usually take in their webs in the daytime this one was a bit late, we went out for breakfast so it was early morning.
 These were lovely, but a bit too much.
 Andy had trouble with his too, this was a very big breakfast.

 This was in Surry Hills the city skyline is not very far away.
 I like that this area it's very old you may come across a old post box there is a more modern one just next door, a bit of overkill maybe.
 and trees have been here a while many twisted roots and lots of shade.
 Old homes build right on the street with little bits build over the footpath.
 and funny bits stuck on strange places.



 The other day was very hot so this little fellow just didn't move much all day
It was a good day for watching the cat.
 Me too , I read a book most of the day.
Well bye for now.
10 Jan 00:48

Austin, Texas 2015, Part 2 [8]

by Susan Thye
Fergus Noodle

I feel cholesteroled just reading this


I require fried chicken pretty regularly before I start questioning the meaning of life so after several days of eating barbecue in Austin, we headed to Gus’s World Famous Hot & Spicy Fried Chicken (117 San Jacinto, Austin). And let me tell you, Gus’ fried chicken is fricken awesome!!! I got 2 pieces of dark meat (1 thigh, 1 leg) (US$4.25/AU$6.10) that sat on fluffy white bread to soak up the juices and a side of super cheesy mac n cheese (US$2.25/AU$3.25). The batter on the fried chicken was so crisp that the sound of the skin shattering could be heard from the next table! Oh and drinks came in a souvenir cup that you could take home!


Noods went for 3 wings (US$7/AU$10.05) that came with baked beans, slaw and white bread which he absolutely devoured in the blink of an eye. The baked beans are a bit on the stodgy side but the slaw is delightfully light and refreshing.


And for dessert, a slice of Pecan pie (US$3/AU$4.30) with a ginormous scoop of Blue Bell vanilla ice cream (US$0.75/AU$1.10) holy moly that was one deeeelicious pie! Buttery crust, sweet filling studded with a generous amount of pecans and creamy ice cream ftw!


We wanted to try some Tex Mex and headed to Licha’s Cantina (1306 East 6th Street
Austin) for happy hour and the Choriqueso served in a skillet! The minced chorizo on the bottom is smothered in gooey Asadero cheese and topped with a dollop of creamy guacamole and pico de gallo. Cram a forkful into the warm homemade corn tortillas and enter cheesy heaven!


For breakfast the next day we headed to Juan In A Million (2300 E. Cesar Chavez St.
Austin) and joined the 30mins queue. I was keen to go partly because it was on Man Vs Food but also because I was curious if the Don Juan El Taco Grande (US$4.60/AU$6.60) really lived up to its hype. And it was so fricken good that I’m flooded with sadness that there isn’t anything like this in Sydney. This breakfast taco beast contains a jumble of potato cubes, scrambled eggs, bacon and cheese and comes with 3 flour tortillas. The staff stop by and check my progress and offer more tortillas but man it defeated me!


Austin is known for their food truck trailer parks and Torchy’s Tacos was high up on my must eat list after hearing JJ wax lyrical about their breakfast tacos! The boy and I shared the Migas taco ($US$2.75/AU$3.95) which had a mountain of scrambled eggs, crispy corn tortilla strips, green chillies, avocado, pico de gallo and shredded cheese all piled onto a corn tortilla. And from the secret menu, the Jack of Clubs taco which had a fried egg, grilled potatoes, black beans, crispy corn tortilla strips, shredded cheese, cilantro, sour cream and hot sauce on a corn tortilla. Freaking amazing! All the flavours were fresh and light and we almost ordered a second round but we resisted because we spotted donuts in the distance…


I’d visited Gourdough’s previously and knew I absolutely had to get the Flying Pig (US$5.75/AU$8.25) for Noods because I mean, LOOK AT IT! The super fluffy donut came fresh from the deep fryer, drizzled with maple syrup icing and topped with super crispy bacon omg so good the salty sweet combo is so win!


And also the Blue Balls ($US$4.75/AU$6.80) which were blueberry filled donut holes smothered in blueberry icing and oh boy that was a looot of sugar we’d ingested.


While wandering home back to our air bnb we stumbled upon a food truck park (1104 E 6th St, Austin) and when I spotted the Fried and True van serving state fair food and desserts I knew we had to somehow make space in our stomachs.


We order the Sampler Combo (US$6/AU$8.65) which had deep fried Oreos, deep fried brownies and a deep fried cinnamon bun :D I particularly loved the cinnamon bun as the icing was on the melty side and the pastry in the bun tasted like a cinnamon-y donut.


I couldn’t resist the Chocolate dipped bacon (US$5/AU$7.20), the thick cut bacon had a crispy candy shell and was topped with smoked salt which made them ridiculously addictive esp washed down with a cheeky beverage or two.


The Deep Fried Grilled Cheese (US$7/AU$10.10) was pretty insane with the lightly battered sandwich of white bread holding melty American cheese innards, and the whole shebang drizzled in Sriracha sauce.


Aaaand Funnel cake (US$5/AU$7.20) for dessert! For those who’ve not heard of funnel cake before, it’s basically batter poured through a funnel into oil and deep-fried until golden and crisp. Be still my artery clogged heart!


I leave you with this pic of an immaculate display of cut fruit from Whole Foods. My god I love Whole Foods! We visited pretty much every day in Austin and bought so many fruits and veg in an attempt to get some nutrients into our cholesterol laden body. Stay tuned for the last part of my USA trip: San Francisco, land of chowder, hipsters and steep hills!

18 Jan 19:27

Caught! The Best 10 Fish & Chips in Sydney

Fergus Noodle

They all gonna be wanky and exxy but nevertheless

Looking for the best fish and chips in Sydney? Summertime is synonymous with fish and chips and there's nothing better on a sunny day than eating fish and chips by the water (and let's be honest, fighting off enormous seagulls). But despite what one might assume, not all fish and chips are created equal. For something so relatively simple in concept there are huge variations in fish and chips from the oil it is cooked in, the batter and the fish used not to mention the chips and the tartare sauce.
31 Dec 15:46

In Which We Configure Perfectly The Life We Love

by Durga

by joan brown

Emulation

by NATALIE ELLIOTT

The second time was at Christmas. My best friend took me over to her boyfriend’s mom’s two-bedroom house with the intention of introducing me to the older brother, who was in town from New York. “He has a pompadour and this big face,” was her only description. When we got there the mother was in bed and the brother was sleeping on the sofa in the uncomfortably small sitting room. We startled him awake and promptly installed ourselves on the adjacent loveseat, speaking gently and staring at him inquisitively, hands folded in laps, like caseworkers. His voice rumbled with a shower of gravel in a wheelbarrow. He put on some music. I asked him, after an awkwardly small amount of conversation, if I could touch his hand. I asked because it dangled over the back of his chair like an accessory, and it looked coarse and weathered. I knew he’d been working as a commercial fisherman off the Alaskan coast. I needed to fact-check.

Maybe you have never suffered from this fetish. Maybe you didn’t spend lonely Friday nights in high school charting every tic of Travis Bickle’s waxen face over the entire 113 minutes and crying at the part when he takes Betsy to the dirty movie. Some women are sick people. As children, they take the Beats too seriously, and then they go off to college and lament all of the squirrelly young fellows around them who manage to seduce with unsteady intellect and little else. Like how Jake Barnes describes Robert Cohn as someone who did something because he read about it in a book once. These women seek the antidote to that; the man who is the book, not just the reader. We dabble unconsciously in Marxist literary criticism and fake-suffer from the fact that there are no Men around. “Where are the Men?” we ask, like a team of Marlon Brandos will just materialize on the far side of the quad, all leather-daddied out and everything.

by joan brown

So this fisherman person was a revelation. He never went to college; it was a fight we would later have a dozen times. He wooed me with inimitable stories about stealing chickens from Hasidim, gutting fifty pounds of octopus, getting picked up by a transvestite so he would have a place to sleep indoors for the night. I gave him an AK Press copy of You Can’t Win, and he patly told me he used to volunteer at AK Press. We disagreed about Charles Bukowski, and he spent an entire day scouring every bookstore in town until he found a copy of Ham on Rye, which he wrapped nicely and presented to me at work. I read it on Christmas Day. It was a perfect burst of romance for whatever it was. I wish we hadn’t ruined it.

Our relationship was confusing. He left to fish the crab derby and I’d hear from him once a week, in strange Alaska time, which was usually at the end of my college night. The more weeks passed, the more he seemed like an apparition. The more I began to subtly imitate his coolly slurred diction, his impenetrable slang. The more I flirted with women in the way that I imagined he would. I didn’t want to love him as much as I wanted to be like him. It was a lame and quiet fury. The fury of a sad person.

If you’re from Alabama but you’re not presently there, everyone will call you Bama. As the girlfriend, I was forbidden from using this moniker. I was hardly able to say it with a straight face anyway, seeing as how we were sleeping a block away from the University of Alabama campus. If I drank too much and it slipped out, he would scowl like I’d called him some nasty epithet. Sometimes when I came home from class he would be drunk already. He was almost his sweetest then, like a proud father watching his daughter succeed. As the night progressed, though, this appreciation would curdle into resentment, and I’d get an earful of what exactly I didn’t learn about the world from behind my ivy walls. The thing is, though, I loved being talked to like that. He was right. I didn’t know. And because I loved it, I would explode with defensiveness. 

by joan brown

He got his entire throat tattooed while he stayed with me. He stalked around the apartment with the residual ink-and-pus mixture oozing onto the neckline of his wifebeater. He laughed in slow motion. One night in May, we threw an impromptu pool party at a shitty apartment complex where only one of our friends lived, and he swam in a pair of my bikini bottoms. He filched wooden pallets from behind the Publix next door and built a fire in the cookout pit. It was like California all of a sudden. Everything he did extemporaneously came off without a hitch. He was desperate with charm. I would beam at him from short distances, watching him operate completely without anxiety. I was so envious of this human.

Our fights got worse. One of his last nights in town, I didn’t eat enough food, and drank for most of the evening. We ended up wrestling on my bed. He pinned me down by my shoulders and I headbutted him in ludicrous self-defense. The blood from his nose dripped over my face and neck and onto my pillow. When  I sat up, I moved to strike him again and he clocked me in my right eye. I saw stars like a cartoon character. I slumped against the wall, knowing I’d been defeated. A few days later, when he was out, I called my ex-boyfriend, with whom I’d also fought like this, to tell him what had happened. I still don’t know why I told him, but I was almost certainly boasting. Like a tough guy.

I experienced a four-day hangover the week he left. I thought I’d been poisoned, or given some kind of disease. It was obvious things were bad and may not continue. He was silent for two weeks, and when he decided to call me again, I was already seeing someone else. He remained furious until a few months later when he called to clear the air and tell me he was also in love with someone else. A local Alaskan girl. We were glad for each other.

The thing is, it’s unfair to fetishize someone else’s life, even if they portray their life to you as some kind of glamorous fiction. Even being the antidote to the college boy doesn’t completely free you from the conscriptions of your imagination. He loved Moby Dick and he became a fisherman. Growing up he felt he was the ugly outcast. When he discovered Henry Chianski, his feelings made sense and he began to adorn his body with disfiguring tattoos in lieu of acne vulgaris. I also process fiction like this; many of us do. We all have small ways of emulating the lives of unreal people we hoped we’d become. The line of truth between him and me was that I was a woman, a pretty Southern woman, wholly uncomfortable in my skin. What I felt like in my soul was the heedless wanderer, the working-class hero, the undereducated alpha. I was imprisoned by my culture, by my body. He was my most realized attempt to escape, and it didn’t work. 

We grew up, and our memories of the people we were together became more foreign to us. He traveled the world, settled in San Francisco, then L.A., became a fashion maven, a filmmaker. I lingered in the South, pitifully literary and resisting as many cultural traditions as I could: a permanent, pointless rebel in a land where rebellion was a regional myth, not a pastime.

We remained in touch, emailing every now and then over the years, saying nothing in particular. I married a lithe Texas hippie and moved to Northern Italy. I grew more miserable. Married life hurt me and Italian culture stifled me even more than I was used to. I was in the most meaningful relationship I’d ever known and was totally at odds with the concept of losing the fiction of myself for this greater cause. I drank in my resistance, and in my drinking, revealed I was no different at all from the angry little person I was eight years ago, clawing and snapping, physically struggling against the person who says they know better than me, and is saying so because they love me.

The blistering morning this spring I conceded and decided to get sober, I came across a piece of crushing news. This Bama, my sailor of yore, had thrown himself headfirst into the bay beneath the Golden Gate Bridge. He broke his neck, his back, and shattered both his femurs, but survived. Just as I always believed, he is a miracle. How we managed to twin our suffering for so long, I have no idea. True, I have never quite reached the dark heart of despair that he has, but crashing into cold tiled floors, screaming at the sunset from the top of a medieval wall, tearing at my chest, I feel I have come close. And how strange that we surfaced almost at the same time? Immediately I sent him a note of condolence and he wrote back, gushing with wisdom and positivity: “Realize you are perfect right now. Everything is okay and everything can change in an instant to the life you always wanted. No matter what. When you are happy and hopeful your husband will be happy and hopeful.” I have a postcard he made in the hospital, a watercolor of a green face with a giant blue and pink eye, in the style of a Toltec carving, inscribed with a quote on the back from one of his friends there, “Maybe life’s not as hard as you thought it was.” I am already, almost instantly better. I just hope that he is also now free.

Natalie Elliott is the senior contributor to This Recording. You can find her twitter here.

Paintings by Joan Brown.

"Black Moss" - Johanna Warren (mp3)

by joan brown

27 Dec 23:00

まるです。

by mugumogu


クリスマスのディナーはもちろん
Of course, our dinner for Christmas is



まる&はな:「チキーン!」
Maru&Hana:[Chicken!]



まる:「こっちにいっぱいください。」
Maru:[I love chicken!]


はな:「お上品にいただかなくっちゃ!」
Hana:[Me too!]

ふたりとも、顔顔!


まる&はな:「おかわり!!」
Maru&Hana:[Second helping!!]





28 Dec 12:35

2015 Wrapup [11]

by Susan Thye
Fergus Noodle

Aqua S is v fun



HEEEEEEY GUYS!!! It’s that time of year again, the end of year wrapup! I freaking loved 2015, there was just so much great food and my absolute fave place to chillax on a Saturday arvo was at Chester White Cured Diner. They’ve got an amazing selection of cured meats like the Culatello and the truffle salami and I love their Not Carbonara pasta made with uber crispy speck.


My beloved Belle’s Hot Chicken from Melbourne opened a popup joint in Barangaroo and yes the chicken is just as amazing but surprisingly what keeps me coming back every week or so is their fried mushrooms!


Fave burger of the year was definitely at Bar Luca for the Blame Canada burger! I haven’t blogged about the place because honestly whenever I go I can never bring myself to order anything other than this burger! This baby has a juicy 200g wagyu beef pattie, maple glazed streaky bacon, maple aioli AND IS STUFFED WITH POUTINE! Carb on carb ohhhhh yeah baby yeah!


Belly Bao also has a pretty tasty burger called the baoger- a smoky pattie, slices of pickled radish, crisp lettuce leaf, tomato and onions are sandwiched together not with buns but with freshly steamed baos!


Ok ok and I also loved The Lord Gladstone Hotel’s burgers, another place that I haven’t blogged either because I can’t go past trying anything else on the menu except their burgers! The cheeseburger is pretty ace and only $10 on Mon and Tues! And every month or so there’s crazy burger takeovers on the weekend like the Whitecastle slider recreation.


I started a new job at Sparro and it’s been fab, I love what I do and everyone there is awesome and best of all they love their food esp the Javanese Fried Chicken at Ayam Goreng. That crispy skin, that juicy meat, and the spicy yet oh so addictive chilli sauce!


Finally convinced Noods to go to the great US of A! Austin was hands down the tastiest part of the trip but visiting The Grand Canyon was definitely a visit of a lifetime.


Of course after coming back from the states I was dying from the lack of barbecue in Sydney and like magic, Bovine & Swine Barbecue Co opened up in Enmore serving up platters of deeeelicious smoked meats! Get the beef rib and the brisket, you won’t be sorry!


Fave ramen of the year goes to Osan in the Dixon House food court in Chinatown. The creamy tonkotsu is crazy intense! I always ask for the thinner noodles and extra egg :D


Aaaaand 2015 was the year for many a soft serve at Aqua S! Fave flavour by far was the grape!

Thank you everyone for reading my corner of the verse, if there’s anything you’d like to see more of (or less), let me know in the comments! Have a safe and happy NYE and see you all in 2016!

28 Dec 18:17

2016 Reality: Lazy Authentication Still the Norm

by BrianKrebs

My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.

Junaid Hussain's Twitter profile photo.

Junaid Hussain’s Twitter profile photo.

On Christmas Eve morning, I received an email from PayPal stating that an email address had been added to my account. I immediately logged into my account from a pristine computer, changed the password, switched my email address back to to the primary contact address, and deleted the rogue email account.

I then called PayPal and asked how the perpetrator had gotten in, and was there anything else they could do to prevent this from happening again? The customer service person at PayPal said the attacker had simply logged in with my username and password, and that I had done everything I could in response to the attack. The representative assured me they would monitor the account for suspicious activity, and that I should rest easy.

Twenty minutes later I was outside exercising in the unseasonably warm weather when I stopped briefly to check email again: Sure enough, the very same rogue email address had been added back to my account. But by the time I got back home to a computer, my email address had been removed and my password had been changed. So much for PayPal’s supposed “monitoring;” the company couldn’t even spot the same fraudulent email address when it was added a second time.

PayPal locked the account shortly after the assailant allegedly tried to send my money to the email account of the late Junaid Hussain, a 17-year-old member of the hacktivist group Team Poison. Hussain — who used the nickname “TriCk” and is believed to have been a prominent ISIS propagandist online — was reportedly killed in a U.S.-led drone strike earlier this year in Raqqa, Syria. No doubt, the attempted transfer was a bid to further complicate matters for me by associating my account with known terrorists.

In my second call to PayPal, I insisted on speaking with a supervisor. That person was able to tell me that, as I suspected, my (very long and complex) password was never really compromised. The attacker had merely called in to PayPal’s customer support, pretended to be me and was able to reset my password by providing nothing more than the last four digits of my Social Security number and the last four numbers of an old credit card account.

Let’s leave aside for a moment the reality that all of this static information about Brian Krebs has been posted online by various miscreants over the years (and probably remains online): Any company that authenticates customers with nothing more than static identifiers — address, SSN, DOB, phone number, credit card number, etc. — is vulnerable to these takeover attempts.

This almost certainly includes all of the companies that supply utilities to your residence, your bank or credit union, and a host of other companies. They’re vulnerable because those static identifiers about you are no longer secret and are available for sale in the underground.

I asked the PayPal supervisor why the company couldn’t simply verify my identity by sending a text message to my phone, or a special signal to a PayPal mobile app? After all, PayPal has had the same mobile number of mine on file for years (the attacker also deleted that number from my profile as well). The supervisor explained that the company didn’t have any mobile authentication technologies, and that in order to regain access to the funds in my account I had to send the company a photocopied or scanned copy of my driver’s license.

Nevermind that it was PayPal’s lack of any modern authentication methods that led to this mess. Also, let’s forget for the moment that there are a half-dozen services online that let customers create fake but realistic looking scans of all types of documents, including utility bills, passports, driver’s licenses, bank statements, etc. This is the ultimate and most sophisticated customer authentication system that PayPal has: Send us a copy of your driver’s license.

When I pressed the PayPal representative about whether he had any other ways to validate my identity short of sending a copy of my license, he offered to do so “using public records.” Now, I understand that what he actually meant was that PayPal would work with a major credit bureau to ask me a series of so-called “out of wallet” or “knowledge-based authentication” (KBA) questions — essentially yet more requests for static information that can be gleaned from a variety of sources online. But that didn’t stop me from playfully asking the representative why a security challenge should rely on answers from public records? He responded that someone probably would have to go down to a courthouse somewhere to do that, which made me laugh out loud and wish him a Merry Christmas.

For better or worse, this isn’t the first time I’ve had to deal with weaknesses in PayPal’s anti-fraud systems. Last year, my account was the recipient of a large number of fraudulent donations made through hacked PayPal accounts that all were funded by credit cards instead of bank balances. The problem with fraudulent credit card donations via PayPal is that PayPal assesses the inevitable $20 Visa or MasterCard chargeback fee against the unwitting recipient of the fraudulent donation, effectively taking $20 out of the recipient’s account for each phony donation!

I called my contact at PayPal who’d helped work out a stopgap solution to the phony credit card payments, and that person said PayPal would lock my account so that no further account changes would be allowed. I’m grateful that they were able to do this (so far) but it probably goes without saying that most PayPal users will not have that line of contact or influence at the company.

PayPal's security token isn't much use if the company lets thieves reset your password over the phone using your Social Security number.

PayPal’s security token isn’t much use if the company lets thieves reset your password over the phone using your Social Security number.

PayPal does offer additional security protections — including a PayPal Security Key fob that periodically generates a new one-time password which needs to be entered at login in addition to a username and password. I’ve used this solution since shortly after the company began offering it almost a decade ago, but a fat lot of good it does if PayPal is going to continue letting users reset their passwords by regurgitating static data that is trivial to purchase from the cybercrime underground.

Many companies will offer customers more account security options, but only if asked. Most often, when companies are asked for non-standard security precautions it is because the account holder has stated that he or she was previously the target of cyber stalking or concerted harassment or threats online. I can recall doing this with most of the utilities we use — including our ISP — after having ne’er-do-wells try to shut off our power, phone and water service by calling in with those static identifiers. None of those companies offered more advanced authentication options — such as mobile device authentication — but most would let me place a flag on my account that no changes were to be made unless I showed up at the utility’s offices in person and presented a photo ID and my username and password.

Although this is effectively the same solution that PayPal offered after it froze my account and available funds, having to visit an office and present my ID to close or make changes to my account is significantly less onerous and aggravating than trying to work that out after the fact while having no electricity, water or Internet.

Longer term, PayPal should review which of its users have already provided mobile phone information, and then seek to validate those contact numbers. Once that process is done, PayPal can start upgrading its authentication systems — and hopefully become less reliant on static (read: already-compromised) identifiers to validate customers. This would help cut down on account takeovers and reduce the threat of costly, fraudulent credit card donations via hacked accounts.

Until then, PayPal will continue to expose its users unnecessarily to security and privacy threats (bear in mind that a crook who gains access to your PayPal account can see all of your transactions and financial data from associated bank accounts).

Many KrebsOnSecurity readers have been quite generous in supporting my efforts this year, and to those folks (and to anyone else who’s read this far) I offer a hearty and heartfelt THANK YOU!

23 Dec 23:00

まるです。

by mugumogu


クリスマスの写真を撮っていたら
When I took a photograph for Christmas



はな:「何このまるいのー。チョーうけるー!」
Hana:[What is this? It's very funny!]

ようこそはなさん、クリスマスの撮影会場へ。
Hey Hana, welcome!!

はな:「こんな恥ずかしい姿見せられない。」
Hana:[]I am very ashamed.



22 Dec 17:30

Comic of the Day: Male Feminist “Allies”

by Dana Bolger

This is the comic I’ve been waiting for all my life. 

1268857_1686247144847161_589138225541931124_o

 

Thanks to Victor Entrepuertas and Anonima P. for this gem, which succinctly calls out male “feminist” allies’ mansplaining, gaslighting, misogyny, abuse, and more.

Image via.

21 Dec 23:00

まるです。

by mugumogu



キッチンで使おうと買った収納ケースを、しばし貸し出し。
I bought the new storing box to use it in the kitchen.

まる:「まあ、当然入りますよね。」
Maru:[I check this before you use.]

でも――

まる:「あごを乗せるには高すぎるし」
Maru:[This is too high for my chin.]


まる:「丸くなるには深すぎる。」
Maru:[This is too deep for me to become round.]


まる:「これでは真の安らぎは得られませんよ。」
Maru:[Unfortunately I cannot relax in this.]




13 Dec 00:40

Zeus Street Greek, Drummoyne [4]

by Susan Thye


I had all these grand plans of visiting a cafe out in the inner west over the weekend. But the wait was far too long for my hangry self so we drove away with the intention of grabbing maccas on the way home when lo and behold Zeus Street Greek appeared like a glittering angel of hope!


It’s pretty casual at Zeus- order at the counter before taking your table number and grabbing a seat. They’re licensed, if you feel like a tipple or two, or help yourself to water from the station in the far corner.


Initially I wasn’t going to order the Haloumi ($11.50) as I felt the price was a bit steep but when it arrived I understood why, it’s such a large serving! The Cypriot cheese was lightly grilled so it had that trademark squeakiness and dusted with oregano and a squeeze of lemon juice.


Noods has issues with carb in carb action and didn’t want any of the gyros that came stuffed with chips inside so I made sure to order a side of Feta & Oregano Chips ($8.50) which were bloody amazing. Each chip was golden and delicious and while not exactly the perfect vehicle to transport the crumbly feta to my mouth, it was pretty damn tasty.


I knew The Zeus ($12.50) would be perfect for my slightly hungover body- the pita bread is thick and surprisingly soft and fluffy and held a generous amount of melt in the mouth slow-cooked lamb with Aegean slaw, smoked eggplant, onion and parsley. It had all the flavours (and more) of a kebab but without that greasiness and inevitable feeling of regret.


The Soft Shell Crab ($13.50) was pretty tops, the pita bread holds lightly fried soft shell crab with Aegean slaw, preserved lemon mayo, caramelized onion, sweet chilli and coriander. I would’ve loved more crab in there but hey that’s because I heart crab.


I couldn’t resist the Loukoumades ($8), fluffy Greek doughnuts that were smothered in a honey and cinnamon sauce with a sprinkle of walnuts. The cashier managed to upsell me Mastic Vanilla ice cream ($5) which was deliciously vanilla-y and cut through the richness of the dessert but I wished it came as a scoop on the donuts instead of digging it out of the single serve containers.


With locations in Cronulla, Dulwich Hill, Rosebery and Kotara, I know I’ll be back again to try the rest of gyros on the menu!

Zeus Street Greek
187-­189 Lyons Rd,
Drummoyne

Trading Hours:
Mon – Tues: 11:30am – 9:30pm
Weds to Sun: 11:30am to 10pm

Zeus Menu, Reviews, Photos, Location and Info - Zomato

19 Dec 15:22

Ciccone & Sons Gelateria, Redfern

by Helen (Grab Your Fork)
Fergus Noodle

I love Pepe Saya

These hot summer days are made for gelato. Gone are the days when you'd cool down with a Zooper Dooper or a Sunny Boy. Today's kids - both big and small - are more likely to be clamouring for the cold satisfaction of freshly churned gelato. Unless you've been completely off Instagram, Ciccone & Sons must have registered on your radar. After opening up shop in the depths of winter, they've
17 Dec 23:00

はなです。

by mugumogu

はなさん、どう見ても乗るスペースはありませんよ。
Hey Hana, there is no space where you get on.

はな:「ご心配なく。」
Hana:[Don't worry.]


はな:「じゃじゃーん。」
Hana:[Ta-da!]

もはや曲芸なみ。

13 Dec 23:00

まるです。

by mugumogu



サンタクロースの置物を買ったら
I bought an ornament of Santa Claus.

まる:「増えた。」
Maru:[Wow! These multiplied.]

サンタクロース:「予想外に増えちゃってごめんなさい。」
Santa Claus:[I am sorry to surprise you!]


そして雪だるまも。

はな:「あなたも増えたのねー。」
Hana:[Wow! The snowmen multiplied, too.]


予想外ににぎやかになりました。

03 Dec 15:37

College men having sex with men: Are they (still) exclusively tops or bottoms?

by Eliza Brown and Paula England PhD

Log onto any website where men who have sex with men (MSM) go to meet partners, and a key classification is whether a man is a “top,” a “bottom,” or “versatile.” These terms to refer to whether, when having anal sex with men, a man prefers to penetrate, to be penetrated, or is open to both. But are these durable roles?

We examined how much college MSM specialize as tops or bottoms. We find that, among college men who have ever had anal sex with a man, most have been both a top and a bottom sometime, most have done both across the course of their most recent relationship, and some have done both within a single date or hookup.

We use the Online College Social Life Survey (OCSLS) that surveyed more than 20,000 US students in 21 colleges and universities between 2005 and 2011. We use data from all 493 men who have had sexual interaction with men, and on the 826 events with men on which these men reported. The types of events respondents were asked to report on were their most recent hookup, their most recent date, and the most recent time they had sex within their most recent (or current) relationship of at least 6 months.

First, we found that only a small minority have only topped or bottomed. Of the men who have ever had anal sex with a man, 14% said they had only topped, 10% said they had only bottomed, and the vast majority, 77%, said they had done both.

Among MSM who have ever had anal sex, percent who have only topped, only bottomed, or done both

3

While the graph above shows that most MSM have tried both roles at least once, it is still possible that men tend to take only one role within any given relationship. In fact, this is true for 30% of men whose last relationship of at least 6 months in duration was with a man. But a large majority, 70%, played both roles with their partner sometime during the relationship – that is, they were both top and bottom at some point in that relationship.

Our most striking finding is shown in the next graph: often men are both top and bottom within a single event. In MSM events that involved anal sex, over 25% entailed both partners being top and bottom in that event. Men did both in about 20% of hookups and dates. They were even more likely to have been top and bottom the last time they had sex in their most recent relationship — 41% of the time. Thus, combining the previous graph with this one, we see that 70% of MSM relationships involved the man doing both sometime across the duration of the relationship, and 41% of specific times they had sex with relationship partners involved doing both.

Among MSM events involving anal sex, percent in which men both top and bottom, by type of event

5

Everything we have shown above is limited to events involving anal sex, or men who have had anal sex with men. But how common is anal sex among college MSM? The graph below shows how often it occurred in specific events. Only about a fifth (19%) of events men labeled dates involved anal sex, compared to about a third (34%) of hookups (that difference is statistically significant). So most college MSM hookups and dates don’t involve anal sex at all. They generally involve oral sex (results not shown). But a majority of times when men have sex with a male relationship-partner, they do have anal sex — in 63% of cases. These findings bear some similarity to what we find for heterosexual students — that students are more likely to have intercourse in hookups than dates, but most likely to do so in relationships.

Percent of MSM events that involve anal sex, in hookups, dates, and relationships

 6In sum, the clear message of our analysis is that being versatile is common among college MSM — most men have been both tops and bottoms sometime, most relationships involve switching between roles, and a significant minority of single events involve both, especially when the event occurs within a relationship.

Methodological details included at Contexts, where this post originally appeared. 

Eliza Brown is a PhD student at NYU with interests in the sociologies of knowledge, health, and sexuality. Also at NYU, Paula England is a professor of sociology,  the Director of Graduate Studies, and the principal investigator for the Online College Social Life Survey. If you are a researcher and would like to have the OCSLS data for analysis, contact Dr. England for information.

(View original at http://thesocietypages.org/socimages)

01 Dec 15:45

Cher tweets anti-refugee sentiments

by Katie Barnes

E tu, Cher?
It has happened. Cher has joined the seemingly endless army of fear mongers in refusing to welcome Syrian refugees due to fears of a terrorist threat.
The Tweet:

Cher refugee tweet

Translation: Visa waiver not safe for America. We are at war with people who want to come to America to kill Americans. Why make it easy? Also if people go to ISIS to [become terrorists?], let them stay with Isis.

Cher’s stance is based solely in fear, never mind the fact that settling in the United States as a refugee is a convoluted and tedious process, or the fact that perhaps we should be worried about domestic terrorism. It’s frustrating to see someone join the dark side, so to speak, when she has a history of anti-racist, pro-gay, pro-choice sentiments. This just goes to show how insidious fear really is, especially when painted in a seemingly logical manner. Daesh is in Syria, so we should keep those coming from Syria out of the country. The reality is much more complex, especially when considering that refugees are fleeing the same terror from which we are trying to protect ourselves.

Header Image Credit: Huffington Post

07 Dec 23:02

まるです。

by mugumogu


:「すっかりここが気に入って、また来ちゃった♪」
Bird:[I like your head so much.
Because this is too soft and fluffy♪]

まる:「食べられない鳥に用はありませんよ。」
Maru:[As you are not edible, I am not interested in you.]



鳥:「家族もつれてきたの♪」
Bird:[It's my family♪ Nice to meet you.]


はな:「とり好きー!」
Hana:[Yeah! I love a bird!!]

鳥:「きゃー!!」
Bird:[OMG!!]




20 Nov 22:00

catsbeaversandducks: Fallout 4 “War… War never...

by hell-baby




















catsbeaversandducks:

Fallout 4

“War… War never changes.”

November 10, 2015

Photos via Cat Cosplay

30 Nov 22:04

Lizards, lizards everywhere.

by noreply@blogger.com (Merlesworld)
Fergus Noodle

A host of nightmares

They added a few new decorations to the club since I been, the owls are very cute but the one on the end has been drinking and feeling a bit under the weather. 

More nerdy elves




After bingo we went to visit a friend in a nursing home, lots of lovely gardens and areas that the older people can sit and enjoy the sunshine.
 But what amazed me was all the blue tounge lizards,  we counted 8 so I took a few pictures. 

















The beer fairy took photos of a spider he made friends with, it only out at night and makes a catcher web to catch his dinner.
01 Dec 06:00

Doughnut Time at Central Park, Chippendale

by Helen (Grab Your Fork)
Fergus Noodle

I have only had one melon flavoured donut in my life and it is time for another

It's Doughnut Time. After teasing Sydneysiders with their wares at Topshop stores, Doughnut Time has finally opened its first Sydney standalone shop in Chippendale. These are American-style yeast-raised donuts, soft and fluffy, that are hand-dipped in glazes that range from burnt butter to sour watermelon glaze. They've got a terrific sense of humour too, with names like The George Costanza,
25 Nov 15:24

Sydney Food Bloggers Christmas Party 2015

by Helen (Grab Your Fork)
Fergus Noodle

I always wonder if they invite NQN

Three hundred and seventy food blogs in Sydney. That's how many invites Suze and I sent out for the 7th annual Sydney Food Bloggers Christmas Party. It's a community event we first started in 2009, providing an opportunity for food bloggers to meet, mingle and eat. Back in those early years, food blogging was a wild and new frontier. Today everyone - and their mothers - are snapping food photos
25 Nov 23:02

まるです。

by mugumogu

大きな箱の中をそっと覗くと――
I look in the large box quietly.

まる:「何か」
はな:「用?」
Maru&Hana:[What?]



はな:「まったく、邪魔しないでほしいよね!」
まる:「箱はひとりで楽しみたい。」
Hana:[Do not disturb us!]
Maru:[I want to enjoy this box alone...]



19 Nov 21:14

benkling: a message for anyone who still thinks weed should be...



benkling:

a message for anyone who still thinks weed should be illegal:

a friend sent me this book cover a week ago and I just found this audio file with only a dreamy recollection of its existence

happy international mens day

16 Nov 22:51

Chipotle Serves Up Chips, Guac & HR Email

by BrianKrebs

The restaurant chain Chipotle Mexican Grill seems pretty good at churning out huge numbers of huge burritos, but the company may need to revisit some basic corporate cybersecurity concepts. For starters, Chipotle’s human resources department has been replying to new job applicants using the domain “chipotlehr.com” — a Web site name that the company has never owned or controlled.

chipemailTranslation: Until last week, anyone could have read email destined for the company’s HR department just by registering the domain “chipotlehr.com”. Worse, Chipotle itself has inadvertently been pointing this out for months in emails to everyone who’s applied for a job via the company’s Web site.

This security oversight by Chipotle was brought to light by KrebsOnSecurity.com reader Michael Kohlman, a professional IT expert who discovered the bug after applying for a job at the food retailer.

Kohlman, who’s between jobs at the moment, said he submitted his resume and application to Chipotle’s online HR department not necessarily because he wanted to be a restaurant employee, but more to satisfy the terms of his unemployment benefits (which require him to regularly show proof that he is actively looking for work).

Kohlman said after submitting his resume and application, he received an email from Chipotle Careers that bore the return address @chipotlehr.com. The Minnesota native said he became curious about the source of the Chipotle HR email when a reply sent to that address generated an error or “bounce” message saying his missive was undeliverable.

“The canned response was very odd,” Kohlman said. “Rather than indicating the email didn’t exist, [the bounced message] just came back and said it could not resolve the DNS settings.”

A quick search for ownership records on the domain showed that it had never before been registered. So, Kohlman said, on a whim he plunked down $30 to purchase it.

The welcome message that one receives upon successfully submitting an application for a job at Chipotle discourages users from replying to the message. But Kohlman said a brief look at the incoming email associated with that domain revealed a steady stream of wayward emails to chipotlehr.com — mainly from job seekers and people seeking password assistance to the Chipotle HR portal.

A confirmation letter from Chipotle Careers, which for at least several months used the reply address chipotlehr.com, a domain the company didn't own.

A confirmation letter I got from Chipotle Careers, which for at least several months used the reply address chipotlehr.com, a domain the company didn’t own.

“In nutshell, everything that goes in email to this HR system could be grabbed, so the potential for someone to abuse this is huge,” said Kohlman. “As someone who has made a big chunk of their career defending against cyber-attackers, I’d rather see Chipotle and others learn from their mistakes rather than cause any real damage.”

Kohlman has since offered to freely give over the domain to the restaurant chain. But Chipotle expressed zero interest in acquiring the free domain. In fact, Chipotle’s spokesman Chris Arnold says the company doesn’t see this as a big deal at all.

“The chipotlehr.com domain is not a functional address and never has been,” Arnold wrote in an emailed statement. “It never had any operational significance, and never served to solicit or accept any kind of response. So there has never been a security risk of any kind associated with this. That address is being changed to careers.chipotle.com (a domain that we do own), but this has never been functional and is really a non-issue.”

I suppose that’s not really a shocking response from a $3.5 billion/year company that only just last month hired its first chief information officer. Chipotle still doesn’t have a job position that puts anyone in charge of computer security. One might say the company’s infosec security maturity level leaves a bit to be desired.

This entire debacle reminds me of a story I wrote for The Washington Post in 2008 titled “They Told You Not To Reply“. That piece was about an adventuresome young man who gamely registered the domain “donotreply.com” — just to see how badly the domain was being abused. Little did he know what he was signing up for: a constant glut of email destined for companies that had dumped customers there for years — including banks, defense contractors and a whole mess of other organizations that should have known better. He ending up publishing the funniest emails on his blog, and would usually only remove the emails after the offending companies agreed to make a donation to any local animal shelter.

18 Nov 04:58

Listen to the sound of 9,000 species for free

by Saving Our Trees
The Macaulay Library at Cornell University has created an online searchable database that has over 150,000 recordings of 9,000 species, including a whopping three-quarters of the world’s bird species. While the database has an extensive bird sound collection, which is pure joy in itself, it also has 30,000 audio & video recordings of mammals, reptiles, amphibians, […]