Primate Brow Flash

Check out these barking seals:
http://gatewaypundit.firstthings.com/2010/02/figures-michelle-obama-stocked-white-house-library-with-books-on-socialism/

http://www.thebigfeedblog.com/2010/02/michelle-obama-stocks-books-in-white.html

They are mindlessly repeating something another blogger spotted in his “I’m a conservative investigative journalist” tour of the White House. They were OUTRAGED that books about socialism were on a book case there. Not “Socialism Now!” or something like that, but history books.
Then, later they all found out that these books were put there more than 40 years ago by Jackie Kennedy. ooops.

http://wonkette.com/413753/black-man-puts-his-feet-on-desk

LOL.. retards.

Footnotes in Gaza is probably the most powerful graphic novel I’ve ever read. In it, the author uses his journalistic skills to tell the story of an event in 1956. In the meantime, he illustrates important things about journalism and memory. This book will inevitably be compared to Maus. It has the same kind of outsider comix feel to it as Maus and uses some of the same conventions. (talking to a cranky old man in the present about events that happened 50 years ago). I’ve read Maus about 17 times and it gets to be like a missing limb I’ve been living with my entire life. Reading Footnotes is like getting a brand new spear hole in the chest. It has a lot of older people remembering seeing their loved ones get shot for no reason. It is a story told side by side with current atrocities that we can’t seem to do anything about. That is, Gaza, with all its problems is where the author has to search for witnesses to Israeli atrocities from 1956. People react like he is crazy. “Israelis are randomly killing people and tearing down homes and here he is asking about 50 years ago?” The current reality seems even more hopeless than the atrocities in ‘56. Here they are in the present putting their collective hopes on Saddam Hussein. I had to read it twice to understand the sequence of events and how they fit into the bigger picture. Basically, the people in the story were pawns for the big powers, England, France and Egypt. Israelis were reacting against Egyptian operations against Israel launched from the Gaza strip. By the time they decided to punish Gaza, the soldiers had long gone and the only ones to punish were the young men of Gaza. They lined the young men of one town up against the wall and shot them. This is collective punishment like Lidice, Oradour-sur-Glane, and Kortelisy. The story was then buried. Nobody is interested in unearthing these memories. Even the Palestinians would rather talk about their current troubles.

Is the medium of the graphic novel too prone to emotional manipulation? Perhaps. The book certainly sent my emotions spiraling. Proper history books don’t let you see the eyes of children after seeing their fathers beaten, humiliated and murdered. Maybe they should. The author’s journalistic integrity had him pointing out all the inconsistencies in the memories of participants and providing extensive documentation from both Israeli authorities and UN observers.

If you are concerned about internet privacy and security, try the NoScript Firefox extension.
NoScript’s main business is shutting down any javascript that you haven’t specifically allowed. It also provides many other features such as shutting down flash, java and unsafe web requests. One thing that scares off new NoScript users is the constant harping yellow alert bar. You can turn this off. The other thing that scares off new users: It makes the web less convenient. videos don’t play, buttons don’t work, pages reload and lose data when you enable scripting on them. These things are largely a matter of practice.
I’ve been using NoScript for about 2 years and have recently learned a bunch more about it. So here is stuff I learned from the hackademix weblog, the NoScript faq, and playing with NoScript options.

1. NoScript by default reloads all tabs affected by a new entry to the whitelist. This can cause people to lose work if, for example, they have partially filled out a form and then opened a new tab to look something up. to stop this, open a new tab, type in about:config in the url. Look up the noscript.autoreload.allTabs setting (or event the noscript.autoreload setting) and set it to false.
2. Hidden in the appearance tab is an option to display full domains. This is helpful because many ad sites have specific urls for specific websites. For example, if you want doubleclick to work on google-ads, “display full domains” allows you to whitelist googleads.g.doubleclick.net instead of allowing the entire doubleclick.net domain.
3. The “opaque” setting (options –> embeddings –> opaque embedded objects) makes embedded objects on pages opaque so that you can’t click on some invisible button by accident
4. Force secure cookies. A poorly configured site might have https but forget to mark cookies as secure. NoScript allows you to force encryption of cookies for https sites. This is off by default because it is relatively new and because some sites break if they can’t have insecure https cookies.
5. A good idea is to export your NoScript whitelist that you have built up over time so that moving to a new computer does not force you to build it again. An even better idea is to use no-script’s bookmark feature to publish your whitelist to a bookmarking system. Each instance of NoScript you use keeps track of the changes to this bookmark and updates its own whitelist accordingly.
6. Google chrome’s evolving extension framework does not yet allow for enough control to let NoScript work
7. NoScript blocks lots of stuff that are not script related. As an example, it blocks html ping elements by default.
8. Finally, some neat NoScript-specific inventions that help make you more secure:
   • ABE: Application Boundary Enforcer (ABE). Among other things, ABE prevents sites from POSTing to cross-domain resources. It strips the contents out of cross domain POST requests and turns them into GET requests.
   • ABE: If you have a specific site that needs access to LAN resources, you can publish your own ABE ruleset as a file in the root of your domain.
   • NoScript also has an invention called clear-click, which protects against click-jacking by comparing the thing you clicked with a screenshot of the page you are on. If the pictures are different, it won’t allow the click to work.

Update: Noscript also improves battery life!
Save Laptop battery with noscript

The web page above, which has its delicate bits blurred out, was left unprotected by a contractor from Texas who underbid everyone else and got work from Minnesota’s DHS.

Here is the MPR story, where you can find out the name of the contractor who is now suing everyone over the issue.
I’ll just refer to them as “Sookout Lervices”.

I appreciate that MPR found this out, but Sookout Lervices doesn’t, as they seem to be building a criminal case against MPR.

After this incompetence was discovered, Minnesota agencies were instructed not to work with them. So, Sookout Lervices is suing our state as well.

Seems like a scary company to work for. It has lawsuits open against several former employees, including one of their own developers. That is, a customer complained and Sookout Lervices hired an outside party to look at their own developer’s code and then sued the developer for fraud. This tells me they have too little hands-on involvement with their own projects. That is, get a contract, throw a developer at it, and collect the money without investing in:

1. Senior level developers
2. “Hands-on” Project Managers
3. Code reviews
4. training
5. Testing

An interesting question is if the MPR reporter who found the breach can get punished. From what I understand, she didn’t just follow a link and find the data in the open, she messed with request parameters in the URL to get to unprotected data. So, what is the line between changing the URL to navigate around a site, which I do on a regular basis, and committing a crime?
There must be a precedent for this. What I need is a big “computer crimes” chart of actual cases where the technical details of the incident, the charges brought, the evidence offered, and the sentence are laid out.

When I got home on Friday, there was a rug doctor sitting in my living room. The eager-beaver handyman with Popeye forearms featured in the ads was nowhere to be seen. We moved all the furniture in the living room and set the kids to work vacuuming and cleaning the filthy molding. I gave Mo a soapy cloth to wash the woodwork, and she did a fantastic job up to about 3 1/2 feet.

Then we shampooed the rug, pausing every other row to empty the dirty water. Dumping this water was the most satisfying activity ever. The water was black and it felt like I was exorcising all the bad spirits from my house.

Now I can lay face down on the carpet to do the cobra pose and not have a sneezing fit.

Wow,

They are getting all up in Best-Buy’s shit at standforchristmas.com.

Employees always have been polite, friendly, and helpful. Too bad the corporate decision to ignore our Christian heritage & holidays,instead demonstrate their willingness to recognize a Muslim holiday tells me where Best Buys loyalities lie. I will find an independent Christian business to purchase my new home theater system.

I think I’m gonna get on there and complain about the cleavage on the virgin mary statue that I saw at JC Pennys.

Me: Mo (temp = 100.2), do you kind of want to be sick?
Mo: (devious smile) yeah.
Me: I know about that. why do you want to be sick?
Mo: Ginger Ale

I saw Dan Geer speak a while ago. Here is the video. It was a good “10,000 foot” overview of working and learning in the security field.
He said he had this on his office wall:

1. Work like hell,
2. Share all you know,
3. Abide by your handshake,
4. Have fun

from Wikipedia:

Graceville, Minnesota, was originally granted to Archbishop John Ireland of Saint Paul, Minnesota. Wishing to settle the Minnesota prairie with Catholic Irish-Americans, he actively promoted settlement in Graceville and the surrounding region. The town was named for Bishop Thomas Grace and a special line was built across the prairie from Morris, Minnesota.

In summer 1880, Archbishop Ireland paid for the passage of a ship filled with Famine refugees from Connemara in County Galway. Arriving in Graceville too late to adequately prepare and having little grasp of English, the Irish language speakers were ill prepared for the massive blizzard which descended in the winter. As both the Protestant Freemasons of Morris and the English speaking Irish-Americans of Graceville both schemed to manipulate the situation for their own ends, the sufferings of the Connemara refugees became an international scandal.

With the future of his entire Catholic Colonization Bureau in jeopardy, Archbishop Ireland offered up the “Conamaras” as a sacrifice, condemning them as shiftless, lazy and drunken. In the early months of 1881, all but three families were evicted from their claims and resettled in a shantytown in Saint Paul which was instantly dubbed The Connemara Patch. Meanwhile, back in Graceville, the name “Conamara” became an insult, a pejorative term for a lazy, drunken failure.

Here is a slightly different story about it, from an apologist for Bishop Ireland. To me, it seems like a rush to make the countryside Catholic, and when it turned embarrassing, rather than examine his motives, the church hierarchy blamed the victims. Thus it is with everyone with religious motives. Their own righteousness simply cannot be questioned.

To be fair, that wikipedia page has had very little vetting.

If you want to save about a month per year, quit using your mouse and learn keyboard shortcuts for your most common tasks.
What if your most common task is Facebook?
Facebook sucks for keyboarding. There is, fortunately, a script for Firefox called Facebook Fixer that improves keyboarding in Facebook (along with a bunch of other great features).
Keyboard Shortcuts that come with Facebook Fixer:

From any page:
A - Albums/photos
B - Toggle buddy list (online friends)
C - Facebook Fixer configuration
F - Friends
H - Home page
I - Inbox
L - Start/stop Facebook Fixer from Listening for page changes
N - Notifications
P - Your profile
T - Translate selected text
- Close pop-ups created by Facebook Fixer

From the home page:
f or l - Live feed
i - Posted items
n - News feed
p - Photos
s or u - Status updates

From profiles:
i - Info
p - Photos
w - Wall
x - Boxes

From pages with pagination (previous, next, etc)
- Previous
- Next
+ - First (when available)
+ - Last (when available)

While viewing albums/photos:
a - Load all thumbnails (when available)
b - Show big pictures
c - View comments
k - Back to album
m - Photos of (person) and me

While viewing recent albums and uploaded/tagged photos:
a or r - Recent Albums
m or u - Mobile uploads
o - Photos of me
p - My Photos
t or f - Tagged friends

It requires greasemonkey. I lost interest in Greasemonkey because juggling versions of Firefox, Greasemonkey, and the Greasemonkey script is a huge headache and trusting maintainers to keep up with it after they graduate from high school is a bad bet. I’m giving it another go in hopes that the Facebook fixer will stay maintained.
Facebook fixer shortcut code is butt simple and probably won’t break between versions. If it does, it would be easy to copy the shortcut code by itself and make my own add-on.
Line 3 shows how to ignore keyboard shortcuts if the user is trying to type in a textbox.

if (prefs['Shortcuts']) {
window.addEventListener('keydown', function(e) {
if ((e.target.type && e.target.type!='checkbox' && e.target.type!='select') || (e.target.getAttribute('contenteditable')=='true') || e.ctrlKey || e.altKey || e.metaKey) { return; }
function clickLink(filter, root) {
var link;
if (!link) { return -1; }
click(link);
}
if (e.keyCode==191) { if (e.shiftKey) { window.alert('Facebook Fixer Debug Info:\n\nid: ' + id + '\ntimestamp: ' + version_timestamp + '\npage: ' + page + '\nlanguage: ' + language + '\nlistening: ' + (listening?'true':'false')); } } // ?
else if (e.shiftKey) {
switch(e.keyCode) {
case 37: clickLink('First'); break; // Left Arrow
case 39: clickLink('Last'); break; // Right Arrow
case 65: window.location.href = 'http://www.facebook.com/photos/?ref=sb'; break; // A
case 66: click(document.getElementById('buddy_list_tab')); break; // B
case 67: showConfig(); break; // C
case 70: window.location.href = 'http://www.facebook.com/friends/?ref=tn'; break; // F
case 72: window.location.href = 'http://www.facebook.com/home.php?ref=home'; break; // H
case 73: window.location.href = 'http://www.facebook.com/inbox/?ref=mb'; break; // I
case 76: if (listening) {
stopListening();
window.alert($l('ListeningStopped'));
} else {
startListening();
window.alert($l('ListeningRestarted'));
}
break; // L
case 78: window.location.href = 'http://www.facebook.com/notifications.php'; break; // N
case 80: window.location.href = 'http://www.facebook.com/' + (id.match(/^\d+$/) ? 'profile.php?id='+id+'&ref=profile' : id); break // P
case 83: e.stopPropagation(); e.preventDefault(); document.getElementById('q').focus(); break // S

etc....


This brings up the question: Am I going to learn a different set of key strokes for every website I use? I’m pretty good at Gmail and Wordpress, I’ll probably adapt pretty quickly to SHIFT-a when I want to stalk some friend of a friend on Facebook, but this isn’t very scalable. That’s is why mice were invented! Universal interface! So, mark me down as NOT a believer in web-app specific keyboard commands. That stuff should be in the browser, except with google apps, which are honorary desktop applications.

The single most powerful keystroke for browsing is the single quote key in Firefox. It lets you find links as you type. Adopting this habit alone will free up enough time to have up to 8 more Facebook friends.

Internet Explorer doesn’t even try to offer keyboarding. There is no “find as you type”. No “find links as you type”. No text selection via keyboard.

Besides saving time, I’ve noticed that people who can do everything by keyboard make me think, “now that’s an expert’.

http://www.coderanch.com/t/467031/Meaningless-Drivel/gmail-account-virus-spam-attacked

I just learned that Brenda Buckley, Maggie’s Irish Dance teacher, has died of cancer. I’m shocked and saddened. She made such a huge difference in so many people’s lives, including Maggie’s and by extension, mine. I know we hear this about damn near every person who dies, but her spirit through her illness was truly inspiring.

It is hard to find someone who demands excellence like she did. It takes a lot of energy and confidence. I think the last words she spoke to Maggie were, “If you don’t practice, don’t bother coming to the Feis”.

The confidence and growth that Maggie gained through Brenda’s instruction are invaluable.

We laughed about Brenda’s last words to Maggie, but I know anyone who has ever worked hard at something or helped others work hard at something that takes endurance and skill (swimming?) can get behind those last words.

Now that most internet users have adopted ways of clearing or limiting regular cookies, many sites now use sneakier cookies that are harder to prevent and clear. The Flash plugin in your browser, which you chose to install so that you could watch YouTube videos, for instance, allows operating system access and enables web site owners to store “Flash Cookies”. This lets Flash store information in the file system outside of the browser sandbox. There is nothing built into your browser to control them. Flash cookies do not have the same constraints as normal cookies. One use of Flash Cookies is to rebuild traditional cookies after they are cleared by the user. Flash Cookies are cross browser. A cookie set in one browser can be read by another browser.

Privacy Mode in Firefox 3.5 (as well as Incognito Mode in Google’s Chrome and In Private in IE 8) do not block Flash cookies.

This information is stored on a per-site basis on your hard drive at %APP-DATA%\macromedia\flash player\#shared objects\. If you look in that folder, you will see many, many folders with names of sites you might have visited ages ago.

The existence and contents of these folders are interesting to forensics investigators, spouses, employers, and marketing professionals.

The BetterPrivacy Firefox add-on effectively wipes out the Flash cookie contents. It also wipes out the Flash cookies set by other browsers.

It does not, however, wipe out the folders containing those contents by default. You must open the Tools–> BetterPrivacy –>More Options dialog and check the “Delete Empty Cookie Folders” button. Otherwise, clues to your browsing history remain.

You can also set your flash plugin settings at the following page: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html Many people just set their LSO storage space to zero. Note that each browser you have will maintain its own flash settings, so you would do this for each browser.

Better Privacy by default disables click pings. “ping” is an html 5 attribute that notifies a third party when you click a link. While this sounds like a huge breach of privacy, keep in mind that a website owner can and does put all kinds of tracking code to watch which links you click on. The Ping attribute in html 5 is an attempt to unify this and keep click tracking out of the normal stream of web interactions. (as read on Workbench) Anyway, it is an HTML 5 feature and I haven’t seen it used much.

Similarly, BetterPrivacy by default disables DOM Storage. Dom storage is another HTML 5 feature that provides a large space for name value pairs as client side data storage. They are different from normal cookies in that they are much bigger, they never expire, they don’t get transmitted to the server with every request, and they offer more granular control as far as scope. That is, their scope might be limited to the browser window. An application of DOM Storage might be to allow web application usage when offline, with the expectation that work would be synched up when the user was back online. This is a similar goal to, but completely different implementation from Google Gears.

Bruce Schneier made a post about flash cookies back in August. The comments on his post are really good.

Last night my friend Mark and I joined the “Trail Watch”. It is a group of volunteers associated with the Midtown Greenway Coalition. They ride in a big, brightly lit group up and down the Minneapolis Greenway and the LRT trail. These trails go through Philips and Central neighborhoods, where there have been some muggings of bicyclists. I thought it would be a good way to support cycling. I was inspired by the pure numbers of people out on the trail. Several people thanked us. Speeding ahead and looking back at the trail of brightly lit bikes in our “posse”, I can see that our numbers and lights would offer succor to any cyclist nervous about being out alone after dark.

Trail Watch information


Greenway Incidents

They ride every evening except Saturday. They meet at 7:00 in front of the parking garage above the Greenway on 10th Avenue. (Above Freewheel Bike)

Longer than usual commute this morning as I stopped by my previous workplace to pick some stuff up. Their place was dark and I thought they weren’t there, but I cupped my hands and stared in the window and faces came out of the dark. It turns out their power was out. In other words, they didn’t have coffee ready for me. :-{

The radio was full of talk of icy roads and spin outs and I almost didn’t ride. As it turned out, the roads were a bit icy, but nothing that was going to shoot my bike out from under me unless I really tried. It was nice riding under highways full of stopped cars. The sun came up and burned off some of the ice and mostly it was nice going. I was wearing cotton. I wonder what the emoticon would be for “I’m cold because I wore cotton”? <:-[ ****<

I figure the ride this morning burned 700 calories. That amounts to about 1/5th of the Reeses peanut butter cup eating contest I did this weekend.

We woke up to an inch of snow and freezing temperatures. The trails were covered with a mixture of wet leaves in snow, but weren’t too slippery except that the wet tree roots were hazardous.

We rode on the Mosquito Brook trail this morning for about 10 miles, ate lunch at the “Brick House”.

“Rock Lake” is a completely different sort of trail. It is an arrangement of rocks, really, and though the woods were beautiful and certain parts felt absolutely good, I bit off more than I could chew. I’m very sore now. We met a number of people who volunteered their time working on the trails up here. I must extend thanks, for they, over the years, have built up a fantastic system of trails up here.

I am in Northern Wisconsin, bicycling on some trails maintained by Chequamegon Area Mountain Bike Association (CAMBA). After a relaxed drive up here, we had time for a short ride this afternoon that took us through beautiful fall forest and down trails coated thickly with pine needles. The air is crisp and my bike feels great. I started out just in fear that I was going to fall off and knock all my teeth out on a rock, but soon loosened up and forgot myself in the twists and turns of the trail. The trail today weaved in and out of the wide, grassy birkebiner trail where they have the famous ski race each winter and the Chequamegon Fat Tire festival every fall.

There is an EMT in training up here with us and he using us to practice for his exam.

My blood pressure is 123/81

and I don’t have prostate cancer.

I see that the Firefox profile keeps a list of the websites you have visited in the places.sqlite database and that these are cleared out when you execute Tools –> clear private data.

Download the bare bones sql-lite command line tool ( http://www.sqlite.org/download.html ) to check out what Firefox retains after you clear private data.

Navigate to %APPDATA%/mozilla/firefox/profiles to find the name of the directory (xxxxxxx.default ) where this data is stored. ( instructions for other OS are here )

and then in your sql lite directory type

sqlite3 %APPDATA%\mozilla\firefox\profiles\xxxxx.default\places.sqlite

you will then see a command line that looks like this:

sqlite>

where you can type

sqlite> .tables

to see all the tables
or

sqlite> select url from moz_places;

to see all the urls it has stored

If you go to firefox tools -> clear private data and then go back and look at all the urls again, this table will be cleared out, except for your bookmarked web sites.

As mentioned in a recent Security Now! podcast, this does not erase the information Firefox has stored about your zoom preferences! I went to one website and zoomed it into a ridiculous zoom level. Firefox 3 remembers these settings on a per-site basis. I then cleared the browser’s history and went back to find my site is still zoomed in.

I found that the zoom info is kept in a different sqlite file called content-prefs.sqlite
So, I went that sqlite file (sqlite3 “%APPDATA%”\mozilla\firefox\profiles\xxxxx.default\content-prefs.sqlite )

if you look in there and do

sqlite> "Select * from groups";

you will see a listing for each site that you visited and fiddled with the zoom settings.
so….

sqlite> delete from groups where name like '%phpsolvent%';

and that cleared my zoom settings

So, if you are truly concerned about privacy, you might want to make a special trip to clear out the groups table in content-prefs.sqlite.
I do not understand why clear private data does not wipe out this data?

You can turn the entire feature off by typing about:config in the browser’s address bar, doing a search on “zoom” and disable by by double clicking the browser.zoom.siteSpecific row.

In Firefox 3.5, site preferences including zoom preferences can be cleared from an enhanced clear private data dialog.

The unanswered question is:
Can scripting be used on one web site to check zoom level on other web pages you have visited? This concept has been used before to check the color of a link to see if you visited it before. Checking zoom level on a third party web site would obviously be a lot harder.