Primate Brow Flash

The web page above, which has its delicate bits blurred out, was left unprotected by a contractor from Texas who underbid everyone else and got work from Minnesota’s DHS.

Here is the MPR story, where you can find out the name of the contractor who is now suing everyone over the issue.
I’ll just refer to them as “Sookout Lervices”.

I appreciate that MPR found this out, but Sookout Lervices doesn’t, as they seem to be building a criminal case against MPR.

After this incompetence was discovered, Minnesota agencies were instructed not to work with them. So, Sookout Lervices is suing our state as well.

Seems like a scary company to work for. It has lawsuits open against several former employees, including one of their own developers. That is, a customer complained and Sookout Lervices hired an outside party to look at their own developer’s code and then sued the developer for fraud. This tells me they have too little hands-on involvement with their own projects. That is, get a contract, throw a developer at it, and collect the money without investing in:

1. Senior level developers
2. “Hands-on” Project Managers
3. Code reviews
4. training
5. Testing

An interesting question is if the MPR reporter who found the breach can get punished. From what I understand, she didn’t just follow a link and find the data in the open, she messed with request parameters in the URL to get to unprotected data. So, what is the line between changing the URL to navigate around a site, which I do on a regular basis, and committing a crime?
There must be a precedent for this. What I need is a big “computer crimes” chart of actual cases where the technical details of the incident, the charges brought, the evidence offered, and the sentence are laid out.

When I got home on Friday, there was a rug doctor sitting in my living room. The eager-beaver handyman with Popeye forearms featured in the ads was nowhere to be seen. We moved all the furniture in the living room and set the kids to work vacuuming and cleaning the filthy molding. I gave Mo a soapy cloth to wash the woodwork, and she did a fantastic job up to about 3 1/2 feet.

Then we shampooed the rug, pausing every other row to empty the dirty water. Dumping this water was the most satisfying activity ever. The water was black and it felt like I was exorcising all the bad spirits from my house.

Now I can lay face down on the carpet to do the cobra pose and not have a sneezing fit.

Wow,

They are getting all up in Best-Buy’s shit at standforchristmas.com.

Employees always have been polite, friendly, and helpful. Too bad the corporate decision to ignore our Christian heritage & holidays,instead demonstrate their willingness to recognize a Muslim holiday tells me where Best Buys loyalities lie. I will find an independent Christian business to purchase my new home theater system.

I think I’m gonna get on there and complain about the cleavage on the virgin mary statue that I saw at JC Pennys.

Me: Mo (temp = 100.2), do you kind of want to be sick?
Mo: (devious smile) yeah.
Me: I know about that. why do you want to be sick?
Mo: Ginger Ale

I saw Dan Geer speak a while ago. Here is the video. It was a good “10,000 foot” overview of working and learning in the security field.
He said he had this on his office wall:

1. Work like hell,
2. Share all you know,
3. Abide by your handshake,
4. Have fun

from Wikipedia:

Graceville, Minnesota, was originally granted to Archbishop John Ireland of Saint Paul, Minnesota. Wishing to settle the Minnesota prairie with Catholic Irish-Americans, he actively promoted settlement in Graceville and the surrounding region. The town was named for Bishop Thomas Grace and a special line was built across the prairie from Morris, Minnesota.

In summer 1880, Archbishop Ireland paid for the passage of a ship filled with Famine refugees from Connemara in County Galway. Arriving in Graceville too late to adequately prepare and having little grasp of English, the Irish language speakers were ill prepared for the massive blizzard which descended in the winter. As both the Protestant Freemasons of Morris and the English speaking Irish-Americans of Graceville both schemed to manipulate the situation for their own ends, the sufferings of the Connemara refugees became an international scandal.

With the future of his entire Catholic Colonization Bureau in jeopardy, Archbishop Ireland offered up the “Conamaras” as a sacrifice, condemning them as shiftless, lazy and drunken. In the early months of 1881, all but three families were evicted from their claims and resettled in a shantytown in Saint Paul which was instantly dubbed The Connemara Patch. Meanwhile, back in Graceville, the name “Conamara” became an insult, a pejorative term for a lazy, drunken failure.

Here is a slightly different story about it, from an apologist for Bishop Ireland. To me, it seems like a rush to make the countryside Catholic, and when it turned embarrassing, rather than examine his motives, the church hierarchy blamed the victims. Thus it is with everyone with religious motives. Their own righteousness simply cannot be questioned.

To be fair, that wikipedia page has had very little vetting.

If you want to save about a month per year, quit using your mouse and learn keyboard shortcuts for your most common tasks.
What if your most common task is Facebook?
Facebook sucks for keyboarding. There is, fortunately, a script for Firefox called Facebook Fixer that improves keyboarding in Facebook (along with a bunch of other great features).
Keyboard Shortcuts that come with Facebook Fixer:

From any page:
A - Albums/photos
B - Toggle buddy list (online friends)
C - Facebook Fixer configuration
F - Friends
H - Home page
I - Inbox
L - Start/stop Facebook Fixer from Listening for page changes
N - Notifications
P - Your profile
T - Translate selected text
- Close pop-ups created by Facebook Fixer

From the home page:
f or l - Live feed
i - Posted items
n - News feed
p - Photos
s or u - Status updates

From profiles:
i - Info
p - Photos
w - Wall
x - Boxes

From pages with pagination (previous, next, etc)
- Previous
- Next
+ - First (when available)
+ - Last (when available)

While viewing albums/photos:
a - Load all thumbnails (when available)
b - Show big pictures
c - View comments
k - Back to album
m - Photos of (person) and me

While viewing recent albums and uploaded/tagged photos:
a or r - Recent Albums
m or u - Mobile uploads
o - Photos of me
p - My Photos
t or f - Tagged friends

It requires greasemonkey. I lost interest in Greasemonkey because juggling versions of Firefox, Greasemonkey, and the Greasemonkey script is a huge headache and trusting maintainers to keep up with it after they graduate from high school is a bad bet. I’m giving it another go in hopes that the Facebook fixer will stay maintained.
Facebook fixer shortcut code is butt simple and probably won’t break between versions. If it does, it would be easy to copy the shortcut code by itself and make my own add-on.
Line 3 shows how to ignore keyboard shortcuts if the user is trying to type in a textbox.

if (prefs['Shortcuts']) {
window.addEventListener('keydown', function(e) {
if ((e.target.type && e.target.type!='checkbox' && e.target.type!='select') || (e.target.getAttribute('contenteditable')=='true') || e.ctrlKey || e.altKey || e.metaKey) { return; }
function clickLink(filter, root) {
var link;
if (!link) { return -1; }
click(link);
}
if (e.keyCode==191) { if (e.shiftKey) { window.alert('Facebook Fixer Debug Info:\n\nid: ' + id + '\ntimestamp: ' + version_timestamp + '\npage: ' + page + '\nlanguage: ' + language + '\nlistening: ' + (listening?'true':'false')); } } // ?
else if (e.shiftKey) {
switch(e.keyCode) {
case 37: clickLink('First'); break; // Left Arrow
case 39: clickLink('Last'); break; // Right Arrow
case 65: window.location.href = 'http://www.facebook.com/photos/?ref=sb'; break; // A
case 66: click(document.getElementById('buddy_list_tab')); break; // B
case 67: showConfig(); break; // C
case 70: window.location.href = 'http://www.facebook.com/friends/?ref=tn'; break; // F
case 72: window.location.href = 'http://www.facebook.com/home.php?ref=home'; break; // H
case 73: window.location.href = 'http://www.facebook.com/inbox/?ref=mb'; break; // I
case 76: if (listening) {
stopListening();
window.alert($l('ListeningStopped'));
} else {
startListening();
window.alert($l('ListeningRestarted'));
}
break; // L
case 78: window.location.href = 'http://www.facebook.com/notifications.php'; break; // N
case 80: window.location.href = 'http://www.facebook.com/' + (id.match(/^\d+$/) ? 'profile.php?id='+id+'&ref=profile' : id); break // P
case 83: e.stopPropagation(); e.preventDefault(); document.getElementById('q').focus(); break // S

etc....


This brings up the question: Am I going to learn a different set of key strokes for every website I use? I’m pretty good at Gmail and Wordpress, I’ll probably adapt pretty quickly to SHIFT-a when I want to stalk some friend of a friend on Facebook, but this isn’t very scalable. That’s is why mice were invented! Universal interface! So, mark me down as NOT a believer in web-app specific keyboard commands. That stuff should be in the browser, except with google apps, which are honorary desktop applications.

The single most powerful keystroke for browsing is the single quote key in Firefox. It lets you find links as you type. Adopting this habit alone will free up enough time to have up to 8 more Facebook friends.

Internet Explorer doesn’t even try to offer keyboarding. There is no “find as you type”. No “find links as you type”. No text selection via keyboard.

Besides saving time, I’ve noticed that people who can do everything by keyboard make me think, “now that’s an expert’.

http://www.coderanch.com/t/467031/Meaningless-Drivel/gmail-account-virus-spam-attacked

I just learned that Brenda Buckley, Maggie’s Irish Dance teacher, has died of cancer. I’m shocked and saddened. She made such a huge difference in so many people’s lives, including Maggie’s and by extension, mine. I know we hear this about damn near every person who dies, but her spirit through her illness was truly inspiring.

It is hard to find someone who demands excellence like she did. It takes a lot of energy and confidence. I think the last words she spoke to Maggie were, “If you don’t practice, don’t bother coming to the Feis”.

The confidence and growth that Maggie gained through Brenda’s instruction are invaluable.

We laughed about Brenda’s last words to Maggie, but I know anyone who has ever worked hard at something or helped others work hard at something that takes endurance and skill (swimming?) can get behind those last words.

Now that most internet users have adopted ways of clearing or limiting regular cookies, many sites now use sneakier cookies that are harder to prevent and clear. The Flash plugin in your browser, which you chose to install so that you could watch YouTube videos, for instance, allows operating system access and enables web site owners to store “Flash Cookies”. This lets Flash store information in the file system outside of the browser sandbox. There is nothing built into your browser to control them. Flash cookies do not have the same constraints as normal cookies. One use of Flash Cookies is to rebuild traditional cookies after they are cleared by the user. Flash Cookies are cross browser. A cookie set in one browser can be read by another browser.

Privacy Mode in Firefox 3.5 (as well as Incognito Mode in Google’s Chrome and In Private in IE 8) do not block Flash cookies.

This information is stored on a per-site basis on your hard drive at %APP-DATA%\macromedia\flash player\#shared objects\. If you look in that folder, you will see many, many folders with names of sites you might have visited ages ago.

The existence and contents of these folders are interesting to forensics investigators, spouses, employers, and marketing professionals.

The BetterPrivacy Firefox add-on effectively wipes out the Flash cookie contents. It also wipes out the Flash cookies set by other browsers.

It does not, however, wipe out the folders containing those contents by default. You must open the Tools–> BetterPrivacy –>More Options dialog and check the “Delete Empty Cookie Folders” button. Otherwise, clues to your browsing history remain.

You can also set your flash plugin settings at the following page: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html Many people just set their LSO storage space to zero. Note that each browser you have will maintain its own flash settings, so you would do this for each browser.

Better Privacy by default disables click pings. “ping” is an html 5 attribute that notifies a third party when you click a link. While this sounds like a huge breach of privacy, keep in mind that a website owner can and does put all kinds of tracking code to watch which links you click on. The Ping attribute in html 5 is an attempt to unify this and keep click tracking out of the normal stream of web interactions. (as read on Workbench) Anyway, it is an HTML 5 feature and I haven’t seen it used much.

Similarly, BetterPrivacy by default disables DOM Storage. Dom storage is another HTML 5 feature that provides a large space for name value pairs as client side data storage. They are different from normal cookies in that they are much bigger, they never expire, they don’t get transmitted to the server with every request, and they offer more granular control as far as scope. That is, their scope might be limited to the browser window. An application of DOM Storage might be to allow web application usage when offline, with the expectation that work would be synched up when the user was back online. This is a similar goal to, but completely different implementation from Google Gears.

Bruce Schneier made a post about flash cookies back in August. The comments on his post are really good.

Last night my friend Mark and I joined the “Trail Watch”. It is a group of volunteers associated with the Midtown Greenway Coalition. They ride in a big, brightly lit group up and down the Minneapolis Greenway and the LRT trail. These trails go through Philips and Central neighborhoods, where there have been some muggings of bicyclists. I thought it would be a good way to support cycling. I was inspired by the pure numbers of people out on the trail. Several people thanked us. Speeding ahead and looking back at the trail of brightly lit bikes in our “posse”, I can see that our numbers and lights would offer succor to any cyclist nervous about being out alone after dark.

Trail Watch information


Greenway Incidents

They ride every evening except Saturday. They meet at 7:00 in front of the parking garage above the Greenway on 10th Avenue. (Above Freewheel Bike)

Longer than usual commute this morning as I stopped by my previous workplace to pick some stuff up. Their place was dark and I thought they weren’t there, but I cupped my hands and stared in the window and faces came out of the dark. It turns out their power was out. In other words, they didn’t have coffee ready for me. :-{

The radio was full of talk of icy roads and spin outs and I almost didn’t ride. As it turned out, the roads were a bit icy, but nothing that was going to shoot my bike out from under me unless I really tried. It was nice riding under highways full of stopped cars. The sun came up and burned off some of the ice and mostly it was nice going. I was wearing cotton. I wonder what the emoticon would be for “I’m cold because I wore cotton”? <:-[ ****<

I figure the ride this morning burned 700 calories. That amounts to about 1/5th of the Reeses peanut butter cup eating contest I did this weekend.

We woke up to an inch of snow and freezing temperatures. The trails were covered with a mixture of wet leaves in snow, but weren’t too slippery except that the wet tree roots were hazardous.

We rode on the Mosquito Brook trail this morning for about 10 miles, ate lunch at the “Brick House”.

“Rock Lake” is a completely different sort of trail. It is an arrangement of rocks, really, and though the woods were beautiful and certain parts felt absolutely good, I bit off more than I could chew. I’m very sore now. We met a number of people who volunteered their time working on the trails up here. I must extend thanks, for they, over the years, have built up a fantastic system of trails up here.

I am in Northern Wisconsin, bicycling on some trails maintained by Chequamegon Area Mountain Bike Association (CAMBA). After a relaxed drive up here, we had time for a short ride this afternoon that took us through beautiful fall forest and down trails coated thickly with pine needles. The air is crisp and my bike feels great. I started out just in fear that I was going to fall off and knock all my teeth out on a rock, but soon loosened up and forgot myself in the twists and turns of the trail. The trail today weaved in and out of the wide, grassy birkebiner trail where they have the famous ski race each winter and the Chequamegon Fat Tire festival every fall.

There is an EMT in training up here with us and he using us to practice for his exam.

My blood pressure is 123/81

and I don’t have prostate cancer.

I see that the Firefox profile keeps a list of the websites you have visited in the places.sqlite database and that these are cleared out when you execute Tools –> clear private data.

Download the bare bones sql-lite command line tool ( http://www.sqlite.org/download.html ) to check out what Firefox retains after you clear private data.

Navigate to %APPDATA%/mozilla/firefox/profiles to find the name of the directory (xxxxxxx.default ) where this data is stored. ( instructions for other OS are here )

and then in your sql lite directory type

sqlite3 %APPDATA%\mozilla\firefox\profiles\xxxxx.default\places.sqlite

you will then see a command line that looks like this:

sqlite>

where you can type

sqlite> .tables

to see all the tables
or

sqlite> select url from moz_places;

to see all the urls it has stored

If you go to firefox tools -> clear private data and then go back and look at all the urls again, this table will be cleared out, except for your bookmarked web sites.

As mentioned in a recent Security Now! podcast, this does not erase the information Firefox has stored about your zoom preferences! I went to one website and zoomed it into a ridiculous zoom level. Firefox 3 remembers these settings on a per-site basis. I then cleared the browser’s history and went back to find my site is still zoomed in.

I found that the zoom info is kept in a different sqlite file called content-prefs.sqlite
So, I went that sqlite file (sqlite3 “%APPDATA%”\mozilla\firefox\profiles\xxxxx.default\content-prefs.sqlite )

if you look in there and do

sqlite> "Select * from groups";

you will see a listing for each site that you visited and fiddled with the zoom settings.
so….

sqlite> delete from groups where name like '%phpsolvent%';

and that cleared my zoom settings

So, if you are truly concerned about privacy, you might want to make a special trip to clear out the groups table in content-prefs.sqlite.
I do not understand why clear private data does not wipe out this data?

You can turn the entire feature off by typing about:config in the browser’s address bar, doing a search on “zoom” and disable by by double clicking the browser.zoom.siteSpecific row.

In Firefox 3.5, site preferences including zoom preferences can be cleared from an enhanced clear private data dialog.

The unanswered question is:
Can scripting be used on one web site to check zoom level on other web pages you have visited? This concept has been used before to check the color of a link to see if you visited it before. Checking zoom level on a third party web site would obviously be a lot harder.

Every time I hear a Daniel Johnston cover, I’m moved almost to tears. I heard a Speeding Motorcycle cover in my car this morning.

We are still kind of high after the Minnesota Feis. This was my first competition as an Irish dance parent supporting a dancer and I can tell you I never predicted I’d be part of the Irish dance scene. In fact, a wise adviser of mine warned me never to get my kids involved in dancing or I would face a long and expensive career at recitals silently combating other dance parents. I’m happy to report that the Irish dance community isn’t like that. It felt great when everyone pitched in at the end to take down the stages and clean up.

We have been driving all over the upper midwest recently for performances and Maggie has built up some good experience dancing at churches, Pow-wows, bars, and fairs. She attended the beginner practices while most of the performance team goes to the “Novice” practices. To graduate to “Novice”, she has to place first, second or third in her dances in the advanced beginner category. Going into the Feis, I had no notion of the level of competition she would face. I know she gets fairly strict instruction at Scoil Na dTri. To our amazement, she got two first places and a second in the advanced beginner category and a first place in the first feis category.
here are the results:
Hornpipe:
http://feisworx.com/compresult.php?feis=386&comp=310HP
Reel
http://feisworx.com/compresult.php?feis=386&comp=310RL
Slip Jig
http://feisworx.com/compresult.php?feis=386&comp=310SJ

I know how to put on the wig and pin the crown in place, but there is one aspect that I will never help with and that is makeup. I’m talking about lots and lots of makeup that makes 11 year old kids look 40. Yes, Maggie will eventually learn to think that she needs makeup but she’ll have to be the motivator, executor and funder of all makeup activities. I saw one girl applying spray on tan before her event. Didn’t she see Little Miss Sunshine?

Mo: “Some kids who don’t go to our school came and fired my favorite playground stuff”

Pioneer Press Link

The Old, Weird America: The World of Bob Dylan’s Basement Tapes = The Invisible Republic by Greil Marcus


My rating: 4 of 5 stars
I saw Greil Marcus come and speak to promote the release of this book. It was fascinating. He’s been studying the Basement Tapes since before they were commercially released and he has a lot of ideas and suspicious connections to talk about. As some random guy in a coffee shop told me when he saw me reading this book, “I’ll bet my friends and I can come up with a book full of iffy connections about any double album, but that doesn’t mean we’d publish it when we sobered up.”

In spite of this, it is a great book and I never listened to Bob Dylan, much less the Basement Tapes the same way again. The book largely concerns itself with Anthology of American Folk Music, a box set of recordings that partly formed the basis of Bob Dylan’s tastes. Marcus claims that The Basement Tapes were Bob Dylan’s answer to that anthology.

He succeeds in convincing the reader that there is indeed a secret American parallel history that we know nothing about and that is absolutely gone from the earth. He also succeeds in showing how the Basement Tapes and Anthology of American Folk Music are points of entry into this secret past. He doesn’t succeed in telling the stories memorably, or without seeming a little to possessive and nerdy about them.
as A.J. Weberman said in the 70s, “Greil Marcus hordes his basement tapes”. Too True.

View all my reviews >