Sunday, November 26, 2006

Installing an uncrippled ffmpeg on Ubuntu

I'm trying this right now on Edgy Eft:

po-ru.com: Fixing ffmpeg on Ubuntu
It seems one can set DEB_BUILD_OPTIONS=risky to enable the missing codecs rather than editing debian/rules and building the package manually.



sudo apt-get build-dep ffmpeg



sudo apt-get install liblame-dev libfaad2-dev libfaac-dev libxvidcore4-dev checkinstall fakeroot



DEB_BUILD_OPTIONS=risky fakeroot apt-get source ffmpeg --compile



sudo dpkg -i ffmpeg-blah.dpkg


Friday, November 24, 2006

CIA Kryptos Sculpture Has a Typo

It's not really a typo but an intentionally left-out X separator for
aesthetics on the sculpture that was intended to result in gibberish
when decrypted that would clue in the decryptors to reinsert a separator
and try again, except it ended up spelling something intelligible
instead of garbage so they thought they had decrypted it properly!
A Break for Code Breakers on a C.I.A. Mystery - New York Times
For nearly 16 years, puzzle enthusiasts have labored to decipher an 865-character coded message stenciled into a sculpture on the grounds of the Central Intelligence Agency's headquarters in Langley, Va. This week, the sculptor gave them an unsettling but hopeful surprise: part of the message they thought they had deciphered years ago actually says something else.


Upgrade IE ASAP

A study from a year ago but just as valid today.  Actually, over the past year, IE got much worse.  There were many exploits and unpatched holes in the browser.

One of the best things you can do for your Windows security is to make sure you upgrade to IE 7.x which has been redesigned to avoid many classes of attacks.  It is being pushed out by Windows Update (or Microsoft Update)  You can also switch to Firefox or Opera to get better security but please don't use IE 6.x or older anymore! 

Unfortunately, you have to be on Windows XP SP2 or higher to use IE 7.  So, it will force Windows 2000 users to upgrade to XP first.  That is probably also a good thing for security though.

Schneier on Security: Internet Explorer Sucks


Washington State exercising new Anti-Spyware law

Rob McKenna is a good friend of the Security community here in Washington. Go get 'em!

 --Washington AG Alleges Spyware Act Violations
(16 & 14 August 2006)
Washington State Attorney General Rob McKenna has filed a lawsuit against Movieland.com parent company Digital Enterprises alleging violations of the state's Computer Spyware and Consumer Protection Acts.

People sign up for a free, three-day trial of the company's software that allows them to download movie clips.  After the three days, they are inundated with pop-up demands for payment, generated by software that has been placed on their computers without their knowing consent.

The pop-ups, which appear hourly or even more frequently, read "Click
'Continue' to purchase your license and stop these reminders."   The
pop-ups remain on the screen for 40 seconds and cannot be closed during that time. McKenna also said that computer owners are not obligated to honor contracts entered into by others using their computers.

http://www.theregister.co.uk/2006/08/16/washington_movie_spyware_lawsuit/print.html
http://www.networkworld.com/news/2006/081406-washington-sues-movie-download-service.html




Department of Homeland Pork

Get this:  The list of top terrorist targets from the Department of Homeland Security is seriously braindead.  It includes 1,305 casinos, 234 restaurants, an ice cream parlor, a tackle shop, a flea market, and an Amish popcorn factory  3,650 sites total.  What's going on?  Pork-barrel politics is what's going on.  We're never going to get security right if we continue to make it a parody of itself.

The worst part is that DHS didn't even try to hide the pork-barreling by making the inclusions and omissions clear and blatant.  Oy.  I reluctantly file this in the security category...

The Seattle Times: Local News: Dept. of Homeland Lunacy
When it comes to homeland security, I give up.

I've tried to highlight the absurdity of trying to protect every cranny of our country from al-Qaida attack. I've critiqued everything from the waste of buying anti-terrorist locks for Sammamish City Hall to the illogic of not having security cameras outside our airport. And yes, I've resorted to that columnist stock-in-trade: mocking and satirizing.

But it turns out nothing I can make up is as ludicrous as what the Department of Homeland Security is actually doing.


How to break a common Master combination lock

Here's a description of how to open a common Master brand lock in about 10 minutes.  The design makes the 40^3 possible combinations collapse to 121.  It's a physical metaphor for bad cryptography and reliance on obscurity.

I happen to have a lock that I forgot the combo to that this will definitely come in handy for...if I can only find the lock...


Airport Security Oversights from The Onion

This was the most troubling one:

Airport Security Oversights | The Onion - America's Finest News Source
Sept. 3, London to New York: A few Muslim people may have slipped through with their dignity


Encrypted Government Announcements


U.S. Cryptographers: 'FrpX-K5jE-Oc4n-e5Dn' | The Onion - America's Finest News Source
WASHINGTON, DC—In a carefully phrased, 128-bit encoded announcement that has challenged U.S. security agency procedures, top officials of the National Cryptography and Information Security Council warned that "FrpX-K5jE-Oc4n-e5Dn" if "Ha4d-87gH-uiH3-gB5r-g8Bh" late Monday.


Fashion Advice for Geeks

So, there happen to be these unwritten rules of style that change all the time that nobody seems to tell you about and it's hard to ask and for many, harder to know you should ask. And there are people in the work world that do judge you by your appearance, for better or worse, consciously and unconsciously.  Here is some advice that I have culled from significant others, from experience and observation in the workplace, from the advice in Esquire, and even from What Not to Wear on TLC.
  • No pleated pants
  • Get rid of your pleated pants in favor of flat-front pants. Flat-front pants are simpler, more modern looking, make you look slimmer, and not like an old man.
  • Clothes should look new and fresh
  • If your sweaters are pilled and your pants have wallet or knee wear marks, or the cuffs are frayed, it's time to get some new clothes. Buy something new and donate the old.
  • Get pants with the proper length
  • If you don't know your length, get measured or fitted in a store sometime. Your pants should "break" at the ankle and continue down slightly over your shoe. If you can see your socks when standing, your pants are too short!
  • Appropriate sock color
  • White socks are generally not going to work with any business casual attire, unless is Miami Vice white suit day, but even then you probably would be better going without socks...but I digress. The general rule with socks is they should not be noticeable! If your socks stand out, they are wrong for your outfit. I mostly wear neutral socks that match my pants to not draw attention to them. If you are wearing athletic socks with slacks you need to go to Costco and get some Gold Toe dress socks and save the nike socks for the gym.
  • Your shoes tell all
  • They say you can tell a man by his shoes--they make or break an outfit. You can be totally put together elsewhere but if your shoes are crap, it's game over.  What do your shoes say about you? Are they tired, scuffed, worn and dirty or new, sleek, stylish and shiny? It sucks but you really should have several pairs of shoes so that you can rotate them. Avoid wearing one pair day-in and day-out so that they will last longer and look fresh when you do wear them. I've even bought two of the same less expensive pairs of shoes that I liked to keep them looking nicer longer.  Oh, and invest in a shoe brush and some instant shine pads.  Esquire recommends using black polish--even with brown shoes. 
  • Wear the right size shirt
  • This is another one of those things you're never taught: how to know you have the right size shirt. Here's the best way to know: Where the sleeves attach to the main body of the shirt, it makes a line. That line should roughly be even with the very edge of your shoulder blade. More than a 1/4 inch past that and your shirt is probably too big. I often see this with people who wear golf shirts (even PGA pros are bad offenders. Tiger Woods does it right though). Another way to tell if your short-sleeve shirt is too big is if your sleeves extend far past your elbow. They should probably end short of your elbow if it is sized correctly. Having the right size shirt means a sharper, put-together look. Oversized shirts tend to look sloppy or overly-casual.
  • Dress for the position you want, not the one you have.
  • Hey, I've been there where I loved being able to wear jeans and a T shirt because, hey, nobody sees me in the server room. But, if you have higher aspirations or if you interface with business folks who tend to dress nicer than you, then your clothes can be a distraction from you and your message. If anything, your clothes should be neutral or enhance your message. Beware of some managers who get nervous if their underlings dress nicer than they do, but that isn't really your problem--it's theirs for not dressing to their level in the organization!
  • Skip ironing -- use the cleaners!
  • Nothing says sloppy like a button-down shirt that has not been ironed or is poorly ironed. The difference I found with people who truly look sharp is not just tailoring but well-maintained clothing. It is so cheap to have someone else iron your shirts and it looks 1000 times better than if you try to do it that it is well worth the investment. And you can usually get a couple of wears out of each shirt before it needs to be sent back for cleaning and ironing. I pay $0.99 / shirt. If you have nice pants, you can usually get away with ironing them yourself but professional pressing also looks a lot better and holds longer than home ironing.


RFIDIOts mandating insecure RFID passports

Nice proof of concept code that can read passport data posted to BUGTRAQ. The "key" is comprised of data on the passport itself so you can remotely decrypt someone's data only if you know this information, or can brute-force it since it is a small keyspace:

The Passport number

The Date Of Birth of the holder

The Expiry Date of the Passport

The latest version of RFIDIOt, the open-source python library for RFID
exploration/manipulation, contains code that implements the ICAO 9303
standard for Machine Readable Travel Documents in the form of a test
program called 'mrpkey.py'.

This program will exchange crypto keys with the passport and read and
display the contents therein, including the facial image and the
personal data printed in the passport.
Bruce Schneier advises US passport holders to renew your passport NOW before the RFID requirement goes into effect so you can avoid being tracked or hunted down in our country or a foreign country. Otherwise, how will you still be able to claim you're a Canadian in foreign countries?

Also see this news story.


Patents are bad for society

James A. Donald had a great rant to the Anti-Fraud mailing list about how patents just don't work, at least for their intended purpose of furthering public knowledge.

The theoretical justification for patents has seldom worked in practice.
Most patents are flagrantly bogus, always have been. Of the few
legitimate patents, the vast majority merely obstruct the development
and application of the technology, without in fact making money for the
inventor. The normal outcome of patenting a genuine innovation is that
people construct second rate workarounds, as Microsoft just did. The
destructive effect of patents is merely most visible in those fields
that are advancing most rapidly - cryptography being such a field.
These are the fatal flaws of patents--that they are often used these days to stifle competition or to patent ludicrous things like 1-click shopping or automatically launching active content in a webpage.  The whole system needs to be revamped.



Competitive information for Picking an Antivirus solution


This is an article from a year ago that showed how each vendor was able to respond to key virus outbreaks.  They also show the data from the previous year.

I personally recommend F-Secure's product.  The base product gives you everything you need for anti-spyware and malware and is inexpensive.  It is not a huge fat pig like some of the products out there (McAfee...)  I've heard from others who enjoy Kapersky as well, so either of those would be good choices and happen to both top this list.

I also personally got rid of McAfee products after a multitude of issues:

1. The product is seriously bloated and the Security Center product seems geard toward selling other products by McAfee than providing normal users with value.
2. Many of the products in the suite are not well integrated.  They often had their own installers and were a real pain to uninstall.
3. Lots of errors resulting in having to reinstall the product (without there being an easy way to do so).
4. Their website security is horrendous.  My wife forgot her password to their site so she used their "forgot my password" feature.  Guess what?  They emailed her, not a new random password, but her _actual password_  This from a security company!  They either store passwords without encryption or store them with reversible encryption--both of which are seriously bad ideas and McAfee should know better.
5. Their suite product line is very expensive and the price seems to go up every year.  They have since reworked their product line and it seems to be better now.
6. I read the F-Secure blog and can tell those guys really get security.
7. McAfee was the company with the poor QA that removed critical Office files to "protect" you and also mislabeled a legitmate ISP software program
8. McAfee products, like Symantec, have suffered from some local privilege escalation vulnerabilities or remote buffer overflows.  The cure is worse than the disease?

Ranking Response Times for Anti-Virus Programs - Security Fix

Four Challenges for Computer Security Research

I would add a 5th item:

5. Develop Reusable Security Architectures that cover common scenarios and include appropriate protection by design

Tools are sexy; secure design is hard.  That's why you see so many tools and vendors hawking tools but not as much work.  I hear from people all the time who talk about this tool or pen testing or scanning some server or how you need to hack your wireless network to be secure.  That is a bunch of crap in general because trying to audit your way to security is bottom-up grass-roots and can only get you so far.  It's an early maturity model to be spending so much time and energy on audits and pen tests instead of security design reviews and developing security architectures.  It's a lot easier and sexier to say you hacked a wireless network.  We need to get to where it is just as cool to say you developed a wireless network security architecture such that you don't care who is connected to the wireless network because your security is not so brittle as to lose sleep over it.  Where are those reusable models made open source?

As for item #3, I don't think that I believe that there can be "quantitative" security risk management.  The biggest problem is that there is not enough good data to base future risk upon (try this:  how do you quantify risk of brand damage due to event X?). 

Item #4 is very important and speaks to ensuring security systems are usable.

CRA (Computing Research Association) Grand Research Challenges

Four Grand Challenges in Trustworthy Computing:
1. Eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years;
2. Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
3. Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade;
4. Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.


Security Usability: Not much progress since 1883 or 1975

This is a great article by Peter Gutmann and Ian Grigg on security usability that lists the six principles for a secure communications system put down by Auguste Kirchoffs ca. 1883.  Even he understood the need for usability back then:

Given the circumstances that command its application, the system must be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
Psychological Acceptability has been defined as a critical aspect of secure systems for over 30 years by Saltzer and Schroeder (1975): The Protection of Information in Computer Systems

It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user's mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification language, he will make errors.


DMCA still stands, but now with some exemptions

It's still a shitty law though.  Something else I will happily ignore to avoid my fair use rights being infringed.  Again, how could I watch DVDs (legally rented/owned) on my Linux box without doing so?

Boing Boing: Copyright Office creates 6 DMCA exemptions
the office refused to grant exemptions that would benefit the general public -- space- and format-shifting, backing up your DVDs -- and they took back an earlier exemption that let people reverse-engineer the blacklists maintained by censorware companies to bring some transparency to their process.


YouTube shutting down ability to download videos from YouTube

Hey, I'm on a Linux computer and because they insist on requiring Flash to play the videos, the only way I can view them is to download them and watch them with Xine. I plan on violating their terms of service...to continue to access their service...

Lawrence Lessig: When Web 2.0 meets Lawyers 1.0

Blog popularity inversely proportional to amount of "linking"

Summary:  people link to bloggers that provide more original content than who just provide links to other places that do so.

Funny because I was just thinking about this regarding this blog.  I think it's cool when people enjoy what I provide on this blog, but I really don't care if people read it or not.  This is where I keep track of stories and topics that interest me, instead of saved emails or bookmarks that I never look at again.  I can always go back and find what I found interesting and what I wrote about it.  Pretty cool in my book.

My blog doesn't really have many that link to it and probably the fact that I post many links without a lot of commentary a lot of the time is a good reason why.  But I disagree that nobody links to linkers.  I personally like blogs because they act as filters or lenses that focus news and interesting content.  There are tons of blogs but I like the ones whose mix of topics coincides most with what I'm interested in.  Even if they just link to other places, that's fine with me.  It's the filtering service that is the value-add, not necessarily original content.

That said, I have anecdotal evidence that my blog only gets noticed when I post original content.  My recent entry about SOA security is a perfect example.  I also was thinking about how I like the SANS newsbites because they actually summarize the stories they link to, not just provide links (on a related note, the links in Crypto-Gram require me to go read every story that sounds interesting so I generally read fewer of them).

No-one links to the linkers at Andrew Garrett’s Mutation

Richard Dawkins Mania in Silicon Valley

I was bummed that he didn't come to Seattle on his tour, but I'll enjoy listening to the mp3 of his appearance in Silicon Valley.

Who Has Time For This?: Silicon Valley Loves Richard Dawkins

Verizon settles class-action suit about deceptive practices regarding crippled phones

This is great news.  They did the same with other phones, including the e815 that I have.  Fortunately, there are ways around this to re-enable the crippled features, but they are out of reach to most consumers.  I had to buy a data cable and software on eBay to uncripple my phone.

[infowarrior] - Verizon Slapped for Crippling Bluetooth
Verizon has been getting weasely with some of its customers in California who bought its Motorola v710 Bluetooth-³capable² phone on or before January 31, 2005. Preliminary approval of the settlement was granted in a California court for a class-action suit against the company because it didn¹t accurately tell prospective customers that its Bluetooth features weren¹t what they appeared to be. Verizon said the phone ³works with a PC² but left out that part about how you can¹t wirelessly sync photos or contacts or any other files using Bluetooth.


Ballot Design, not DRE issues at play in FL undervote anomalies?

It is hard to believe that such a blatant undervote error could be attributable solely to the DRE itself not properly recording them.  But user interface designs can certainly be abused maliciously, or likely unintentionally, to create these situations.  How ironic is it that the DREs that were touted to Help America Vote are actually helping them to undervote, due to poor design/implementation of the ballots?

Proper UI is just as important as sound underlying technology in ensuring proper understanding and usability of a system.  Recall Why Can't Johnny Encrypt?  A Usability Evaluation of PGP 5.0 and the more recent Why Johnny Still Can't Encrypt:  Evaluating the Usability of Email Encryption Software for how even known secure software can result in insecure  and unintended actions by the user.  The infamous Butterfly ballots were not DRE-based but certainly were flawed UI that caused voting errors in previous elections so this is not a new issue to software or to voting by far.

This is a perfect example though of how using DREs to generate human-and-machine-readable reciepts (voter verifiable) could allow for voters to detect their undervotes before they drop them into the ballot box.  There could even be very blatant warnings to the user on the receipt and on the screen that they didn't vote in X of the races to help prevent unintentional undervotes.  Did these companies do any focus group testing of DREs?

FL-13: More Evidence of Ballot Design Issues - TalkLeft: The Politics Of Crime
...Bev Harris and the Jennings campaign want you to think otherwise. They want to point away from their mistakes. But the real problem was the design...


Wednesday, November 22, 2006

Scans from 1962 Fallout Shelter Handbook

The Ward-O-Matic: Fallout Shelter Handbook 1962

I've been working on emergency preparedness for my neighborhood lately so this is very apropos.

BTW, I found a $79.99 Ready kit at Home Depot that is a pretty good deal for a 2-person 72 hour kit (what is recommended for personal preparedness at a minimum). Don't forget supplies for your pets too!

Apostrophe abuse is cruel

Boing Boing: Atrocious apostrophe's and "quotation" "mark" "abuse" photo galleries

Two Flikr galleries dedicated to photo's of apostrophe and quotation mark abuse. I can't believe my previous post on Common writing mistakes didn't touch on this pet peeve of mine.



2006 Gift Card Landscape

Good news about gift cards.  I was just thinking the other day about these practices and it looks like, just in time for the holiday season, you can find out which ones have done away with those pesky expiration dates (are you listening Amazon?) and fees.

And a hint for the upcoming holiday:  Gift cards make great gifts...

2006 Gift Card Study (Page 1 of 4)
If you want a gift card you can use anywhere, you'll pay for the privilege, while gift cards from individual retailers are less costly and sprouting more options.



Those are the major findings of the third annual Bankrate.com Gift Card Study.



Retail store gift cards continue to be a consumer-friendly credit product, with fees and expiration dates the exception rather than the rule. The retailers can make a profit from the merchandise users buy.



Gift cards from the major credit card issuers, though, still carry an assortment of fees. All continue to charge monthly "maintenance" or "dormancy" fees, ranging from $2 per month to $3, if the gift card isn't used within a certain period of time. All but American Express have expiration dates.



Bankrate surveyed the top 25 retailers, as identified by the National Retail Federation, about the costs, terms and conditions of the gift cards they offer, both plastic and electronic. We also surveyed the four largest credit card companies: American Express, Discover Card, MasterCard and Visa.


The Official God FAQ

There is only one question and the answer is not 42.

The Official God FAQ

Monday, November 20, 2006

On the performance of SSL vs. WS-Security

I've been meaning to rant about this for a while.

I'm sick and tired of hearing about the false dichotomy of WS-Security versus SSL and why its performance is somehow going to be so much better than SSL transport encryption of SOAP-based web services.  Pundits often point out that SSL has to encrypt the _whole payload_ while WS-Security can be used to digitally sign and/or encrypt only those attributes that absolutely need encrypting or signing.

This kind of reasoning is preposterous and is nowhere near being based on any facts or data, yet these talking points are ever-popular with the "SOA: the Armageddon is near" or WS-NotJustForBreakfastAnymore crowd.

For these people, I have one simple question for you about the assertion that WS-Security is always going to perform better in software than simply using SSL intelligently for the entire transport:

How is it that you can claim that WS-Security digital signature or encryption (with one _or more_ asymmetric plus 1  _or more_ symmetric crypto operation per request PLUS base64 encoding bloating the request PLUS extra SOAP XML tag hierarchies wrapping the encrypted/signed data section that need to be transferred over the network) is going to be faster in general than SSL (with one asymmetric crypto operation at session initiation, and henceforth 1 symmetric crypto operation per packet)?

It has often been vendors of XML firewalls and Microsoft web services evangelists that are the worst offenders.  I'd love to hear some answers you get to this question.  I haven't gotten a sensible one yet.

Asymmetric crypto operations are roughly 1000 times slower than symmetric crypto operations.  I would love to see actual hard data based on a valid underlying test scenario proving that WS-Security is faster than SSL even in the face of this reality.  But nobody who makes these claims has it and I can't see it just based on the orders of magnitude difference between the computing time required for the crypto.  That is even before you factor in the additional latency for transmitting the extra bytes for the WS-Security payload and the extra parsing time and the likely need to have to encrypt and decrypt multiple separate data elements individually.

Yes, in the purported SOAP-router kind of network where SOAP is treated as if it were a wire-level protocol there are problems with SSL since it is not end-to-end, but that is a red herring when we are debunking the claims of enhanced performance.  Stop changing the subject!  There can be a place for WS-Security in some advanced SOA scenarios, but strictly on performance, I can't see there being any comparison.  And most people aren't implementing anything like the SOAP architects envisioned anyway (but don't let that stop the vendors from beating that drum).  Most people are still using SOAP for point-to-point services which often replace other wire-transports or technologies (e.g. DCOM, CORBA, proprietary XML services, etc.)

Performance issues with SSL have generally nothing to do with the fact that you are encrypting an entire payload instead of just subsets of the data.  For small messages that typical SOAP calls are, this is perhaps a few clock cycles per request.  I can say from lots of experience with lots of development teams that at least 90% of the performance problems with SSL in general are due to seriously flawed implementations.  The other 10% is generally actual performance impact because the systems on which it is running are vastly undersized because the system was not designed to be secure (but rather designed on the omission or hope that they wouldn't have to size it to handle the required security).

If you implement SSL to intelligently minimize the asymmetric crypto operations to the absolute minimum by pooling connections and pinning them up and using keepalives, then you are barely going to notice its impact, especially on properly-sized hardware or if you use hardware crypto accelerators.  But if it is done incorrectly, or not accounted for in sizing, SSL will remain the whipping boy of many an environment.

Oh, and I have data showing how SSL can actually _speed up_ connections under certain conditions. 


Some Good News on the McCain Front: Attacking NOAA for delays in global warming report

Ugh.

TPMmuckraker November 17, 2006 01:35 PM
"You know," McCain said a few moments later, "you are really one of the more astonishing witnesses that I have [faced] -- in the 19 years I've been a member of this [Senate Commerce, Science and Transportation] Committee."

Lautenberger explained that his staff was working on "pieces" of the report, and conceded the November 2004 deadline had been a "difficult requirement to meet."


More McCain flip-floppery: Now on abortion



Think Progress: McCain Flip-Flops, Supports Immediate Reversal of Roe v. Wade

Great moments in sarcasm



Eschaton
In the early 1990s I built a workable time machine. All it lacked was the flux capacitor and 1.21 gigawatts of electricity.


Club Heaven

75% of Americans think they'll get into Heaven?  They must be Evangelicals whose sole criteria is "belief" and not "good deeds"...  At least I'll have lots of friends in hell.

ABC News: Poll: Elbow Room No Problem in Heaven
Who gets in is another matter. Among people who believe in heaven, one in four thinks access is limited to Christians. More than a third of Protestants feel that way, and this view peaks at 55 percent among Protestants who describe themselves as very religious.


Saturday, November 18, 2006

Another McCain flip-flop

Crooks and Liars: St. McCain's look of desperation

McCain once had words of praise for Senator Kerry, but he played the repugnican party line during the election and trashed him for his botched joke--acting as if he really believed Kerry, a decorated veteran, was actually disparaging the troops and not Bush.  Politics is disgusting.  McCain should take what Olbermann said about Rove and Bush to heart:

Crooks and Liars: Olbermann’s Special Comment : There is no line this President has not crossed — nor will not cross — to keep one political party, in power.

Mr. Bush and his minions responded [to Kerry's gaffe], by appearing to be too stupid to realize that they had been called stupid.


Bush & Reichert get Issaquah Bus Driver Fired

The Royal Fingerer Can Dish it Out But Can't Take it"

Bus driver allegedly flips off Bush so Bush and Reichert complain and the bus driver gets fired. Where is the compassion in that conservative again?

Searing Discount of Liebermann Win

The Insignificance of Lieberman - TalkLeft: The Politics Of Crime

What Big Tent Democrat says.

powered by performancing firefox



Bank of America jails a customer; causes backlash > $50 million

The This is Broken blog is a pretty cool idea too.  There are so many processes, instructions, websites, etc. that just don't work quite right.  They get posted to this blog!

This Is Broken - Bank of America jailing a customer
Matthew Shinnick dropped by a Bank of America branch in San Francisco to make sure a check he was about to deposit wasn't fraudulent. The teller found that the check was fraudulent and told the manager, who then had Shinnick thrown in jail. Are you getting this right? The customer who wanted to make sure he wasn't about to draw on a fraudulent check, got thrown in jail by Bank of America.
In response, customers have withdrawn or removed at least $50 million (at last count) from B of A in protest.  See also Clark Howard's site, who gave this lots of attention in California on his radio show.


powered by performancing firefox



Monday, November 6, 2006

Bad monday

I had one of the worst mondays in a while.

I was not feeling well but went to work anyway (I thought of resting up one more day and probably should have stayed in bed).

It was the first day back to work after being sick with fever for 3 days.

On my way to the bus stop, after only a 1/2 block from my house, my pants were soaked and shoes soaked through. The rain and wind has been insufferable this fall!
I reluctantly went back home frustrated and not knowing if there was a way to possibly get to work but not be soaking wet all day. I decided the strategy would be sacrificial clothing. I geared up in my Costa Rica Rain forest gear (all drip-dry) and packed a new dry outfit to change into at work, including new shoes.

Well, the sack that I put my shoes in got a hole worn in it on the way to and from the bus. One shoe fell out on the sidewalk coming into my work building. Fortunately, someone saw it right away and alerted me.

When I went to put my shoes on, one shoe got laces worn in half from dragging behind my wheeled laptop bag.

Turns out my laptop bag was not waterproof so my dry pants got wet.

Turns out my brand new building downtown Seattle has no hand dryers in the new bathrooms! So, I couldn't quickly dry my new pants.

So, I was stuck with wearing my rain pants while I waited for my others to dry out.

But those pants were still damp enough that they got my chair wet. So I had to switch chairs for the day after putting my dry pants on to avoid getting those wet again.

Ugh.

Antennaweb - TV and HDTV

AntennaWeb



Seattle HDTV antenna map mashup

HDTV Magazine - Broadcast HDTV Market : Seattle-Tacoma



Thursday, November 2, 2006

Bush & Reichert get Issaquah Bus Driver Fired

The Royal Fingerer Can Dish it Out But Can't Take it"

Bus driver allegedly flips off Bush so Bush and Reichert complain and the bus driver gets fired. Where is the compassion in that conservative again?