Wednesday, December 23, 2009

Reigning in Credit Card companies begins February 13, 2010

Bank of America nicely summarized some of the major changes coming due tot he Credit Card Accountability and Disclosure (CARD) Act.  In short, your credit card company can't be so much of a money-grubbing bastard anymore.  Although there are so many avenues not closed by this act, they actually still can be pretty evil.  For example, there is no regulation preventing credit card companies from charging whatever they want for interest rates. 

Here's some of the good stuff that should have been in place already were it not for a congress that is in bed with the financial sector:
  • APRs can only be raised if you do not make at least the minimum payment within 60 days of your payment due date.  Previously, they would jack it up probably the next day after your payment was due.
  • If your APR was raised due to missing a payment for > 60 days, your APR can be returned to the original rate if you pay your bill for the next 6 months by the due date.
  • 45 days notice required for increasing your APR for any arbitrary reason.
  • Amounts you pay over the minimum payment apply to the highest APR balances first.  Without this legislation, they would just apply it to whatever they wanted that maximized their profit and minimized your wallet.  Because they are mostly still evil, they are going to still apply the amount due to the lowest APR balance first.
  • Payment due dates will always fall on the same date each month.  You will also get at least 25 days from the statement closing date for your payment due date.  I'm guessing that they changed your dates in the past to make you more likely to miss your payment so this is a nice catch.
  • Paying more than your minimum amount due will actually reduce your interest costs because of changes in how finance charges (that B of A now says will be all called "interest charges") are calculated.
  • Payment cutoff times are changing from just one timezone (e.g. Eastern) to be the actual timezone of the facility to where you mail your payments.  This helps you because a payment received on the Tuesday it is due, but after 5pm eastern, was actually counted as "late" prior to this law.  Unbelievable.
  • Cash advance checks they mail to you will all have printed expiration dates and will not be honored after that date.  Sounds like a good security measure to me.  I hate that they send checks about every month; waiting for someone to steal them from my mail.
  • So long as you pay at least the minimum amount due by the due date, your APR for existing balances will not be affected.
  • In addition to your payment grace period (where you can carry a balance but not pay interest), if you have paid in full previously but on one statement do not pay in full (thus leaving a balance on your card), portions of your "Purchase balance" (I'm interpreting this to be stuff you just bought on your card this billing cycle) are eligible for an extended interest-free period.  Thus, you do not get dinged right away for finance charges on your entire card balance.  That was the really annoying thing.  If you had $1000 on your card, and missed a payment by even one day, you would get assessed a finance charge on -- not just the amount on your bill, but the total amount you owed on your card -- even stuff in the grace period.  So, you had no way of reliably knowing what you might have to pay.  This sounds like it's a game-changer for that practice.
But beware that you will be seeing some "novel" attempts by the card companies to return to excessive profitability at your expense at some time soon.  They are poring over the legislation to find the loopholes.

Thursday, December 10, 2009

New study suggests exposure to microbes as kids is healthy

Best to have a kid get a cold here or there to reduce the chance of higher inflammation as adults and protect them from cardiovascular diseases.  We were just talking about this...

Everyday germs in childhood may prevent diseases in adulthood

Sunday, November 29, 2009

The "Alternative" medicine trash heap

I think it is a horrible waste that the US spends so much money to fund the National Center for Complementary and Alternative Medicine (NCCAM) which investigates non-scientific modalities, many of which have no prior plausibility so would not normally even qualify for scientific investigation.  I prefer the term Supplements and Complementary and Alternative Medicine for the category of woo because it has a better acronym (SCAM) -- thanks to Mark Crislip for that.

However, one good thing is that they have tested out many of the common "remedies" and supplements that many Americans take and have succeeded in disproving them.  The trash heap now contains at least:
Other non-remedies to add to the list are:
Oh, and Airborne is chock full of a bunch of woo and is not going to be effective so don't give those thieves any of your money.  Also, Airborne contains 100% of your RDA of Vitamin A, but if you take up to the maximum recommended "dose" of Airborne (every 3 hours, or 8 times/day) you will get 8 times the RDA of Vitamin A.  And excess vitamins can be harmful as a new study shows specifically with Vitamin A.

And if you thought that Zicam was safe, watch out.  It can cause a complete loss of smell and taste.  So although it _may_ have a modest affect for the common cold, I don't think that the risk may outweigh the benefits.

Also, if any substance has a pharmacological effect on the human body, then _it is a drug_  And you should tell your doctor when you are taking these things because they can have drug interaction effects just like any prescription drug.  Some can be very dangerous to not tell your doctor about.  And as with any drug, they can have side effects.

Daily nasal irrigation may encourage sinus infections

A brand new study out shows that using sinus rinsing as a prophylactic may actually have the opposite effect of increasing your rate of sinus infections.  Significantly.  As much as 50-60+ % more sinus infections. 

They did not test efficacy of using sinus irrigation when you actually have a cold or sinus infection so until hard data is out there, it may still be okay. 

Long-Term Neti Pot Use May Backfire

Sunday, November 22, 2009

iPhone worm: warning to rooted android users

As I recently wrote about the security issues with rooting your android phone.  Fortunately, this should spark some discussion about how to securely jailbreak or root your phone.

BBC NEWS | Technology | Worm attack bites at Apple iPhone

Wednesday, November 11, 2009

Securely rooting your HTC Hero

The best guide I found for reliably getting root access to your android HTC Hero device is here:  How To: Root Your CDMA HTC Hero (Sprint/Verizon) | The Unlockr

However, as a security guy, I notice that none of the guides discuss anything about the implications of the process from a security perspective, so I will add a bit of extra tips and observations and explain how it works.

By default, Android devices run applications as low privileged user accounts on the underlying Linux operating system.  If you have the application RoboTop installed, you can actually see the users that each process runs as.  For example, the robotop process and its child 'top' processes all run as 'app_60'.

This is a good secure-by-default design for the operating system, however there are some things that you must do as root to have enough rights at the OS level to complete your task.  For my case, I needed to be able to clean the /data/boot-cache directory to work around an annoying defect on the HTC Hero that was preventing application upgrades from persisting across a reboot.  Some applications (SSH server, I believe) also need to run as root.

But, Google does not provide any means for getting root access as an end user.  But the community has come up with all kinds of ways to get around this on various devices.  If you have physical access to a device, it is generally pretty easy to gain full access to it _somehow_.  In the case of the Hero, it essentially involves:

1. Running a Linux kernel exploit that allows you to run arbitrary programs as root.  Discouragingly, the program to do this is a binary with no source code.  But it is claimed to be based on this kernel bug:  Sprint Hero HAS BEEN ROOTED@! - Android Forums
2. Using the exploit to launch a shell as root. 
3. Using the root shell to create a setuid root shell so that you can gain root anytime in the future without the exploit.

However, there are some serious security implications of doing this:

1. The procedures don't tell you to delete /data/local/asroot2, so you end up leaving a program that can run arbitrary code as root on your system in a known location
2. The procedures have you create a setuid root shell as /system/bin/su.  However, this allows anyone or any application to run arbitrary code on your phone as the highest privilege user using a binary at a known location.
So, you may have root but you have absolutely no way to control it.  And applications that require root now expect to find a setuid root shell in /system/bin/su to gain root.  Any application can now do anything it wants, including replace parts of your operating system for whatever nefarious purpose (malicious, wireless worm, extortion, annoyance, etc.)

But, all is not lost.  You can get control back with the Superuser application.  I've read through the design and it sounds on the face of it to be a reasonable approach:  My Brain Hurts: Fixing the "setuid su" security hole on Modified Android RC30 Instructions on installing it and download of the files (source code is available as well):

The install.bat file did not work for me though.  I got a permission denied trying to write a file as a non-root user into /sysadmin/bin.  Actually, the low user privileges cannot write to many places on the filesystem.  Instead of copying the bin/su file directly, I copied it to /data/local/tmp and then _as root_ on the phone, I copied it into /sysadmin/bin and changed the permissions.

The next step is to first run the Superuser application on the phone so that it can replace the files and set the permissions properly to implement the protection.

After you do this, you will now get a visible request each time an application tries to execute /system/bin/su.  You got control and auditing back.

Oh, and what you also need to remember to do is delete /data/local/asroot2.  You don't need it anymore and it only makes your system vulnerable to keep it around.  If you ever needed it again, you can copy it back.

Friday, October 30, 2009

Colorpulse: Carl Sagan ft. Stephen Hawking "A Glorious Dawn"

This was played at the end of Reasonable Doubts podcast e55 and I loved it.  Had to find the high-fidelity version.  I think I might have my new ringtone...every call will be awe-inspiring.

Very cool trance mix with wonderful clips from Sagan and Hawking masterfully woven in.

Symphony of Science

Tuesday, October 20, 2009

Flash app to find Flickr photo set IDs

Very cool and handy.  I use it for drupal's Flickr plugin.

idFindr - Find your Flickr userids, groupids, photosetids

My first GreaseMonkey script now available

I just posted a greasemonkey script I wrote months back that I use all the time to make managing my Chase accounts just a bit easier.  I cleaned it up a bit and added some missing comments.  I decided later to switch to jQuery by referring to a remotely-hosted copy on so eventually I'll simplify things and rewrite what I can in jQuery instead but it works great!

Chase OFX downloader for Greasemonkey
Script Summary:
Automates OFX file downloads for every eligible account. One click to download all available OFX files one after the other instead of manually. Also adds useful features not present in the site, such as remembering the date you last downloaded

If like me you think that the chase online transaction download form could use a little help, you might enjoy this script.

1. It provides a button on every page that allows you to quickly go right to the download transactions page. Otherwise, you have to hunt around for this page.
2. On the download transactions page, it:
a) Automatically persists the last transaction download date and then reloads it next time you come back so that you don't have to remember the date you need to start downloading from.
b) Automatically sets the end date for transaction downloads to the current date.
c) Remembers the OFX file type you selected and reloads it automatically next time.
d) Most importantly, provides a "Download All OFX" button that you can use to download available OFX transactions from every account in the drop-down list. Multiple download windows will appear that you can click on one at a time and the transactions will then be opened in the application associated.

Saturday, September 26, 2009

Free west seattle wi-fi

Finally got a secondary wi-fi setup at home for guests, iPhone users, and neighbors who need to borrow it.  Like Bruce Schneier, I just think it's the neighborly thing to do.  Until now, I couldn't allow it because my main wi-fi needs encryption to keep interlopers off my LAN.  But, the secondary wi-fi is in a DMZ so all that is accessible is the Internet.

SSID:  hellohansenview


* Hansen View is the official name of my neighborhood.

Curious if anyone else out there vends open wi-fi for the interloper?

I've borrowed some neighbor's open linksys many a time to get info on the Internet when my DSL is down.  But these days, most are encrypted, which makes me sad.

Thursday, September 24, 2009

Obama does not go far enough with financial regulation

I work for a company that is 'too big to fail' and that is a scary prospect.  Here's another thing on the list that I don't agree with Obama about.  I like him a great deal, but don't think he's as progressive as he was billed...

Hopefully congress can see through this and will pass some decent legislation regarding overhauling the so-called PATRIOT act and other things that Obama has not taken a very strong stand on.

Volcker: Obama Plans Maintain 'Too Big To Fail'
A top White House economic adviser says the Obama administration's proposed overhaul of financial rules preserves the policy of "too big to fail," and could lead to future bailouts.

Former Federal Reserve Chairman Paul Volcker said Thursday that by designating some companies as critical to the broader financial system, the plans create an expectation that those firms enjoy government backing in tough times. That implies those financial companies "will be sheltered by access to a federal safety net," he said.

Monday, September 21, 2009

Why I hate my 2wire DSL modem

Recently, all Internet connectivity decided to stop working at home.  I tracked the problem down to my 2wire 2700HG-B DSL modem that was the more reliable of the two (my other is an Actiontec gt701-wg) that was just dropping packets into the ether somehow.  So, I put my Actiontec back in service briefly, only to be reminded of how flaky it was, stopping responding to even pings to the LAN interface every once and a while.  I ended up bricking the Actiontec in trying to do a recovery installation to it so I could clear out the flash completely to see if that would make it more reliable.

So, it was spend-5-hours-to-get-the-2wire-working-again.  Toward the end of the 5 hours, I asked myself why the WAN configuration was different, and I think that the 2wire (from AT&T; bought on ebay) did a firmware auto-upgrade on me and that hosed everything up so that it did not operate correctly with the same configuration as before.

So, I had to borrow some neighborhood wi-fi time to research how to get a similar configuration with the new firmware.  I succeeded in getting outbound Internet working at about 2am and left well enough alone.  It seems as if you can change a little setting and all of a sudden everything stops working.  Highly temperamental. 

But that left inbound Internet not working, which was okay for a few days.  I just decided to make an attempt (while I'm trying to obtain a motorola 3347 to replace it) to get inbound Internet working again even with a sub-optimal configuration.  I was not able to get the routed subnet to work at all inbound.  The firewall on the 2wire just does not work right inbound.  Even if I set it to disable the firewall inbound for the routed subnet, no packets come into the LAN.

So I abandoned the routed subnet and went with a sub-optimal SNAT configuration, along with editing routing the public IP to an internal IP.  Which still didn't work because the stupid firewall on the 2wire still did not allow packets to come in even in DMZplus mode.  So, next step was to do port "pinhole" configuration in the firewall to allow the services I wanted inbound.  Okay, that works.  This all of course required me to first wait forever for the local LAN device to be magically re-detected by the 2wire so that I could actually configure the IP allocation and firewall settings...  Why, oh why, can you not just manually specify what the stupid IP address is you want for the local device?  Auto detection is not easier if it does not work as expected or is not reliable people!

The most ridiculous thing was then that the 2wire seems to do SNAT not only inbound, but outbound as well!  So when it sees a packet come from a host behind the firewall with a private IP, like, that it NATs outbound to a public IP, say, it actually SNATs the packets before applying the firewall rules so it turns the outbound packets into requests _from_ -- totally munging up the distinction of LAN/WAN IPs and preventing any meaningful ability to configure rules to allow traffic to route out to the public IP but back into the LAN device from the intranet.  You see these fun messages int he event log:  "IP Source and Destination Address are the same, Packet Dropped"  Just dumb.

So back in to configure additional SNAT and routing rules with a virtual interface to prevent packets from leaving the LAN and being dropped by the 2wire.  Ugh.
  • Destructive auto-update
  • Inflexible firewall
  • Inflexible NAT/routing (and doesn't even work right)
  • Occasionally stops responding to packets on the LAN interface (but still on the WAN interface)
  • Inflexible addressing options for wireless, etc.

Sunday, September 6, 2009

Study: Who Causes Bicycle Deaths? (90% of the time, motorists)

The Daily Dish | By Andrew Sullivan
Who Causes Bicycle Deaths?

What the Internet knows about you - scary

This site is a demonstration that makes use of CSS and/or javascript tricks (noscript will not help you) to show the kind of information that your browser leaks about you, if someone was to want to look for it.

e.g. if a site wanted to see if you had visited their competitor's sites, they could use this technique to peek into your browser history.  Or maybe they want to see if you've ever been to a popular pr0n site.  Or maybe your employer wants to see if you've visited wikileaks, etc.

What the Internet knows about you

Tuesday, August 18, 2009

Eerie similarities to Grisham non-fiction book with Georgia case

Scalia's Right, It's All Perfectly Legal to Kill An Innocent Man | Crooks and Liars

So, the supreme court is not getting involved with a case where a man in Georgia is likely able to prove his innocence even though he will end up being wrongly put to death.  This case sounds so eerily familiar to the true story The Innocent Man.  At least there was some actual dissent among the justices on this one.

What is it with the south and wrongful convictions though?  Grisham's book was about a case in Oklahoma where their appellate courts almost rubber-stamp-ignored the attempts to hear the exonerating evidence for decades.  The man was finally saved hours before he was to be put to death.

Thursday, August 13, 2009

Glenn Beck Zaniness continues

This is one of the most popular videos now on Youtube where Glenn Beck dons his tinfoil hat and claims a conspiracy theory about the government taking over your PC for participating in the 'cash for clunkers' program.  Here's my response:

Actually, I looked into this and it is known that Glenn Beck is not the most credible source on a lot of stuff, and it turns out this is no exception:

For the real wacky Glenn Beck, check these out:
He goes on an insane rant against one of his callers:
He tries to defend his insane rant above:
He's a global warming denier:
Glenn agrees that what the US needs is another attack from Al Qaeda; that 'the only hope for the country was for Osama Bin Laden to "deploy and detonate a major weapon in the United States." ':
Glenn calls Obama a racist (sounds like Rush Limbaugh):
Which sparked a campaign to get advertisers to pull out from his program.  Many have, including GEICO, Men's Wearhouse and others:
Just bizarre full-on crying on air:
Glenn jokes about putting poison in Nancy Pelosi's wine:
Glenn boasts about how he brought a gun to a movie:

He's also part of a vocal extremist minority of "birthers" and "deathers" who are spouting insane conspiracy theories and stirring unrest against the president that may well lead to violence by the crazy factions of our society.






From: Brian
Sent: Thursday, August 13, 2009 4:06 PM



This is very interesting
Scarey stuff.  A friend told me about this earlier but I hadn’t seen it on the air.

DO NOT EVER, EVER, EVER, ! ! ! ! !  go to  <> until you watch this video from FOX news.  This is the scariest takeover of our lives the government has ever tried.  The Obama "Car Czar" is at work.



Be sure to let everyone on your email list know about this ASAP

Tuesday, August 11, 2009

One car show I'm not sad I missed

Cruising for Jesus.  California's biggest Christian car show!

Of course, NO ALCOHOL.

Monday, August 10, 2009

Latest entry in the horrible UI category

There are some companies that just should not be allowed anywhere near a UI.  Sun Microsystems, Oracle, and of course PeopleSoft (now part of Oracle) to name a few.

Case in point is PeopleSoft (Oracle)  I happened to need to report some vacation time and noticed this gem that made me read the logic several times to make sure I chose correctly:

Okay, 99.9% of all other UIs would have the logic 180 degrees opposite of this (choose OK to continue, Cancel to go back).  But why be conventional when you can be obtuse?

Sunday, August 9, 2009

Palin haiku entries

I posted three, with a theme of trying to use her own words to answer the question.
Palin embodies
"Politics as usual":
Cash in while you can
Governing is hard.
It's much easier to take
"A quitter's way out"
"Let me tell you...I'm"
"A maverick...nuc-u-lar"
"Hockey know"
Left Take:: $20.09 HAIKU contest: Why Sarah Palin is a jackass
Let's try something new -- a "haiku" contest.

$20.12 for the "best" haiku, spelling out why Sarah Palin is a jackass. Awarded at 5pm (eastern) Friday, August 14th.

Saturday, August 8, 2009

Prediction: 'Persecuted Christian' propaganda chain email fodder

There are so many lying, hypocritical fundamentalists, why, I can hardly keep track of them all. But let's start today with former Navy Chaplain Gordon Klingenschmitt, since his fabricated tale of woe has made him such a favorite of fundies sunk deep in their persecution complex

10 things Obama did wrong on health care

Pretty much sums up my impressions, although I've been out of the loop while on vacation.

Ten Things Obama Did Wrong on Health-Care Reform | Crooks and Liars

"Uncle Sam" billboard spouts Birther nonsense

I noticed on my way back from California today that the right-wing "Uncle Sam" billboard had a birther conspiracy theorist saying on it.  I was driving and my wife was asleep, else I would have gotten a photo.  The caption read:
"Where's the birth certificate?"
Ugh.  Idiots.

Map - Right-Wing Uncle Sam Billboard, Chehalis, WA

Thursday, July 23, 2009

Evidence-based government succeeds in West Seattle!

Wow.  I like actually seeing a decision based on hard data and seeing that there is some sanity (not just revenue lust) that goes into parking designations.  We need more governing like this.

West Seattle Blog… » Bulletin: SDOT says no paid parking for The Junction

President Carter courageously "sever[s]...ties with the Southern Baptist Convention" over women's rights

President Carter is joining onto the new enlightenment that I hope continues.  Gay rights awareness, a black president, women in high positions in government, increasing numbers of those unaffiliated with any religion, etc.

I ask again why any self-respecting woman would associate herself with such misogynistic organizations as these religions who have nothing but contempt for them?  Even Catholicism which subjugates women to inferior roles within the clergy should have scorn heaped upon it.  Although there are far worse religions that still even have the marriage vow where the woman pledges to obey her husband (but of course it's not bidirectional...)

I'll also point out that it wasn't until the late 1970s when rape by your own spouse was considered a crime. (thank you Law & Order for pointing out this sad fact).  It actually took longer for this to be recognized in all states.  Most of the 'bible belt' states held onto some notion of exempting spouses from such laws.  Oh, and it should be pointed out that the much-touted Ten Commandments don't say anything about rape but do say lots of other things like boiling goats in their mother's milk which we all know is much more heinous.

These are the best quotes from the article (my emphasis added).  Enough said.

Losing my religion for equality |
This view that women are somehow inferior to men is not restricted to one religion or belief. Women are prevented from playing a full and equal role in many faiths. Nor, tragically, does its influence stop at the walls of the church, mosque, synagogue or temple. This discrimination, unjustifiably attributed to a Higher Authority, has provided a reason or excuse for the deprivation of women's equal rights across the world for centuries.

At its most repugnant, the belief that women must be subjugated to the wishes of men excuses slavery, violence, forced prostitution, genital mutilation and national laws that omit rape as a crime.

We have decided to draw particular attention to the responsibility of religious and traditional leaders in ensuring equality and human rights and have recently published a statement that declares: "The justification of discrimination against women and girls on grounds of religion or tradition, as if it were prescribed by a Higher Authority, is unacceptable."


The carefully selected verses found in the Holy Scriptures to justify the superiority of men owe more to time and place - and the determination of male leaders to hold onto their influence - than eternal truths. Similar biblical excerpts could be found to support the approval of slavery and the timid acquiescence to oppressive rulers.


It wasn't until the fourth century that dominant Christian leaders, all men, twisted and distorted Holy Scriptures to perpetuate their ascendant positions within the religious hierarchy.

The truth is that male religious leaders have had - and still have - an option to interpret holy teachings either to exalt or subjugate women. They have, for their own selfish ends, overwhelmingly chosen the latter. Their continuing choice provides the foundation or justification for much of the pervasive persecution and abuse of women throughout the world. This is in clear violation not just of the Universal Declaration of Human Rights but also the teachings of Jesus Christ, the Apostle Paul, Moses and the prophets, Muhammad, and founders of other great religions - all of whom have called for proper and equitable treatment of all the children of God. It is time we had the courage to challenge these views.

Sunday, July 19, 2009

My New Concoction: The Adele Claire

You loved her as a baby...Now, from the makers of the Adele Claire baby, comes a refreshing summer drink.

Our master mixologist (me) has been hard at work devising a drink worthy of the name Adele Claire and now it has arrived!
  • 2 oz Gin (preferably an aromatic such as Tangueray 10 or Bombay Sapphire)
  • 2 oz Pineapple juice
  • 1/2 oz fresh lemon juice
  • 1/2 oz simple syrup
  • 3 fresh sage leaves
Combine all in a cocktail shaker with plenty of ice.  Strain into a martini glass and be sure to grab the sage (floats to the top of the shaker) for garnish and extra flavor in each glass.

Monday, July 6, 2009

Untrue email indicators (enhanced)

I found myself writing an enhanced follow-up to a previous blog posting on the indicators that correlate to the likely falsehood of a chain email.  In my experience on the Internet, there are many factors which _negatively correlate_ to the truthfulness of a chain email message (meaning, the presence of one or more of these factors only increases the probability that the content is bunk). I could likely write a program to analyze emails for these factors and identify about 100% of chain emails:
  • Font size > 12 point (less true the larger the font size)
  • Forwarded so many times the original email is 4 or more levels below the most recent email
  • The message forwarded to a number of recipients without the forwarder adding anything substantive as commentary (ratio of forwarded text to added text very high)
  • Ratio of exclamation points to periods.
  • Multiple colored text in the original email
  • Number of recipients in the forwarded email
  • Any urging in the email to 'keep this going' or 'pass this along to everyone you can'
  • Links to snopes in the original email (often not even to the right topic) or an assertion in the original email that it was 'checked on snopes'

Sunday, June 7, 2009

My Favorite Geek Gadgets, Part 1

I often get asked about recommendations for various things and have been meaning to write up my absolute favorite devices for some time. I finally got this done so enjoy! If I think of other devices, I'll write follow-up articles.

Cowon D2 with 16 Gb AData SDHC memory card

This is my media player.  I think it blows away most all on the market, although things are always changing.  There isn't a perfect device out there but this came about as close as possible.
  • 52 hour music playback time
  • 10 hour video playback time
  • Gorgeous audio quality
  • No moving parts -- perfect for those with a propensity to drop their mp3 players
  • Very compact
  • Upgradeable storage
  • Bookmarks
  • Plays almost everything, including WMA DRM audiobooks.
  • Firmware updates, active user and hacking community, and even a RockBox implementation!
The screen is small, but it is big and bright enough for my uses.  The primary downside is the requirement to convert videos to fit on the device (there isn't enough CPU power to downconvert on the fly)

Motorola S9-HD bluetooth headphones

I started out with the original S9 headphones because they were simply the best out there on the market in terms of style and audio quality.  But they are notorious for a terrible design flaw where the touch-sensitive buttons are also moisture-sensitive and prone to just stop working after a few months, especially if you work out in them.

However, Motorola's RMA department was quite smooth and when I suggested (thanks to numerous postings online from other people's experiences) that the problem was endemic to these that perhaps they should replace with the S9-HD, they obliged!  They appear to have fixed the touch-sensitive button design and went with a traditional press button (which has other problems if you try to wear them and a snowboarding helmet at the same time), but they work flawlessly!  The sound is even better.  They can pair with many, many devices at the same time.  I pair them with my computer to play video games and use them as wireless headphones, with my cell phone, and with my media player (via the Jabra device below).

They have the feature where if they are paired with your phone and music player at the same time, they will seamlessly switch to your phone if you get a call and then switch back when you hang up.

I can't say enough good things about these now.  The only downside is that, according to the manual, the battery is not user-replaceable and is only good to 400 charges.  So, this may not be your everyday headphones unless you want to buy new ones in a year.  Also, the battery life is better than the S9 but still not stellar.  Be prepared to charge them after using them for 4-6 hours.

Jabra A120s Bluetooth Music Adapter

I bought this on ebay for a steal of a deal.  I wanted a generic, bluetooth transmitter to use on anything with a regular stereo headphone jack.  I use them with my media player, and have also used them with other devices.  The transmission strength is impressive, although its generally a good idea to keep them within 20 feet of you.  I put this with my D2 in my hydration pack and have no cutouts at all when biking.  Also, when I go to the gym, I leave my player on the floor while running on the treadmill, etc. with no cutouts.  And no wires to get in the way!

These are rechargeable via USB -- a very nice feature.  It is really tiny and amazingly light.  The pictures online are all bigger than the device actually is.  It also comes with velcro so you can stick the device to your music player.  The audio quality is _excellent_ which is another criticism of a lot of the players out there.

Philips SHS8000 Earhook Headphones

For everyday music listening, I switched from Sony earbuds to a set of Philips earhook design.  I liked the Sonys, but the cord was too short and required attaching a heavier extension (included) to get a reasonable length.  The Philips are at least as good, if not better, for audio quality.  I find the earhook design more comfortable than the Sonys, but unlike the Sonys, you cannot convert them to non-earhook style.  The only problem I've had with them is probably my fault -- the wire attachment at the phono jack is very delicate and I made the mistake of wearing them to sleep once or twice and ended up breaking the connection inside the jack.  I'm on my second pair now (purchased on ebay from Hong Kong for ~$20 including shipping) and am sure to use a sacrificial pair for nighttime.

Canon MP970

I really am tired of HP owning the printer market and their tactics with their toner.  But these days you can get aftermarket toner that is just as good for much less.  So, I was considering another HP.  But then I discovered the MP970 at an awesome price with more features and quality and individual ink wells than you can shake a stick at and had to have it.  My main concern was that Canon is unapologetic about not supporting Linux drivers, but I don't print from Linux much anyway, and there is progress being made in reverse-engineering the ethernet protocol so drivers are on the horizon. 

A main beneift of this printer is that it is trivial to share on the network by plugging it into my home LAN.  And it is now my print server (no more need to manage a CUPS print server to share out otherwise unsharable HP printers...)

This printer has superb print quality, has a high-capacity feed tray, is super easy to set up (don't even believe them when they tell you to set it up via USB before connecting to the network. You don't need to), has network and print server support built in, makes network scanning a snap, the software for windows is quite good, has duplex printing, individual ink wells with electronic ink level management, is really, really quiet when printing, etc.

Only possible downside is that it has a rather large desktop footprint.  But its nice looking so I don't find that a problem.

Logitech MX Revolution Wireless Mouse

I got this on an awesome sale at Best Buy.  It comes with a battery charger base so no more AA batteries thrown in the trash.  The battery life is phenomenal and has a warning to tell you when the battery is low.  The design has a great feel, is ergonomic, lightweight, portable.  It also has some great features for the scroll wheel feedback (click or free-spin) that are nice.

Main downside for this mouse is that Logitech drivers are notoriously buggy.  I would definitely just install the drivers that shipped with it and not upgrade them unless you have to.  Newer does not equal better.  They need some better QA on their drivers for sure.  I wish I had a second one for work...

Mio Digiwalker GPS

I bought this used from my friend Kevin and even without text-to-speech, it is absolutely invaluable.  It has a great feature I haven't seen in others (e.g. a Tom Tom I used once):
  • Announces moves coming up 1000 feet ahead and successively closer.  Great for unfamiliar areas.
It has some minor annoyances, such as poor battery life, and it gets confused sometimes with elevated roadways around here, and makes some questionable route choices, like telling me to exit left off of Hwy 99 where there isn't an exit, but it's often very similar routing to Google maps and is pretty easy to use.

It could be easier to add personal points of interest, but I found a way to do it fairly reliably.

And it has developed some sort of short that causes the screen to go white that I have to take apart to investigate.  But now I know some things to look for in the next device. down -- some alternatives

This is really unfortunate.  I hope it comes back. Was an excellent service.

For now, I'm using mininova or directly and having good luck.  Not sure if I want to take the time to update all my auto download feeds though or stick it out and hope makes it back online...

3 Alternatives to’s RSS feeds | OzSoapbox

Wednesday, May 27, 2009

Organic weed prevention? Not with Corn Gluten Meal

I've used this before and was considering it again as an alternative to Preen (a pesticide/herbicide) but found that there is no evidence that it does anything and actual evidence it makes weeds _worse_ because it contains 10% nitrogen.

Corn gluten meal did not prevent weeds from germinating in OSU study
Corn gluten meal is a natural substitute for a synthetic “pre-emergence” herbicide and has been advertised as a more environmentally friendly way to control weeds.

A pre-emergent herbicide is one that kills seedlings as they germinate. Pre-emergent herbicides generally have to be applied and watered in before weed seeds germinate. Other herbicides, such as glyphosate (e.g. Round Up) kill plants after they have emerged.

A by-product of commercial corn milling, corn gluten meal contains protein from the corn. It poses no health risk to people or animals when used as an herbicide. With 60 percent protein it is used as feed for livestock, fish and dogs. It contains 10 percent nitrogen, by weight, so it acts as a fertilizer as well.

The use of corn gluten meal as an herbicide was discovered by accident during turfgrass disease research at Iowa State University. Researchers noticed that it prevented grass seeds from sprouting. Further research at Iowa State showed that it also effectively prevents other seeds from sprouting, including seeds from many weeds such as crabgrass, chickweed, and even dandelions. Components in corn gluten meal called dipeptides are apparently responsible for herbicidal activity.
Corn gluten meal did not control any weeds in any trials under any circumstances over a two-year period. They found no evidence of pre- or post-emergence weed control in any of their trials. Because it contains 10 percent nitrogen, corn gluten meal proved to be a very effective fertilizer, causing lush, dense growth of turfgrass and of weeds in shrub beds.

Tuesday, May 19, 2009

Variable speed limit signs: Opportunity for evidence-based government?

Here's a challenge to WSDOT:  Are you willing to halt and reverse the variable speed limit signage deployment if, after a set amount of time, there has not been a significant reduction in congestion-related collisions?  Or, if the new signage actually causes more congestion or more collisions?

All too often the readerboards that give information on accidents seem to slow traffic down even more.

WSDOT - I-90 - Two-Way Transit and HOV Operations - Variable Speed Limit Signs
Tried and true on our mountain passes
WSDOT uses variable speed limit signs on US 2 at Steven Pass and on I-90 at Snoqualmie Pass to alert drivers to slow down during icy, snowy and congested driving conditions. Similar signs installed on European urban roadways incresed safety and decrease congestion-related collisions by 30% or more.

Human-readable privacy policies are good for everyone

I can't believe how many privacy policies are cut from the same tattered cloth and are written by corporate lawyers who are not concerned with people actually understanding them or in actually communicating the information that someone might be looking for in a privacy policy (CYA mode only).  I came across one that gets to the meat of the matters that should be important to anyone using an online service:
  • Who owns my data in your system?
"At, what’s yours is yours. Period. This Privacy Policy describes what little information we do collect from you (the “User”) as part of our web service (the “Service”), and how that information may be used and/or disclosed."
  • What are you going to collect and what are you going to do with it?
"Very little.  In fact, practically nothing.   You do not need to provide us with any personal information to set up free Drops. .... Although we know very little about you -- Drops are not totally anonymous.  When you visit our Service, some information is automatically collected, such as your computer’s operating system and browser type, version, and capabilities.  We also will track your Internet Protocol (IP) address and the time and date of your visit."
Now that is USEFUL information about data privacy that is understandable and I can get behind! privacy policy

The typical corporate privacy policy is typified by:
  • No information on the specific _service data_ that is being collected
  • No information on how the specific _service data_ is being protected
  • No information on how to view or correct or expunge information stored about you.
  • No details on the exact list of information collected about you.
  • Generic platitudes about SSL as the panacea for site security
  • Mostly irrelevant discussions of client-side cookies that are too generic or marketing-specific and not website or service-specific
  • Generic information about marketing data collection and emails
  • Only information about _website_, not software or service security (data is not contextualized; but the lawyers are happy because they have a checkmark in the box next to "Write Privacy Policy")
  • Focus too much on opt-out for marketing.
No wonder people don't care enough about their privacy.  They aren't able to understand what companies are doing with their data.

To be fair, the companies writing the policies (if they are big enough) probably don't really understand very well what is being collected or used so they are forced to write generic policies.  It's hard work to actually catalog and enforce customer data tracking and most companies don't think they need to do this, and customers enable they by not demanding this level of accountability.

Monday, May 18, 2009

Fire caused by sunlight

Wow.  Was just recalling how a mirror on the passenger seat of my grandparents' car burned a hole in the dashboard on a sunny day when I was a kid.  Was a reminder to not leave mirrors attached inside the vehicle (even though having one to watch our little cutie would be handy)

Sunlight, Water, Bowl Likely Cause Of Bellevue Fire - Seattle News Story - KIRO Seattle
BELLEVUE, Wash. -- Investigators suspect sunlight was the cause of a fire that destroyed a deck and kitchen in an east Bellevue home on Sunday, said Lt. Eric Keenan of the City of Bellevue.

A glass bowl partially filled with water elevated on a wire rack in a sunny area of the home’s deck provided the right conditions to focus the sunlight and start a fire, Keenan said.

The fire occurred shortly before 3 p.m. Sunday in the 17100 block of Northeast Fifth Street.

The homeowners were away from the house when neighbors noticed flames and smoke.

Bellevue firefighters were able to extinguish the fire without injuries, and the family dog was rescued, but damage to the home is estimated at about $215,000.

Monday, March 23, 2009

bang exploitable!

Very cool news about a fuzzer + ms debugger extension to not only do fuzz testing of software, but help weed out false positives.  Will be interested in trying this out and reading more about it.  Wonder if it works with  Or at least the unit-testable portions of code?

Kaminsky: MS security assessment tool is a 'game changer' • The Register

Sunday, March 22, 2009

The next creationist strategy?

Looks like at least one attempt at a new strategy for teaching shit as if it was science (creationism) is to get an education degree program accredited so that the Institute for Creation Research can churn out teachers that can infect the school system like viruses and eat children's brains from the inside out.  A Texas representative is trying a new tactic to get the degree program approved:  exempt the ICR from the rules created by the Texas Higher Education Coordinating Board that rejected the last attempt by a unanimous 8-0 vote.
Higher Education Commissioner Raymund Paredes said at the time that the institute's program, based on a literal interpretation of biblical creation, falls outside the realm of science and therefore could not be designated "science" or "science education."
This rep is making the tired old "fairness" argument, "Why are people who call themselves scientists afraid to hear two sides of a debate?" Berman asked Friday. 

Note to Berman:  Science is not a "debate".  It is based on facts and a rigorous methodology for evaluating those facts to approximate the truth as closely as is possible to make predictions about the natural world.  Creationism is not based on facts or a methodology at all. 

Little Green Footballs - Texas Lawmaker Backs Creationist 'Degree'

Sunday, March 15, 2009

12 Key Policy Decisions Led to Cataclysm

A new 231 page report outlines 12 key policy decisions that led to the current economic crisis.  Let's hope that some facts start to do a couple of things:

1. Stop the stupid right-wing chain emails that claim that this all rests on the Democrats and Fannie/Freddie.  There's plenty of blame to go around (Fannie and Freddie are # 10 on the blame list)
2. Stop the pundits that decry the "finger pointing" and hope to instead "move forward".  Excuse me, but I think that a report looking critically at pointing fingers at what got us in this mess is _kind of important_ to know how we get out of it.  Of course maybe those pundits just want us to "look busy" and "do some stuff" and hope it works.  I prefer evidence-based governing myself and the place to start is with the evidence for how we got in this mess.

Wall Street Watch
1. In 1999, Congress repealed the Glass-Steagall Act, which had prohibited the merger of commercial banking and investment banking.
2. Regulatory rules permitted off-balance sheet accounting -- tricks that enabled banks to hide their liabilities.
3. The Clinton administration blocked the Commodity Futures Trading Commission from regulating financial derivatives -- which became the basis for massive speculation.
4. Congress in 2000 prohibited regulation of financial derivatives when it passed the Commodity Futures Modernization Act.
5. The Securities and Exchange Commission in 2004 adopted a voluntary regulation scheme for investment banks that enabled them to incur much higher levels of debt.
6. Rules adopted by global regulators at the behest of the financial industry would enable commercial banks to determine their own capital reserve requirements, based on their internal "risk-assessment models."
7. Federal regulators refused to block widespread predatory lending practices earlier in this decade, failing to either issue appropriate regulations or even enforce existing ones.
8. Federal bank regulators claimed the power to supersede state consumer protection laws that could have diminished predatory lending and other abusive practices.
9. Federal rules prevent victims of abusive loans from suing firms that bought their loans from the banks that issued the original loan.
10. Fannie Mae and Freddie Mac expanded beyond their traditional scope of business and entered the subprime market, ultimately costing taxpayers hundreds of billions of dollars.
11. The abandonment of antitrust and related regulatory principles enabled the creation of too-big-to-fail megabanks, which engaged in much riskier practices than smaller banks.
12. Beset by conflicts of interest, private credit rating companies incorrectly assessed the quality of mortgage-backed securities; a 2006 law handcuffed the SEC from properly regulating the firms.

Open Letter chain email rebuttal: "Fw: WHY ARE WE BANKRUPT?"

Oh, got another stupid retread of a retread of a chain email that I had to debunk.  Posting to the inter-tubes for the benefit of others.  It seems that when you google shit like this the results tend to be topped with people reposting and rarely with posts intelligently analyzing the statements.

This one was particularly hilarious because if you actually read the sources cited, they tend to contain plenty of information that debunks their own claims!


From: Jason Axley <redacted -- die-spammers-die>
Sent: Monday, March 2, 2009 6:33:13 PM

"Why isn't this in the papers?"  Because it is chock full of lies and distortions (i.e. it's not true)!  Oh, there are so many things wrong with this that I will point out just a few things.

The first to point out is that you absolutely cannot rely on the claimed "fact-checking" of chain emails.  Unless this was written by your buddy bikemick (it wasn't), and he was the one who did the fact-checking (he didn't), then you are still passing along likely false information.  And much (if not all of this) is false, which implies that probably most of it is false -- no matter how much it agrees with your preconceived notions.  DO YOUR OWN FACT CHECKING or just delete these if you won't be able to vouch for the veracity of the claims.

Let's just start at the beginning.  1.  $11 - 22 billion is spent on welfare for illegal aliens each year.  And they cite a supposed source to back this claim up (which actually then cites another source which DOES NOT back up the data).  The latest data in the study cited is from 2001 and shows 8,274,240,000 (8 billion / year).  The fact that they gave a range of x - 2x should have been a red flag to start with (don't we know these things exactly?)  They wanted to make you think it was high when it isn't that high.  Especially when compared to native and legal immigrant use of welfare, which is respectively 21 times and about 4 times higher than that (or 174 billion and 30 billion respectively)

The bogus figure comes from "FAIR, which has faced bipartisan accusations of airing "racially inflammatory" anti-immigration ads with another group, the Coalition for the Future of the American Worker."

I also thought you would find it illuminating to consider placing blame on the companies and industries that _hire_ illegal immigrant laborers.  Supply and demand folks, and with a complicit government that looks the other way to support business, you get what you get.  Instead of villifying "illegals" who are just trying to feed their families, if you really want to get to the bottom of these problems, you should look at solving the market-driven problem with a market-driven solution.

From the very study that was (misquoted by the first citation below):
"If such businesses can only survive by paying poverty-level wages, creating huge costs for taxpayers in the form of welfare payments to their workers, then maintaining such an industry makes little sense. Welfare payments to low-wage workers represent a large subsidy to business. For example, if taxpayers provide health care in the form of Medicaid, then employers do not have to provide health care. Of course, employers find this a very desirable situation. Employers do not see the costs of Medicaid because they are diffuse, borne by all taxpayers, while employers have a very strong incentive to keep down their labor costs by keeping immigration high. By providing workers with welfare and other means-tested programs, taxpayers are in effect paying part of the salary for these workers. Like any business receiving subsidies, those who use unskilled labor will try very hard to retain them. The fact that some businesses wish to retain this subsidy cannot, however, justify the costs to taxpayers, or the reduction in wages for the poorest American workers. "

Additionally, the title of the CIS study cited below?  "The High Cost of Cheap Labor"  Right.  They are pointing out that this is an economic problem created by a market that is working the way markets work with little oversight from the government.
The most damning problem of the "facts" below is that they are split out individually, then added up again (double, and maybe even triple counted).  So the "total" is utter bunk.  The CIS study being cited actually contains a realistic figure for the TOTAL:  "Households headed by illegal aliens imposed more than $26.3 billion in costs on the federal government in 2002 and paid only $16 billion in taxes, creating a net fiscal deficit of almost $10.4 billion"  That's right -- a whopping net of 10.4 billion.  Not 338 billion.  Their data rightly subtracts the $16 billion paid in taxes by illegals.

This email has been on the Internet for years and is now making another round as some sorry person has decided to edit it to make it "current" with the economic crisis at hand.  More debunking here:


----- Forwarded Message ----
Sent: Sunday, March 1, 2009 9:27:04 PM

This is astounding and infuriating.  Why isn't this in the papers? Please read and pass it on. 

You  think  the war in Iraq is costing us too  much?    Read this:
Boy,  was I confused.  I have  been hammered with the propaganda that it is the Iraq war and the war on terror that is bankrupting us. I now find that to be  RIDICULOUS.
I & nbsp;hope the following 14 reasons are forwarded over and over again until they are read so many times that the reader gets sick of reading them.  I  also have included the URL's for verification  of  all the following facts.
1. $11  Billion to $22 billion is spent on welfare to illegal aliens each year by state  governments.    
Verify  at:
2.    $2.2 Billion dollars a year is spent on  food  assistance programs such as food stamps,  WIC, and free school lunches for illegal aliens.
Verify  at:
3. $2.5  Billion dollars a year is spent on Medicaid for illegal aliens.
Verify  at:
4. $12  Billion dollars a year is spent on primary and  secondary school education for children here illegally and they cannot speak a word of  English!
Verify  at:
5. $17  Billion dollars a year is spent for education for the  American-born children of illegal aliens, known as anchor  babies.
Verify at
6.   $3 Million Dollars a DAY is spent to incarcerate illegal  aliens.
Verify at:
7.   30% percent of all Federal Prison inmates are illegal aliens.
Verify  at:
 8.   $90 Billion Dollars a year is spent on illegal aliens for Welfare & social services by the A merican taxpayers.
Verify  at:
9.   $200 Billion dollars a year in suppressed American  wages are caused by the illegal  aliens.
Verify  at:
10.   The illegal aliens in the United States have a  crime rate that's two and a half times that of white  non-illegal aliens.  In particular, their children, are going to make a huge additional crime  problem in the US  
Verify at:
11.  During the year of 2005 there were 4 to 10  MILLION illegal aliens that crossed our Southern  Border also,  as many as 19,500 illegal aliens  from Terrorist Countries.  Millions of pounds of  drugs, cocaine, meth, heroin and marijuana, crossed into  the U. S from  the Southern border.
Verify at: Homeland Security  Report:   12.   The National  policy Institute, estimated that  the total cost of mass deportation would be between  $206 and  $230 billion or an average cost of  between $41 and $46 billion annually over a five  year period.'
Verify  at:
13.   In 2006 illegal aliens sent home $45 BILLION in remittances to their countries  of origin.
Verify  at:>
14.   'The Dark Side of Illegal Immigration: Nearly One  million sex crimes Committed by Illegal  Immigrants In The United  States  .' Verify  at: http: // <http://ww> 


Saturday, March 7, 2009

Do you know your different precipitations?

I think that right now it is sleeting in Seattle.
  • Freezing Rain:  supercooled raindrops that freeze instantly when they hit the ground or other objects
  • Hail:  snow and rain in the upper atmosphere mix due to updrafts and accumulate into large pellets that fall to earth when the updraft can't support their weight
  • Sleet:  Partially-melted snow that freezes again on the way down and falls as visible pellets.

Precipitation: hail, rain, freezing rain, sleet and snow

Sunday, February 15, 2009

Face recognition biometric security badly broken

It was only a matter of time that this would be broken.  If you have one of these laptops that uses this software, you should disable it.

My guess would be that just a simple webcam is not going to be able to get enough information to be able to tell the difference between a fake 2-d picture of an individual and an actual 3-d person.  They probably need some sort of additional 3-d scanner that samples depths on a face as well or similar technique. 

The hack seems to rely on faking the image comparison algorithms since ultimately these systems are storing the original facial image and using image processing on it.

Researchers Hack Faces In Biometric Facial Authentication Systems
"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function."

An attacker can edit and adjust the lighting and angle of a phony photo to ensure the system will accept it, according to the researchers. "Due to the fact that a hacker doesn't know exactly how the face learnt by the system looks like, he has to create a large number of images...let us call this method of attack 'Fake Face Bruteforce.' It is just easy to do that with a wide range of image editing programs at the moment," they wrote in their paper.

Facebook privacy settings to minimize ridicule and embarrassment

This is an excellent guide to the kinds of things that you may or may not be familiar with as possible sources of embarrassment on Facebook, or even just if you want to have more control over people monitoring you.  But you do have control over these things.  I might suggest the relationship one for many people -- so that you only post to your profile relationship status changes that you really want to broadcast.

Facebook | 10 Privacy Settings Every Facebook User Should Know

Saturday, February 14, 2009

Untrue email indicators

After sending out the umpteenth rebuttal of a demonstrably untrue email this week, I thought of at least two things that are negatively correlated with the truthfulness of the contents:
  • A claim by the author of the chain email that they "verified this on snopes" (with or without a link to snopes).  Note, this is a claim by the chain email author, not your friend who just forwarded it to you.  I have seen not only just the generic claim of verifying on snopes (without citation), but also an erroneous link to content on snopes that actually _refutes_ the content being peddled.
  • Pleading by the author to "send this to everyone you know".  Again, this is done by the anonymous or pseudonymous author of the untrue content, not your buddy who sent it to you.