Woody’s B-Day

0 minutes, 15 seconds

I had a lovely time tonight celebrating my friend Bill’s birthday. Happy birthday Bill!

Here’s a photo; be sure to click through to see them all:

B-Day Dinner Fun

As well as two videos from the night. You had to be there:

http://vimeo.com/27804406 http://vimeo.com/27804529

Raise my taxes, please

0 minutes, 36 seconds

As we all know, there’s been a lot of movement in all levels of government around budget cuts instead of tax increases. I was inspired to make today’s post after reading Mr. Buffet’s op ed in today’s Times. Those of you that know me know that Warren and me are not anywhere near the same tax bracket. However, I feel we’re severely short changing our future by defunding critical programs. Having less social services, poorer quality health care and, pun intended, dumbed down education system won’t make us a richer country in the long run. Though I’m not sure I fully agree with the Nordic Model, there’s one aspect I do agree with. I think we should raise taxes, yes for the rich, but across the board as well .

Raise my taxes, please.

How much should you trust the cloud?

0 minutes, 57 seconds

Recently there was quite a bit of hubulub about Dropbox allowing everyone’s account to be accessed by anyone for 4 hours. This is bad, obviously. The guys over at Securosis got it right in their response. However, y’all should have known already to encrypt anything in the cloud if you were reading this here fine blog back in aught nine.

I clearly do not trust cloud, or really, any services online (I also take issue with “the cloud” being synonymous with “online”). The few online services I do use, I follow extremely good password practices. For example, my gmail password being over 20 characters of which I don’t know even know. Really, we should all be using two factor authentication to really lock things down.

I’m still quite concerned with a scenario where gmail is hacked site wide (not per use phished or even “whaled”). There’s nothing you can do in this scenario to protect yourself. How expensive in time, and potentially, literal money, is it worth to have a free service like gmail at the point it gets hacked? I’ve asked the same question myself and have even priced out other hosted, dedicated email services, free or no.

So, the point of this post is A) Nya nya, I told ya so and B) be safe!

Level Up to Bees Knees

1 minute, 52 seconds

So, y’all remember how much I loved American Born Chinese? Mr. Yang’s latest is Level Up and I just finished it. It’s great! Not quite as good as ABC, but it stands on its own.

There were a couple things about this book that resonated with me. The first is the addictive behavior of a young kid playing a video game. And not just any video game, but the video games my generation grew up on: NES, Super Mario Brothers, Zelda and the like. I actually wasn’t that good at these games back in the day, but I wasted hours down at Freeway Variety, the local five and dime store, watching my friends play (oddly the only mention of Freeway online is the glossary for a movie from some guys who grew up in my “hood”). To this day there’s still a few friends who I can say, “Elf needs food” and they’ll finish the saying with, “badly!”.

The second thing that resonated with me was that at that age, I read a lot of comic books. I would go to Comic Relief (clearly I haven’t been in a while, I just found out they’re closed, R.I.P.), go around the corner and by two slices from Arinell Pizza (it was 1/2 the size back in my day. Really!) and sit and read comics. That same night I’d go home and read every comic I’d gotten that day. Then I’d re-read them. How does this tie into Level Up? Well, I just couldn’t wait to start, let alone finish, the graphic novel, so I sat and read it as fast as I could, just like back in my salad days. Just like the protagonist in the book and his video games.

One big difference between eating Arinell’s pizza or 10 rolls of Smarties ’til I’m sick while I read comics and graphic novels, is now I’m all grown up! I can have adult drinks while I read. Ya know, like Bees Knees! My wife recommended a recipe from Not without Salt. Bees knees are tasty! Oddly, I think I might try the next ones with a bit of rosemary:

  • 2 oz gin
  • 3/4 oz Honey Syrup
  • 1/2 oz Lemon Juice

NWOS suggests doing the honey syrup like simple syrup: 1 to 1 of honey to water, bring to simmer, let cool and use. However, I cheated and just did the 1 to 1 measurement using piping hot water, and then stirring the bejeesus out of it. Worked fine and no dirty pan.

Meego 1.2, Meego Laptop and a MacBook Air

1 minute, 40 seconds

As many of you know, I’ve had an on again, off again, and then on again affair with Meego. I love that lil’ guy! You may have expected me to be quite excited about the recent release of Meego 1.2, including a netbook refresh. Since I was running Meego on a netbook, you may have then also expected me to be super excited about the very recent announcement of the ASUS Eee PC X101. This is a 2lb laptop that runs Meego and is expected to cost $200. Sweet!

However, as you may have guessed from the title of this post, I’m not running Meego any more. I’m running OS X on a MacBook Air 11″. I had crossed the threshold of tinkering around on a laptop, to wanting to commute with one every day. Indeed, 2lb was my sweet spot for a laptop. I wasn’t that stuck on the OS as my apps are all cross platform enough. I seriously considered many different netbooks and then the MacBook Air came out. The 11″ was just over 2lb, included a full size keyboard, had a 1366 x 768 screen and a 5 hour battery. It was also insanely small. For a relative paltry $1000, there was simply no laptop, regardless of OS, that had had all of the above features. Period. Though I think the new Eee X101 will be very cool, it lacks the screen resolution of the Air. I briefly considered the Sony Vaio X (no longer available) which met all my requirements, but it was a pretty penny to pay for an Atom processor.

“But if you want something super light, what about a iPad?”, you ask? I do agree, an iPad’s insanely long battery life coupled with 1.3lb weight has some handy uses: a cross country plane ride, long regular commutes where you want to read the news and browse email or need a super light weight video conference rig. But what about when you want to run an IDE? What if you want to compose a 3 page (7,500 character) long email? What if you want to flip back forth between the 3 browsers you have open to check how your code renders? The answer is clear: you need a laptop.

I’ve been super happy with my Air and I wish the best of luck to Meego.

Oil, Water and tasty Vodka

0 minutes, 36 seconds

Well, OK, not all three together. First up, while doing dishes some hot water hit some congealed butter at the bottom of a Pyrex. The butter melted, but not into tiny particles, but into larger circles. It was memorizing. Well, it was for dorks like me, have a looksee:

http://vimeo.com/23070136

Now on to the tasty Vodka. This is slight variation on the standard Cosmo:

  • 1 part Imperia vodka
  • 1 part Cointreau
  • 1 part cranberry cocktail
  • Juice from 1/2 a small lime

The best part? I’d tried to do the same with tripple sec and a lemon the night before and my super cool wife bought me the right proper Cointreau and a lime. I came home to find this (see first pic) which I had to make into a tasty drink using the above proportions:

Why should I cut up my credit card?

1 minute, 2 seconds

Recently, some one got a hold of my card and was making fraudulent charges on it. My card company was Johnny on the spot and called me to verify the charges (side note: I had no way of verifying they were who they said they were, so they did the right thing and told me to call the number on the back of my card. You can’t be too vigilant!). When I finally got a rep. on the line, they canceled my card and sent me out a new one. Done deal.

But then they tell you, “cut up your card”. Why? If the number was stolen and we’re de-activating it so it can’t be used again, why cut up the card? In fact, why would you ever cut up the card? I guess if you think that cutting it up an active card will stop you from using it, then you should do a good job and cut it real good. But otherwise, I can’t think of a reason. My 5 minutes of googling didn’t find an answer either.

Do any of my faithful readers have an answer?

Update: There’s some good discussion below, but more notable is my comeuppance! After writing this post, I got not, one, not two, but three copies of my new card. Now I have the need to trash three credit cards that are all not canceled. Oh the horror!

How to spam this blog

1 minute, 40 seconds

As a follow up to last week’s post (How to comment on this blog), this week I bring you the results of the no-captcha test.

After much spam slipping through reCAPTCHA, I decided to nix a captcha all together. Originally I thought that just requiring a field via javascript and doing no server side checking would work. This was silly of me, of course. The spammers, having the source code of WordPress, would just blindly submit a comment to any post, bypassing any client side JS checks I had in place.

The fix was to create a field that was not known to spammers like the reCAPTCHA is. Further, if it is appended via javascript, then it is even harder to automate. I wrote the simple-math plugin (have a copy!) and implemented it as follow:

  • Turn off reCAPTCHA
  • Add a field via javascript
  • Ask a simple math question, validated in client side JS
  • Only validate that the field exists, not that the math is right, on the server side

The jury is, and I’m fully vindicated. Here’s the stats:

Hits Comment
Attempts
Comment
Succeses
Attempts
per
Visit
Defense
Success
Rate
Feb 6th-12th 1191 57 17 4.79% 70.18%
Feb 12 11pm – Feb 13 10am 58 20 13 34.48% 35.00%
Feb 13th-Feb18th 1204 132 0 10.96% 100.00%

#spamstats td, #spamstats th {padding:4px;margin:5px}
#spamstats td {text-align:center;}
#spamstats tr:hover {background:#ccc}

The important thing to note is twofold. The first is that the average number of raw hits (excluding me, yahoo and google) was the same week to week. Further, the number of attempts went up 200% of which 100% were thwarted (Defense Success Rate). Again, I suspect this is all possible because it’s not easy, nor worth while (it’s OK, plip isn’t a big blog, I know…sniff) to automate spamming against one off solutions like mine.

I should note that I used the free version of Splunk to garner the ad hoc stats for this post. As I was hemming and hawing on whether to count cookies or IPs or hits, it wasn’t worth while to use the old school command line style stats. Splunk scoffs at this level of stats and reporting. Really, it’s above it, but will happily crank out what you ask for it with ease. Here’s a purty graph:

Caveat Emptor: I work at Splunk.

How to comment on this blog

1 minute, 20 seconds

It seems that reCAPTCHA is a victim of its own success. Y’all know I’m a huge, huge fan. However, recently the spammers have started to submit comments, successfully getting past the reCAPTCHA . I suspect this is a mechanical turk or some such tomfoolery. Of course the comments don’t get approved, but they’re still a bother to have to delete.

Our friend over at hanskellner.com ( guess which friend?) also has the same problem with submitted span. This makes it clear that reCAPTCHA is being targeted (well, not clear, but it’s better than n=1!). However, he found a solution to stop the spammers. He added a static math question to his comment form. That is, it’s always “what is 5 + 6”, never any other question. Funny enough, his spam stopped all together. He still has his reCAPTCHA giong, but now it’s a two factor anti-spam.

I posit that the reCAPTCHA code is easy enough to programmatically detect, but some random math question isn’t, so it breaks the spam scripts. Let’s test this theory, shall we? I’ve just written a word press plug-in called simple-math. Using a simple to hack, all client side javascript there’s now an easy to solve math problem on the comment form. It is random, choosing two numbers between 0 and 9. I haven’t tested it too broadly, but you’re welcome to a copy.

I’ll let it run for a week and see how it goes and report back.

Feb 13th Update: I fought the law, and law won! Spammers got past round one of simple math. I’ve updated it to now check for the existence of the field on post, but still, no checking for a right answer on the server. As well, the field is created via javascript. Spammers, back to you for round 2.