Month: August 2008

A congestion tax alone is not enough

I’ve long thought that a large congestion tax on cars entering DC would be great. Charge $10 to enter the city. Take most of that cash and spend it on expanding Metro and putting giant parking garages out at the end of the Metro lines. Make those garages FREE. It would make public transportation a heck of a lot more attractive. They’ve tried it in London with mixed results:

At first, the new fees did seem to ease the traffic moving through the congestion zone. Now, studies are finding that the measure has actually managed to somehow slow down the pace of traffic through central London.

The problem here is the reason it hasn’t helped – construction and new pedestrian walkways have caused more traffic jams than before. It got rid of 100,000 cars each day, so it sounds like it made a huge difference. I don’t think it’s fair to blame London’s mismanagement of construction and pedestrians on the congestion tax.

I love to hate the iPhone

I know my opinion on Apple and the iPhone differs from many of my readers, but this is worrisome if you’ve bought an iPhone and mistakenly think you’ve bought an app from the App Store. Engadget | iPhone hacker says the device ‘calls home’ to Apple, allows apps to be remotely disabled

the suggestion that a process of the OS would actively monitor, report on, and possibly deactivate your device’s software is unreasonable, and clearly presents an issue that the company will have to deal with sooner or later.

If you buy something, and the seller can take it back at any time for any reason and not give back your money, you are renting, not buying. Because of the closed and proprietary nature of Apple’s world, if you buy into it, you’re stuck with whatever they want to do to you. Updated to add: Engadget says that the iPhone probably isn’t calling home to disable your apps after all. I still don’t like Apple, and I still don’t trust them any more than I trust Microsoft. But it doesn’t seem like they’re doing anything objectionable here.

Didn’t mean to censor the TSA propaganda

Someone (Or, more likely, some script) claiming to be Bob from TSA Blog left a comment on this post. It was a totally useless press release talking about the ineffective things TSA is planning to do about the lost (now found) laptop. Despite the fact that it fits my definition of spam (It wasn’t a response to the post, which “Bob” clearly didn’t read, it was a monologue on the same subject with a link to the author’s blog), I published it. But due to a little snafu with the back button and not paying attention, I accidentally deleted it. So, sorry to censor your spam, TSA Bob. If you post again, I’ll publish it again. But note well that spamming blogs that call out your stupidity and/or incompetence is not going to do a bit of good, and you might be better off finding something more useful to do with your time. Edit to add: Here is the text of the propaganda, stolen from the original Boing Boing post’s comments.

The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination. TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan. TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations. Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed. Current customers will not experience any disruption when using Registered Traveler. Bob TSA EoS Blog Team

The worst part about this is that TSA’s response to this seems to be a stern wag of the finger at the contractor. I feel safer already.

Let’s blow this way out of proportion!

Orioles rookie Chris Waters, so green he doesn’t even have a Baseball-Reference.com major league page yet, made his debut last night in the bigs, making the Angels look silly. He opened his career by striking out Chone Figgins on three pitches. Unfortunately, the wife and I only watched the first five innings – the game was in LA/Anaheim/Sacramento/whatever and didn’t start until 10 Eastern. But Waters didn’t need us – 8 innings, one hit, three walks, and a hit batter. No runs. That sure takes away the sting of Brandon Fahey’s demotion. Anyway, despite the fact that he’s making his debut just shy of his 28th birthday, and the small sample size, I’m going to go ahead and call him a first ballot Hall of Famer. I predict he’ll give up his first earned run sometime in 2011 (and it won’t be his fault), become the first pitcher in years to win 30 games in a season, and cure cancer with his curveball. ESPN wrap

Speaking of IT security and idiots

It seems a TSA contractor has misplaced an unencrypted laptop full of people’s personal information

The Transportation Security Administration suspended Verified Identity Pass Inc., the company that operates the registered traveler program under the brand name Clear, from enrolling new applicants due to the alleged theft of the unencrypted laptop.

Link from Boing Boing, but they kind of dropped the ball by not mentioning the unencrypted status of the missing laptop. Luckily one of the comments mentioned it. Keep in mind this is entirely against TSA regulations (I worked there for 9 months). TSA is colossally stupid sometimes, like when they made me take my unencrypted (before the regulation went into effect) laptop home on the Metro every day for a week rather than leaving it in the secure facility where I worked. But I’m almost inclined to not blame them for the actions of a contractor.

TSA officials said the suspension will protect consumers waiting to enroll in the Clear program and allow the company to bring its procedures into compliance.

How about making them give back all the money due to breach of contract? There’s no accountability in government contracting.

Tragedy in Baltimore!


Originally uploaded by thetejon

Okay, maybe “tragedy” is a bit of an exaggeration. But first poor Brandon Fahey, despite getting his slash stats up to .241/.267/.345, has been sent to Norfolk, the O’s AAA affiliate. And then George “Captain Overrated” Sherrill blew another save by loading the bases in the bottom of the ninth and walking in the winning run. The Orioles came back from 5-1 in the ninth and he walked in the winning run. It is unconscionable that he was not traded for prospects at the trading deadline. Were I the Orioles GM, I would have taken $30 and a ham sandwich for Sherrill. Actually, were I the Orioles GM, I probably would have had him taken out back and shot a month ago. In any event, the loss of Brandon Fahey pains me more. I was really starting to like the little guy. I don’t know why we sent him down. I mean, I do, but I don’t like it. It’s obvious that Alex Cintron and Juan Castro are not the future at shortstop. Why even bother with a 36-year-old infielder on a team that is clearly not going to make the playoffs this year? Good luck in Norfolk, Fahey. And come back soon (You could have Sherrill’s spot, or Sarfate’s, if it were up to me).

Webmail isn’t evil, IT departments are

The IT department at work has decided to block all webmail beginning August 18th. This is a big problem for me, because I’m a contractor and don’t really use the work email. It’s a pain, and I can’t get to it from home without jumping through hoops. My actual work email is my Gmail account. So this is going to cause me a ton of problems. And for what? I did a little Googling for the security risks associated with webmail.

“Any pop-up ad that appears in a webmail message could potentially contain a virus when it opens,” she said. “An attachment that comes in from a webmail message could possibly bypass all the safeguards all the way to the user’s computer.” In addition, just opening a Web browser window to these commercial webmail sites can leave a computer open to outside attack. (Source)

This is a bit of a strawman argument. First, you can get popups or viruses or whatever from all sorts of sites. It’s not restricted to webmail. But if you use good, up-to-date software, this shouldn’t be an issue. There are some really good free, open-source tools to protect your computer. If your users are getting viruses and hacked computers, it’s not the fault of Gmail or Hotmail. It’s your users, and it’s the tools you’ve chosen to give them.

I’m an . . . advocate of the “block access” point of view. Personal webmail, if accessible, provides another vector for your data to fly out of the window but one that you have poor control over and little ability to monitor and audit. Neither can you comply with data storage and archiving regulations if the service is being used to legitimately send and receive business data to and from external addresses. (Source)

Archiving is a legitimate concern. Although I can’t imagine why the author thinks it’s not possible to comply with regulations – there is nothing stopping you from hooking up your webmail account to Outlook or Thunderbird and downloading it all. Then you can archive to your heart’s content. Actually, I think Yahoo and Hotmail make you pay for POP3 access, but that’s because they hate their customers.

If anything, what’s [sic] it’s partly demonstrating is the problems in the usability associated with security products. By making them too cumbersome, it’s natural for people to seek routes around them — making the security procedures a risk in their own way. (Source)

This I totally agree with. I use a ton of Google’s web tools for legitimate work purposes because they are easy and useful. If you block them, I’m going to try to get around the blocks, like the way you can use https instead of http to get around some filters that block Gmail. But I more or less know what I’m doing. I’ve heard of some ridiculous unsafe hacks to get around work-imposed security. Some of the workarounds are much more dangerous than the thing being blocked. But you know what’s more dangerous to security than all of this put together? Stupid people. And, to a perhaps greater extent, smart but ignorant people. People who think they know better, but don’t, are a huge source of problems. Much better to know you’re incompetent and stop trying. I remain entirely unconvinced that this will do any good. You can’t possibly block all possible routes for sensitive information to leak out of the office. By blocking webmail, you’re taking away one of the most convenient methods, but what you may end up doing is driving the leaks to more and better hidden channels. Maybe now one person is going to start Twittering all day, while another is going to use some other service. The information can still get out. And what about someone who goes to do a little online banking and accidentally hits a phishing site that steals their banking info and deposits a virus on their computer, giving a hacker total control of their PC? Are you going to ban bank sites, too? Why not just ban everything? Chain employees to the desk in rooms with white walls and no windows. Give them three breaks a day where they can use the bathroom and buy lunch from the company (Wouldn’t want them sharing company secrets at the local deli, would we?). Maybe we should just stop sharing secrets with employees altogether. Just keep it all with the executives, who can lock themselves in ivory towers, making angels in piles of FOUO and COMPANY PROPRIETARY documents. Maybe we shouldn’t even do any work. The dangers of compromised secrets are too great. We should all go back to a hunter-gatherer economy, where there were no documents in need of protection from the horrors of webmail. Better for the environment, too, as a majority of Americans would die of starvation within the year. Or we could save time and trouble by committing mass suicide in orderly rows. That would teach Google to make a great webmail service with an intuitive, helpful interface. Stupid jerks.

Maybe my SEO with Drupal is working

I posted a little while ago about my attempts to optimize my blog for search engines. I think it’s working. Take this example. This morning, I linked to an article on Prince of Petworth about a new restaurant opening in Columbia Heights, CommonWealth Gastropub. Now, PoP is a near-deity in the greater Columbia Heights/Petworth/Logan/Shaw area. It’s a good blog. I read it regularly. I, on the other hand, am a relative unknown who complains too much. PoP went to an early preview at CommonWealth and took pictures, then wrote an article about the experience. I linked to the article, and offered very limited commentary. Now, go do a little Google search for commonwealth dc gastropub. you will notice that item seven is my post. The first item from PoP is item 23, and it’s not even a link to the most recent article. So, on one hand, you have a good blog that did some real journalism. On the other, you have a blog, where half the readership was at the author’s wedding, that just linked to the real journalism. But I show up first on Google.

Oddly Enough, You’re an Idiot

Have you ever posted to an internet forum or commented on a blog post and began with, “Oddly enough”? If the answer is yes, then I don’t like you very much. Has anyone ever followed “Oddly enough” with something really odd? Not in my experience. It’s pretty meaningless. If what you’re saying really is odd, we’ll know. Are you trying to forewarn us of the oddity so we don’t think you’re weird for saying something odd out of the blue without acknowledging it? That is, are you embarrassed to be thought strange by people you don’t know? I realize now that the likelihood of someone commenting on this post and beginning with “oddly enough” is now near 100%. Just remember that I have admin rights on all the comments.

The CommonWealth Gastropub is almost open

PoP Exclusive: First Look Inside the New Restaurant CommonWealth Opening Aug. 6th

Even with all the craziness it had a very warm and open feel. I was excited to see checkers and chess tables, an open bar area and some very comfortable seats. I am super stoked to try the place.

I hate it when restaurants don’t update their website. But I guess I’ll forgive them if the place ends up being as cool as people say it will be. I haven’t been past it yet – with the bum foot and pregnant wife, I haven’t been doing as much walking around as I might otherwise. But PoP’s pictures of the place look great, and this thread at realbeer.com suggests the beer selection will be good. This is also a great option for me next time I work from home and the wife admonishes me, “No PotBelly or Five Guys for lunch today!”. Although I don’t suppose obeying the letter and ignoring the spirit will win me many brownie points.