Sunday, February 25, 2007

Ten Cool Ways to Use a USB drive

USB memory sticks are getting cheaper and more common. The options are expanding for doing much more with them besides just acting as glamorized "floppy drive replacement" storage media.

This list of ten cool ways to use your USB drives has an added bonus...once past the price paid for the USB drive all these items are free! And if you got your USB stick as a "gimmie" prize, then the whole shebang is free!

The List

1. Load it up with Claus's Portable SysAdmin Tools - Build your own portable System Administrator's toolbox. -via Grand Stream Dreams (Shameless plug #1)

2. Install the PortableApps Suite - This Standard grade package includes: ClamWin Portable (antivirus), Mozilla Firefox - Portable Edition (web browser), Gaim Portable (instant messaging), Portable (office suite), Sudoku Portable (puzzle game), Mozilla Sunbird - Portable Edition (calendar/task manager) and Mozilla Thunderbird - Portable Edition (email client) all with a handy launcher. Lite and Base editions also available for the under 512MB crowd.

3. Build a Bootable WinPE USB Key - Really cool way to boot a system for recovery and troubleshooting...all from a USB key (assuming your motherboard supports it). -via WIndowsConnected/Josh's Windows Weblog.

4. Install Damn Small Linux to a USB Flash Drive - Probably even cooler than a WinPE USB boot key as you get a full-features operating system and a plethora of applications as well. This cool thing is a bit more advanced, but still within the realm of accomplishment. More DSL information. See also Pen Drive Linux » Boot and run Linux from a USB flash memory stick, as well as Linux bootable USB key HOWTO - OpenFacts for more USB bootable Linux builds and How To's.

5. Install a PC Repair System - Put a nice collection of useful tools and software in the space of 32 MB all in one handy-dandy zip package. -via Daily Cup of Tech.

6. Take an Introduction to USB 101 with a series of great articles from Daily Cup of Tech:

7. Make a Portable and Secure Medical Record File for your family. - via Grand Stream Dreams. (Shameless plug #2)

8. DemocraKey: Browse the web anonymously off a USB stick.

9. Use it with Vista for ReadyBoost - Increase your Windows Vista performance by using a USB key with sufficient minimum requirements. See also this ReadyBoost Q&A FAQ by Microsoft insider, Tom Archer and the father of ReadyBoost, Matt Ayers.

10. Run a virtual Windows CE session from USB. Although it is a work in progress, it is pretty clever. --via Steve Makofsky's Weblog (MSDN)

Have fun!


Bonus USB Fun:

Top 10 weirdest USB devices ever - fosfor gadgets

Even Wackier USB Devices - PC World

Amazing...Truly Amazing...

It was a long day of house-chores, blogging, pestering Alvis to clean her room and "after-school" book areas.

One of Lavie's co-workers ended up giving me a job and a half to complete.

Car Care Completed

She thought that she saw some fluid on the parking slot that Lavie had just earlier pulled out of and called me to check it out.

So Friday night when I got home I crawled around under Lavie's Altima and made sure everything was good. (It was.)

No leaky fluids anywhere...what her friend say may have been condensation runoff or there from another vehicle.

Lavie is really fortunate to have a friend like this one. She is a transplant from Pittsburgh and although they have other local friends, they have a great relationship. Not many people I know would take the time to call another friend's husband (after not getting Lavie) just to make sure things are ok and safe. Pretty kind, in my book. Anyway....

No fluid spots on our concrete. No drips or runs.

Although, I gotta hand it to Nissan. It's no small task trying to wedge oneself under for a good look at the undercarriage on an Altima. It's lowered pretty far, even for a standard suspension package (maybe five or six inches clearance). And the amount of plating and framework underneath would probably rival the heft of a Hummer and the aerodynamics of a NASCAR racer. I forgot just how tight and packed it looked under there. Wowzers.

But during the under-hood inspection I noticed that there was some "scub-corral" like growth around the positive terminal. Bright blue-green. Oh no.

So this afternoon I went down to the auto-parts store, got some terminal cleaner (works better than cola) and a new clamp assembly (just in case).

I've seen a few clamps get so corroded you can't get the bolt off, or maybe the metal gets so thin it I wanted to be prepared.

Lavie's battery is still the original Nissan one. I was surprised to notice it had the "caps" on it. As a kid I remember Grandpa pulling the caps off the battery and getting this little eye-dropper looking thing with colored plastic balls in it. He would take a sample and see how they floated and then add water accordingly. Me, I'd just buy a new battery if it came to that.

Luckily, my fears were unfounded (darn those Nissan engineers).

I had gotten out my mechanic's toolbox (a gift from my dad about when I was getting out of college), a roll of paper towels, the can of acid neutralizer, a can of WD-40, a brass wire brush, my terminal brush, a bowl of water and Alvis was in tow.

I began with a heavy soaking with the acid neutralizing spray and many paper towels later I had the battery casing clean along with most of the acid formation--pretty as it was. I was surprised to find I could get both clamps off with minimal fuss, even with the buildup. I disassembled all the clamps (the positive terminal clamp was a six or seven piece affair) bushed them clean with some wire brushes. All the metal parts, including the bolts, threads and nuts were still in great condition under the buildup and gunk. That was really unexpected! I cleaned the terminals with the terminal brush (Alvis was fascinated by that). Sprayed the bolt threads with WD-40 and reassembled.

It started fast and strong. Awesome.

Job well done. Anybody have a vanship I can work on?

But is victory short-lived?

Alvis had got her report card and gotten all A's and one B. Not too shabby!

We decided to take her out to the mall pick up a manga for work well done.

I told Lavie that I still wasn't too pleased with the fit of my latest pairs of jeans. (Oh no!) And would probably be open to looking for a pair or two. Maybe. If she was up to it. Of course, going jean shopping is right around the very bottom of the list of things I would do only if my life depended on it.

It usually never turns out well.

Setting the Ground Rules

Lavie said she was, but expected a few rules to be followed.

  1. I had to keep a positive attitude. (check)
  2. I had to be open to her suggestions and feedback. (reasonable enough)
  3. I had to come all the way out of the dressing rooms and model the fit for her. (Umm. really?)
  4. I had to keep a positive attitude. (didn't she already say that?)

OK. I promised to behave.

So off we went.

We tried a few department stores, but I began getting dangerously close to breaking a few of her rules already.

In the end, I wasn't happy with any of the selections or the fit on my skinny-boy legs, nor was Lavie happy with the fit on my seat. We were both getting, well, bummed.

Alvis alone was happy, having found her copy of a new manga series Kitchen Princess. (I was secretly hoping for a fourth volume of Yotsuba& (still waiting for the Stateside release...) or volume two of Rizelmine (not out yet either)).

Finally in a fit of desperation, I suggested maybe we could try a nearby western-wear store. Surely they could have jeans that could fit a skinny-legged dude.

Did I just fall into the Rodeo?

We asked the tall sales kid, Cowboy Dan for help. He sized me up and marched us down to the end of the jean wall and began pulling jeans like a cowboy pulling lambs out of the herd.

Before I knew it he and Lavie had herded me down into a wood paneled changing stall fit for barn and were tossing the jeans over the top like hay bales into a barn.

I was stunned to find they fit. Really, really good. First time up. Wow.

Lavie made me come out and parade around in front of her, Alvis and Cowboy Dan.

And the Blue Ribbon goes to...

All the judges seem pleased with the fit.

We walked out of the western-wear store with five new pairs of damn-fine-fittin' jeans in several shades of indigo.

Lavie was happy and Alvis was amused. And I?

I guess this life-long Texan city-boy has to finally fess up and admit it; he has a cowboy's body and heart after all.

Who knew?

Now if I could just figure out if horses are as easy to work on as Nissan Altima's....


Internet Hide and Go Seek

Lavie and I were watching a recent episode of the CBS Television show Numb3rs.

In this one (like many) the crack F.B.I. team traces (real-time) the location of a bad-guy's Internet access and manages to locate his to a specific home, building, or neighborhood.

This makes for great and exciting TV and while I'm quite confident there are a lot of things law-enforcement (especially the federal agencies) can do, quite speedily, overall I'm not entirely convinced enough to get out my tinfoil hat just yet.

When one connects to the "Net", wirelessly or hard-line, it is through an IP (Internet Protocol) address. That IP address made up of numbers separated with dots tells the data packets where to go and how to get back to you.

Knowing an IP address can generally provide you a fair bit of knowledge about the owner and location of a server.

IP Addresses and WHOIS

Want to know a little bit about, say, Mozilla?

Open a command-prompt box and type the following --> PING

You should get something like this:


Pinging [] with 32 bytes of data:

Reply from bytes=32 time=67ms TTL=241
Reply from bytes=32 time=66ms TTL=241
Reply from bytes=32 time=76ms TTL=241
Reply from bytes=32 time=67ms TTL=241

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 76ms, Average = 69ms

That number is the IP address of the server.

Now hop over to ARIN: WHOIS Database Search and put in that IP address in the search field and you will get some information on the owner.

The information here is only as good as the ISP requires and (especially on shadier web sites) may contain limited or bogus info...but it is a start.

More? OK!

Trace the Route Between IP Addresses

Going back to my Windows XP command-prompt box, let's run the following command


It should spit back a number of details of each router system the information request is passing through on its way to the destination.

This is great information for troubleshooting and seeing where you are headed.

traceroute - Wikipedia, the free encyclopedia

Want pretty pictures instead?

Hop over to the VisualRoute traceroute server web page and enter in the IP address.

Here you get a wide-view map, some performance graphs, and some analysis information for the TraceRoute between their server and the target IP address.

Visualware also provides a Lite Edition free for personal use. It's a great, fun little application that could be useful when troubleshooting home networking issues with your ISP Help Desk. It does lack the map and some other feature that the paid versions include, but it is a good place to get started.

I also like using Foundstone's Trout application to perform traceroute and Whois lookups. It is small, fast and can be kept on a USB stick. It also supports constant pings to monitor traffic times, good for dealing with a flaky network connection.

View an IP Address on a Map

Want to see a closer view of where an IP address is located near?

Drop the IP address into My IP Address Lookup and you can get a nice Google map and some summary information of the ISP's (Internet Service Provider) location.

You can even see a wide-view by street, satellite image, or both, thanks to Google Maps.

This is pretty cool stuff, but depending on how the ISP has set up it's system, most likely will only get you into the general neighborhood area of where the ISP's routers for that IP address are located. Still not at a specific street or building level.

Reality Check

You may not be aware of it, but besides the activity logs on your Net access kept by your ISP, many websites, servers and others may log your IP when you post a comment, upload/download a file(s), register for a user account, etc.

Though generally harmless to you, you could have to face some consequences if someone pulled those logs and came after you for illegal activity.

And that is where the real power of law-enforcement lies. Not so much in the "flashy drama" of real-time network activity tracing, but in the "gum-shoe" detective work of getting an IP address, getting a court-subpoena, and getting log records from an ISP for a particular IP.

Using an IP address, coupled with a MAC (media access control) address, and time-logs, a pretty good case could be made.

Yes, IP and MAC address can be spoofed (for more information see links: IP Spoofing and MAC spoofing), but it's only a matter of time and resources for a determined someone to unravel the Web woven.

Anonymizing tools can help make that task more difficult, but aren't fail-safe.

What following anonymizing tools will do (basically) is to give a different endpoint IP address for your browsing session instead of your "local" IP connection address. For most users...that is usually sufficient.

Going "Covert" with your Browsing

There are some free browsing tools to make it much more difficult to trace an IP from a web-browser session.

TorPark - This is application I am most familiar with from Torrify. Downloaded, it is a specialized build of Firefox (currently v1.5.0.7) that is portable for use directly on a Windows pc or off a USB drive and uses the TOR network for web anonymity.

OperaTor - This is a specialized version of Opera v9.10 that combines TOR and Privoxy. It also is portable.

DemocraKey - This is a new "suite" of secure browsing apps, packaged with a slick auto-launcher. It contains Clamwin for free anti-virus scanning, Thunderbird with GPG email encryption, and the TorPark DemocraKey Mod--a security enhanced version of Firefox 2.0 using TOR. Great for USB key based web-browsing. Be aware, it is not a small package, however.

OS Level Anonymous Browsing

Anonym.OS Live CD - This is a Linux "LiveCD" distribution put out by the kaos.theory group. Based on the OpenBSD 3.8 LiveCD, it comes set up with additional tools for anonymizing and encrypting network connections. More details in this good ArsTechnica review.

Phantomix Live CD - This is another Linux "LiveCD" based on the popular Knoppix distribution.

The benefits of these approaches is that the entire operating system is configured to support anonymous browsing and Net activity. Plus they don't touch the hard-drive of the local machine, so you shouldn't leave as many "footprints" behind, especially on a machine that is not your own.

Performance Drawbacks

Because of the way it works, and network traffic at any given time the biggest drawback to using any of these solutions is speed.

These networks can run very slow as information requests hop all over the place. Sometimes REALLY slow.

Even if you have a really fast bandwidth connection and a very fast machine, they can be slow to render pages.

And I really wouldn't consider using them to download files. Slow.

But for general web-browsing, comment posting, and the like, they are pretty serviceable and get the job done.

So Am I Really Anonymous?

Depends on how you define "anonymous."

As I mentioned before, what these anonymizing tools will do is to give a different endpoint IP address for your browsing session instead of your "local" IP connection address.

Tech Guy Leo Notenboom posted a response to a question that these programs could be used by individuals or groups for nefarious purposes. In it Mr. Notenboom does a fantastic job of pointing out the limitations of "anonymity" with these applications:

Now, conceptually that's all very simple. But there are issues...

  • Your IP address is visible to the anonymization service: that's required for your connection to work. You are trusting that they are not logging your connection and logging who you're connecting to. You're further trusting that they won't reveal any of that to anyone else.

  • The service's IP address is visible: possibly making it obvious that you are using an anonymization service. That might make it look like you have something to hide.

  • Your IP address may not be the only thing that identifies you (#1): there's often other information included when you make a request that could identify you or could at least help distinguish your visits from someone else. Torpark addresses this by actually including Firefox to be used in conjunction with Torpark. Other services may, or may not, address this at all.

  • Your IP address may not be the only thing that identifies you (#2): as we saw with the recent search data "accidentally" released by AOL, you may not need an IP address to be identified. Many individuals were identified solely by the search queries that they made. As always, be careful with what information you provide as you browse; search terms, URLs, form information - individually they might mean nothing, but taken in aggregate you might be leaving an identifiable trail.

SANS-ISC had a post last year Hacking Tor, the anonymity onion routing network. In it, it provides a brief discussion on how a local IP can be confirmed via "track-back" use of a cookie as well as a link (PDF) to the paper "Practical Onion Hacking" by Andrew Christensen. (Another view from here.)

So while TOR is a very good approach, it isn't fail-safe.

Beware the Wrath of Network Admin's

Another side to the "anonymous browsing" discussing regards compliance with any network policies that may (or may not) be in place.

Using any of these anonymizing software solutions at home should mostly be fair-game. But what if you use one from your work computer or laptop behind your employer's network? Or what if your kid uses one at school to bypass network filters and firewalls? Maybe you work for higher education or the government? Do you think they would care?

You might be surprised to find that they just might care, very much indeed. And not in a positive manner as well.

Case in point, Bowling Green State University assistant professor Paul Cesarini visit by the campus police after a Tor session: The Chronicle: 2/9/2007: Caught in the Network

To summarize, Mr. Cesarini got a visit from a campus network-security tech along with two campus police detectives. Mr. Cesarini had been using Tor to become familiar with it for a course lecture.

However his unusual traffic set off alarm bells with the network security and prompted the visit.

That use alone--regardless of purpose for use--was enough to make everyone nervous and initiate a checkup. They couldn't say what he had viewed, and the logs were not entirely accurate to his own usage (apparently another TOR user was active on the campus as well) but there were logs and they were enough to lead to his door.

So non-home users...know your company's policy very well before even considering using a TOR enhanced browser in your employer's network.

System Administrators and Network Policy Drafters...make sure you have updated your policy to include coverage of this area of network technology software and usage.

The Good with the Bad

As Mr. Cesarini, Mr. Notenboom, and countless others have pointed out, anonymous Web activity can clearly be used for ill by those with criminal intent. The nature of it the technology makes tracking that activity difficult (though not necessarily impossible) for law enforcement.

However, there is much good as well bundled with these tools.

Besides the obvious use by citizens of repressive governments to express dissent, maybe a corporate whistle blower has something to say, or someone wants to send a valuable tip to a newspaper or crime-stopper organization. Then there could be the user posting discussions in a controversial Web forum, or someone wanting to do web-searches on very private and personal health issues (remember the AOL search-data fiasco, anyone...). Heck, even undercover law-enforcement officers and detectives may find beneficial use of these technologies so their undercover work doesn't have their cover blown by someone tracing the IP they are using back to their headquarters.

There still remain many fair and valid reasons that support the good use of this technology.

And I am confident that hard-working law-enforcement officers are working hand-in-hand with the brightest network security specialists (and the ISP's via court orders) to get the network traffic information they need for their investigations, when they need it to keep us safe.

Just be aware of the issues and limitations and use the power responsibly.


Related Links:

Saturday, February 24, 2007

Rain-Day Linkpost

A light drizzle has been keeping us company all day so far.

We are drinking tea, doing light blogging and Web-surfing, knocking out some house-chores.

Nothing exciting here. The heavy "squall-line" of thunderstorms is about another hour or so away from arrival.

Later we may make a run for some Pho noodles, stock up on pop-corn, and do a movie-marathon of Breakfast at Tiffany's and the just-delivered-to-the-Valca-home-from-Amazon DVD of Train Man: Densha Otoko.

In the meantime, here are some light drops of links to keep you occupied.

Tech Tips

Daily Cup of Tech » How To: Create Effective Google Searches - Every try to use a "wildcard" in a Google search? Doesn't work well normally. However, Google searches are apparently regex (regular expression) friendly.

See also: Google Cheat Sheet (Version 1.06)

Excel tips and tricks roundup - via Lifehacker

Software Updates

Updated: Sunbelt Kerio Personal Firewall 4.3.635 - Go get it now if you are a Kerio Firewall user.

Firefox Version - should be auto-update notifying by now, but just in case you still haven't gotten the notice...go get it.

Fun Free Software Toys

Gradiator - via PortableFreeware. Allows you to quickly produce gradients, and to even apply a simple gradient image to your desktop. Small and fun.

Outlook on the Desktop - .NET software application that lets you pick a main Outlook view and transparently display it on your desktop background. If you want to access an element in Outlook, just click at it and it will launch. Might not be useful if you have a ton of icons cluttering your desktop, or you are a one-monitor user and always have a window or two maximized. -via DownloadSquad.

Fun Windows Fact - The Autumn Desktop Image

One of Lavie's favorite standard Microsoft Windows XP desktop images is the one known as "Autumn". That's the one with the golden-leaved tree-enveloped street with a barn in the back.

Vanity Fair writer, Nick Tosches wrote a wonderful real-life detective story on tracking down the shot.

First he somehow managed to locate a similar image in the Corbis library and then (eventually) the photographer Peter Burian. (Note #1: in the article Tosches says the image was cited as being that of James Marshall, but now the Corbis image has Peter Burian's name credited...has it been updated since the article?)

Burian eventually provided the location being in the village of Kilbride near Milton, Ontario..not because he didn't want to but he forgot where it took them both a bit of time, and help from the memory of an historical archivist to find it again.

With that nugget, the Google Sightseeing team found the overhead location shot on Google Maps.

(Note #2: since the article was published, it appears that the address cited and used by the Google Sightseeing team was removed from the article...privacy reasons? Does someone not want hoards of Microsoft fanboys/fangirls descending on this holy shrine of XP-dom?)

Nice detective work guys and gals! --via Google Sightseeing.

Masks of Evil? Darth Vader comes to Japan!

Danny Choo - know for his famous romps about Japan in a Stormtrooper costume - has ordered up him some Dark Side badness in the form of a menacing Darth Vader costume.

He linked to the Star Wars Helmets site that has a variety and history of the various Darth Vader helmets. Dad is a big Darth Vader fan and it was cool to see the degree of costume work these fans and prop makers put into making some of these helmets.

Of course, while looking into the face of a Darth Vader mask could be pretty terrifying...nothing looks quite so horrific as staring into the face of a USB-mask wearing Japanese model. Apparently used in conjunction with a surgical mask acting as a particulate filter, you too can now find relief during allergy season while tackling your computing duties.

However you will now fall victim to the debilitating stares and ridicule of your co-workers...take your pick.

Who needs the Dark Side of the Force when you have peer pressure?

Arigato gozaimasu.


The Wide Amazon Jungle...

This morning I was checking out progress on the new PCLinuxOS 2007 release.

PCLinuxOS is the version of Linux that Alvis runs on her pc.

It has a LiveCD version, or can be installed directly to a local hard-drive.

I first came across it re-versioned as Wizard's Kid-Safe LiveCD. See my earlier post for details on this great solution for introducing your children to Linux. The host link is now dead, but you can still find copies of the iso floating around.

Anyway, I was so impressed with PCLinuxOS via Wizard's that I just ended up installing the full version of PCLinuxOS proper on Alvis's older, hand-me-down pc system. It handled all the old hardware along with the latest LCD monitor just perfectly. I was sold and my daughter is quite happy.

So when I saw word that the developers were going to be releasing a 2007 version I was ecstatic.

I've played with the beta versions via LiveCD format and it has blown me away. This team has slicked up the GUI as well as worked hard under the hood. This isn't your version 0.93 stuff any more. has a nice review of the PCLinuxOS 2007 Beta 2 version covering many of the important changes.

So I'm eagerly awaiting the Final release soon so I can upgrade it on Alvis's pc.

But that's not why I'm really posting...(as cool as this is!)...

My Name is Up

See, when I was on the PCLinuxOS's homepage, I noticed my "real-name" was in an donation solicitation ad in the left-hand column.


Coincidence? I think not!

While it didn't freak me did get me curious to figure out what was going did PCLinuxOS know (on my Windows machine) what my name was?

Well, it's not very deep or complicated. It was almost too simple to even mention, but as an example, I thought I would post it anyway as a lesson about logging off sites when you are done...

The Ad

The ad itself displayed "Hi (your name)...PCLinuxOS. Click to Pay."

This is an Amazon Honor System ad that allows easy payment of a donation to the crack-PCLinuxOS development team. That's a "Good Thing™".

But how was it snagging my name?

The Snitch

I had a pretty good idea that it was because I may not have "logged out" of my Amazon account after a recent anime-goodness purchase last week.

Clicking the "Learn More" link in the ad took me to this page about the Amazon Honor System.

How does the Amazon Honor System paybox know my name?
When you look at a Web page, the words and pictures you see actually may come from several sources. Your browser software assembles the pieces and displays them as a single page. On the Web site you were visiting, most of the content you saw was transmitted from server computers used by the site's operator. The image made up of the paybox and your name displayed within the paybox was different--we sent it to you directly from This allowed us to recognize you by name just like we do when you visit the Web site. Because's servers transmitted the image containing a paybox and your name within the paybox directly to your browser software, the site owner never saw the paybox or your name and never received any information about you.

Well, that is really nice...but in simpler terms...Amazon uses the "cookie" set on your computer and that retains information about you to be accessed by their own ads served by them, but placed (via code) on other web-site owner's pages. This is good for you and Amazon as the info is shared between the both of you and NOT the third-party site. According to Amazon, they also don't track or log which websites you roam across that use the "Amazon Honor System" payboxes.

Taking the Snitch out of Service

There are two easy methods to prevent your name appearing in the "Amazon Honor System" ad boxes when you surf.

Amazon explains that you can prevent your Amazon name display from appearing by logging into your Amazon account and updating your communication preferences.

Or (and my preferred method) is that you can just remember to log out of your Amazon account when you get done shopping there.

Despite the amount of attention I give to secure on-line shopping and browsing habits, the Amazon site continues to give me "problems". Once you have completed a shopping session you seem to be returned back to a personalized Amazon "home-page" and it is very easy to forget you are still logged into your account.

I only wish they would make a clearer transitional page after your order has been completed. One that offers to return you to shopping in your account or to log out of your account.

Once I went back to the Amazon website and "logged out" of my account (done by clicking the link at the top that says to check it if I am not me) I browsed back to PCLinuxOS and my name was no longer displayed.

No Harm-No Foul (this time)

Let me be crystal clear; I'm not griping or complaining or questioning Amazon or their security. Amazon is one of a handful of online-shopping merchants that I have used for a very long time with trust and confidence. I haven't yet been burned by them or any of their associate merchants.

And it is clearly my responsibility to remember to log out of my own accounts on-line.

I'm not fussing about their "Amazon Honor System" either. It's pretty cool and a great revenue generator for smaller, donation-supported projects.

I just wanted to bring this small matter to your attention and wish for Amazon to make a more prominent "Log Out of Account" button instead of their "Click if you are not me" method.

Cross-site (XSS) Vulnerabilities

What this does do is give a good example of how a cookie could be utilized for malicious gain.

Suppose (for example) a hacker wanted to gain access to information located in a cookie on my machine set by a merchant I conduct on-line business with. Obviously it could contain some goodies.

By exploiting a potential vulnerability in my browser and maybe getting me to visit a malicious (fake) website, they could manipulate the code to extract information from a cookie or cookies on my machine, or change the information on it...although it is not limited to just cookie exploitation and account theft, but may include sensitive page content or other objects as well. Even (depending on what data is stored in that cookie) to the point of being able to hijack my account, drain it or collect secure information about me or my account from it.

There are several readable papers and pages on this issue worth looking into:


Protecting oneself from XSS is a difficult, but not impossible task. There are some basic pointers you may want to follow:

  1. Always log out of secure web accounts when you are done conducting business. With the exception of one or two "tossaway" accounts on a tech-blog page or two (or Amazon when I forget) I never leave any account that I have to log into without logging out.
  2. Keep your web-browser fully patched and up to the latest version.
  3. Avoid following links, site unseen. By that I mean if you are viewing a website and it links off-site to another link, type the homepage of that site into your address bar and browse from within the home site. Of course, this takes away most of the fun (and function) of web-surfing, but there you go.
  4. Turn off JavaScript in your browser, or only enable it on trusted websites. See the NoScript - Firefox Add-on.
  5. Set your browser's Internet security settings to "High". That might make your fun web-browsing very challenging as well, however.
  6. Be careful on what you click on. Examine what and where you are about to go. If the link in a web-forum or "guestbook" says "Click here to see puppies" but when you hover over the link, your browser displays information showing the link goes to someplace like (not a real site, BTW) then you probably want to think twice before following that link.

Be Safe.


Monday, February 19, 2007

Microsoft Virtual PC 2007 (Final) Released

I'm surprised to be making this blog post.

I hadn't expected it to come so soon, but today Microsoft released Virtual PC 2007 out of Beta.

Microsoft Virtual PC 2007 - Home Page

I don't think anyone who has been playing with the Beta versions of this version will see much new.

CyberNet Technology provided a nice rundown of the feature highpoints, if you aren't already acquainted with them.

Supported Host Systems

Supported operating systems remain the same: Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate, Windows XP Professional, or Windows XP Tablet PC Edition. (Product Specifications).

One interesting (mistake?) on that page is that although it lists the supported Host operating system versions above, if you look in the current page's first example at the bottom it says:

To run Windows 95 as a guest OS on a Windows 2000 host requires 500 MB of free disk space and 128 MB of free memory (96 MB for the host and 32 for the guest).

But Windows 2000 (as is XP Home) isn't in the supported software versions listed on the same page. Ooops?

Will it Install and Run on XP Home?

As many of my readers know, I have been running Virtual PC 2007 Beta's on my XP Home systems, even though it isn't "supported": Microsoft Virtual PC 2007 RC, Running on XP Home!

I never did get it working on Windows 2000 Professional. So keep a copy of Windows Virtual PC 2004 around if you intend to run VPC on any of those systems.

I was really curious to see if the Final version would work on XP (Home)

I made sure none of my virtual machines were in a "paused" state. Then I uninstalled VPC 2007 RC.

Looking to see what Microsoft may have done to appease the few XP Home users out there clamoring for Virtual PC 2007, even it isn't "supported" I took a gamble and ran the setup.exe installer without going through my "hack" technique.

After a long pause the installer displayed that this was v.

With great trepidation, I clicked "Next" and got a really dire and scary sounding warning that VPC 2007 wasn't supported on this OS. I clicked OK anyway. No idea what was about to happen.

Imagine my surprise when the license agreement appeared! I said "OK" and kept going.

Next up was a customer information window, with a license key already inserted. (Next).

I clicked Install for a final time and the installation formally began.

After what seemed like a very long time, the installer finished.

I launched the VPC 2007 icon from the Program Folders list.

My saved DSL-Linux, Windows 98 and Vista (RC 5600 build) were all there and all worked great.

I've still got to go back and uninstall the Virtual machine additions from the two Windows OS's and install the new one. I don't know for sure if it was changed at all in the final version, but it wouldn't hurt.

Yes! Microsoft Virtual PC 2007 Runs on XP Home ... What about the hack method?

Then on my second XP Home machine I went through the detailed steps listed in the How to run Virtual PC 2007 on XP Home post.

This time the installer again complained about not being on put on a supported system. I continued clicking through the installation and it seemed to take fine. When I ran it, this time it complained about not having MS XML 6 installed. Hmm. I ran the MS XML 6 installer setup file extracted from the setup.exe file and it went on fine.

Now when I re-launched the Virtual PC 2007 it complained one more time about not being on a supported system, but offered a box to check to not remind again. I selected it and it was happy.

My virtual version of Vista fired up fine and stable on my XP Home system. OK!

So at this point, I can say that the "hack" still works, but with the additional step of manually running the included MS XML 6 installer this time.

Skip the Hack - Just Run setup.exe

As much as the "hack" method is fun, there doesn't really seem to be any need for it now.

The Virtual PC 2007 final release's setup.exe file seems to give fair warning about putting it on a XP Home system, but otherwise it goes on fine, just like Virtual PC 2004 did. So in all honesty, I can't say I would recommend the hack now. As long as it goes on fine, you should be good to go.

I'm happy to see that Microsoft programmers have now allowed Virtual PC 2007 to go on XP Home systems with minimal fuss. That's cool if they don't want to "officially" support it. I understand, but appreciate them allowing it without needing to jump through hoops to make it work.

I never did get the hacked version of the Beta working on Windows 2000 Professional, and I don't have one handy right now to test it on. I'll do an update when I find out for sure. In the meantime, just keep a copy of the installer for Virtual PC 2004 handy for those machines.


Make a Custom Thunderbird Start Page

I've finally upgraded our main pc system's email client from Thunderbird to version 2 (beta 2).

I like the message tagging (great for e-bill management), and the default theme is nice. I'm not sold on the usefulness of the forward/backward buttons but there they are (once you add them with by customizing the toolbar). Folder views are customizable as well. The email alert popup contains much more useful information, I'm happy to see that change. There are a number of other features as well. I am really looking forward for the final release.

When you install the Thunderbird beta 2 version, it installs in its own folder, to avoid overwriting your original build. That hasn't been a problem as they both seem to use the same profile folder/settings so reconfiguration is kept to a minimum.

I ran into only two minor drawbacks--not Thunderbird's fault. First, when I would launch one version after the other they would keep offering to make itself the default email tool. I finally told one of them "No" and set it to not check for the being the default. Harmony reigned.

The other issue was with incompatible themes and extensions. I just use one or two "custom" themes and really don't use any Add-ons for Thunderbird at all. I just uninstalled the one v 2.0 incompatible theme and was fine. Mozilla's Lightning (integrated calendar program) seemed to not even blink an eye between each version. Nice.

It seems quick and nice.

To the Customization!

I'm sure there are a lot of customizations one can do in Thunderbird, besides the use of Themes and Add-ons.

I'm focusing on the Thunderbird start page (pane).

The start page (if enabled) is the window pane that usually appears beneath your inbox message pane.

Normally it has a nice, plain, welcome to Thunderbird logo and message.

However, if you go to the Tools, Options, General tab, you will find you can set this to any other location that uses a supported file format.

By default it uses: chrome://messenger/content/start.xhtml

You can use others like a HTML or JPG file.

If you get something messed up, just press the "Restore Default" button and all will be back to normal--this is pretty safe stuff, even for noobies.

Me, I wanted to see a pretty face waiting for me when I opened up my email.

Picking a graphic

I decided to use this pretty picture of Love Hina's star, Naru Narusegawa. The colors seemed to compliment the pastel-washed ones of the default Thunderbird theme. And there was lots of room for cropping (that is important).

Once downloaded I wanted to crop and resize it to fit the start page window of Thunderbird without generating those scroll bars.

I almost never bother resizing my email client. So since I leave it at the same size, the first thing I needed to do is to see the pixel dimensions my final image file needed to take.

Screen Measuring

There are all kinds of ways to measure elements on your windows.

For this, I chose to use the freeware screen ruler application from PegTop called "PMeter". It installs quickly and is very powerful yet very intuitive. JR Screen Ruler is another freeware utility very similar. I consider either tool a "must have" for web page work, bloggers, or graphic designers. Firefox has a great Add-on as well called MeasureIt. Also nice.

Launching Thunderbird and making sure that it was sized correctly, I then ran PMeter and took a pixel measurement of the width and height of the start page pane area. Mine worked out to 850x350 rounding downward to leave a bit of whitespace around my final image. I wrote that down.

That will be how big my final image dimensions will need to be.

Image Manipulation

For quick image cropping and resizing I don't think that there is a better utility than FastStone's Image Viewer. This free-for-personal-use application is tops in my book for quick image editing and I would highly recommend it to any blogger who works with images.

Here is an Image Viewer PDF Tutorial that covers version 2.7. It pretty helpful.

I opened up the downloaded file of Naru in Image Viewer and then began by resizing it. to match the width I needed. This meant locking the aspect ratio and bringing the width down from 1024 to 850. Done.

Now I needed to get the height worked out. This was a bit harder. I had to do some careful cropping on the image to make sure I included enough of the character's image and features to make the image pleasing. Once I got it fined tuned (the cropping tool allows a lot of adjustments on the fly) I was almost done.

(Note you may decide that cropping first, then resizing works, or maybe just cropping. The best technique depends as much on the image you have chosen as well as your skill working with these programs.)

Last thing I did was just slightly increase the brightness level to give it a bit more of a washed-out effect to better match the muted colors of the Thunderbird theme.

I saved the file as a JPEG format with 100% (highest) compression in my My Documents\Pictures folder for safe keeping.

Calling the Custom Image

Now, we are almost done.

Going back to Thunderbird, I went to the Tools, Options, General tab and entered the following path in the Start Page location line:

file:///C:/Documents and Settings/Claus/My Documents/My Pictures/Hina_TB.jpg

Note carefully the proper syntax to use when calling to a local file: file:///(location)

Also notice the "slashes" lean to the right instead of the left, as they appear in the Windows address bar.

ClipPath is a great Windows Shell utility that can help speed that process of copying a file name in the correct format.

Save your change, make sure the option to show the start page is checked, then restart Thunderbird.

Your custom start page changes should be pleasantly in view!

Additional information

Start Page for mail - MozillaZine Knowledge Base


Fun and Free Software Picks

Why is it that when I'm sitting on a pile of links for 4'ish posts in progress...all I can seem to do is collect non-related links and increase the contents of my link bin?

Oh, I am SO easily distracted.

So here are some freeware/Open Source software offerings you might find free and useful.

Free Flight Simulator

FlightGear Flight Simulator - FlightGear. Multi-OS support: Windows (v0.9.10), Linux, Solaris (sparc/x86), sgi, Mac OS X, and FreeBSD.

Take a look at these Screenshots, a list of Places to Fly, get a world-wide Scenery expansion pack. Like aircraft? Take a look at all these! Including Santa's sleigh, paragliders, a Sopwith Camel, the X15,

They even offer a Live-CD version. Boot your pc directly from the CD and it doesn't touch your hard-drive.

How cool is that!

There is also an active and thriving community around this software.

More reviews and screenshots at Flying high with FlightGear - Free Software Magazine.

Taking a Global View

Before we come back down to earth, here are two free global mapping software applications you might not be aware of.

Google Earth - OK. This one you may have heard about. Take a tour around the globe and zoom in and out. You spin me right-round baby!

NASA World Wind - This one you might NOT have heard of. Developed by NASA using a number of different satellite data, it is quite spectacular.

For more information, here are some links to help you sort them out: Main Page - World Wind Wiki, World Wind - Introduction Wiki, and Google Earth comparison - World Wind Wiki.

Don't forget ET

I've posted about these before, but seems a good place for a reminder:

Stellarium - Planetarium software. Easy setup. Fast data generations. Screenshot captures. Lots of options.

Celestia - 3D astronomy modeling program. Zoom around the galaxy and venture to worlds unknown.

Looking for World Domination?

Freeciv - If science isn't really your thing and civilization building is, consider Freeciv.

Although it has a single-player mode, it really runs strong in a on-line multiplayer environment. Supports Windows and Mac.

Be Organized

allsnap - This is one of those tiny little system tools that you don't realize you probably need until you find and use it. Most Linux systems have this "feature" already.

Allsnap automatically "snaps" your open windows to either the edges of the screen or the edges of other windows. That's it. Nothing fancy, but quite useful.

You can set several options like the "snap-zone" (how close a window needs to be to an edge before "snapping" occurs and some advanced fine-tuning features.

It is simple, light and quite nice.

Bonus tip: to quickly cascade all the windows on your Windows pc, just right click on the task-bar and select the "Cascade Windows" menu item. All your windows will form up in a nicely-sized cascade stack! Who knew? (tip via technofile)

Be Artful

Inkscape. Draw Freely. - Probably the most popular Open Source vectoring software out there. I love it, and each release just gets better. Current version now up to .45 Windows, Mac, and Linux friendly.

Think vector graphics are just about lines and solid colors? Take a took at Brazilian Luciano Lourenco's photo-realistic creation with Inkscape. Wow. Luciano's making good use of that new Gaussian Blur capability in Inkscape.

Illustrator John Bintz shows how to use Inkscape for comic rendering.

Paint.NET - Free Photo Editing Software for Windows - My favorite choice for quick and fast graphic editing when I need to work in layers. Easy learning curve, yet powerful enough for most jobs.

GIMP - The GNU Image Manipulation Program - Yes.. I know. I would be remiss for leaving this one out.. I don't use GIMP much, but I know it has a very active following. More high-powered than Paint.NET. Works with Linux, Windows, and Macs. See also: GIMP Portable | - Portable software for USB drives.

Be Clever with Code

Komodo Edit - My latest find in the quest to find a good HTML coding tool. . It has tabs, supports Perl, PHP, Python, Ruby, JavaScript, CSS, HTML and XML. Syntax checking and coloring is built in with tips on the fly. Works with Linux, Windows and Macs. Free from ActiveState software! (found via mykzilla: Three Things I Love About Komodo)

Similar software I have previously blogged here:

Interesting Free Software Links

Not all free software sites and link pages are alike. Some are trustworthy, but there are too many on the Web that may be dishing up files of dubious quality and integrity. These are some of the select-few I trust.

Happy and Safe downloading!


iTunes Noob Mistake...

I've had a 4G iPod for a while now. I feel I've been quite proficient with it's management.

I can make playlists.

I can apply custom album art.

I can sort.

I can handle the radio and podcast features with aplomb.

I can even quickly and easily purchase music from iTunes.

...or so I thought.

Why does something Apple seems to pride itself so much on be so difficult?

Maybe it was just me.

The Adventure Begins

I have an iTunes account already established and have bought the odd-single for Alvis. Nothing near the level of investment that my brother has apparently contributed, but I'm quite conformable with the process.

Heck, it's even easy.

Oh how wrong I was...little grasshopper me.

For Valentine's Day, Lavie and Alvis gave me a $15 iTunes gift card.

I've had a hard time picking out what music to get.

I was very close to putting up a post asking (based on my genre likes) what 15'ish songs my dear blog friends would recommend; to get an fun eclectic mix. I may still do something like that soon.

I was about to spring for the new Nora Jones album Not To Late, but then inspiration hit...and my problems with iTunes began.

The Heartless Bastards...

See, I remembered one of my fav up-and-coming bands, The Heartless Bastards, had recently released a new album. There's just something about vocalist Erika Wennerstrom's rough and edgy voice that makes this band great. Might iTunes carry it?

A quick "Browse", no that doesn't help me...a quick "Power Search" and I've got the album in my sights! Just $9.99! Score!

It took me three attempts to scrape off the covering of the iTunes "pin" number...each time requiring a harder and sharper grade of metal. I was set!

I was already logged into my iTunes account, so I clicked the "Buy Album" button and it warned I was about to purchase the music.

No request if I wanted to use my iTunes card? Hmmm.

I backed out and tried again. Same thing.

What? I can use my iTunes card right? Isn't that how it is to work?

Because the iTunes purchase message looked pretty clear and firm, I decided I needed to check into whether I was using my iTunes card correctly.

I ran a Google search and came up with this handy Apple iTunes help page: iTunes Store: How to redeem an iTunes Gift Card

I scanned the steps and had done all the steps, but apparently I needed to find the QUICK LINKS window on the iTunes Store homepage...then go to the "Redeem" link. Ohhh.

So I have to redeem my iTunes gift-card first, THEN I can make a purchase decision.

Well that was mud.

Wonder why other stores don't use this awesome gift-card model? Wouldn't Amazon be such a better on-line store if they required their customers to redeem all their credits BEFORE making a purchase, instead of during the checkout process? Got a gift card for Joe's Crabshack? Gotta give it to the hostess first to redeem before being seated at the table and getting your menus.


iTunes Redeemed

Once I got it redeemed, I did notice (pleasantly) that Apple tracks your "store-credit" in a little window up at the top-left of iTunes by your login name.

Back to The Heartless Bastards album page. Quick-click purchase done and in less than five minutes I had it downloaded.

That (sincerely) is a nice touch....and a constant reminder of how much you have waiting to spend. Alvis noticed that I had a balance remaining and sweetly asked if she could have a song....Five for Fighting's "The Riddle". Sure. I like that one too.

So now I know what do do with my iTunes cards now....redeem it, then spend it.

I've got about two or three songs left of credit. I'm not quite sure what I will do with them.

I'm likely going to try one or two of the few Japanese albums the US iTunes carries.

iTunes Japan

If you really love Japanese music, you can head over to JBOX and pick up some Japanese iTunes cards, then log into the iTunes Japan website. As long as you use the Japanese iTunes cards, you can purchase and download music once logged into the iTunes Japan site.

Now I know.


Sunday, February 18, 2007

King Oil

Dad worked for many years in the oil industry. Lavie's father did as well.

Just about everything we had growing up was paid for by the income our parents earned in their long careers with local oil companies.

Even today, my brother works for an oil company and my dad still does consulting work in his "retirement" years.

So it is safe to say that we were both surrounded by oil-insiders and it pervaded much of our childhood years.

This morning I was cruising the web and came across a game over on Retro Thing that jogged something in my brain: Retro Thing: Tug Boat Board Game.

Now, we didn't have the Tug Boat board game, but the mechanical-type design instantly, reminded me of an oil-themed board game named King Oil.

King Oil - Wikipedia, the free encyclopedia

It was really fun.

There were a set of three stacked platters under it that each had holes. Before the game started, you would spin each platter setting the holes randomly. They clattered quite loudly as they spun.

As the game progressed, you would buy land, spend money to drill holes. Then came the best part.

There was a large plastic "oil-derrick" that you would place in a hole you intended to drill. Depending how the hidden holes in the platter lined up, a metal rod would be able to drop clear through resulting in a dry well, to it not getting past the top platter resulting in a "gusher".

The tiny plastic 3-D pieces were really fun. There were sheds and well caps and oil derricks. There were pipelines to set...all kinds of stuff. Pictures via Board Game Geek

It was a lot of fun and we played it a lot. I even remember playing it in the backyard some days.

GamePart sells the whole game now for $75, as well as assorted parts. (Sold out currently. Don't know if eBay has it....)

Seems kinda dated now in light of our current PC attitudes to the oil industry. Can't imagine this game making a popular appearance at the toy-store shelves.

It was more a game of the times, when the oil business still had a bit of "glow" to it and less the complicated love-hate affair it seems to have become.

I wonder if mom still has it somewhere....

Obviously, it didn't indoctrinate me at all as I didn't choose to go into the "family business." But it was a lot of fun, and I can see why my parents would have picked it up off the shelf.

A Grandpa Story

Which then reminds me of a fond story about Grandpa.

He owned a super-big, bright-red early 70's Lincoln Continental with a bright white vinyl roof. Lots of chrome, of course. He would always wear a straw cowboy hat and wore boots on his feet. And he loved wearing "bolo" style neck ties.

He looked like a "King Oil" Texan if ever you saw one on Dallas.

One day he was driving around and someone pulled up next to him and was obviously impressed by his look.

Through the window of their car they asked him if he owned any oil-wells.

Grandpa says he just looked over at the other driver and slowly raised his hand. He spread apart three fingers wide and clear and just grinned as he slowly pulled away.

Grandpa never owned any oil-wells, but he loved Texas and a good joke.

Other oil-games

Big Oil: Build an Oil Empire for PC - Oil exploration and production SIM game. Didn't get a great review on this site.

OIL: The Great Adventure - Very "old-school" style boardgame. Very detailed and according to the web-site author, provides a pretty realistic (for the 70's) review of the oil production process. Surprisingly, it seems to have been originated in Sweden and manufactured in Australia.


NASCAR Time....

For many years I used to be a moderate fan of NASCAR racing. Most Sundays (or the occasional prime-time Saturday night) I could be found camped out in front of the television watching cars go around in circles for hours.

Lavie sometimes would watch with me.

Generally I stuck with the Nextel (Winston) Cup races of the big boys. I didn't really follow the Busch series. And the Craftsman truck series comes on at some really weird times so I never followed that.

I even had a NASCAR sticker on my pick-em-up truck (when I owned one).

The year before last, my attention to NASCAR began to drop. I caught maybe a race a month.

Last year I didn't watch a single race. Although, I still tried to follow the points race and drives when they made the news.

So this year, the Daytona 500 begins again. Controversy swirls the air around the track better than the wind generated by the cars running at full-throttle. Michael Waltrip's team has been devastated by allegations of cheating and rule breaking. Even wonder-boy Jeff Gordon got caught up when his car was found to (accidentally as it stands now) have been using parts causing it to be lowered by 1-inch.

So why my attention again?

Well, for starters, Toyota is bringing a car to the table this year. For the first time in many years, we have a true underdog trying to eat at the food-bowl with the big dogs of Ford, Chevrolet, Dodge, and Pontiac. And a foreign one to boot!

Imagine that!

I wonder if Nissan or some of the German thoroughbreds will be looking to get in on the meal soon.

So I'll be watching the Toyota team performance with interest. They have a long uphill battle ahead and I don't have any high expectations, at least for the first part of the season.

Time will tell.

I like it when the pot gets stirred.

Besides, now that Lavie has her laptop, I can knock out my blogging needs during the race in front of our nice TV Sundays might get more productive now.

Now to get that laundry sorted and in the washing that jet-fuel I smell on somebody's jeans?

Go fast, turn left...indeed.


Post Race Update: This year's race turned out to be quite fun. Long race stretches with a minimum of yellow flags. Some action in pits. The "Big Ones" in the end were quite spectacular--luckily, no-one got hurt very bad. Dale Jr. got his car creamed...too bad. The Toyotas finished in 22, 30, 34, and 40th place. Lavie didn't stick around during the race with me, but Alvis did (playing her GameBoy DS). Occasionally she would act the part of the interested daughter asking, "Where's Jeff (Gordon) at?"

Saturday, February 17, 2007

Pocky Goodness

Like most other people, I have my share of "bad-habits."

I can make quick, decisive decisions while at work, but can take several hours in a mall trying to decide which polo-shirt I want to buy.

I've been known to walk out of a mall after more than three hours, with Lavie not-so-silently muttering under her breath, without finding a single pair of jeans that I thought felt right.

I will go a week without eating lunch, so I can save the budget money to buy a new anime DVD.

I am compelled to toss out any leftovers more than two days old.

I don't go to bed without making sure all the dirty dishes have been loaded in the dishwasher.

I'd rather not wear my glasses in the house, rather than admit it is time to dust again.

But one of my hidden "bad-habits" is my Pocky.

Pocky. Those chocolate-covered, overpriced, demon-snack sticks loved by otaku. And if you believe the Pocky marketing blitz, is a really popular snack in Japan as well.

I have boxes stashed all over the house; in the study, in the living room, in the bedroom, at work, and in my car.

I can't go to the grocery store without buying at least two boxes, even if I have 10 unopened ones already.

I also have a Giant Pocky box the girls found for me one year.

Pocky are (generally) chocolate covered crisp-stick snacks. They are very thin and very good.

Please, Mizuho...Can I have some more?

I blame my addiction on Mizuho Kazami. Onegai (Please) Teacher was my first anime series to collect and fall in love with. It is sweet, tender, and deeply romantic. It was also how I managed to get Lavie hooked on anime with me.

In the series, Mizuho consumes vast quantities of Pochy. We soon learned that was a homage to Pocky snack-sticks and were both searching for boxes to see what the fuss was about.

Before we knew it we were hooked.

As our love of Pocky and anime expanded, we began to see it cropping up in cameos within other anime we watch; Eureka Seven (Precky), Please Teacher (Pochy), and Spirited Away (Pock). It's a fun game now. And we can't watch any Onegai Teacher episodes without a box or two nearby to munch on.

Pocky Picks

Pocky comes in a variety of flavors. The Pocky Gallery lists 30 types and flavors, some more hard to find than others. I'm looking to find the "Men's Pocky" flavor, as it is made with a darker chocolate than the standard Pocky which I usually get. Alvis prefers the strawberry flavored Pocky. Lavie likes the Almond-Crush Pocky best. I'd also like to try the Green Tea Mousse Pocky as well as I like green teas.

Glico's Pocky Chocolate Lineup page. (Japanese)

Which Flavor Pocky are you?

Blogthings has a number of silly/fun quizzes. Including one for Pocky: What Flavor Pocky Are You?

Lavie and I took the quiz (independently) and both came out as being "Green Tea" Pocky flavored folks.

You Are Green Tea Pocky
Your attitude: natural and zen
Peaceful yet full of life. Deep and thoughtful.
You're halfway to tantric bliss!

Tantric bliss?...hmmm. Who knew eating Pocky could be so good for you!

Alvis then took the quiz and (naturally) came back as "Strawberry" Pocky.

You Are Strawberry Pocky
Your attitude: fresh and sweet
Comforting, yet quirky ... quietly hyper
You always see both sides to everything

Pocky YouTube Videos

Like American beer commercials, Pocky commercials do a great job of being delightfully catchy in a short time span. I've found quite a view wonderfully fun Pocky commercials on YouTube.

Just be warned...that theme is kinda catchy!

The Dark-Side of Pocky

The Depths of Addiction: The Pocky Problem - a mockumentary of the pain and horror Pocky consumption can bring and its devastating consequences.
  • Trailer
  • Episode 1: "The Goods"
  • Episode 2: "The Pocky Problem"
  • Episode 3: "The Junkie"
  • Episode 4: "The Underworld"
  • Episode 5: "The Catgirl"
  • Episode 6: "The Goods II"
  • Episode 7: "The Otaku"
  • Episode 8: "The Gateway"
  • Episode 9: "The War"
  • Episode 10: "The Impact"

Google Video and WMV format links here.

Pocky Idol Street

Just so ensure you leave with a sweet taste again:

Glico's Pocky Idol Street. -- It's not just the chocolate that makes Pocky so sweet!

Yui Aragaki's Pocky Note blog. (Did I mention how "kawaii" she is? Yes? Sorry!)

Pocky Girls blog

So go buy a box of Pocky.

Who knows, that might be Claus and Lavie you run into fighting over the last box on the shelf!


SourceForge, Light PC Cleaning, More Mozilla, and Offline Web Tool Development

Friday morning was a bi-weekly trash-day pickup.

We don't generate that much waste each week, so I usually can get by setting out our two cans once a week. Sometimes I don't even have to put out a can. Just a bag will do.

This morning I set out a pair of my Justin steel-toe work-boots. Finally. They weren't well worn. On the average, I might wear them once every two months. This was a very uncharacteristic move, as I usually work hard to wear out a pair of boots. These looked quite new...and that was the problem.

When I bought them several years ago, I was doing lots of work installing heavier items, 100lb UPS batteries, installing new server racks, etc. Seemed like a good idea at the time. I'd had steel-toed boots before with great happiness, so finding a brand that looked good and felt pretty comfortable made me quite happy.

"Pretty comfortable".

That's what got me into trouble.

See, my feet are in that zone that, like jeans, makes it challenging to shop for. They don't seem to be fully "wide" but a normal width usually feels a bit tight at the end of the day, but a wide size seems way too roomy. I usually try to buy my boots and shoes at the end of a long day on my feet so they have spread enough to be representative of how my feet would really fit in them.

Anyway, turns out that these really nice boots ended up being a bit tight on the arch just before my toes. It didn't have anything to do with the steel toe-cap. That was very comfortable...but each time I put them on to wear getting ready in the morning, I would inevitably end up changing them before I left the house.

Maybe I didn't give them a chance, but it's not a good sign when I'm self conscious of how my feet feel in the morning before I leave for work.

So I decided to pull the trigger and "permanently retire" them.

It was for the best.

Nothing hurts worse than a toothache or a pair of uncomfortable work-boots.

Now I have to find a replacement pair....and the search begins anew....

Like those boots I had been holding onto, here are some links I need to set out on the curb for your enjoyment....

SourceForge Goodies

Top 25 SourceForge Projects - Daily Cup of Tech - There were a number on the list that I am familiar with and use often: 1. Inkscape (vector graphic editor), 5. Azureus (a bittorrent client), 17. 7-Zip (file archiver utility), 19. FileZilla (FTP client), and 24. Notepad++. Not bad coverage across the list.

A few on the list I hadn't been aware of but look interesting were OpenXML Translator (ODF Add-in for Word), OrangeHRM - Human Resource Management, and Open Computers and Software Inventory.

Windows File System Cleaning

Computer Zen has a tip on how to Clean up your Temp Files from the command-prompt.

Since we are on the subject of pc file cleaning. For some heavy duty "Brillo-pad" work, try CCleaner (freeware). Use with caution, because it can clean more than you may want if you aren't careful. USB-friendly "portable" version here.

XP has it's "Disk Cleanup Tool" as well, if you are less-adventurous but want to still shake out the rugs....screenshots and more info here (--via TheElderGeek).

Don't forget that Windows 2000 systems also have a very similar tool.

Ever wonder How To Defragment a Drive From The Command Prompt? Well, Daily Cup of Tech has that covered as well! I don't know if it runs any faster than the GUI method, but it does work. As an added bonus, some guidance is provided for setting up "batch-files" for custom defrag runs. I've tried several freeware defrag tools, but always end up going back to the XP/2000 system installed defrag programs.

Sweet Suite

Sysinternals has some of the best Windows utilities on the planet. And they are free. I usually use one or two daily in my job or at home. If you have a hard time picking which ones you need, just hit the "Easy" button and download them all at once! Sysinternals Suite (--via Lifehacker)

BlackBerry Patch? Yes! Don't get Poked!

At the moment, I don't have the pleasure (or pain) of being assigned a BlackBerry device at work. We do use them in our environment however, and have to install and support them for our VIP executives.

So if you are a BlackBerry user, be warned that BlackBerry has now posted a patch to help manage the Daylight Saving Time changes. Go see if you need it, unless you plan to switch it over manually. (--via downloadsquad)

Firefox Self-Patching

Michael Zalewski found a vulnerability in the Firefox code that could allow a malformed URL served by a malicious website to misdirect under a URL that appears to be legit as well as messing with your cookies under certain conditions. (See how your Firefox browser fares in a test site he created here.) This could be a serious problem, depending on your surfing habits.

There are two "workaround" techniques to disable the vulnerability.

Mozilla Links offers a solution by adding a new line in the about:config preferences:

  • Enter about:config in the location bar to access Firefox’s advanced preferences.

  • Right click on any preference and select New>String.

  • Enter capability.policy.default.Location.hostname.set for the preference name.

  • Enter noAccess for the preference value.

  • Restart Firefox.

heise Security suggests the following technique.

  • Close Firefox and browse to the profile folder for Firefox.

  • On my XP system it is located in the following location...yours may differ slightly
    C:\ Documents and Settings \ cvalaca \ Application Data \ Mozilla \ Firefox \ Profiles \ 91t462tw.default \

  • Look in that last folder location for the prefs.js file and open it with notepad.

  • At the very bottom, on a new line add the following text:

  • user_pref("capability.policy.default.Location.hostname.set", "noAccess");

  • Save the file.

  • Restart Firefox.

Either one will accomplish the same thing. Pick which seems easiest for you.

When you are done and have restarted Firefox, go back and check the test page again to see if it is now safe.

It isn't clear if Firefox builds are impacted...and no word if this will be fixed in the Firefox release coming soon. So do this now.

Mozilla Add-on Page Redesign

If you aren't a big Firefox fan, you may not have noticed that Mozilla is redesigning their Add-on site.

Firefox Extension Guru has been working hard, covering the changes quite extensively in a number of ongoing blog-post installments: [Part 1] [Part 2] [Part 3] [Part 3.5].

To summarize: Mozilla has been removing a large number of "marginal" and no-longer-maintained Add-ons, as well as those only offered for older Mozilla application versions. Additionally, Add-on's are going to be placed in a "discussion and review" sandbox before being added to the site. Trusted Add-ons will go directly to the public once updated, while new ones and "untrusted" add ons will need to be reviewed and discussed before made public on the "official" Mozilla Add-on site. Take a look at the excellent flow-chart diagram at that link.

Developers can always continue to offer their Add-on's to Firefox and Thunderbird from their own personal websites. Mozilla isn't restricting that at all. They are just trying to deal with an "extension-bloat" issue that has made it difficult of late to sort out the "wheat from the chaff" on the "official" Add-on site of late.

I think it is a smart decision, as many new Firefox users will turn to Mozilla's Add-on site as their primary source for Add-on's. If they get burned by a bad or less-than-useful extension obtained here, that might leave a bitter taste in their mouth for the Firefox/Mozilla experience. Think of it as Quality Control.

Mozilla Build Goodies coming soon?

Firefox Extension Guru also tips us to cryptic Mozilla Firefox 3 status meeting notes indicating that at least Bookmarks on Places seems to be targeted for inclusion in Firefox Alpha 3.

Places is to be a new design by Mozilla for storing bookmarks, history and other related page information. It was much anticipated to be included in Firefox 2.0, but missed the cut. Tentatively it now looks to appear in Firefox 3.0.

Also seen in those notes, is discussion to nominate some current popular extensions for inclusion in Firefox. That is a bigger deal than it appears, as Firefox has always been touted (among other things) as being small, fast, and light. The whole "extensibility" of Firefox makes it a popular alternative to Internet Explorer--add what you need and leave out what you don't.

Extensions currently being nominated for evaluation/inclusion are: URLFixer (auto-corrects URL typos), LocationBar² (improves URL address bar readability), Firebug (page code inspection tool), Console² (replaces JavaScript Console), Site Specific Prefs (force pages to display the way you want them to), maybe a revised download manager, Print Hint (alerts for printer-friendly webpages), and TableTools (custom-sort, filter, or copy any HTML table).

All of these look quite nice and useful, some would be helpful for "regular" users, while others would be powerful tools for "power" users.

A New World? -- Functional Offline Web Apps!

Finally, in a curiosity-feeding Read Write Web report, Mozilla developer Robert O'Callahan commented that Firefox 3 will deliver support for off-line applications. And he uses Gmail, Google Docs & Spreadsheets, Google Calendar as examples. (See his additional comment for more details.)

Would you find Firefox support for off-line usage of web-apps a helpful feature? I bet a lot of folks would.... (--via Google Blogoscoped)

I did some comment reviewing and then came across this related application:

The Dojo Offline Toolkit

What is the Dojo Offline Toolkit? .

"The Dojo Offline Toolkit will be a small, cross-platform, generic download that enables web applications to work offline."

To get an idea of what it will look like in action check out the post: Offline Gmail and Blogger Using the Dojo Offline Toolkit. It provides a look on how it could work with Gmail, Blogger, and a corporate portal site.

They even now have a demo-page "Moxie" up to illustrate and test their progress. (Related blog post: New Dojo Offline Release: Offline Files + Automatic Network Status) Moxie demos an online/offline web based word processor. Still very early in development, but the concept is fascinating.

Bonus points for their nicely crafted Lab page!

I'm adding the sitepen blog to my RSS feed list to keep an eye on!

I think the field of offline web applications is area that has the potential to grow into a very strong and healthy supportive branch of the overall web-browsing experience and it may just help redefine what the "Web" is down the road.

Until then, it will be fun to watch what happens!