Move count: Two Jarretts

Esta moved into a new place in downtown Richmond this weekend. Apparently she’s quite happy with her new place, 6-minute commute and all.

One word of advice to Esta for her new place’s hardwood floors: Swiffers. A finer cleaning product has yet to be seen. Not an employee, just a happy customer. Procter & Gamble really understand their customer too. There’s nothing more satisfying than picking up the Swiffer mop, shuddering at all the dust, hair and other detritus that’s been picked up, then throwing the crap away.

Busy weekend

Sorry for being quiet this weekend. Lisa and I went to visit Shel in Portland on Saturday. Had a great time—a quick lunch and some hardware hunting followed by an afternoon stroll in the Rose Test Garden.

Today has been home project day. Lisa’s long been unsatisfied with the lavender color of our “laundry hall”—which connects the living room to the dining room and the two front bedrooms. The walls were dark, in a space that gets little natural light to begin with. So we found a shade of white called “Snow Ballet” that brightened up the hall considerably. And I had to buy a drill so I could start installing towel rods and so forth in our newly remodeled guest bathroom. I also had a moment of transcendence: sitting in our garage at my workbench (I have a workbench!) sorting screws into a new 37-drawer storage unit that I mounted, I realized I was feeling more peaceful than I had in some weeks. There’s something to be said for ordering your environment and working with your hands.

Florida: where electoral law is optional

NYT: Again, Election Confusion for the Florida Secretary of State. Seems that the state of Florida, who have already given us the HarkenHalliburton presidency, continue to blaze a trail in creative interpretation of electoral law. It seems that Katherine Harris (yes, former Florida secretary of state Katherine Harris, who was so insistent during the recount controversy in 2000 about sticking to the letter of the electoral law) is running for Congress, but hasn’t figured out how Florida electoral law applies to her. By violating Florida’s “resign to run” law, she’s landed herself in a bit of a mess.

I like the commentary from the Florida Democratic Party:

“She doesn’t know election law,” said Bob Poe, head of the Florida Democratic Party. “She couldn’t even resign properly.”

Tip of the hat to Greg, whose blog is rapidly becoming required political reading, for the pointer.

Moving to Mac OS X: What’s taking so long?

MacDevCenter: Jaguar: Time to Stop Pussyfooting Around. Derrick Story takes on a touchy point: the masses of Mac OS 9 (and 8???) users who still haven’t upgraded to Mac OS X. My dad is one of those users; he has a first generation beige G3 and less than 128 MB of RAM. While I would love to spend the time implementing one of the hacks that would allow him to run OS X, I can’t recommend it unless he ups the RAM at least.

Derrick says, “If you would have told me a year ago that we would have an OS as good as 10.1, plus all of these vital applications, and only a 20 percent conversion rate, I would have told you that you just don’t know the Mac community.”

Unfortunately we don’t know the whole story. How much of the remaining 80% is like my dad–stuck on old hardware without the discretionary cash to move to something more powerful? And it’s not just retirees, either; think about how underfunded your local school district is. Do you think their Macs are able to run OS X?

I want my family’s Macs to run OS X, because then I can write software for them. (By choice, all my Mac development has required features only available starting in OS X 10.1, such as XML-RPC and SOAP calls.) But I don’t have the discretionary income to upgrade all their hardware.

Speaking of which (again)…

…someone’s playing tricks with my referers. I have an entry with no link, consisting of XXXX: followed by 160 plus characters (+). It pushed the right column of the table out past the page border and made me think there was something wrong with my site (which, in fact, there may be). Is something like this supposed to be able to appear on the referer page?

Update: Now this is interesting. There are a few discussions at places like DECAFBAD and around this topic. There’s no consensus. The cause is either

  • someone faking the referers manually
  • a tool like Outpost is blocking the referral

It’s a little surprising that it hasn’t happened before now, I suppose.

Speaking of which….

…what are the Userland folks doing to ensure the security of root updates for Radio and Frontier? Seems to me it would be possible, as long as those updates aren’t signed, to masquerade as the update server and download some bogus stuff. I don’t know enough about the products or the scripting language to figure it out, though. Anyone?

Be careful: trojaned OpenSSH package found

Slashdot: OpenSSH Package Trojaned. OpenSSH, for the Windows audience out there, is a secure connection package that allows encrypted connections over which users can use a shell on a remote machine or transfer files. (Grossly simplified, but that’s what I use it for.) It’s pretty essential, to the point that it’s become the default remote login daemon on Mac OS X.

Apparently someone hacked the package available for download from (and its mirrors) and inserted a line in the makefile to call a script that attempts to contact a server during the build process. So the trojan doesn’t appear to be much more than a proof of concept.

It’s pretty damn scary all the same. But there are is one simple thing that people can do to mitigate their risks: Check the checksums. According to the mailing list message that announced the problem, the two packages have different checksums:

This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57

This is why Apple started digitally signing its software update packages. Without an infrastructure to verify identity and validity of downloaded packages, people will continue to be at risk.

Now the OpenSSH project will have to look at its server and its processes to figure out how they got tainted.

Whither Massachusetts health care?

George Chang: Taxachusetts… legislating companies out of business. Mass governor Jane Swift just signed a bill legislating cutting the Medicare reimbursement rate to 2% less than the wholesale cost of drugs. George argues this is a pretty quick way to cause a meltdown:

Let’s think about this: First, regulate the reimbursement rate of a product below the wholesale cost. Second, sue/force businesses to continue to sell this product at a loss. Does this make any sense?

…large pharmacies such as CVS have the option to pull out of unprofitable markets and continue to operate in profitable ones. However, about 20% of the 1000 pharmacies in Massachusetts are independently owned. These neighborhood mom and pop shops that are already scraping along will most likely be forced out of business.

Not to mention that decreasing sales volumes can only raise the cost of drugs overall. Have we learned nothing?