Trevor baby stare

Catching Up

I've had this Chrome browser session open for 101 days, ignoring a MacOS security update for a couple months. Why? I had a dozen or so tabs open to /read pages on Dreamwidth and if I restarted anything then i wouldn't be able to read everything that people had posted since, erm, the beginning of August. Appropriately enough, I learned a word from one of those dusty Dreamwidth tabs: tsundoku, “acquiring reading materials but letting them pile up in one's home without reading them.”

So if you got a comment from me that seemed like it was in a time warp, that was me.
Now time to reboot. I'll miss the old Chrome tab UI, though. The *ahem* new one where favicons never disappear looks kinda funny when you accumulate as many open pages as I do.

Hey, don't tab shame me.

This entry was originally posted at https://flwyd.dreamwidth.org/384960.html – comment over there.

Trevor baby stare

We Can Act Now, or Act Later

The Daily Camera published my letter to the editor today—election day.
An ounce of prevention is worth a pound of cure. That's what came to mind as I read the Oct. 20 Editorial Advisory Board opinions and the editorials on Oct. 12 and 15 about climate change. These authors expressed a spectrum from mild concern to deep worry and a diverse suite of solutions. It's important to have these conversations — climate change and our responses to it will be the biggest story of the 21st century and all ideas should be on the table. From wildfires to floods like 2013, we've all got skin in this game.

We can do two things about climate change: reduce net greenhouse gas emissions (prevention) and adapt to a warmer climate (cure). We can accomplish the former by putting a price on carbon dioxide emissions, investing in low-emission power and transportation, planting forests, sequestering carbon through agriculture, and more. Adaptation will involve mass migration, investment in disaster recovery, growing and eating different crops, paying higher insurance premiums, rebuilding or relocating cities due to flooding, combating insect-borne diseases, and resolving geopolitical tensions over water and arable land. We can invest in a combination of both prevention and adaptation, but the longer the wait, the more will have to pay to adapt.

Now is the time to have conversations about climate change and solutions. Share stories of how we've been affected. Explore climate risks and mitigation. Debate the pros and cons of each solution. Talk to your friends and neighbors. Share your thoughts in the newspaper and on the Internet. Call your elected officials and let them know that 2019 can be the year that Congress starts to invest in climate change prevention, or we can do nothing today and scramble to adapt in the 2030s. Trevor Stone Boulder

This entry was originally posted at https://flwyd.dreamwidth.org/384662.html – comment over there.

  • Current Music
    KGNU - The Heavy Set
  • Tags
Trevor baby stare

Campaign Oddities

I take a very thorough approach to voting. I spent several hours to find data about things like relative fugitive emissions between states and break-even costs for gas development before deciding how to vote on Colorado's Proposition 112, a measure to increase the required setback for petroleum development.

I also look at the website for every candidate, even minor-party ones, to see what their issues and framing are. This led to a number of interesting findings:

  • The Libertarian candidate for Lieutenant Governor has a website, but their running mate just has a Facebook page. Why they don't share a single site is unclear. (The Republican and Democratic gubernatorial candidates both have an About section for their running mates on their main site.) So much for the early-2000s stereotype that a Libertarian candidate is probably an out-of-work programmer.
  • The 90s-retro website award goes to John Bedrick, Republican candidate for Boulder County Sheriff. According to the hit counter at the bottom of the page, I was the 962nd visitor. And although he prominently lists his experience in cyber/data security and privacy, I'm not sure that hosting your campaign page on your business's domain is a great idea. Props for having a Spanish version of the text prominently displayed in parallel with the English.
  • Incumbent Colorado Secretary of State Wayne Williams has an interesting Google problem: when I google [wayne williams] with a Colorado IP address, the top two results are an ad for his campaign website, a normal link to his campaign website, a sidebar for Wayne Williams, American serial killer, and about give other articles about "The Atlanta Killer." Hopefully Colorado voters are able to tell who is who.

The weirdest platform goes to Bill Hammons, national leader of the Unity party and candidate for Colorado Governor. His positions:

  1. I Support the Military > If Trump takes the step of firing Special Counsel Robert Mueller, I support the Generals
    In other words, let's have a military coup if Trump gets out of line.
  2. Lincoln, D.C. > Ditch the swamp by moving the nation's capital to east of DIA and naming it after one of our greatest Presidents
    How moving the capital would change the dynamics between government, lobbyists, and contractors (or other swamp concerns) is unclear. Also, eastern Colorado doesn't really have the water resources for the couple million people that would come with moving the Beltway.
  3. Colorado Constitutional Convention > Our system is broken, and Colorado can host an Article V Constitutional Convention
    This is true of every other state?
  4. Eliminate Income Taxes > Replace the Colorado income tax with a revenue measure based on fossil fuel consumption
    Um… the point of a tax on fossil fuels is to get people to use fewer fossil fuels. If Colorado's income tax were replaced with a fossil fuel tax with equal revenue, utilities would quickly switch to renewables (great!) and then the state would face a huge revenue shortfall (crap!) and gasoline taxes would have to rise to match… and slowly erode as people switch to electric cars.
  5. Crossroads Colorado > More can be done to promote the advantages of Colorado's central position in the country
    Maybe add "Not at the edge" to the bottom of the "Welcome to Colorful Colorado" highway signs would promote this?
  6. Defend Colorado at all Costs > We should demand resurrection of the federal "Star Wars" SDI program with Colorado as its focus
    I guess launching satellites to shoot down Soviet ICBMs targeted at NORAD would be one way to generate revenue from a fossil fuel tax…
  7. Colorado Spaceport Development > Since 2010, I've been publicly pushing for more Spaceport development in Colorado
    Is a state with high winds, surprise blizzards, and no ocean a good place to be launching things into space? I guess we're a mile closer to space than those coastal launch sites…
  8. Life and Death > I support the Right to Choose, and I also support the Death Penalty
    In short, pro-death.
  9. Colorado Gun Rights > Like the rest of the Constitution, I support the Second Amendment as it was written 200 years ago
    The U.S. Constitution was written 231 years ago. Colorado's constitution was written 142 years ago.
  10. School Shootings > The FBI needs to be folded into the CIA and domestic surveillance of Social Media increased dramatically
    So… we should treat American teenagers like members of international terrorist organizations?
  11. Law Enforcement > We can protect both our law enforcement officers and the public with mandatory and funded body cameras
    Needed to have a reasonable position in here just to keep you on your toes.
  12. Care for Coloradans > I myself lost my own health insurance due to Obamacare, and support a Colorado Medicare for All system</ins>
    Somehow riding both the talking points from the right and the left.
  13. Colorado Life Insurance > Being a Life Producer, I'm a firm believer in the societal benefits of insurance, and support state funding
    Is "Life Producer" a euphemism for parent?
  14. Lower the Voting Age to 16 > If you're old enough to drive tons of steel, you should be old enough to vote in the State of Colorado
    A wild reasonable opinion appears.
  15. Count Every Vote (CEV) > Counts of all over-votes on ballots encourage desperately-needed competition in our electoral system
    It'll be like Instant Runoff Voting, but less clear.
  16. Colorado Redistricting > We need drawing of all legislative districts along competitive lines, including with my Denver 7 plan
    "I'm not gonna link to my plan, though."

This entry was originally posted at https://flwyd.dreamwidth.org/384509.html – comment over there.

spam lite

Heads Up: Potential LiveJournal Password Breach

I received the following email today, addressed to the plain text LiveJournal password I've had for over a decade. If you have or had a LiveJournal account, consider changing your password, and the password of any site which shared a password.
Received: from [197.29.14.197] (unknown [197.29.14.197])
by my.smtp.host (Postfix) with ESMTP id 1336F87C71
for <my-livejournal-address@my-host>; Wed, 10 Oct 2018 18:03:34 +0000 (UTC)
Message-ID: <5BBE4D0A.8030000@my-host>
Date: Wed, 10 Oct 2018 19:03:38 +0000
From: <my-livejournal-address@my-host>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: "my-livejournal-password" <my-livejournal-address@my-host>
Subject: Security Warning
Content-Type: text/plain; charset=CP-850; format=flowed
Content-Transfer-Encoding: 8bit


8Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account my-livejournal-address@my-host was hacked, because I sent message you from your account.

Now I have access to all your accounts!
For example, your password for my-livejournal-address@my-host: my-livejournal-password

Within a period from July 30, 2018 to October 9, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $800 to our Bitcoin wallet: 1GdegtNpYcvoCPsMmyiSkZARDdAmYuXGXU
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.


A couple notes:
  • LiveJournal is the only site I've used this password on. Dreamwidth also has a copy of the password, so that it can crosspost.
  • I suspect that this extortion attempt is based on access to a LiveJournal user database or dump (rather than intercepted from a Dreamwidth crosspost request) because it was sent to an email address I only use with LiveJournal, and which I don't think Dreamwidth knows, nor (I think) is it publicly available on the LJ site.
  • The sender didn't change my password on LiveJournal and doesn't appear to have performed any vandalism, so I suspect they didn't log in with the compromised password.
  • A good indication that sending bitcoin would be a bad idea: the email gives no way to tell the recipient whose "data" to delete.
  • Other than the password itself, none of the claims in the email are true. Googling the bitcoin address leads to a report that this scam is going around (it's a variant of one that's about a year old) and a couple dozen reports on bitcoinabuse.com.
  • So far, that address has received two transactions, with a total value of about eight dollars… maybe not as lucrative as the scammer had hoped.

So it sounds like LiveJournal's password database was compromised… at some point in the last decade or so. Probably in the last few months, though. If you've got an LJ account, it would be a good idea to change it (and update your DW crosspost settings). If you used the same password on other sites, change those passwords as well (to something different).

ETA October 20 I got another email with the username and password of a second LiveJournal account that I created years ago and mostly forgot about. This makes me fairly certain that the scammers are either operating with an exfiltrated LJ user password database or they had an implant in the site many years ago but have only made use of it now. Whoever answered the support ticket I filed to alert about the security incident was fairly dismissive, though. Hopefully someone at LJ will take the breach seriously and at least notify affected users.

The new email content is a little different, and its bitcoin address 1AzdzwWHaJXytimxenzi45JVtY4FsXwLZZ has not yet received any payments and it's got several abuse reports. The address on the first email I got has received about 1.12 bitcoin; I guess $7200 is enough of a spam payout to keep a scammer motivated to keep cracking passwords.

ETA October 28 Another address, with two messages on October 22nd: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj has received over 4.7 bitcoin which is over $30,000 at current exchange rates. It's received nearly 300 abuse reports.

On October 22nd, the first address, along with 8 others, transferred 1.656 bitcoin (about $10,000) to an intermediate address which transferred it on to an account which now has exactly 5 bitcoin ($3200) and another which seems to be part of a further web of intermediate accounts. The second address I got a threat from only got 0.376 bitcoin ($2400) with no transactions since the 22nd, and hasn't yet cashed out. Assuming these accounts are all part of the same spam push, over $60k from people who are savvy enough to figure out how to buy and send bitcoin but aren't savvy enough to realize this is a hoax seems like a pretty good return.

This entry was originally posted at https://flwyd.dreamwidth.org/384008.html – comment over there.

inner maiden animated no words

Furthering the Bechdel Test

I was recently thinking about the Bechdel test—whether a work of fiction
  1. Has at least two female characters
  2. Who talk to each other
  3. About something other than a man

and ways it might be extended to the next level. I like this formulation: a story
  1. Has a female protagonist
  2. Who completes her objective
  3. And is rewarded with something other than a man

Alice's Adventures in Wonderland and Through the Looking Glass pass. As does The Wizard of Oz and Frozen. I suppose Island of the Blue Dolphins passes, though I'm not sure if getting off the island was the main character's goal. So there's decent success at stories targeted at young people, though Disney certainly has a history of missing the mark. In the women-killing-dangerous-enemies genre, the films Alien (and Aliens) and the Girl With the Dragon Tattoo trilogy pass.

I then realized that I don't know, off hand, a lot of stories or films with female protagonists. And many of the ones I do know, I've forgotten what the reward is at the end of the story. I'd love to hear more stories in the comments to add to the list.

This entry was originally posted at https://flwyd.dreamwidth.org/383833.html – comment over there.

Trevor baby stare

State Department Challenging American Citizenship

Thanks to [personal profile] dglenn for posting about the Trump administration's marked increase in passport denials, including this list of articles: Also BoingBoing: Bertherism for everyone: Kansas woman told birth certificate can't be used for passport renewal.

I'm very concerned about this development. It seems like a step beyond the early anti-immigrant efforts like denying entry to U.S. permanent residents from seven majority Muslim countries. This policy is denying rights to native-born American citizens and it could be used as grounds in the future to deny Americans their status as citizens. Demanding that current passport holders produce additional documentation of their birth forty years ago is a new Kafkaesque policy from an administration that's led by a man who gained political fame by questioning the nationality of the previous president.

The Trump administration is questioning the citizenship of people born at home, particularly if they have immigrant-sounding names. Both of my grandmothers (American citizens I assure you) were born at home to first-generation immigrants. Donald Trump's State Department's policies degrade not only the Americans that have to wade through a new morass of government red tape to access their rights. They degrade American heritage as well.

This entry was originally posted at https://flwyd.dreamwidth.org/383492.html – comment over there.

Trevor baby stare

Red White & Blueberry Ale

On July 4th I started brewing a batch of Red White & Blueberry Ale. For several weeks I was trying to decide what I should brew during the holiday break until inspiration finally hit for this patriotic brew. The idea was to brew a red ale with blueberries, using flaked wheat (plus the yeast and head) to play the role of white.

Blueberries floating in a carboyIn the boil I put
5 gal water
4 lbs CBW Golden Light liquid malt extract
2 lbs Red X 12° malt
½ lb flaked wheat
3 lbs blueberry puree
1 oz Liberty pellet hops
1 oz East Kent Golding pellet hops
0.5 tsp Irish moss
1 packet White Labs Irish Ale yeast (WLP004)

Thanks to the blueberry puree, the wort was very brown and cloudy; straining it into the fermenter was a slow and gooey task. With nearly 10 pounds of sugars, vigorous fermentation picked up within hours.

Two weeks later, I racked this to secondary: it was a purple shade of brow and still fairly cloudy. I added 4 pounds of whole blueberries that had gone through four freeze-thaw cycles to break down the cell walls. About a third of these floated right away while the others sunk to the bottom of the carboy, slowly rising in the next couple days as they soaked up the beer.

Clear red/purple ale in a syphonToday was bottling day. The sediment had settled nicely, with all the blueberries on top, creating a fun visual as the two masses slowly approached each other while I siphoned into the bottling bucket. My siphon placement technique worked well; there was hardly any sediment in the bucket (I usually end up with several millimeters). The beer had also cleared: instead of the cloudy brown, it was a beautiful reddish shade of purple, looking more like a light red wine than a beer. The taste is also pretty exquisite: blueberry and grain flavors both come out in roughly equal proportion; neither are overpowering, and the hops are mild, with no detracting bitterness. The alcohol content is somewhere above 3.7%; I don't know for sure because I'm not sure how much sugar in the whole blueberries got digested by the yeast. Regardless, this should be a great refreshing summer brew, befitting its patriotic and independent identity.

This entry was originally posted at https://flwyd.dreamwidth.org/383153.html – comment over there.

  • Current Music
    RockyGrass stream
  • Tags
Trevor baby stare

July is for Entertainment

Somehow July turned into my month for being in the audience.

Dead and Company were at Folsom Field in Boulder for two nights. The first set of the Friday night show was a little underwhelming, but the second set was amazing, with highlights including Terrapin Station, Saint Stephen into The Eleven, All Along the Watchtower, and Throwing Stones: every song was played exceptionally well. The Saturday night show was stellar from beginning to end, including a great The Other One into Drums and Space back into The Other One. It's a lot of fun to be with a football stadium full of people who know every song well and reflect a lot of energy back to the band. I may have spent too much money on tie dye on Shakedown Street.

I saw The Colorado Shakespeare Festival's productions of Love's Labours Lost and Richard III. Somehow I'd never seen or read the former, and it's a really good play (rising above some Shakespearian tropes) and the CSF cast did a great job playing up the comedy. The Richard III production was also well done, with some really neat witchy action from ex-queen Margaret. After watching three or four times productions in the last ten years, I think I finally understand everything that's going on in that play.

As a birthday present for Kelly's inner child we saw Disney's Little Mermaid at BDT Stage neé Boulder Dinner Theater. The costuming was pretty fun, and they had a good fluidity of "imagine that we're underwater." I think I ended up eating some dairy at the show (maybe the bread), so I felt lousy the next day :-/

This week I saw Bombino, a fantastic Tuareg guitar player in the tradition of Tinariwen and Ali Farka Touré, at the Boulder Theater. The performance was fantastic, and they had a fun humble and thankful energy, with the bass player apologizing that they don't know much English (having been colonized by the French). Local Afrobeat band Atomga opened. I saw them a few years ago; they seemed to have upped their game and their set totally rocked; on par with the main act. Lots of good dancing opportunity, particularly since the theater wasn't very crowded. I guess the rest of Boulder didn't realize how fun this show would be.

I also managed to fit in two trips to the Monday evening Bandshell Boogie. And I skipped the Buckethead concert at the beginning of the month because I was too.damn.exhausted.

This entry was originally posted at https://flwyd.dreamwidth.org/382735.html – comment over there.

earth eyes south america face

Borrowing a Personal Map

We were instructed to create a personal map as homework for an all-day team alignment meeting at work today. The general expectation was that it would be mind map style: your name in the center and branches leading to ideas which play an important role in your life.

Since I'm a map nerd and we're part of the geo team, I decided to dispense with the node/edge modality and use a geographic map as the base. And since laying out and drawing a map of my own psyche is a more involved project than I wanted to undertake, I started by borrowing from one of my favorite maps: Tolkien's map of Middle-earth. I then carefully positioned some of the key pieces of my life upon the rich geolocated symbolism of Arda, arriving at this interesting work:
Collapse )

This entry was originally posted at https://flwyd.dreamwidth.org/382634.html – comment over there.