tag:blogger.com,1999:blog-65469107820768231232024-02-07T01:39:59.653-08:00Carrel.ORGwachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.comBlogger93125tag:blogger.com,1999:blog-6546910782076823123.post-45168765068380378022009-11-16T18:47:00.000-08:002009-11-18T16:30:16.004-08:00Ireland 2009<div style="text-align: center;">[Sorry, but the pictures are not in chronological order]</div><div style="text-align: center;"><br /></div><div style="text-align: center;">Andy (after the tasting session) at the Jameson Factory in Midleton, Ireland.</div><div><br /></div><div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgArNFoK_ouknQwzPN5COPnAM8HXZ6OSl5QRTI2aSZncYEwgYwtHEVuN0hVAigD_vg6WMezQbBH4Vb9PyNTP6jLgX16HdnwQ8LxppqkMqX8E2-koZJDNfuOVMVlsBMKEYR3oij97PxT-3A/s1600/DSCN0674.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgArNFoK_ouknQwzPN5COPnAM8HXZ6OSl5QRTI2aSZncYEwgYwtHEVuN0hVAigD_vg6WMezQbBH4Vb9PyNTP6jLgX16HdnwQ8LxppqkMqX8E2-koZJDNfuOVMVlsBMKEYR3oij97PxT-3A/s320/DSCN0674.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404903618866911522" /></a><div style="text-align: center;"><br /></div><div style="text-align: center;">The old Jameson Factory buildings. A new improved factory was built in the 70's next door.</div><div style="text-align: center;"><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4KSMNp8CzkPBioWIQex_kXlxNY-NulzxEvUpHynT4HGHzQ4RDFB8yL5FTJVdR8W-D426nyXNJPnnjFJ8ewJYew9kNHNQEBhOrXtim4_rP6s1Ubz3ugRkGbUmj5utn6apTMUSH9uCmUYk/s1600/DSCN0667.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4KSMNp8CzkPBioWIQex_kXlxNY-NulzxEvUpHynT4HGHzQ4RDFB8yL5FTJVdR8W-D426nyXNJPnnjFJ8ewJYew9kNHNQEBhOrXtim4_rP6s1Ubz3ugRkGbUmj5utn6apTMUSH9uCmUYk/s320/DSCN0667.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404903611400119186" /></a><br /><div style="text-align: center;">A waterwheel which powered the plant and is still running today.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgozWVHicH-ZKbqA02E_07FidLiA1kZXcULwrVAl7oMPTis7CAPWaN0unyIX0yPHJigKaTMdByzMOKsjciIw4rfOZLPw4qgegM8KG66mYWHOBymt4jpUViN-sjTk4PN5UgdPnjsqbu-LYQ/s1600/DSCN0669.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgozWVHicH-ZKbqA02E_07FidLiA1kZXcULwrVAl7oMPTis7CAPWaN0unyIX0yPHJigKaTMdByzMOKsjciIw4rfOZLPw4qgegM8KG66mYWHOBymt4jpUViN-sjTk4PN5UgdPnjsqbu-LYQ/s320/DSCN0669.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404903601610778306" /></a><br /></div><div style="text-align: center;">A <i>small</i> still in front of the plant.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzQ1A_gNpHHjPYkb3NPQRjyp9AgFJCr9rkF89uNBxYUBOLOOEFGBwPLPVItQp5y-zf1tdv_Lnke1acqkUv25HvhCIPzYRKLKdsyHZQP1TxouZ-tgzZRc0Sijh2ifdxuJqMomCrjdIadME/s1600/DSCN0657.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzQ1A_gNpHHjPYkb3NPQRjyp9AgFJCr9rkF89uNBxYUBOLOOEFGBwPLPVItQp5y-zf1tdv_Lnke1acqkUv25HvhCIPzYRKLKdsyHZQP1TxouZ-tgzZRc0Sijh2ifdxuJqMomCrjdIadME/s320/DSCN0657.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404903593052822514" /></a><br /></div><div style="text-align: center;">The EU helped to fund the restoration of the old buildings.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLFt4iqrpOE4l6et58H9-8B2nqEMxHnU-1zqzbDjym7lMWo8i1dhx8x75mND_Da_xes3LGHn434qxNC2og5MffkVaZc4QJIMdRTqWehbrOm4k1SQEsN3IxMsAd8Je6aPadGep5LZGwD70/s1600/DSCN0663.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLFt4iqrpOE4l6et58H9-8B2nqEMxHnU-1zqzbDjym7lMWo8i1dhx8x75mND_Da_xes3LGHn434qxNC2og5MffkVaZc4QJIMdRTqWehbrOm4k1SQEsN3IxMsAd8Je6aPadGep5LZGwD70/s320/DSCN0663.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404903579763011298" /></a><br /></div><div style="text-align: center;">We spent a night in Cork, Ireland where we saw this plaque in front of a local cathedral. I never knew there was an apostle of temperance before . . .</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7OvLT8kDhVqk0n_offOp5L8oaSEEtdD3EIVA1mTp84Om4qudvgou9Anw-zCEsWadNfyCU17Ynk-lo9vTblEpzYdMHfiP4BEy34Pbnoz2xLsG97lqeLLkPRTRJnHM4UPfgyGqWswxXeeM/s1600/DSCN0656.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7OvLT8kDhVqk0n_offOp5L8oaSEEtdD3EIVA1mTp84Om4qudvgou9Anw-zCEsWadNfyCU17Ynk-lo9vTblEpzYdMHfiP4BEy34Pbnoz2xLsG97lqeLLkPRTRJnHM4UPfgyGqWswxXeeM/s320/DSCN0656.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404902237448167778" /></a><div style="text-align: center;"><br /></div><div style="text-align: center;">We also visited <a href="http://www.knowth.com/newgrange.htm">Newgrange</a>, a massive structure built in 3200 BC. The entire structure is built of stone and there are approximately forty more mounds, of varying sizes, in the surrounding area.</div></div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHxQTeiaeMlrw74rcVCXqKfKh0pAoMnL3EQ8SCbxgQNTXvM9GwR1gRRMTGFKNkoKwYgpO0DjqSTyPXvvQLVbTqE_EUKMpRwy3nW61MEHiWNK4uSGjjDeIC5HOPdkuoYpbo4Qr0cjpFKMw/s1600/DSCN0684.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 240px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHxQTeiaeMlrw74rcVCXqKfKh0pAoMnL3EQ8SCbxgQNTXvM9GwR1gRRMTGFKNkoKwYgpO0DjqSTyPXvvQLVbTqE_EUKMpRwy3nW61MEHiWNK4uSGjjDeIC5HOPdkuoYpbo4Qr0cjpFKMw/s320/DSCN0684.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404902221529734290" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisgcoG3Qx73IudPSKO0xfJBg4q-sMKNRGlW9uW4lb0i4e-sc7x5UYs-Q5JmPt4SbCFpl01BEiP7AxsgUg5-E9XvclwAevXqHCF7fKNbL1nxNsZZjxEnn_01RzwC0I2misbL2g6dPCzI2g/s1600/DSCN0687.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisgcoG3Qx73IudPSKO0xfJBg4q-sMKNRGlW9uW4lb0i4e-sc7x5UYs-Q5JmPt4SbCFpl01BEiP7AxsgUg5-E9XvclwAevXqHCF7fKNbL1nxNsZZjxEnn_01RzwC0I2misbL2g6dPCzI2g/s320/DSCN0687.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404902213553258466" /></a><br /></div><div style="text-align: center;">These pictures are from the Southern Coast, specifically, the Ring of Dingle.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwGXdGBUw7W-vVsTtHp4O3GhptjY0PYfZdn9bFFyR5k_bh_7P4oBTu3n3Pw1pbOu3NRyWjup6SOBd_ZKuJPDnYJyEFgg4JM4Swj7zUfI9dZOWhbyl9OYjQhmpIoBN3lRc70tmBqQbKu0o/s1600/DSCN0647.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwGXdGBUw7W-vVsTtHp4O3GhptjY0PYfZdn9bFFyR5k_bh_7P4oBTu3n3Pw1pbOu3NRyWjup6SOBd_ZKuJPDnYJyEFgg4JM4Swj7zUfI9dZOWhbyl9OYjQhmpIoBN3lRc70tmBqQbKu0o/s320/DSCN0647.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404902200858397410" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXyNJcIrDdBEzFYhZfjvM7C1bTfK4X-oZNUJIBHQQln2hcWdRU8EOHLL7rcQtlSh5hK2Q8YGGYU4ZyiTsm9uCSrzMXMR6unK1K2w6gOgihgd3l9p8benwNTdGPn9brGfxyrQMbgNhoD_M/s1600/DSCN0652.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXyNJcIrDdBEzFYhZfjvM7C1bTfK4X-oZNUJIBHQQln2hcWdRU8EOHLL7rcQtlSh5hK2Q8YGGYU4ZyiTsm9uCSrzMXMR6unK1K2w6gOgihgd3l9p8benwNTdGPn9brGfxyrQMbgNhoD_M/s320/DSCN0652.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404902191229246178" /></a><br /></div><div style="text-align: center;"><a href="http://en.wikipedia.org/wiki/Ross_Castle">Ross Castle</a> in the <a href="http://en.wikipedia.org/wiki/Killarney_National_Park">Killarney National Park</a>.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirQdM0jQEZIG8Doe171dmEVEuRTc9rTb3jwmTssQh-ZptWJq8VrpV4_n-2mCDAlOO9z2G5DiKMkwiUtX2_h5KGj_5-KDva2FZLZ6AwEnSlMHn3JeSe3L-oWCwlT07gvWoyTjvZFddCw6E/s1600/DSCN0631.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirQdM0jQEZIG8Doe171dmEVEuRTc9rTb3jwmTssQh-ZptWJq8VrpV4_n-2mCDAlOO9z2G5DiKMkwiUtX2_h5KGj_5-KDva2FZLZ6AwEnSlMHn3JeSe3L-oWCwlT07gvWoyTjvZFddCw6E/s320/DSCN0631.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404900741585524690" /></a><br /></div><div style="text-align: center;">The <a href="http://www.kerrytrailride.com/">Killarney Riding Stables</a>. The O'Sullivan family has owned and operated the stable since the 60's. They currently have one hundred and forty horses!</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5Fqfyl9u1BnRLLOBkuPIoSMOQtal33-eFVH-M-3h23Lr02l74x9RCpESKg2okZ7OxhgUbV4opY1JzX3ozrB9ij59gMKJpEZjErv33t6yw-ZjrIRKrYPdElSfQWW_DXl35vrGvFeWq8qo/s1600/DSCN0619.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5Fqfyl9u1BnRLLOBkuPIoSMOQtal33-eFVH-M-3h23Lr02l74x9RCpESKg2okZ7OxhgUbV4opY1JzX3ozrB9ij59gMKJpEZjErv33t6yw-ZjrIRKrYPdElSfQWW_DXl35vrGvFeWq8qo/s320/DSCN0619.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404900732654336594" /></a><br /></div><div style="text-align: center;">Their Percheron stallion was both friendly and beautiful. Although, he was in his own separate barn with an adjoining paddock built out of railroad ties.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmnGQ_mRvzMWZ8I5Ljhe4GVr_iHR2oXsSrT1oxroPdYsX47n2hvwHUo5ZIBZDDKoTxG4u_7huwe7ZJeYXNTr7pDo4NPrkyaDZOEOQ0I_Tfbbek6CbHVAxp6RG295UnyMkpQxQsCW3io0Y/s1600/DSCN0613.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmnGQ_mRvzMWZ8I5Ljhe4GVr_iHR2oXsSrT1oxroPdYsX47n2hvwHUo5ZIBZDDKoTxG4u_7huwe7ZJeYXNTr7pDo4NPrkyaDZOEOQ0I_Tfbbek6CbHVAxp6RG295UnyMkpQxQsCW3io0Y/s320/DSCN0613.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404900725705537954" /></a><br /></div><div style="text-align: center;">Andy's mount, Ben, is a Shire Drought cross.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEEIuoJZUtCMFY61NPRkaDM1UMBh7hZvid9bGQE__7SKAFh0RufymbimqHKGEFwG0z-bjiErzxw1QxI0X9vK0tbZbSa-NCMQoex-boNZ77BnZZl1AkjzbUkbmQysyLH01ouZUeVpDpm38/s1600/DSCN0605.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEEIuoJZUtCMFY61NPRkaDM1UMBh7hZvid9bGQE__7SKAFh0RufymbimqHKGEFwG0z-bjiErzxw1QxI0X9vK0tbZbSa-NCMQoex-boNZ77BnZZl1AkjzbUkbmQysyLH01ouZUeVpDpm38/s320/DSCN0605.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404900715602931186" /></a><br /></div><div style="text-align: center;">Andy and I on the beach in County Kerry. My horse, Aladdin, is an Irish Draught horse. We rode for two full days around County Kerry, also known as "The Ring of Kerry." We covered over twenty miles on horseback and had a fantastic time.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTIEcpAfVC0ZyMdTS_fwhwZ5HJXQiOFFViAm37-WMZykP1fRSHlqPyYLfgAKPQ6MJoxtBan6Myt8xiexPjDVEGixgquCREXTsHW4w75IGoZn_Oo1o1qd9X5BcC7_KGKuJiNbSHdk_yD9k/s1600/DSCN0607.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTIEcpAfVC0ZyMdTS_fwhwZ5HJXQiOFFViAm37-WMZykP1fRSHlqPyYLfgAKPQ6MJoxtBan6Myt8xiexPjDVEGixgquCREXTsHW4w75IGoZn_Oo1o1qd9X5BcC7_KGKuJiNbSHdk_yD9k/s320/DSCN0607.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5404900705310116466" /></a><br /></div>eileenhttp://www.blogger.com/profile/18019684264041685558noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-8272786282046805602009-06-10T17:52:00.001-07:002009-06-27T02:00:10.028-07:00We have had Seven for a year!<div style="text-align: center; font-weight: bold;">Seven is a pure-bred female rottweiler adopted from King County Animal Care & Control on June 10, 2008.</div><div style="text-align: center;"><br /></div><div style="text-align: center;">Here are a few pictures from her training class:<br /><br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoQydkQXY5rJtmiYqxaL-Bh-4P288LSwO5Ydol8rQ1IZfWzU8CZKRQr2-Ut7bXcKaHOKFum9DI4jZGeKdr6FVjkif2Aflgln_hc4QoPOije4Vop17GvnKovhI-yU4s7viOVDlLav4eQIc/s1600-h/&+at+Training.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoQydkQXY5rJtmiYqxaL-Bh-4P288LSwO5Ydol8rQ1IZfWzU8CZKRQr2-Ut7bXcKaHOKFum9DI4jZGeKdr6FVjkif2Aflgln_hc4QoPOije4Vop17GvnKovhI-yU4s7viOVDlLav4eQIc/s320/&+at+Training.jpg" alt="" id="BLOGGER_PHOTO_ID_5345867980436910578" border="0" /></a><div style="text-align: center;">Seven intently paying attention to something off in the distance while on a "down."<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglmFT1rP59eAWcNIgWMgGw-K4fMVJrU2pufdyo_aKuBsjLH_KXVfCSKufO7hAHtRvkwL2mmanelIHPVIqq_omoqonXLRIn8_XLFmec_CczxAfqR6ShMPF_U4aoLpdDLjHyIeZ25KI-UhM/s1600-h/Andy+and+7+at+Training1.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglmFT1rP59eAWcNIgWMgGw-K4fMVJrU2pufdyo_aKuBsjLH_KXVfCSKufO7hAHtRvkwL2mmanelIHPVIqq_omoqonXLRIn8_XLFmec_CczxAfqR6ShMPF_U4aoLpdDLjHyIeZ25KI-UhM/s320/Andy+and+7+at+Training1.jpg" alt="" id="BLOGGER_PHOTO_ID_5345867819198545682" border="0" /></a><div style="text-align: center;">Seven waiting to be released from a "sit" while we walk around her.<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3zxMY6UXO5jpbiRxRI9kLWzPJZmaEEwWeh8g3pmYtgDyU_bwHg9IRFopsQSmjmqnyECN56rAze5t0p65WyMIo42SR47ETi3RNWXzqW0RfGM6z5-GXpOfyYpYyzTag5IC_i_QTwNmIJG8/s1600-h/Andy+and+7+at+Training2.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3zxMY6UXO5jpbiRxRI9kLWzPJZmaEEwWeh8g3pmYtgDyU_bwHg9IRFopsQSmjmqnyECN56rAze5t0p65WyMIo42SR47ETi3RNWXzqW0RfGM6z5-GXpOfyYpYyzTag5IC_i_QTwNmIJG8/s320/Andy+and+7+at+Training2.jpg" alt="" id="BLOGGER_PHOTO_ID_5345867697410246802" border="0" /></a><div style="text-align: center;">Still Waiting . . .<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd6Q-VU1fIDMMOQqS0vtRWnnfu9-MWX5145AIHqmKWpkwgMZnMVGWGPbKqx9r3Qv6GC7Z7O65Qp49dpiKDlYgzwlqOH1dSI-DlHqk9oE_HCD3lDgs0dX7z5QXG0wIxvfJhoff3P_tPAmk/s1600-h/7+Taking+a+Break.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd6Q-VU1fIDMMOQqS0vtRWnnfu9-MWX5145AIHqmKWpkwgMZnMVGWGPbKqx9r3Qv6GC7Z7O65Qp49dpiKDlYgzwlqOH1dSI-DlHqk9oE_HCD3lDgs0dX7z5QXG0wIxvfJhoff3P_tPAmk/s320/7+Taking+a+Break.jpg" alt="" id="BLOGGER_PHOTO_ID_5345867549458736066" border="0" /></a><div style="text-align: center;">Break time.<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMH5aY8eRu5YN-PXNUPB57c0gVyGV8SK3O3vo0ZLjMRxg9NjzxYAl32qA00xniIyGedovUm3sAyOez6IcNWICFjqCrCO_x4Y11_a8X1guoBv9pMdW5gGg9SxUgXHyAl1vwXNitMPDBBCM/s1600-h/Eileen+and+7+at+Training.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMH5aY8eRu5YN-PXNUPB57c0gVyGV8SK3O3vo0ZLjMRxg9NjzxYAl32qA00xniIyGedovUm3sAyOez6IcNWICFjqCrCO_x4Y11_a8X1guoBv9pMdW5gGg9SxUgXHyAl1vwXNitMPDBBCM/s320/Eileen+and+7+at+Training.jpg" alt="" id="BLOGGER_PHOTO_ID_5345867087447701506" border="0" /></a><div style="text-align: center;">More work. Seven has to "walk" with her shoulder right next to my hip.<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP2mnRD9y30INzlIiQnIPtHen1vnVWPwIGNoZ6jx0enVm45ZTxSd6fQJWO6v-G2AOvlrNZwC9K2AyxQXP_MpUryhCGyRHkvQHGBbqoj2lY1h750mQPNOfCVDfriyUV39ecDFkngQvAyms/s1600-h/Eileen+and+7+at+Training2.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP2mnRD9y30INzlIiQnIPtHen1vnVWPwIGNoZ6jx0enVm45ZTxSd6fQJWO6v-G2AOvlrNZwC9K2AyxQXP_MpUryhCGyRHkvQHGBbqoj2lY1h750mQPNOfCVDfriyUV39ecDFkngQvAyms/s320/Eileen+and+7+at+Training2.jpg" alt="" id="BLOGGER_PHOTO_ID_5345866893171896050" border="0" /></a><div style="text-align: center;">Still working on off-leash commands.<br /><br /><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIhcCYhVSijzFxTtEUT7Vpc45fbeDNm4JdS6AW84E9XE46ptCO9R4bdOSzVrU4_Zbb6uRvM79R4D_cRdrDMH7V36lMXRluvWLOanXPPxAduCRWJqLKpHHjUvdjKxd4q1qQzqztNdCKuvw/s1600-h/7+at+Training2.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 213px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIhcCYhVSijzFxTtEUT7Vpc45fbeDNm4JdS6AW84E9XE46ptCO9R4bdOSzVrU4_Zbb6uRvM79R4D_cRdrDMH7V36lMXRluvWLOanXPPxAduCRWJqLKpHHjUvdjKxd4q1qQzqztNdCKuvw/s320/7+at+Training2.jpg" alt="" id="BLOGGER_PHOTO_ID_5345866636208356562" border="0" /></a><div style="text-align: center;">Almost done with the class.</div><div style="text-align: center;"><br /><br /></div><div style="text-align: center;">Next step, AKC Obedience trials? We'll see. Good dog, Seven.<br /><br /><br /></div>eileenhttp://www.blogger.com/profile/18019684264041685558noreply@blogger.com3tag:blogger.com,1999:blog-6546910782076823123.post-81124129176717723192009-06-10T17:24:00.000-07:002009-06-10T17:50:53.158-07:00A Few Beach Pictures<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXqaZf8aty9Om_10iu_JxNxEUocOcb-boiHHPFWIPbhr4Rz79Prb4pxy62dbFOBBb6dfj_41eT-QF48660zYamFfCfN8X6no_tSKZDvZK6bhxhyphenhyphenrY_IUxIf2t6atZe9WanQ73YZ0xqiwo/s1600-h/Mussels+at+Beach.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXqaZf8aty9Om_10iu_JxNxEUocOcb-boiHHPFWIPbhr4Rz79Prb4pxy62dbFOBBb6dfj_41eT-QF48660zYamFfCfN8X6no_tSKZDvZK6bhxhyphenhyphenrY_IUxIf2t6atZe9WanQ73YZ0xqiwo/s320/Mussels+at+Beach.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5345865717075657906" /></a><div style="text-align: center;">Mussels.</div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-25cjqDEZRSKz5_KaIsxPFyl3dbP5XTmDPyNNavp_EwEXM9HJAgQmUabfcSGyahwGWbEU8c3Cg1GluLisCkoUojzqVfzYQfA-TS_KIbVFnI2jKi-6gBEe4afBNhH8Aya10CZPfnCMcTU/s1600-h/Rock+at+Beach.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 213px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-25cjqDEZRSKz5_KaIsxPFyl3dbP5XTmDPyNNavp_EwEXM9HJAgQmUabfcSGyahwGWbEU8c3Cg1GluLisCkoUojzqVfzYQfA-TS_KIbVFnI2jKi-6gBEe4afBNhH8Aya10CZPfnCMcTU/s320/Rock+at+Beach.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5345865237944222914" /></a><div style="text-align: center;">Mussels on Rock.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg88SwfqXtau9rX1Z6JBKTn_xJW4kzdWvxDP9xNfWmU-lxZ7iWpAaWHmGMgJatvaDkMHhz4WASivB3oAJswbGhzrakCLsjuQB3Fk1ek4pvtaWHe3guNbFnfz2fI0UZxYz7CorpU1IYdN3Y/s1600-h/Andy+and+7+at+Beach.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg88SwfqXtau9rX1Z6JBKTn_xJW4kzdWvxDP9xNfWmU-lxZ7iWpAaWHmGMgJatvaDkMHhz4WASivB3oAJswbGhzrakCLsjuQB3Fk1ek4pvtaWHe3guNbFnfz2fI0UZxYz7CorpU1IYdN3Y/s320/Andy+and+7+at+Beach.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5345864562632882658" /></a></div><div style="text-align: center;">Andy and Seven.</div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8senMoSlneusMTcvSw_tSHSA1f78M3O11Nhdcdm-m-KmeTSZvX3gqKLC4e7Zvy7UUVZpAins30_2HUMknhHQN8kElw2JEGzhlQZT49P640pGOc6jasanzDSWvWmtg1R94KgOd-PrvoEQ/s1600-h/Starfish.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8senMoSlneusMTcvSw_tSHSA1f78M3O11Nhdcdm-m-KmeTSZvX3gqKLC4e7Zvy7UUVZpAins30_2HUMknhHQN8kElw2JEGzhlQZT49P640pGOc6jasanzDSWvWmtg1R94KgOd-PrvoEQ/s320/Starfish.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5345864416312013826" /></a><div style="text-align: center;">Starfish.</div></div>eileenhttp://www.blogger.com/profile/18019684264041685558noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-75945825197172977422009-03-19T13:49:00.000-07:002009-03-19T14:03:55.638-07:00Book Review: Spook CountryAfter finishing another book by Gibson with a few of the same central characters, I decided to read <a href="http://www.amazon.com/gp/product/0425221415?ie=UTF8&tag=carrelorg-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0425221415">Spook Country</a><img src="http://www.assoc-amazon.com/e/ir?t=carrelorg-20&l=as2&o=1&a=0425221415" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" />. This was a mistake.<br /><br />The characters and plot are both confused, disjoint and incomplete. Short of taking notes there is slim hope of tracking what is going on with the characters, but I shouldn't have worried about it because most of them are irrelevant and the few that are relevant never gain any sense of closure. The interactions between characters are like a political-correctness-gone-crazy dystopia where giving a damn about anyone would result in a harassment lawsuit. There are some interesting settings described, however not so interesting that they compensate for the cardboard cutout characters, all of whom keep one another at more than an emotionally safe distance throughout the whole story.<br /><br />The last 50 pages are very chaotic. It reads as if the author had hit his deadline for turning in the manuscript and scribbled together a plot outline that tied off a few of the threads of the story and then walked away. I found <a href="http://www.amazon.com/gp/product/B000OCXGVY?ie=UTF8&tag=carrelorg-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=B000OCXGVY">Pattern Recognition</a><img src="http://www.assoc-amazon.com/e/ir?t=carrelorg-20&l=as2&o=1&a=B000OCXGVY" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /> passable, but this book, set with some of the same characters, really seems like the effort was phoned in and was a disappointment.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-40942588057510540052009-02-01T00:33:00.000-08:002009-02-01T00:54:59.241-08:00Who knew there was a clear-cutting merit badge?<div>Kudos to the P-I's Investigative Reporters. One last hurrah I suppose. If only the P-I could have figured out how to change with the times and put out a great online paper without the costs of publishing on paper. I would have paid for that.</div><div><br /></div><a href="http://seattlepi.nwsource.com/specials/scoutslogging/397864_loggingmain29.html?source=mypi">Profit trumps preservation for Boy Scout councils nationwide</a>eileenhttp://www.blogger.com/profile/18019684264041685558noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-2248507189677862902009-01-18T12:12:00.000-08:002009-01-18T13:33:37.540-08:00Reconnected<table style="width:auto;float:right;"><tr><td><a href="http://picasaweb.google.com/lh/photo/yT18ygDmqe1p5_P3IlGqCg?feat=embedwebsite"><img src="http://lh4.ggpht.com/_maQhlWP1aNg/SWZ5pEFRNmI/AAAAAAAAP0Y/ceC1_RtnEzc/s288/DSC_0039.JPG" /></a></td></tr><tr><td style="font-family:arial,sans-serif; font-size:11px; text-align:right">From <a href="http://picasaweb.google.com/wac/SnoqualmieRiverFlooding8Jan2009?feat=embedwebsite">Snoqualmie River Flooding 8-Jan-2009</a></td></tr></table><p>As of Friday, the highway washout that had cut us off from Fall City has been fixed. Thanks to the <a href="http://www.wsdot.wa.gov/">WSDOT</a> for their hard work in getting <a href="http://www.flickr.com/photos/wsdot/sets/72157612487992511/">a big mess</a> repaired as quickly as they did. I still need to hike down Fish Hatchery Road (pictured to the right) to see what it's looking like now.</p><br /><br /><p>This flooding is by far the highest I've seen the river go since we've been living here, and it was the second time this flood season that the houses down in the floodplain wound up underwater. Hopefully they have the option of moving to higher ground rather than rebuilding in a place that requires a helicopter rescue when they don't get out in time. The situation is somewhat less hopeful for the RV park that's across the river from the highway.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-74623150546319590432009-01-08T13:39:00.000-08:002009-01-08T13:50:20.665-08:00Snoqualmie Falls at Flood III made it out to take more <a href="http://picasaweb.google.com/wac/SnoqualmieRiverFlooding8Jan2009#">pictures</a> and video (see below) of the flooding along the Snoqualmie River near Spring Glen this morning.<br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/zhoAQSt2at0&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/zhoAQSt2at0&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/lXYBbRdLnqQ&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/lXYBbRdLnqQ&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br />Check out this <a href="http://www.youtube.com/watch?v=d7Tmkb2i4Zg&feature=related">video of Snoqualmie Falls at a normal summer time flow</a> for comparison.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com1tag:blogger.com,1999:blog-6546910782076823123.post-32458703089425180982009-01-07T19:48:00.000-08:002009-01-08T13:49:52.476-08:00Snoqualmie Falls at FloodAfter an extended period of snowfall, the freezing level has climbed drastically while we receive over half a foot of new rainfall. The result is extensive flooding.<br /><br />We have a few <a href="http://picasaweb.google.com/wac/FloodJan2009#5288753638908885506">videos</a> from Snoqualmie Falls along with a <a href="http://picasaweb.google.com/wac/FloodJan2009#">gallery of other images</a> from around Spring Glen.<br /><br /><em>Update: <a href="http://blog.carrel.org/2009/01/snoqualmie-falls-at-flood-ii.html">More photos and video from January 8th</a>.</em><br /><br /><embed id="VideoPlayback" src="http://video.google.com/googleplayer.swf?docid=2582370131734641053&hl=en&fs=true" style="width:400px;height:326px" allowFullScreen="true" allowScriptAccess="always" type="application/x-shockwave-flash"> </embed><br /><br /><embed type="application/x-shockwave-flash" src="http://picasaweb.google.com/s/c/bin/slideshow.swf" width="400" height="267" flashvars="host=picasaweb.google.com&RGB=0x000000&feed=http%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fwac%2Falbumid%2F5288704972588932209%3Fkind%3Dphoto%26alt%3Drss" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com4tag:blogger.com,1999:blog-6546910782076823123.post-30578142676829671582008-12-06T21:51:00.000-08:002008-12-06T23:42:40.391-08:00Regenerative Braking for ServicesGeorge Reese has a missive over on O’Reilly’s site about why <a href="http://broadcast.oreilly.com/2008/12/why-i-dont-like-cloud-auto-scaling.html">auto-scaling your “cloud” application is a bad idea</a>. He starts from the naïve case where scaling your computing without bounds leads to your expenses scaling without bounds as well. Okay, that makes sense. Then he goes on to explain that setting those bounds to do the right thing is too hard, and involves humans doing capacity planning, so you should just do better capacity planning with humans and leave the automation out.<br /><br />Now I’m a big fan of <a href="http://www.amazon.com/gp/product/B000TE9I1E?ie=UTF8&tag=carrelorg-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=B000TE9I1E">robots</a><img src="http://www.assoc-amazon.com/e/ir?t=carrelorg-20&l=as2&o=1&a=B000TE9I1E" alt="" style="border: medium none ! important; margin: 0px ! important;" border="0" height="1" width="1" /> and having <a href="http://www.amazon.com/gp/redirect.html?ie=UTF8&location=http%3A%2F%2Fwww.amazon.com%2FRoomba-Kitchen-Housewares%2Fb%3Fie%3DUTF8%26node%3D10287641%26ref%255F%3Damb%255Flink%255F5178282%255F3&tag=carrelorg-20&linkCode=ur2&camp=1789&creative=390957">machines</a><img src="https://www.assoc-amazon.com/e/ir?t=carrelorg-20&l=ur2&o=1" alt="" style="border: medium none ! important; margin: 0px ! important;" border="0" height="1" width="1" /> do tedious work for me, so this claim holds little truck with me. Frankly, the words “too hard” translated as I read them to “you could have a strategic advantage over competitors if you do this well.” Unsurprisingly, I’m not the only one that feels this way, and, in fact, several people chimed in with refutations and examples of how they're already doing this today to great advantage.<br /><br />A response by Sam Curren, <a href="http://sam.curren.ws/index.cfm/2008/12/6/Really-Bad-reasons-not-to-autoscale-cloud-based-systems">Really Bad Reasons Not To Auto-scale</a>, refuted most of the “it’s too hard to get it right” arguments. Adam Jacob had <a href="http://broadcast.oreilly.com/2008/12/why-i-dont-like-cloud-auto-scaling.html#comment-2048289">a good comment</a> as well, if you’re monitoring the wrong things, it is in fact easy to get wrong. In fact, one can look to Don MacAskill’s <a href="http://blogs.smugmug.com/don/2008/06/03/skynet-lives-aka-ec2-smugmug/">post about smugmug on EC2</a> to see some examples of what measuring the right things can look like. Breaking things apart into pieces that are easier to measure is an implicit piece of Don’s discussion that probably warrants more discussion another time.<br /><br />One thing that hasn’t been mentioned yet in this conversation is that if you don't <a href="http://en.wikipedia.org/wiki/Fault-tolerant_system">degrade gracefully</a> under pressure in any of these models you've already lost. If your service is starting to degrade (or know it’s about to) the only hard part is knowing whether to grin and gracefully degrade under the temporary pressure, or bring in more capacity. Thing is, humans are quite capable of making the wrong call here, and even if they make the right call, they’ll do it much slower and they won’t do it in the middle of the night when your service suddenly gets an unanticipated spike in popularity in Japan.<br /><br />Back to the mental translation, if you can develop good algorithms (or even <a href="http://en.wikipedia.org/wiki/Circadian_rhythm">very simple ones</a>) to better predict when to scale up and down, you save a lot of money that is traditionally blown on idle resources in slack times. Those idle resources can be turned off, or pressed into use for non-time-critical batch work, or even sublet them to someone else to do processing with. And in fact this last one is quite probably the business that <a href="http://aws.amazon.com/ec2/">EC2</a> and <a href="http://code.google.com/appengine/">App Engine</a> probably represent. “Here’s some spare resources let’s sell some usage on them rather than making $0 on resources that are continuing to costing money to run.” (That other large cluster players aren’t involved this market yet indicates they either don’t have enough capacity as it is, or they aren’t in a position where they care about that idle cost yet, or they just don’t get it. It’s another interesting conversation in and of itself.)<br /><br />In any case, being more efficient about resource usage represents a competitive advantage that can make a big difference. It’s like the regenerative braking on hybrid cars. Many people just afford the cost of wasting that energy as heat, perhaps not even knowing that there is a better way. However, with some initial investment and knowhow you can capture some of it and realize greater efficiency and a cost savings to boot.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-91666206745421610482008-09-09T12:03:00.000-07:002008-09-09T12:03:00.555-07:00Book Review: Life of PiAn interesting story about trial through adversity. The story was reasonably good, but didn't particularly grab me and make me want to keep reading. I suspect this would've been a much more compelling tale if it had been told from the point of view of the tiger, and would've allowed the commentary on religion and the human condition to be somewhat less forced.<br /><br />The story had a sort of disjointed episodic feel to it which came on rather quickly after the initial bit of character introduction. My mind is not yet made up on whether this style of storytelling helped relay the descent into madness from being trapped at sea. It would have worked better for me as a literary device if it had been used a bit more subtly. As it is, it seemed unintentionally scatterbrained.<br /><br />For all the review commentary I read ahead of time about the religious message in this novel, it seemed tacked on in a very forced sort of way. The protagonist was confused about what to believe, tried to believe in everything in the same time, but largely just stood in awe of nature before him and the lucky breaks he got every now and again. The awe and luck was attributed to any random belief system that seemed to best fit the moment. And when there wasn't anything interesting going on this aspect was completely forgotten.<br /><br />The questions about predestiny and what kind of benevolent god(s) kill your parents, dozens of innocent people and animals and leaves you alone on a liferaft with a carnivore were left largely unaddressed. In the end, the book left me wanting with its undirected episodic nature and failure to ask hard questions that might scare off some readers.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-16884785642605548352008-09-06T18:00:00.000-07:002008-09-07T21:29:48.141-07:00Boggle SolverI've been working on a pet project with <a href="http://appengine.google.com/">App Engine</a> to try and get a better feel for it. It’s a <a href="http://bogglesolver.carrel.org/">Boggle puzzle solver</a> that does some AJAXy tricks to multithread the solving work. The <a href="http://code.google.com/p/bogglesolver-appengine/">source code is online</a> as well for anyone that’s curious. (There is a popular knockoff called “<a href="http://www.new.facebook.com/applications/Scramble/6494671374">Scramble</a>” on Facebook that is either different enough to keep Hasbro from filing a lawsuit or Hasbro’s lawyers are waiting around for them to make some money before bothering.)<br /><br />In the case of App Engine it's particularly sensitive to requests that take “too long” to process. This was a particular hassle when I was importing the dictionary that is used. In order to solve a Boggle puzzle fairly quickly you want to have all the possible words arranged in a <a href="http://en.wikipedia.org/wiki/Trie">trie</a>. This way you can stop quickly if you’re following letters that will never spell anything as you traverse the puzzle board. It took splitting the dictionary into 5000 separate pieces to get it to load without pushing me over my quota for “long” requests. Luckily we only have to do that once.<br /><br />Next came the challenge of the puzzle solving itself. Again, solving the whole board in one request takes a while to process, apparently more than is allowed without running into that “long” request quota. Even in an optimized form (see the links to Dan Vanderkam’s work at <a href="#danvkref">the end of this entry</a>), the full dictionary trie is 3MB and that takes a non-trivial amount of time to load in when you’re trying to handle requests within a few hundred milliseconds.<br /><br />The solution was to reload the dictionary again but this time to break it up by initial <a href="http://en.wikipedia.org/wiki/Trigram">trigrams</a>. For every initial three letters, I store the appropriate shard of the dictionary (all the words that start with that combination) as a trie. There is also a blacklist of trigrams that form no words (for instance “frw”).<br /><br />The javascript calls in with a copy of the puzzle and a point on the board to solve from. The server code then finds all the trigrams starting from the specified point and loads the appropriate dictionary shards. Since we're only solving from one point on the board there won't be more than 72 shards to load for any javascript call. (9 directions from the point and then 8 directions from each of those points because we're not allowed to backtrack.) The server then traverses the board using the dictionary tries hunting for words. When it finds them it stores the word and the places on the board where the word was found. <br /><br />This information is all reduced into <a href="http://www.json.org/">JSON</a> and returned back to the browser that made the javascript call. The javascript on the browser is then responsible for taking all the found words and locations and sorting them in a sane way and displaying them for the end user.<br /><br /><a name="danvkref"></a>Dan Vanderkam has written some <a href="http://code.google.com/p/performance-boggle/">interesting code</a> and <a href="http://www.danvk.org/wp/category/boggle/">blog posts</a> about optimizations in solving <a href="http://en.wikipedia.org/wiki/Boggle">Boggle</a> puzzles.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-91613979643757226932008-07-20T11:45:00.001-07:002008-09-07T21:29:17.390-07:00Seven our new RottweilerOur newest addition is Seven, a 4 year old Rottweiler that we adopted from <a href="http://www.kingcounty.gov/animals/">King County Animal Control</a> in Bellevue. She’s not exactly a petite dog at 105 pounds and her snorts and grunt and growls belie her girlish charm and friendliness. Here she is with her backpack full of water bottles and dog supplies ready to go for a tromp.<br /><br /><embed type="application/x-shockwave-flash" src="http://picasaweb.google.com/s/c/bin/slideshow.swf" width="540" height="400" flashvars="host=picasaweb.google.com&RGB=0x000000&feed=http%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fwac%2Falbumid%2F5225167214930685969%3Fkind%3Dphoto%26alt%3Drss" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed><br /><br />Our understanding of her history is that she was bred in order to sell the puppies and one day the breeder asked the neighbors to watch the dog for a week, while they were going to be out of town and they never came back. Unfortunately the neighbors also couldn’t keep Seven because they were moving to a city with a breed ban against Rottweilers. As an aside, that's a ridiculous law since <a href="http://www.telegraph.co.uk/news/newstopics/howaboutthat/2254479/Sausage-dogs-are-the-most-aggressive-dogs.html">a recent study</a> showed that the most aggressive breeds are actually Dachshunds and Chihuahuas, with Jack Russell Terriers rounding out the top three. Rottweilers and Pit Bulls were average or below average in aggression towards strangers amongst the breeds shown. Apparently some people in Seattle are clamoring for breed bans, but not on aggressive breeds like Chihuahuas, but instead on Pit Bulls. Luckily some sane owners have <a href="http://www.fabbseattle.com/">banded together</a> and <a href="http://www.pasadosafehaven.org/">Pasado’s Safe Haven</a> has also <a href="http://www.pasadosafehaven.org/HOMEPAGE/5_24_WEBSITE/BSL/BSL.htm">gotten involved</a>.<br /><br />After recovering from her spay surgery Seven is doing well and seems to be enjoying her new home. She trained incredibly quickly to the invisible fence and gets along with one of our cats, Jasmine, who isn’t being an idiot around her. Odie still needs to learn that waiting until the dog gets close and then running away like prey is a bad idea.<br /><br />Just yesterday Seven had her first class at <a href="http://www.cascade-k9.com/">Cascade K9</a>. The object lesson right now is getting her “walk” under better control so she doesn’t try to run out ahead. We also need to get a bench for her to hop up on to practice “climb” at home. As always, the most important element in dog training is the humans, so we’ll try hard to be up to the challenge and we’ll report the progress we make…wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com1tag:blogger.com,1999:blog-6546910782076823123.post-76315697837886368942007-11-23T15:29:00.000-08:002007-11-23T17:10:46.633-08:00Fred is Gone<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyVVoz4LaaGmOCzItxN8KxxF6kBTZDvM3cfliH5JwQ5dpjiMeO1eSP08dfYcQQpR85IUnz3CU3H6EUHpF4PJ6ql0OQ4IsdRYwXBFAJ8SdRirtH3PiNLFwoHVg7tA0diK2OYPpexmdHE10/s1600-h/Fred.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyVVoz4LaaGmOCzItxN8KxxF6kBTZDvM3cfliH5JwQ5dpjiMeO1eSP08dfYcQQpR85IUnz3CU3H6EUHpF4PJ6ql0OQ4IsdRYwXBFAJ8SdRirtH3PiNLFwoHVg7tA0diK2OYPpexmdHE10/s320/Fred.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5136186125976514866" /></a> Our trusted companion of the last couple years is gone. Fred came to us from <a href="http://www.pasadosafehaven.org/">Pasado's Safe Haven</a>, rescued from death row at a local shelter. After we heard from vets that he only had months left, he proceeded to live two years of enthusiastic tromps in the snow, trips to the beach and hikes in the woods or just around the neighborhood. Slowly though, the <a href="http://www.google.com/search?hl=en&q=degenerative+myelopathy&btnG=Search">degenerative myelopathy</a> which afflicted him claimed his ability to control the back half of his body. Despite this, he soldiered on determined to follow his pack leaders and have fun doing it, until recently when he turned melancholy because he simply couldn't manage any more.<br /><br />In his last hours we went, sat and relaxed along a sandy rivershore, watched the waves and the trees move and felt the breeze. He was treated to a special meal out and then we let him go. It is sad to lose him, but hopefully the two years we were able to provide him were as enjoyable for him as they were for us.<br /><embed type="application/x-shockwave-flash" src="http://picasaweb.google.com/s/c/bin/slideshow.swf" width="400" height="267" flashvars="host=picasaweb.google.com&RGB=0x000000&feed=http%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fwac%2Falbumid%2F5136194952134308161%3Fkind%3Dphoto%26alt%3Drss" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com5tag:blogger.com,1999:blog-6546910782076823123.post-52743430888769960562007-11-01T21:39:00.000-07:002007-11-01T23:30:05.248-07:00Security Advisory: Norton AntiVirus for Macintosh<h4>Synopsis</h4><br /><p>Symantec's <em>Norton AntiVirus for Macintosh</em> (NAV) contains a vulnerability that can lead to local privilege escalation from group <tt>admin</tt> to <tt>root</tt> (the <a href="http://en.wikipedia.org/wiki/Root_user">super-user</a>) without any of the usual password prompts Mac OS X presents for gaining super-user access. Group <tt>admin</tt> includes any users with the "Allow this user to administer this computer" box checked, this generally includes the first user created in an OS X install. This vulnerability is caused by a setuid-root binary in NAV which automatically runs another binary in a location where it can be replaced by users with group <tt>admin</tt> permissions. Since most Mac OS X users are in group <tt>admin</tt> on their computers, most NAV users will be vulnerable.</p><br /><h4>Mitigation</h4><br /><p>The easiest (and most foolproof) mitigation strategy is to uninstall NAV. (I sure don't feel very secure when a vendor allows a local privilege escalation vulnerability to fester in their security software for over 9 months. Your feelings may vary.)</p><br /><p>Set the sticky bit on all directories between the vulnerable binary and the filesystem root that are writable by group <tt>admin</tt>. This can be done in Terminal.app with <tt>sudo chmod +t / /Library /Library/Application\ Support /Library/Application\ Support/Symantec /Library/Application\ Support/Symantec/SmallScanner.app</tt> etc. Keep in mind that running "Repair Permissions" on your disk will remove this change and leave your NAV install vulnerable once again. Apple has set the sticky bit on / and /Library by default on Mac OS X 10.5, but not <tt>/Library/Application Support</tt> and obviously not on the directories that NAV is installed into.</p><br /><h4>What Symantec Had to Say</h4><br /><p>The last time I heard from Symantec was August 29th:</p><br /><blockquote><br />As you know, Symantec developers reviewed the issue concerning NAV for the Mac that you sent to us, and agreed that there is cause for concern. However, they felt that the same problem could potentially affect other vendor’s[sic] software as well. We contacted Apple Product Security, and suggested some changes that could improve security for everyone.<br />...<br />Symantec does not currently plan to make changes to our existing products to directly address the problem you reported. The changes would require considerable architectural modifications for those products, and the changes could cause other problems for those products if Apple subsequently release an OS update to address the underlying problem.<br />...<br /></blockquote><br /><h4>Timeline</h4><br /><p>Just in case people think the vendor didn't have enough time to address this, here's the timeline:<br /><ul><br /><li>2007-Jan-16 - Reported issue to Symantec</li><br /><li>2007-Jan-17 - Symantec will "review as soon as possible"</li><br /><li>2007-Jan-31 - Symantec "working on planning a fix", will coordinate release when product update has ETA</li><br /><li>2007-Apr-20 - Symantec thinks it would be better if Apple made changes to Mac OS X to fix the problem in NAV</li><br /><li>2007-Jun-21 - Contacted Apple for status</li><br /><li>2007-Jun-22 - Apple communicates the changes they're going to make for Leopard. These changes are not enough to workaround Symantec's vulnerable software.</li><br /><li>2007-Aug-29 - Symantec says they've made suggestions to Apple, but otherwise aren't going to do anything to fix this issue (see the quote in the previous section)</li><br /><li>2007-Oct-01 - It turns out that Apple's Leopard builds at the time didn't do enough to cover up the vulnerability in NAV</li><br /><li>2007-Oct-11 - Contacted Symantec and Apple to let them know I was going to post this Nov-1</li><br /><li>2007-Nov-1 - Today.</li><br /></ul><br /></p><br /><h4>Details</h4><br /><p>SmallScanner is run as root by the setuid-root binary <br /><tt>/Library/Application Support/Symantec/AntiVirus/DiskMountNotify.app/Contents/MacOS/DiskMountN<br />otify</tt>. E.g. after inserting a data cdrom:<br /><tt>root 8734 28.9 -2.1 616152 43596 ?? U 7:51PM 0:16.13<br />/Library/Application Support/Symantec/AntiVirus/SmallScanner.app/Contents/MacOS/SmallScanner</tt></p><br /><p>Unfortunately /Library/Application Support/ is writable by group admin and by<br />mv'ing the Symantec subdirectory out of the way and installing a tree of<br />symlinks in its place except for malware in place of SmallScanner arbitrary<br />code can be executed as root. That is you can trampoline from group admin to<br />user root. (There were a variety of other ways to do this that were coming out<br />of the woodwork back in January.)<br /></p><br /><p><br />Using the symlink method described above to replace SmallScanner with the following shell script...<br /><blockquote><code>#!/bin/sh<br /><br />touch /tmp/uhoh.this.is.very.bad.news<br />exec /Library/Application\ Support/Norton\ Solutions\ Support/Norton\ AntiVirus/SmallScanner.<br />app/Contents/MacOS/SmallScanner<br /></code></blockquote></p><br /><p>And then inserting a disk (or using hdiutil to mount a disk image) results in normal looking behavior along with a new file...<br /><tt>-rw-r--r-- 1 root wheel 0 Jan 15 20:10 /tmp/uhoh.this.is.very.bad.news</tt><br /></p><br /><h4>Etc.</h4><br /><p>I'd like to thank the Apple Product Security team for being more forthright in their communication with me on this issue, it was a lot better than my previous interactions. I'd like to apologize to all the users that have been unknowingly insecure for the past 289 days, I think I like full disclosure better too given the way vendors seem to drag their feet.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com2tag:blogger.com,1999:blog-6546910782076823123.post-5625041689560240252007-10-14T19:03:00.000-07:002007-10-14T19:26:33.283-07:00Review: Issaquah Brew House<p>After a long day of Eileen and Jeanie studying <a href="http://www.law.seattleu.edu/fachome/wing/Conread.html">constitutional law</a> and me painting an interior wall, Tom stopped by and we decided to head out to the Issaquah Brew House for dinner. We were met with what I can only describe as the most untimely service I've ever received at a restaurant.</p><br /><p>It made a good excuse to give the "Submit a review" feature of Google Maps a whirl. The review is <a href="http://maps.google.com/maps?client=safari&rls=en-us&ie=UTF-8&oe=UTF-8&um=1&q=brew+house&near=Issaquah,+WA&fb=1&view=text&latlng=47530133,-122036800,16128984029642525177&dtab=2&reviews=1&sa=X&oi=local_result&resnum=1&ct=result#">online</a>.</p><br /><p>The experiences have led me to wonder what the optimum server to table ratio is. I know there's a lot of clamor on the internet that claims that the gruff service in Europe is because servers handle more tables and (as a result) have to be somewhat more efficient, and have less time to be personable. Presumably someone with experience in restaurant management would have a good idea, but 6 tables seems like a reasonable maximum from what I'm reading online.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-14144327734528259702007-10-06T19:07:00.000-07:002007-10-07T16:01:59.160-07:00How Long Do You Wait For Responsible Disclosure?<p>A vocal minority of people were critical of the timeline last time I found a security flaw so let's try this: (names changed to protect the innocent and the guilty)</p><br /><ul><li>2007-Jan-16 - Reported local privilege escalation issue to Vendor D</li><li>2007-Jan-17 - Vendor D will "review as soon as possible"</li><li>2007-Jan-31 - Vendor D "working on planning a fix", will coordinate release when product update has ETA</li><li>2007-Apr-20 - Vendor D thinks it would be better if Vendor J made changes to fix the problem in Vendor D's software</li><li>2007-Jun-21 - Contacted Vendor J for status</li><li>2007-Jun-22 - Vendor J says precisely which changes they're going to make for their next release (slated for Q4). These changes are not enough to protect Vendor D's software.</li><li>2007-Aug-29 - Vendor D says they've made suggestions to Vendor J, but otherwise aren't going to do anything to fix this issue</li><li>2007-Oct-01 - It turns out that Vendor J's recent builds indeed don't do enough to cover up the vulnerability in Vendor D's software</li></ul><br /><p>Beyond that, people running current versions of vendor J's software will be vulnerable forever because vendor D says they aren't going to do anything about it: (from Vendor D's August 29th email)</p><br /><blockquote> [Vendor D] does not currently plan to make changes to our existing products<br />to directly address the problem you reported. The changes would require<br />considerable architectural modifications for those products, and the changes<br />could cause other problems for those products if [Vendor J] subsequently<br />release[sic] an ... update to address the underlying problem.</blockquote><br /><p>My immediate thoughts are that a disclosure deadline late this month would be appropriate at this point. That'll give me time to prepare a third-party patch to make the fix that Vendor D should've made ages ago, and give the parties some additional PR prep time (beyond the 9 months they've already received). I have to say that Vendor J really isn't at fault here, Vendor D made a stupid mistake and now doesn't want to take the time to fix it.</p><br /><p>But this is blog land, so maybe people have thoughts.</p><br /><p><i>Update:</i> I've told the vendors November 1 (or earlier at their discretion).</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-61942932225868883282007-05-04T23:06:00.000-07:002007-10-06T20:57:50.077-07:00...but how many Big Macs will it buy?<p>There was a conversation about investment at work that mentioned stocks, gold and the "Big Mac Index" so I decided to do a quick analysis.</p><table cellspacing=5 cellpadding=5> <tr><th>Year</th> <th>Big Mac</th> <th>DJIA</th><th>Big Macs per DJIA</th> <th>$/oz Gold</th> <th>Big Macs per oz Gold</th></tr><tr><td>2001</td> <td>$2.54</td> <td>10790</td> <td>4248</td><td>271</td> <td>106</td></tr><tr><td>2002</td> <td>$2.49</td> <td>10259</td><td>4120</td> <td>278</td> <td>111</td></tr> <tr><td>2003</td> <td>$2.65</td><td>8601 </td> <td>3245</td> <td>343</td> <td>129</td></tr> <tr><td>2004</td><td>$2.90</td> <td>10409</td> <td>3589</td> <td>417</td> <td>143</td></tr><tr><td>2005</td> <td>$3.15</td> <td>10827</td> <td>3437</td> <td>428</td><td>135</td></tr> <tr><td>2006</td> <td>$3.15</td> <td>10883</td><td>3454</td> <td>530</td> <td>168</td></tr> <tr><td>2007</td> <td>$3.22</td><td>12474</td> <td>3873</td> <td>640</td> <td>198</td></tr> </table> <p>It didn't quite work out the way I had expected it to. Plotting the CPI (or the Euro) against these numbers might also be interesting.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-22527742594603763012007-02-25T15:23:00.000-08:002007-10-06T20:33:42.501-07:00Data Validation RantI just signed up to renew my <a href="http://www.acm.org/">ACM</a> membership for the first time since I was a student back at <a href="http://www.wwu.edu/">WWU</a>. I have to admit to feeling kind of bad about having finally caved in to the direct mail they've been bombarding me with, but it did offer a reasonable discount. So I'm busy filling out their online form that asks for all sorts of information they can use to direct additional marketing at me and I click the "continue" button, but alas I cannot continue. <p><br />So why can I not continue? Everything I entered is correct, I double-checked. It turns out I put a dash in my zip+4 code, and for them that's an error. The <a href="http://zip4.usps.com/zip4/welcome.jsp" style="color: rgb(0, 0, 238);">US Postal Service</a> disagrees, and in fact insists that xxxxx-xxxx is the "<a href="https://hdusps.esecurecare.net/cgi-bin/hdusps.cfg/php/enduser/std_adp.php?p_faqid=6475&p_created=1106151142&p_sid=7mN2w9vi&p_accessibility=0&p_lva=6475&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MSZwX3Byb2RzPTImcF9jYXRzPSZwX3B2PTEuMiZwX2N2PSZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PUlzIHRoZSBoeXBoZW4gcmVxdWlyZWQ%7E&amp;amp;amp;amp;amp;amp;p_li=&p_topview=1#hyphen" style="color: rgb(0, 0, 238);">standard format</a>" for a zip code. One would hope that the ACM of all organizations could figure out how to validate data without looking stupid, but apparently that's too much.<br /></p><p><br />This is a real frustration in lots of other online settings as well. There are quite a few online merchants that refuse to process your payment unless you leave the spaces out of your credit card number. They display stern warnings like "Important: Please do not put spaces or dashes between credit card numbers." If they can't even figure out how to remove extraneous spaces or dashes from the information I give them, should I be trusting them to get the rest of my order correct and not have my personal information stolen? Dealing with that input is maybe 4 lines of code if you're trying to make it hard. It's usually not the merchant's fault, they're just buying some third party service. Any service that merchants are having to pay for that can't manage to get this right should be publicly shamed for their lack of competence.<br /></p><p><br />Email addresses are also apparently a tricky beast for people who are building online tools. There are a lot of characters that are valid in an email address that various online services tend to choke on. There are numerous examples online disguised as "how-tos" that are actually "<a href="http://www.codeproject.com/aspnet/Valid_Email_Addresses.asp" style="color: rgb(85, 26, 139);">how-not-to-dos</a>". The example I'm picking on in this case doesn't accept addresses with a + in them. Addresses like learn+to+read@rfc2822.int are in fact perfectly legitimate email addresses, as are addresses with hyphens, underscores, carets, tildes, equals and a lot of other somewhat obscure characters. Mail servers seem to deal successfully with these things, one would hope most<br />web application writers could cope with it too.<br /></p><p><br />Come on all you folks that are building tools for the web, it's not hard to get these things right by just being <a href="http://www.oreillynet.com/onlamp/blog/2002/12/how_to_validate_an_email_addre.html" style="color: rgb(85, 26, 139);">little bit more pragmatic </a>about it.<br /></p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com1tag:blogger.com,1999:blog-6546910782076823123.post-9791281923048500712007-01-21T12:06:00.000-08:002007-10-06T20:34:26.899-07:00Moved to BloggerAs you may have noticed, I’ve moved the blog part of the site over here to Blogger’s new <a href="http://help.blogger.com/bin/answer.py?answer=55373">custom domain</a> feature. Some old links to the blog pages may not work any more, but I've tried to get the majority of them to redirect correctly. My old custom hacked up <a href="http://en.wikipedia.org/wiki/Typo_%28content_management_system%29">Typo</a> install was getting frayed around edges and its easier to let a free service handle this stuff for me as long as I can extract my data later.<br /><br />It turns out that it's not too hard to take the data from Typo articles by getting them by id number and then finagle it into something that the Blogger API will take and do the migration programmatically. I did have to clean up the XHTML in places where tags hadn’t quite lined up, but it wasn't all that much work.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com2tag:blogger.com,1999:blog-6546910782076823123.post-28017003404614880462007-01-20T11:30:00.000-08:002007-10-06T20:34:13.297-07:00BOM Shelter: MoAB 5, 8, 15 Permissions FixMac OS X, and a number of programs by third parties, have some risky permissions by default. I’ve taken the work I did <a href="http://blog.carrel.org/2007/01/moab-day-5-fix-script.html">a couple weeks ago</a> and updated it to cover over more of these problems (MoAB days 5, 8, and 15). It also has a new more clever name: <a href="http://www.carrel.org/files/bom-shelter.py">bom-shelter.py</a> (<a href="http://www.carrel.org/files/bom-shelter.py.asc">sig</a>)<br /><br />To get this script, simply save the <a href="http://www.carrel.org/files/bom-shelter.py">bom-shelter.py</a> link to your disk.<br /><br />To verify the script you get is one I wrote, you can download the <a href="http://www.carrel.org/files/bom-shelter.py.asc">signature</a> and <code>gpg --verify bom-shelter.py</code> if you happen to have <a href="http://blog.carrel.org/2007/01/universal-binary-gpg-146.html">GnuPG</a> installed and have a <a href="http://en.wikipedia.org/wiki/Web_of_trust">reason to trust</a> my <a href="http://keyserver.veridis.com:11371/export?id=-3933482364570343860&created=1111694998000">public key</a> <span style="font-size:78%;"><span style="font-family:courier new;">(0x4185664C)</span></span>.<br /><br />To use this script, you must, from an admin account, run <code>sudo python bom-shelter.py</code> in Terminal, iTerm, or some other reasonable equivalent.<br /><br />This script does the following for each of the MoAB advisories listed above:<br />#5: The permissions on BOM files are made more secure and <code>/Library/Receipts</code> (and important descendants) get a <a href="http://en.wikipedia.org/wiki/Sticky_bit">sticky bit</a> to prevent shenanigans.<br /><br />#8: <code>/Library/Frameworks</code> gets a sticky bit to prevent potential adversaries from being able to replace components that Application Enhancer runs as root inside Application Enhancer.framework.<br /><br />#15: The three <a href="http://en.wikipedia.org/wiki/Setuid">setuid</a> <a href="http://en.wikipedia.org/wiki/Superuser">root</a> programs that can be overwritten by members of the “admin” group in <code>/Applications/Utilities</code> mentioned in the advisory are changed to not be “admin”-writable. This is also done to <code>/Applications/System Preferences.app/Contents/Resources/installAssistant</code> which has a similar vulnerability.<br /><br />For all of these things, the script also edits the BOM files in <code>/Library/Receipts</code> to ensure that if you “repair permissions” on your disk these vulnerabilities will not reappear. The BOM file format is not very well documented so these edits may or may not work for you, but they should not corrupt the file. The editing function is careful to only change values if they are what is expected, otherwise it’ll print a warning and not make a change. Backup versions of your BOM files are saved as part of this process.<br /><br />If you happen to have Application Enhancer installed, in order to secure your machine with <a href="http://landonf.bikemonkey.org/code/macosx/">Landon Fuller’s awesome MoAB Fixes</a> or any other reason, please take the time to secure <code>/Library/Application Enhancers</code> outside your home directory and <code>~/Library/Application Enhancers</code> inside your home directory. Malicious code can write things there without your permission and if Application Enhancer uses those patches without asking you, it might make you sad.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com10tag:blogger.com,1999:blog-6546910782076823123.post-77194186450979184972007-01-15T11:43:00.000-08:002007-10-06T20:34:41.956-07:00Counting Trigrams for FunThere is a <a href="http://forums.xkcd.com/viewtopic.php?t=1536&postdays=0&postorder=asc&start=0">thread</a> over at the forums for the <a href="http://www.xkcd.com/">xkcd</a> comic strip with a puzzle game to find <a href="http://en.wikipedia.org/wiki/N-gram">trigrams</a>. To help out my brain which has been full of number-related work lately, I whipped up a Python script “<a href="http://www.carrel.org/files/trigramtastic.py">trigramtastic.py</a>” to help find more challenging trigrams for the game. Feeding it things like <code>/usr/share/dict/web2</code> can produce some helpful results, although there are a <a href="ftp://ftp.gnu.org/gnu/gcide">lot</a> of <a href="ftp://ftp.cogsci.princeton.edu/pub/wordnet/2.0/WordNet-2.0.tar.gz">other</a> <a href="ftp://ccel.wheaton.edu/ebooks/HTML/e/easton/ebd/">potential</a> <a href="http://www.jargon.org/">data</a> <a href="http://wombat.doc.ic.ac.uk/foldoc/Dictionary.gz">sources</a>.wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-4508810866952009002007-01-06T11:55:00.000-08:002007-10-06T20:35:05.861-07:00Universal Binary GPG 1.4.6<p>I’ve made a <a href='http://www.carrel.org/files/gnupg-1.4.6-osx-universal.zip'>universal build of GnuPG 1.4.6</a> (<a href='http://www.carrel.org/files/gnupg-1.4.6-osx-universal.zip.asc'>sig</a>). This version is not vulnerable to an attack described in a December <a javascript='urchinTracker('/outgoing/lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html')' href='http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html'>security announcement</a>. Copy the contents of this zip into <code>/usr/local/bin</code> to replace the vulnerable binaries.</p><p>The source is available from the <a javascript='urchinTracker('/outgoing/www.gnupg.org/download')' href='http://www.gnupg.org/download/'>GnuPG project</a>. <br />The build was made by making separate directories for Intel, PowerPC and PowerPC 64-bit builds and then using <a javascript='urchinTracker('/outgoing/developer.apple.com/documentation/Darwin/Reference/ManPages/man1/lipo.1.html')' href='http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/lipo.1.html'><code>lipo</code></a> to stitch them all back together again.</p><p>The PowerPC 64-bit code may be somewhat slower since certain operations are not optimized in assembly for that platform.</p><p>Installing using the <a javascript='urchinTracker('/outgoing/macgpg.sf.net')' href='http://macgpg.sf.net/'>MacGPG</a> installer and then copying in the binaries provided above should result in an up-to-date install that is not vulnerable.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-53004924077920407022007-01-06T10:05:00.000-08:002007-10-06T20:35:18.916-07:00MoAB Day 5 Fix Script<p>The fix for <a javascript="urchinTracker('/outgoing/projects.info-pull.com/moab/MOAB-05-01-2007.html')" href="http://projects.info-pull.com/moab/MOAB-05-01-2007.html">day 5’s bug</a> sadly can’t be affected through runtime patching alone. It requires changing the permissions on disk of a number of files and directories which are vulnerable to being edited by default. I’m providing scripts you can run in Terminal.app to change these permissions to safe values.</p><ul><br /> <li><a href="http://www.carrel.org/files/bom-safety.py">bom-safety.py</a> (<a href="http://www.carrel.org/files/bom-safety.py.asc">sig</a>) changes the permissions to safe values.</li><br /> <li><a href="http://www.carrel.org/files/bom-unsafety.py">bom-unsafety.py</a> (<a href="http://www.carrel.org/files/bom-unsafety.py.asc">sig</a>) changes the permissions back to Apple’s original (unsafe) values.</li><span style="font-size:100%;"><br /></span> </ul><code><span style="font-size:100%;"><span style="font-family: georgia;">You can run these scripts in Terminal.app as root using </span></span>sudo<span style="font-family: georgia;">:</span></code><pre>sudo /usr/bin/python bom-safety.py<br /></pre><p>It’ll print a message when it is done or if it encounters a problem.</p><p>Finlay Dobbie <a javascript="urchinTracker('/outgoing/groups-beta.google.com/group/moabfixes/tree/browse_frm/thread/71ccb30e9125d8b4/2cc360411eff4585?rnum=1&hl=en&_done=%2Fgroup%2Fmoabfixes%2Fbrowse_frm%2Fthread%2F71ccb30e9125d8b4%2F%3Fhl%3Den%26#doc_1e191e6ee145d5af')" href="http://groups-beta.google.com/group/moabfixes/tree/browse_frm/thread/71ccb30e9125d8b4/2cc360411eff4585?rnum=1&amp;hl=en&_done=%2Fgroup%2Fmoabfixes%2Fbrowse_frm%2Fthread%2F71ccb30e9125d8b4%2F%3Fhl%3Den%26#doc_1e191e6ee145d5af">pointed out</a> that certain Apple installers like <span class="caps">X11</span>.app or XCode Tools may change these permissions back to vulnerable values again.</p><p>In order to re-run the bom-safety script you must rename the backup it creates at <code>/Library/Receipts/BaseSystem.pkg/Contents/Archive.bom.orig</code>.</p><ul><br /> <li>Set the <a javascript="urchinTracker('/outgoing/en.wikipedia.org/wiki/Sticky_bit')" href="http://en.wikipedia.org/wiki/Sticky_bit">sticky bit</a> on /Library/Receipts</li><br /> <li>Set the sticky bit on the paths down to each of the critical BOMs</li><br /> <li>Unset the group-write bit on the critical BOMs</li><br /> <li>Create root-owned 0-length place holders for critical BOMs/paths<br />that don’t exist</li><br /> <li>Backup /Library/Receipts/BaseSystem.pkg/Contents/Archive.bom</li><br /> <li>Make a 1-bit change to the<br />/Library/Receipts/BaseSystem.pkg/Contents/Archive.bom file that causes<br /><a javascript="urchinTracker('/outgoing/en.wikipedia.org/wiki/Repair_permissions')" href="http://en.wikipedia.org/wiki/Repair_permissions">repair permissions</a> to keep the sticky bit set on /Library/Receipts<br />rather than removing it.</li><br /> <li>Print a completed message</li><br /> </ul><p>As always, you shouldn’t run code when you can’t understand it yourself, trust someone who understands it, or trust the author of the code. For those wondering if I actually wrote the code downloadable above I am providing <a javascript="urchinTracker('/outgoing/macgpg.sourceforge.net')" href="http://macgpg.sourceforge.net/">GPG</a> <a javascript="urchinTracker('/outgoing/en.wikipedia.org/wiki/Electronic_signature#Cryptographic_signatures')" href="http://en.wikipedia.org/wiki/Electronic_signature#Cryptographic_signatures">signatures</a> above for your review. Ironically, the current available GnuPG for Mac has a code execution security hole since early December. I’m building new universal binaries of <span class="caps">GPG</span> now and will post them later today.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com1tag:blogger.com,1999:blog-6546910782076823123.post-6141763287793080572007-01-01T23:13:00.000-08:002007-10-06T20:39:52.656-07:00Month of Apple Bugs<p>An old friend is posting <a javascript='urchinTracker('/outgoing/landonf.bikemonkey.org/code/macosx')' href='http://landonf.bikemonkey.org/code/macosx/'>runtime fixes</a> for the bugs of the <a javascript='urchinTracker('/outgoing/projects.info-pull.com/moab')' href='http://projects.info-pull.com/moab/'>Month of Apple Bugs</a>.</p><p>Protect yourself. Hopefully Apple will have improved their response time to these sorts of issues, and hopefully the user community will not try to blow smoke at people about real problems.</p><p><em>Update:</em> Some people have asked for my thoughts on response time to these sorts of issues after my <a href='http://www.carrel.org/dhcp-vuln.html'>own experience</a> interacting with <a javascript='urchinTracker('/outgoing/www.apple.com/support/security')' href='http://www.apple.com/support/security/'>Apple’s product security team</a>.</p><p>My experience was over 3 years ago now and presumably Apple has improved from that and similar experiences with others in that time. Three years is an eternity in the software industry, even in large organizations with a lot of inertia. My experience way back then was struggling to get any verifiable confirmation that they were working on the problem.</p><p>It was a frustrating experience; trying to overcome any situation of mutual distrust is very difficult. While it is understandable that it takes a while to develop and test changes, that can’t be used as a blanket excuse to keep the people reporting issues in the dark about progress on them.</p><p>On the other hand, it sounds like the Month of Apple Bugs folks are giving no advance notice at all to Apple and the open source project <span class='caps'>VLC</span>. It is impolite of them, even supposing that one or both were notoriously reticent about releasing fixes. I don’t think their actions rise to the level being <a javascript='urchinTracker('/outgoing/en.wikipedia.org/wiki/Negligence')' href='http://en.wikipedia.org/wiki/Negligence'>negligent</a> under current social standards, but then, there’s <a javascript='urchinTracker('/outgoing/www.google.com/search?hl=en&q=%22no+law+against+being+a+jerk%22&btnG=Search')' href='http://www.google.com/search?hl=en&q=%22no+law+against+being+a+jerk%22&btnG=Search'>no law against being a jerk</a>.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0tag:blogger.com,1999:blog-6546910782076823123.post-50138383381959949362006-11-07T09:55:00.000-08:002009-01-08T16:13:48.898-08:00Snoqualmie Falls at Flood<p><em>Update (January 2009):</em> Just over two years later <a href="http://blog.carrel.org/2009/01/snoqualmie-falls-at-flood.html">another flood event</a>, and some <a href="http://blog.carrel.org/2009/01/snoqualmie-falls-at-flood.html">more</a> <a href="http://blog.carrel.org/2009/01/snoqualmie-falls-at-flood-ii.html">video</a> of the falls and Spring Glen below.</p><br /><object codebase="http://www.apple.com/qtactivex/qtplugin.cab" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" height="256" width="320"><param value="http://www.carrel.org/files/Video_110606_001.3g2" name="src"><param value="false" name="autoplay"><param value="false" name="loop"><param value="true" name="controller"><embed src="http://www.carrel.org/files/Video_110606_001.3g2" pluginspage="http://www.apple.com/quicktime/" loop="false" controller="true" autoplay="false" height="256" width="320"></embed></object><p>Flood waters pour over <a javascript="urchinTracker('/outgoing/en.wikipedia.org/wiki/Snoqualmie_Falls')" href="http://en.wikipedia.org/wiki/Snoqualmie_Falls">Snoqualmie Falls</a>.</p>wachttp://www.blogger.com/profile/06646693073914751031noreply@blogger.com0