WombatNation

My wife is in White Horse, Canada, this week with some of her family, because her late grandfather was named the “Pioneer of the Year” by the Yukon Territory Transportation Museum. The big ceremony is tomorrow. Her grandfather was a bush pilot famous for providing the first airmail delivery to the Yukon Territory and for participating in an air rescue of passengers who had been in a plane crash in Whitehorse (which was apparently covered in the widely read issue #9 of the Yukoner Magazine). He also provided flight support to the National Geographic Society during the first mapping expedition of the St. Elias mountains. He flew a Fokker Super Universal CF-AAM.

While driving from Whitehorse to Skagway to take a train ride today, they came off this friendly bear who was crossing the road to eat some dandelion greens. Keep your arms and legs inside the vehicle at all times, indeed.

Recently I posted about being one of the people whose personal information was potentially exposed due to allegedly lax security at Seisint (owned by LexisNexis (0wn3d by hackers)). Today a story appeared on Wired.com on the hackers who claim to have initiated the break-in. At first I was relieved to read that it was a “cyberjoyride that got out of hand”.

Further into the article, though, I learned that these teen hackers created lots of extra accounts and shared them with others. So, while they may have broken in for entertainment and ego gratification, they have no idea what anyone else may have done.

It’s got to be painful for the people at LexisNexis to read the following quote from the Santa Clara County Deputy DA:

I’m just saying it’s not one group that’s compromised LexisNexis. Their security is really bad. This isn’t a situation where you’re talking about needing an überhacker to compromise (the system). Their passwords weren’t as secure as your average porn site.

While I’m happy to get a year of free access to the Experian Credit Watch service out of the deal, I’m not sure it’s really that valuable. The first alert I received indicated that the blanace amount changed on one of my credit card accounts. Great. I’m going to get an email everytime a credit card company sends me a bill, even though I’ve paid off all my accounts in full every month since I graduated from college.

Worse, though, is that the link in the HTML email was bad. The actual link started with “https://https://”. I’m still not sure why, but the link actually sent me to PayPal. That seemed really suspicious, but I spent a bunch of time verifying that it was the real PayPal site. I sent email to the customer service account on the Experian website, but I received only a very generic form letter response that ignored my question and told me nothing useful. I persist in believing that companies will provide good quality support by email, since it cheaper than providing support by phone. However, my experience has been that email support is generally far worse than phone support. Not just a little worse, but a lot worse. Fortunately, there are a few exceptions, such as the company that hosts my website. But I digress.

Sorry if anyone reading my blog through an RSS or Atom feed had problems with it during the last few weeks. I upgraded to WordPress 1.5.1 a couple of weeks ago. Everything seemed fine, but then I noticed about a week ago that I was no longer seeing my own syndication feeds in Bloglines. The sole reason I susbscribe to my feeds in Bloglines was to detect exactly this kind of problem, so I guess I should at least be happy about that. I guess.

So I upgraded to WordPress 1.5.1.1 a few days ago and that seemed to solve the problem. One of the bugs that was allegedly fixed involved syndication feeds. Who know if that was the problem, but I’m just glad everything seems back to normal, even though it isn’t.

If you don’t live in California or you’ve never lived here, this post may not be very meaningful to you. Then again, maybe your State does something similar.

For a long time, I’ve wondered what was the meaning behind the stickers I would often see in the rear windows of cars, typically in the upper left part of the window. No, I’m not talking about the stickers with Calvin peeing on something or the stick figures representing family members (which is a whole nother story). I’m talking about the white numbers on a red background with white trim.

Finally, I decided to ask my police officer brother-in-law about the stickers, figuring that he would likely know the explanation. It turns out that these stickers are given out to people who have requested an extension for renewing their license tag sticker. Often, the excuse is that they need more time to have their car repaired so it can pass the smog inspection. The number represents the month by which they need to renew their tags.

In hindsight, I should have seen the pattern in the numbers. Surely that mathematician guy from the TV show Numb3rs would have figured it out. Anyways, mystery solved.

Surprisingly, the red background does not change from year to year. My brother-in-law told me that he suspects that some people reuse the stickers from year to year, or simply save them until some future time when they might need them. You would have to be a little careful about putting on new ones too early, though, since all the cops know how far in advance (usually only 2-3 months) the stickers are given out.

While I have often heard about sandstorms in deserts, especially lately in Iraq, I’ve never seen a photo or video of one. While I can’t offer a video, here are some photos passed on by one of my relatives who is currently stationed in Iraq. Okay, now I understand why they make such a big deal over the sandstorms.

After much gnashing of teeth, I got CVS running as a service on my laptop and am able to access it using the CVS client Eclipse plug-in. The key was finding this page posted, at least in part, by Glenn Robitaille. Without it, I suspect I would still be poring over the CVS and xinetd documentation. One change I had to make that I didn’t see listed on the page was to change the owner of /usr/bin/cvs to the cvs user.

I was surprised how difficult it was to setup CVS. I think I’m already beginning to learn why people dislike CVS so much. With this rite of passage complete, next up on my source code control system investigation is Subversion with Subclipse.

A few weeks ago, I learned that I was one of the few hundred thousand victims of Seisint’s carelessness in monitoring the users of their public and private data record aggregation service. Seisint is owned by LexisNexis, which is owned by Reed Elsevier. At first, LexisNexis thought 32,000 individuals were affected. Now the number is believed to be over 300,000.

In the ChoicePoint debacle, crooks fraudulently obtained accounts by posing as legitimate businessmen. In the Seisint case (actually, some of the intrusions were in unrelated parts of LexisNexis), crooks managed to get access to the usernames and passwords of legitimate users. Then again, LexisNexis hasn’t revealed whether the legitimate users might have been in collusion with the crooks, so maybe the scenarios are actually quite similar. I like that one of the services that Seisint allegedly offers to other businesses is “detecting fraud”.

To LexisNexis’s credit, they did more than just send me a letter saying something like, “We screwed up and let bad guys get access to your Social Security Number. Watch your back.” In addition to the letter, they arranged for me and the other 300,000+ unfortunate souls to get a free 12 month subscription to a service from Equifax that allows one to get a 3-in-1 (Equifax, TransUnion, and Experian) credit report online each month, and to have alerts sent whenever someone accesses your credit record or whenever there is a material change in your credit record.

I finally got around to signing up for it tonight. It was fairly straightforward to do, though I’m glad I didn’t have to pay the $130 annual cost for the program. After signing up, I quickly scanned through the three reports. The reports themselves were fairly well organized and easy to peruse.

As I feared, my address and former address were wrong with TransUnion and my former address was wrong with Equifax. This was a result of a thief fraudulently impersonating me in 2002 and setting up 9 credit accounts using my social security number. Even worse, an account the thief set up with Radio Shack was still on my record with Equifax. TransUnion and Experian had both already removed it.

Fortunately, there are online forms for initiating disputes. The Equifax dispute form was much less well designed than the credit report review pages. After battling with a text edit box that would let me enter only 250 characters, but then not let me delete characters after reaching 250 characters while mid-word, I managed to submit the dispute. The TransUnion form was nicer, but longer and less helpful. Anyways, hopefully I will finally get the mess from 2002 cleared up and not have a new mess initated from the Seisint miscue.