Michael Gracie

I’d barely gotten use to the 2.6 switch when a new version hit. The new automatic updating functionality kind of freaked me out (hence the delay), but since I’ve been tinkering with the code on this site since time immemorial I figured something was bound to break anyway. And much to my chagrin, nothing did (at least on upgrade), which means I’m forced to do real work, the lure of a winter fishing day notwithstanding.

The new WP dashboard is outstanding – everything is laid out much more intuitively, and the ability to reorganize said layout (along with the rest of the back end interface) only adds to the ease of use. I’ve enabled OpenID commenting too. I was hankering for OpenID some time ago (enough to even pay for it), and just hadn’t had the time to seek out the latest release.  I haven’t installed XRDS-Simple yet so I’m still using a third-party OpenID provider, but frankly I’m astounded that server functionality even exists - Will and Chris have done one hell of a job with the plug-in. Thanks guys.

Have a safe and happy new year.

Brownliner extraordinaire Jean-Paul Lipton is old cold, very old cold.

Probably not as old as this guy though. Billy who? Classic.

Harmful yesterday too

An absolutely awesome presentation on the weaknesses in the public key infrastructure (that which purportedly makes secure websites safe)…

The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure. This infrastructure has applications in other areas than the web, but we have not investigated all other possible attack scenarios. So other attack scenarios beyond the web are conceivable, such as in the areas of code signing, e-mail security, and in other areas that use certificates for enabling digital signatures or public key encryption.

Use SHA-1, you say? Heh, folks are already working on SHA-3, and I doubt it is because they’re bored.

Still, great work on something that was long held theoretically possible. I don’t think miscreants will bother with such heavy lifting though – a colleague of mine noted they can just get a garbage cert, or a more authoritative one for a garbage website name (i.e. a misspelling), and roll the dice. It’s our impression that most of the technical exploits also require screwing with DNS, and we’d love to hear more on whether that’s truly the case.

If you still have a few bucks around, I’m certain there are deals to be had. If you don’t, there’s no better time to take extra-special care of your gems.

I’ve always been the type to give my rods a quick wipe-down after use; if they’re saltwater jobs, a warm, wet rag works overtime. Waxing the ferrules (tea-light candle wax is fine) after every couple of outings is also part of the repertoire. And my latest discovery was cork cleaning (with emphasis on ‘late’).

I have some rods that I’ve owned for a dozen years, and I’d never cleaned the handles. A friend said it was probably a bad time to start trying, particular since some of the corks were downright black – the suggestion was to start using the cheapo backups/loaners (the ones I’m loathed to cast myself – I call them my “guest handicappers”). But, a little warm water and some Soft Scrub with Bleach did the trick – here are the corks on the rods I’ve gotten wet in the last couple of years, after tidying them up…

The one at the top is the oldest in the quiver. I’ve had all the pure saltwater rods at least seven years, and they’ve all felt heavy use (i.e. lots of sunscreen) albeit prior to my move to Colorado. The second, third and fourth (from the top) have seen the most recent workouts – the second was bought early last season (’07) and the fourth was bought in late September (’08). All the corks now look the same – like I just pulled plastic wrappers off them.

Note: Your fishing buddies might already be getting stingy about sharing the single malt, and they’re going to be hard pressed to loan you their new S4 if your own rods look shabby too. So get scrubbing.

Take your time – you’ve got about 36 hours

• Cheap cement is pouring into the US, and it’s creating headaches for Cemex, the largest US producer. Don’t feel sorry for them though – they’ve been pushing through price increases in the midst of plummeting construction. I wonder how this will effect the ‘replacement cost’ line on all those home refinancing appraisals being jammed through right now.
• If you’re a skier, there’s hardly a better time to come to Colorado than now – snowpack is at 120% of normal. If you’re the fly fishing type, you might want to check clarity conditions before heading out this spring, and you may want to pick up another hobby for the first half of the summer – if this keeps up, we are going to be wading in chocolate.
• If you just got laid off, there is no reason to lie about it. It’s hardly ever personal when the economy is in the tank, so talk it up – you might land that next job as a result. However, you could also discuss a made-up controversy designed to distract you from making next month’s mortgage payment, or log into the social network de jour so everyone knows you’re doing nothing but sitting in a coffee shop.

And…

• If you are a hedge fund manager, just write 2008 off. If you were thinking about blogging for a living next year, forget about it. UPDATE: Ditto (i.e. I don’t think Denton is panicking – I think he knows his shit).

Adieu.

In another blow to the teetering fly fishing gear industry, a non-partisan think tank study has found that massive consumption of donuts and beer corrects breaking wrists and rising elbows, and increases overall line speed by as much as 250%.

Empirical evidence in executive summary form can be found here.

It doesn’t mean I’ll never go back, but they’ve lost me for now. While I enjoyed using the Curve, the poor Mac support (for sync-ing and file exchange) combined with what might be the most overlooked security issue from an otherwise highly regarded system I’ve seen in a while (notwithstanding Microsoft Windows), forced a switch.

I’m back to the Nokia S60 platform, with a 6650. It’s roughly the same weight as a Curve, but with a measurably smaller feel in the pocket. And while AT&T has cavorted with Nokia to wrap in as many proprietary features as possible, the fact that there are still plenty of folks hacking Symbian means I’ve been able to find work-arounds or substitute applications for most anything I disliked.

I’m not missing the constant email pings, and I hope I’m providing more thoughtful responses from the desktop too. Yea, I feel a little out of place sans a qwerty keyboard, but my thumbs will adjust – the Blackberry’s phone reception (you know, the ‘talking’ function) was also great, but the Nokia’s just as. Additionally, AT&T customer service was superb throughout the move.

UPDATE: Not a bad move after all (at least if I want reception) – the 6650 is 3G.

UPDATE 2: Kara Swisher says goodbye too (although I’m unimpressed by the justification for all the iFarts).

mcrypt on Fedora Core easy – on Leopard with PHP 5.2.6 not so much.

The instructions below cater to those folks who a) are developing on OS X Leopard 10.5.6, b) need the capabilities provided by mcrypt during their PHP development, and c) do not want to completely recompile PHP to get there. You’ll get mcrypt loading dynamically for use in PHP with this method.

First, you are going to need a few things…

1) libmcrypt-2.5.8, which you can pick up here;

2) PHP 5.2.6 source, which you grab here; and

3) Xcode 3 tools (dig through your sock drawer to find your Leopard disk).

Next, create a directory at root called ‘SourceCache’ and dump the files from #1 and #2 in there and unwrap.

Move to the libmcrypt-2.5.8 directory, and punch in this…

MACOSX_DEPLOYMENT_TARGET=10.5 CFLAGS='-O3 -fno-common -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' LDFLAGS='-O3 -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' CXXFLAGS='-O3 -fno-common -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' ./configure --disable-dependency-tracking

and then…

make -j6

and finally…

sudo make install

libmcrypt is ready – now for the PHP extension…

Move back to /SourceCache, then down to php-5.2.6/ext/mcrypt – type…

/usr/bin/phpize (phpize should be in /usr/bin – if not go find it and change the command as appropriate)

Then configure as follows…

MACOSX_DEPLOYMENT_TARGET=10.5 CFLAGS='-O3 -fno-common -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' LDFLAGS='-O3 -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' CXXFLAGS='-O3 -fno-common -arch i386 -arch x86_64 -arch ppc7400 -arch ppc64' ./configure --with-php-config=/Developer/SDKs/MacOSX10.5.sdk/usr/bin/php-config

Again make -j6 then sudo make install

Make sure you have php.ini in the /etc directory (it may be php.ini.default to start, so rename it). Ensure that enable_dl = On but do not remove the ; from in front of ;extension_dir = "./". UPDATE: Almost forgot – add one line to the .ini file in the Dynamic Extensions section… ‘extension=mcrypt.so’, without the quotes of course (thanks to Badrul).

Restart Apache – when all’s said and done you should be able to see this with phpinfo():

Special thanks go to salty beagle and Kenior Design for giving me the clues to getting the combination of events right.

MORE: Two commenters noted they had their success with the above after updated Xcode to 3.1.2.

WSJ:

The holiday retail-sales decline was much worse than the already-dire picture painted by industry forecasts, which had predicted sales ranging from a 1% drop to a more optimistic increase of 2.2%.

Luxury goods, once considered immune from economic turmoil, were hardest hit, with sales falling 21.2%, compared with a jump of 7.5% a year ago, when the economy had just begun to sputter. Including jewelry sales, the luxury sector plunged by a whopping 34.5%.

Online also felt the pinch, although not nearly as bad as the rest. Nevertheless, nobody bought the Black Friday optimism.

I did a poll of my own too – three families, all with children from five years to ten. All parents said they significantly reduced their spending this year – they bought little if anything for each other, and much less for the children too. But, they expressed the feeling that the kids were very happy regardless, and the one sample group I personally observed confirmed it – the kids were bouncing off the walls. The families also noted that ‘less’ felt good – a simpler holiday without all the pressures left everyone at ease, and content.

And why not? Heck, ‘less is more’ even works in fishing!

Find the digital artist in you (even if the work product is fit for kindergarten).