total.pardo

so far so good – the folks at zenbe.com are on to something here…from about.com:

Zenbe organizes your emails and attachments (from Zenbe and existing POP accounts) with labels and search — and integrates calendar, to-do list, twitter and Facebook updates, too.

With a focus on elegant simplicity, Zenbe provides many sweet shortcuts but also shows quirks and omissions in others. The spam filter is good, but it would be great if IMAP access was possible for all folders (not just the inbox).

Pros

• Zenbe lets you organize mail and attachments flexibly using labels and search
• ZenPages make it easy to share and collaborate on the information contained in emails
• Zenbe filters spam solidly, lets you use existing accounts and can be accessed using POP/IMAP

Cons

• Zenbe IMAP access provides access only to the inbox
• You cannot save searches and Zenbe cannot learn (say, what labels to apply) from your actions
• Zenbe does not thread messages, and does not prevent remote images from loading automatically

if you are still foolish enough to be using gmail – they have added themes to their mail site.

above is a sample of what they added.

use at your own risk…lipstick on a ninja still makes it a ninja.

a nice find by jeff - @ http://ke9v.net/2008/11/google-and-your-privacy/

jeff wrote me to say he found the video here:

http://blogoscoped.com/archive/2008-11-17-n90.html

i never thought about when i email someone who has a gmail account that i would also lose my privacy since google now owns the email i sent.

bollocks…

time to stop emailing people who use gmail.

the irony is - youtube, the place where this video is hosted, is owned by google.

more here:

http://www.totalpardo.net/2008/11/06/googleyoutube/

ever need to kill a rdc by session?

>query session /SERVER:myserver.myco.com
 SESSIONNAME       USERNAME                 ID  STATE   TYPE
 console                                     0  Conn    wdcon
 rdp-tcp                                 65536  Listen  rdpwd
 rdp-tcp#11        Administrator             1  Active  rdpwd
 rdp-tcp#4         Administrator             2  Active  rdpwd

The above show 2 connections to "myserver".
You can kill the sessions with ID 1, 2, 3, so on.

tsdiscon 1 /SERVER:myserver.myco.com

works like a charm.

not like i did not know this before, but it is time to go lossless for my audio collection. what a world of difference in sound.

fta @ http://www.obsessable.com/feature/mp3-vs-flac-vs-wav-audio-formats-primer/

FLAC

Another lossless audio codec is the Free Lossless Audio Codec, commonly referred to as FLAC. FLAC is popular with the audio enthusiast scene, as the files created are smaller than WAV files, though the files still maintain all the audio fidelity of a WAV file. FLAC files can also be paired with “cue sheets” that define individual tracks inside of one larger FLAC file. FLAC files cannot be played back with most portable audio hardware, requiring either modified iPod firmware or custom portable players, but several notable players support it such as several in the Cowon line (including the Cowon A3, and iAUDIO 7) as well as the iriver SPINN, the SanDisk Sansa slotMusic player, and a number of Samsung PMPs including the YP-S2. FLAC’s other primary advantage is that it is free, and any device manufacturer can implement FLAC at no charge. If you’re looking for components to handle your FLAC collection, an updated list of many of the devices that support FLAC is kept at Sourceforge.

ALAC

One lossless format implemented on the most popular portable media player, the iPod, is the Apple Lossless Audio Codec (ALAC). ALAC allows users to take audio straight from CDs, convert it in iTunes to ALAC, and play it back in full fidelity on an iPod. ALAC files can only be played in Apple’s music ecosystem (iTunes, Quicktime and iPod) and therefore the format is mainly suitable for audiophiles who enjoy listening to lossless music on an iPod exclusively.

since i am almost all mac at home, i am tempted to go ALAC for my collection.  but FLAC is more open.  wish i never sold the old CDs.

Can’t Access Your Google Account? Tough Luck

fta:

“A company really shows its true colors when things go wrong, or when users need help,” he writes. “Google has shown that it simply doesn’t care.”

Some details from the Mibbit blog:

On Friday 31st October, I woke up, went to check my gmail, and couldn’t login. It just said “Account has been disabled”. No reason, nothing. I went through their ‘contact us’ form. It replies with an auto-responder stock e-mail listing irrelevant reasons. I e-mailed back, more auto-responders. I’ve since called their adwords support number, who keep saying “We’re looking into it”. 6 days is long enough to reinstate an account.

According to his own evidence gathering, somebody apparently gained access to Axod’s Google account and caused it to get disabled, all just for fun. Even if that’s all it was, a simple prank, Axod has his entire life wrapped up in that Google account — Gmail, a personal blog, AdWords and AdSense accounts, a calendar he shared with his wife. He has to reboot his online life and start over from scratch, which he is in the process of doing.

ol’pardo wised up, when will you?  have your whole life wrapped up in a “free” google account?  good luck to you.

stallman said it right – doing this is worse than stupidity. defense in depth is impossible when all your eggs are in one basket.  think about what a hacker has when they get into your google account:  email, chat and chat history, bookmarks, web history, search history, greader feeds, calendar, google docs – the list only gets worse.  this is all obtained with one password.  one.  feeling great about your choices now?

encryption and nonstandard is the way to go.  there are many paid services out there which support SSL and have other features like one time passwords which can be used to keep your account secure.  running an email server in a CoLo or on your own may be a good option for the very paranoid.

i’d rather pay for an account that can be recovered than go at it for free or ad supported with absolutely ZERO support.

once again, gmail users…best of luck to you.  keep following the wisdom of the cloud and you will be pwned.  eventually. guaranteed.

1. tabbed browsing from within the application

2. one handed navigation on the keyboard

3. all podcasts are auto-downloaded, for that matter, all SOUND is downed

4. off line sync - to catch up when there is not internet connection

5. three finger posting to this blog via ecto (WHY, why, why would google NOT allow this?)

6. iphone action is good - i miss the scroll -by marked as read.

7. anonymity - i am tired of google knowing everything about my reading habits. now, all netnewswire will have is a fake name - userxxxx

this is really a slick application. i am sad the windows version is not a full featured as the mac one - just another reason to stay on the mbp for everything…

the damnedest thing happened a few months ago when i updated the old wrt54g v1.1 router to a more respectable firmware - tomato v 1.26.

i asked on this thread:

http://www.linksysinfo.org/forums/showthread.php?t=59024

I have searched for this issue elsewhere to no avail. All I did find was the same reference with a few similar responses on the team xbox forums.

Hopefully someone here has seen this and has some ideas on how to resolve.

My setup is:

WRT54g v.1.1 flashed successfully to latest Tomato firmware. Wired PC, wireless MBP, wired Xbox360. All worked without issue before flashing. All work now except:

The 360 cannot connect to Xbox Live unless I force a “Test Connection to Xbox Live”. It goes through a process of verifying IP address, DNS, NAT, etc. Once this is done, the 360 is able to get onto the Internet and everything works fine (ports are forwarded and the 360 detects it as ‘Open’ NAT, aka none).

The 360 is set static and wired. The correct ports are forwarded. (Same as they were with the Linksys software.) I have the 360’s IP in the DMZ (and have tried it with out it in the DMZ).

nothing worked - and i, of course, tried everything that logically made sense until this poster jvro applied the proverbial brick-to-the-side-of-the-head trick:

To me it seems that if you enable DHCP and makes your Xbox get an IP that way (you can always pre-decide which IP it gets delt in Tomato anyway) you don’t have have that issue anymore.

The above combined with activation uPnP fixed the problem for me (not sure if the uPnP is nessesary though but was for me because of my provider and me being able to get “open” access to live).

I was experiencing the exact same problem as described in this thread and the above fixed (as well as for a friend of mine)

Seems to me that this could be related to the xbox firmware and that when it’s set to DHCP it does “more” than when it’s configured with a static ip.

and, as you would suspect, it works like a charm.  the key was to assign the MAC addy of the 360 to a statically selected IP in the router.  that way the usual port forwarding and DMZ settings would always be applied, the console would remain open, and would log in to LIVE automatically…without the network test.

sometime the solution you know shouldn’t work, works.

now, on to some gaming…

other people, smarter than me, have come up with much better ways to keep secure while online.

so my wisdom may be old hat, or ridiculously simple.

but i have found the simple thing can be the most effective thing.

idea - websites that ask for your email address as a user name.  don’t use a known email address. if your regular email address is joeblow@gmail.slob - create another account with a user name no one knows, that you don’t email from, and that you won’t give out - say  user1001@mail.com.

why is this effective?

if you are to be hacked by someone, and they are not aware of the account you use, they will have to guess the user name and domain.  don’t have that domain forward any emails you recieve from the online accounts to your master email address - if that one gets hacked, the duck blind you set up is gone.

by the way - throw away email accounts at google or hotmail are bad.  stop using them.  buy your email access from a provider that doesn’t sell to you through ads.  your privacy is just about gone on the web as it is…why give the rest of it away?

YMMV.

1.  Nobody believes anything bad can happen to them, until it does.
2.  Security only works if the secure way also happens to be the easy way.
3.  If you don’t keep up with security fixes, your network won’t be yours for long.
4.  It doesn’t do much good to install security fixes on a computer that was never secure to begin with.
5.  Eternal vigilance is the price of security.
6.  There really is someone out there trying to guess your passwords.
7.  The most secure network is a well-administered one.
8.  The difficulty of defending a network is directly proportional to its complexity.
9.  Security isn’t about risk avoidance; it’s about risk management.
10. Technology is not a panacea.

(Scott Culp – 2000)

#5 is unfortunately a heavy price…that includes the constant state of worry.

an uncultivated rant follows:

you would think a blog that purports to be the “synergy of all things civilized” would have had an author who was savvy enough to take up the mantle of privacy during its three+ year run.

you would think the guy who’s bread and butter is based on securing his rather large company’s network and data would have been more concerned about the rampant degradation of privacy rights and the rapid loss of all cultural gatekeeping.

you would think…

how does the world balance the wisdom of the crowd with the cult of the expert? how do we avoid becoming the next AOL user # 1172891?

i have spent a great deal of time learning from the text books about the different ways to keep a company network protected from you war time hero fools out there that would have at the data contained therein. even fractured a few rules to “learn” how you’d do it.

but never did i consider the threat that all this damn information out there poses.

go ahead, do a zabba search on yourself. take the shock. swallow hard - your info is out there. everywhere. everyone knows.

does ubiquitous access to information make us better or worse as a society? do you want, what alarmist andrew keen says, everything to be absolutely knowable? Or would you rather have Adam Greenfield’s notion of “Everyware” - tiny embedded computers in clothes, walls, and beer mugs?

i’m sorry, but a credo of Do No Evil no longer cuts it for me. how many times do we have to learn from our mistakes? time to cut the ties.

if i have learned anything about data mining and OLAP, its that these process and algorithms don’t play well in the wide swath.  why do you think google keeps offering free honeypots software to the masses?  altruism, it is not.  unadulterated data collection made fun and easy by your friends at google.  10 to the 100 project indeed! (fuck you, keen.  i will refer to and quote my amateur ass any damn well time i want)

its time to get under the proverbial radar and get flat. very flat and scattered. am i ringing the bells? no. but i see the wool now. yeah, this stream of consciousness piece is an admittance of dependence on the very thing that can hurt. research shows the internet and the use of hyperlinked documents to read (learn, meh.) new concepts through the fog of continuous partial attention is rewiring the unwitting brains of those of us who use (read: believed) the powers of the internet as a modern day oracle at delphi.

am i swayed by the logic nicholas carr - IT public enemy #1 - who claims IT doesn’t matter? yes and no. but i see where he and others much smarter than i could ever be are going - IT as a utility like water, gas, electricity - plug or connect to the “grid” and get your files, all neatly indexed by the “oracle at mountain view” for feeding to the hungry advertisers, or worse, a panicked uncle sam - shredding rights with impunity in the name of homeland security. what happens when “con”cast becomes a de facto agent of the us government (as some would argue, they already are in limine of such compromise) - not unlike actions taken by yahoo and at$t (dollar sign purposeful) to date in the war on terror.

so, i hear you thinking as you read my rant that ol’pardo must be up too late some nights looking for conspiracy whilst clutching his ragged copy of the standard orwellian horror tome. rather, you should do your own thinking. keen is right, 2+2 CAN be made to equal five. and we all need to be careful when the amateurs out there try to make it so. i harken back to the episode of ST:TNG Chain of Command, Part 2: THERE….ARE….FOUR….LIGHTS!

mind your data - before it minds you (nefariously or not - its time to hold the line.)

if you are kevin mitnick – you should expect to have your bags checked – your laptops, lock picks, etc confiscated – even if you are traveling to do a “security conference” in one of the drug capitals of the world.  the DHS and ICE don’t care about the 4th Amendment – it doesn’t apply any longer in this day and age if you are a US citizen.  kevin probably should have expected this:

cnet

“They can detain you for four hours, inspect everything, and put you through the third degree for no reason. It’s really a police state,” Mitnick said. “I travel in foreign countries that have even more stringent rules, and I never have problems.”

To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a “clone” of his MacBook at home so he will have an exact duplicate of it if it is ever seized.

“I don’t harbor any ill feelings toward (customs), but I was really scared because of the circumstances that were happening in Bogota at the same time,” he says. “I feel lucky in a sense, and I feel violated in a sense.”

violated huh (pot, kettle, black). you should feel that way kevin.  as should we all.   I think back to the quote from West Wing with President Bartlet exclaiming:  “Did you know that two thousand years ago a Roman citizen could walk across the face of the known world free of the fear of molestation? He could walk across the Earth unharmed, cloaked only in the protection of the words civis Romanus — I am a Roman citizen. So great was the retribution of Rome, universally certain, should any harm befall even one of its citizens.”

Cives Romani doesn’t apply anymore.  We no longer walk the earth unmolested as a people – we encounter more issues from our own government than we do at times from those who wish to do us harm.  there is hope from a few Democrats:

cnet

The Homeland Security Department has declared its right to seize laptops at the U.S. border indefinitely, but legislation introduced Thursday is intended to curb that power.

U.S. Sens. Russ Feingold (D-Wis.), Maria Cantwell (D-Wash.), and Rep. Adam Smith, (D-Wash.), introduced the Travelers Privacy Protection Act in response to the DHS policy allowing customs agents to detain a traveler’s laptop for an unspecified period of time to review its contents, even absent of individualized suspicion.

“Most Americans would be shocked to learn that upon their return to the U.S. from traveling abroad, the government could demand the password to their laptop, hold it for as long as it wants, pore over their documents, e-mails, and photographs, and examine which Web sites they visited–all without any suggestion of wrongdoing,” Feingold said. “Focusing our limited law enforcement resources on law-abiding Americans who present no basis for suspicion does not make us any safer and is a gross violation of privacy.”

The legislation would require DHS to form reasonable suspicion of illegal activity before searching electronic devices carried by U.S. residents. The DHS would also be required to provide probable cause and a warrant or court order to hold such a device for more than 24 hours. The bill also limits what information acquired through electronic searches the DHS can disclose, and it requires the department to report on its border searches to Congress.

The DHS refused to send a witness to a Senate hearing in June, chaired by Feingold, regarding searches of electronic devices, but it provided a written statement defending its policy. A ruling in April by the Ninth Circuit Court of Appeals also defended the agency’s right to conduct the searches without reasonable suspicion.

Similar bills, such as the Securing Our Borders and Our Data Act and the Border Security Search Accountability Act, have been introduced this year in the House.

there is a more in depth article about this at the washington post:  http://tinyurl.com/4qx83x

the aclu (obviously) supports this measure:  http://tinyurl.com/4shbbz

makes you wonder who runs this country and if every citizen is to be considered a threat.  the steps we need to take to protect our privacy are becoming insurmountable.  kevin’s example (and he is one of the smartest people out there in terms of circumventing such security) of transferring data across the web to a server in the US and returning his hard drives to virgin states is telling – telling of the ludicrousness of our age.  its almost like you have to think like a bad guy to survive.

i wrote my senators asking for their support.  my representative is in flux right now, Rob Andrews stepped down to run for the senate this year – i think his wife is the congresswoman who took his seat.

i am going to try rssfwd @ http://www.rssfwd.com/ to populate my posts into evernote.

i like both evernote and macjournal but i just can’t bring myself to pay for mJ. i think both programs have good and bad points.

if the feed automatically populates evernote via the mailing of my feed, it may work out better to use evernote over mJ.

let’s see what happens. it probably won’t work and i will have to settle for manual imports.

as my subscription comes to a close after 5 years, i thought i’d chronicle what i got out of this month’s episode of maximumpc (“minimum bs” is their motto – i think the rag should be called 1-and-1.com):

snarl

A notification system you control…

Snarl is a notification system for Windows. It displays notifications on-screen for applications which support it.

and here i thought this was a mac only product!  there is a windows version located at the URL.  good stuff.

midomi

midomi is the ultimate music search tool because it is powered by your voice. Sing, hum, or whistle to instantly find your favorite music and connect with a community that shares your musical interests.

it does work fairly well.  there is a product similar called shazam on the iphone.  i have not tried the iphone version of midomi as yet.

backtrack

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

need a lockpick?  this program, a few tweaks, and a USB drive are your answer. 

after all the ads, this is the best of what this magazine had to offer.  its time to cancel i think…

http://www.iliumsoft.com/site/iphone/upgrade.php

finally, the app i use every day has twice the value – sync to the iphone from a file source.

thank you, ilium.  it took forever, but is well worth it.