Works

The only driver set that works is:

• Think/Travel USB Keyboard with UltraNav TrackPoint/TouchPad driver for Windows Vista
• v2kyb03us17.exe
• 9.1.2.0 14
• Mar 2007

You can find the download from one of these locations

• Lenovo Support page (scroll to the bottom)
• Direct download from Lenovo
• Local mirror

Once you have downloaded v2kyb03us17.exe:

1. Run the downloaded file to extract the contents
2. Do NOT run the first setup.exe
3. Go to: C:\swtools\drivers\KYB\v2kyb03us17\WinWDF\
4. Go to your platform (64 or 32 bit)
5. Run that setup.exe

Do NOT work

These drivers all had a better Google page rank, but did not work at all for me:

• tpusbkybdwtrackpoint_108.exe - http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-73235
• v5kyb04us17.exe - http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-66917
• q2kyb02us13.exe - http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS013703

Yes this is a $3 bagel, and yes it is really good.

Schmendricks is a pop-up bagel shop here in SF that is making all the headlines. Their press page links to most of the coverage from the media. Serious Eats also posted a more in-depth series on their beginnings.

Beware that the bagel half-life is definitely in effect here. As Serious Eats found out when they tried to do head-to-head taste tests in NYC, a bagel will lose most of its awesomeness 30 minutes after it's come out of the oven:

Our conclusion? A bagel's half-life, untoasted and unadorned, is no more than half an hour. It was far less than any of us had thought, but after more than thirty minutes, we saw a rapid decline in texture, crust, and even taste. Brooklyn Bagel's initial victory? Simply a matter of freshness.

I've tasted Schmendricks bagels at 10, 25, 40, and 90 minutes after they've come out of the oven and absolutely agree that afterthe half hour mark they take a turn for the ordinary. So my advice is this: eat a Schmendricks bagel while it's still hot and you'll swear you've just had a real bagel for the first time; eat one after it's cooled and you'll wonder why you didn't spend that $3 at Tartine Bakery instead.

I downloaded the hashes and did find my LinkedIn password hash in the dump, though apparently uncracked. You can check yours over at LastPass or LeakedIn.org. Luckily I have unique passwords for all my logins so the damage was minimal. The damage to LinkedIn's reputation though, is not so contained:

• LinkedIn had (or still has) a security hole that allowed someone to gain access to their user account database
• LinkedIn's use of unsalted SHA-1 hashing is gross negligence at best
• LinkedIn's public incident response was pathetic: 2 tweets and 2 blog posts (2 more tweets simply linking to the blog posts)

Luckily LinkedIn search currently shows 480,153 profile matches for "Director of Security". Maybe they might want to start cold calling some of them.

The File

The file that I was able to download off of the torrent sites is a single column dump of SHA-1 hashes that looks like:

00000fac2ec84586f9f5221a05c0e9acc3d2e670
0000022c7caab3ac515777b611af73afc3d2ee50
deb46f052152cfed79e3b96f51e52b82c3d2ee8e
00000dc7cc04ea056cc8162a4cbd65aec3d2f0eb
00000a2c4f4b579fc778e4910518a48ec3d2f111
b3344eaec4585720ca23b338e58449e4c3d2f628
674db9e37ace89b77401fa2bfe456144c3d2f708
37b5b1edf4f84a85d79d04d75fd8f8a1c3d2fbde
00000e56fae33ab04c81e727bf24bedbc3d2fc5a
0000058918701830b2cca174758f7af4c3d30432

The consensus is that all of the hashes that start with 00000 were artifically masked and have already been cracked. This is supported by the evidence that known common hashes, like for the string password:

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

are not in the file, but their masked counterparts:

000001e4c9b93f3f0682250b6cf8331b7ee68fd8

are in the file. Initial reports said that 6.5 million hashes were release, but the file that I downloaded was slightly different:

• Filename: SHA1.txt
• Total count: 6,143,150
• Masked hash count: 3,521,180

So about 57% of the passwords are assumed to have been cracked. I was curious as to what percentage of the most common passwords were present in this dump, as a proxy for gauging the password choices for a supposedly more professional population. A quick search led me to security guy Mark Burnett, who maintains a list of the top 10,000 most used passwords across the internet. He admits to some skew caused by a significant amount of sourcing from adult websites, but I don't think it really matters.

I dumped all the hashes into a Redis instance, produced a list of SHA-1 hashes from Mark's list, and looked for matches on both full and masked hash variants. Here's what I found:

• 7,142 of the most common passwords were present
• 546 of the most common passwords were not present
• 2,312 of the most common passwords were too short for LinkedIn's 6 character minimum

I've posted my final CSV of the top 10,000 passwords with SHA-1 hashes and their status in the LinkedIn dump. What does it all say? Well, adjusted for the minimum password length:

93% of the eligible subset of the 10,000 most common passwords were found in the LinkedIn password leak.

Unfortunately, the leaked hashes were only uniques and did not contain any frequency information so I wasn't able to match it to the distribution that Mark reports. Still, this reaffirms that the vast majority of people don't concern themselves with password security. Stop the madness! Generate site-specific passwords and manage them using LastPass. Sign up for two-factor authentication on Google.

Are you getting SMS text message spam from 5-digit numbers? These are messages that Verizon complicity sends to you via their "Premium Messaging" service. The good news is that Verizon allows you to block all of these via their website. The bad news is that there are still plenty of SMS spammers that don't route through Verizon's officially sanctioned spam channels and just robo-spam.

1. Log in to My Verizon
2. Go to the "Verizon Safeguards" page
3. Go to the "Service Blocks" page
4. Check both boxes for "Block Premium Messaging" and "Block Premium Animated Messaging"

Verizon explains "premium messaging" on it's FAQ page:

What is Premium Messaging?

Premium Messaging is an option to purchase or subscribe to messaging programs, provided by third party content providers, for premium charges (e.g., charges that are in addition to standard messaging charges). The premium charges for subscriptions recur monthly, while the premium charges for purchases occur only once. Many programs offer both one-time purchases and recurring subscriptions. These programs are initiated through special numbers, which are four, five or six-digit numbers, known as Short Codes.

Examples of Premium Messaging programs are:

• Interactive voting during TV shows
• Purchases of content, such as ringtones, wallpaper or screensavers
• Weather alerts, sports score alerts, daily jokes, horoscopes, etc.
• Trivia subscriptions
• Subscriptions that enable the download of a certain amount of content each month, such as the ability to download 10 ringtones or wallpapers per month

Not surprisingly, in 2011 Verizon settled a class action suit where customers were unwittingly signed up for recurring billing for various bullshit services:

Verizon Wireless has learned that some customers may have signed up and been charged for certain third party premium text messaging services based on advertising that did not meet Verizon Wireless’ standards for the disclosure of pricing and subscription information. These charges were for content associated with a company known variously as Cylon, Jawa and/or Eye Level Holdings (although these names may not have appeared on the content or on your bill).

-- www.premiumsmsrefunds.com

Read more about the implementation side of premium messaging at Verizon's developer site, and from the perspective of Sumotext, a SMS short code provider.

• CentOS 5.3
• Apache 2.2
• MySQL 5
• WordPress 2.1

(The drop in number of checks is due to a drop in the daily allowance for free Browsermob accounts, in addition to an increase of one new location in Tokyo.)

Diving into the data some more, I found that the range of response times across the globe were also substantially improved. The response time chart in my profile showed a clear improvement at the time of the switch on July 4:

So, for the same price ($20/month), Linode was able to deliver almost 20% improvement in average global response time along with a much tighter standard deviation.

At the time that I switched, the 256 Slicehost plan cost the same as the 512 Linode plan. Slicehost has since changed their pricing to almost match Linode.

Service Notice: EOS 5D: Main Mirror Detachment

Thank you for using Canon products.

We have discovered that, in rare instances, the main mirror of some EOS 5D Digital SLR cameras may detach due to deterioration in the strength of the adhesive. Accordingly, we would like to convey the details and our service policy concerning this phenomenon.

We offer our sincerest apologies to those customers who have been inconvenienced by this issue. Canon always strives to provide the highest quality products to our customers and we will spare no effort in our quality management to make sure our customers can use our products with confidence. We hope our efforts will earn your understanding.

Phenomenon: The main mirror of the camera detaches and images cannot be viewed through the viewfinder.

Affected products: EOS 5D Digital SLR cameras whose main mirror has detached.

User Support: We will repair and reinforce the mirror portion of the affected products free of charge. If you own one of the affected products, please contact our Customer Support Center.

We appreciate your patience, and we offer our sincerest apologies to the customers using these products who have been inconvenienced by this issue.

This information is for residents of the United States and Puerto Rico only. If you do not reside in the USA or Puerto Rico, please contact the Canon Customer Support Center in your region.

Contact Information for Inquiries
Customer Support Center
1-866-422-2965 (toll free)
8:00 a.m. - Midnight, EST (M-F)
10:00 a.m. - 8:00 p.m., EST (Sat.)
Email: carecenter@cits.canon.com

• August 6: Canon sent over a UPS ground shipping label to the closest repair facility in Irvine, CA
• August 11: I shipped out my 5D body
• August 18: Canon sent an email confirming that they have inspected the camera and would be starting repairs
• August 22: Canon sent an email confirming that the repair was finished and a Fedex tracking number

You use the line "purveyor of fine words." Before commandeering this line, did you look into its etymology? For example, what is correct "fine purveyor of..." or "purveyor of fine..."? Oddly, there is not much online by way of a discussion. There are of course several instances of people using the phrases both ways. I did come across a book about the history of purveyance and it talked about "fine purveyors" as those who procured better cuts of meat or poultry, as opposed to the "coarse purveyors." However, these days, everyone claims to be a "purveyor of fine something". I just wonder if they are interchangeable or if one is more correct than the other. For obvious reasons, you seemed like a good person to ask, being a self-titled "purveyor of fine words" and all.

Well, I chose the tagline 'purveyor of fine words' as a response to the typical self-deprecating blog name that is so common these days -- ones that mix and match words like 'rambling', 'thoughts', 'random', 'drivel', 'brain farts'. I subscribe to one blog that is titled, "Continuing Intermittent Incoherency", which sounds like the author picked up some kind of Mad-Lib for blog names for inspiration. "Randomised nonsense" and "The Solipsistic Sayings of a Random Infidel" also seem to have been derived from the same template.

Perhaps these titles are a byproduct of today's disclaimer-ridden society, where consumers are too moronic to realize that a cup of coffee contains scalding hot liquid, or that a pack of peanuts "may contain nuts", or that power tool enthusiasts should not "attempt to stop a chainsaw with [their] hand". In the online world, this warning zealotry translates into prefacing statements with redundant acronyms like FWIW or IMHO, which authors use to ostensibly indemnify themselves against criticism. "IMHO, you're nothing but a fucktard and the best part of you ran down the crack of your momma's ass", becomes a quaint jest I suppose. In order to buck this trend, I opted to go big instead and inflate myself to gourmet proportions, and thus I promoted myself to a purveyor of fine words.

In response to C.M.'s question, I don't have any more insight into the etymology of the phrase, as mine merely parodies Dean & Deluca's tag line of "Purveyors of Fine Foods and Kitchenware". I would say that "purveyors of fine..." is much more prevalent than "fine purveyors..." insofar as it's difficult to explain the difference between a "purveyor" and a "fine purveyor" (maybe the purveyor is very attractive?), whereas the difference between "food" and "fine food" immediately conjures up contrasting images of corn dogs and Iranian caviar.

Here is a test form for checking if your browser registers the onchange event beyond the firing select element. Changing the select options should trigger an alert dialog box.

onchange listener attached to parent <div> node

onchange listener attached to parent <form> node

onchange listener attached to actual <select> node

The main issue is that adblock does not have any intelligence as to the content that is included with a webpage; it is just a generic regex-based filter system, so it is only as effective as the filters that you provide. There are plenty of pre-made lists available but they tend to be overly-aggressive in what is supressed, resulting in occasional broken pages and/or pages that dead-end because adblock has removed the "Next" button. The most dangerous public set seems to be the EasyList, which has a 360+ item block list. Evidence that the creators know of its greedy nature is their inclusion of a 20+ item whitelist to manually compensate what was initially blocked. Even more unstable is the EasyElement list that searches through the DOM to remove suspected elements directly from the main document -- a list of 570+ substrings to search for.

Intead of using such a large, reactive list of simple and site-specific string matches that tries to supress 100% of ads, I posit that you only need 2 adblock filters to eliminate 70-80% of ads, and still be confident that legitimate content isn't being flagged as a false positive. By getting into the heads of HTML writers, we can pick out the most common patterns used to include ads and create regex patterns to suppress the ads.

1. /(\b|_)ad(x|s?)(\b|_)/
   This regex looks for any element that contains the string 'ad', 'ads', or 'adx' surrounded by a word boundary, because the vast majority of web sites partition their ads into a single directory or serve them through a single script. The word boundary check is crucial to this filter because just searching for the characters 'ad' is ineffective. Instead, the word boundary restriction means that adblock will supress elements that contain strings like 'ads.server.com' or 'www.server.com/ads/' or 'server.com/ad_server.php', but not 'adobe.com' or 'server.com/adjustment'.
2. /ad.*\d+[xX]\d+/
   This regex exploits the common technique of ad designers to use the image dimensions in their element name, i.e., "server.com/newads.php?location=top&size=468x80". Like the previous rule, we don't just exclude any element that has dimensions, but qualify that by searching for the string 'ad' as well.

At this point, your browsing experience will be significantly improved, but you can bump up your block rate to about 80-90% with a few more simple substring matches. There are many well known ad providers that exist solely to deliver ads, so we can consildate those in composite filter rules:

1. /a(2\.yimg|dserv|dvert|tdmt|twola)/
   This rule collects all the ad serving systems that start with 'a': Yahoo, Atlas, AOLTimeWarner, and generic ad serving systems.
2. /b(anners|logads)/
falkag.net
   These pick up anything labeled with 'banner', the 'blogads' network, or Falk AdSolutions.

Realistically, reducing the ad load by 90% should be more than sufficient for anyone. Chasing that last 10% -- and whitelisting the collateral damage -- will always be a losing battle. Your time is better used reading the content that is on the page you requested in the first place.

Internets Strategerist

Sr. Tube Developer

The Decider

Guapo

Scrabblista

Assistant to the Regional Manager

Bonus points if you can match all the cards with their respective references:

• The Office
• Senator Ted Stevens
• G.W. Bush & Will Ferrell
• Victor's Taqueria
• G.W. Bush
• My desk at work

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID db42a60e public key not available for autoconf-2.59-5.noarch.rpm Retrieving GPG key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora The GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora (0x4F2A6FD2) is already installed but is not the correct key for this package. Check that this is the correct key for the "Fedora Core 4 - i386 - Base" repository.

To fix, just add the new keys to rpm (changing the path for you particular install):

rpm --import /etc/pki/rpm-gpg/RPM*

Some forum posts have suggested disabling GPG (i.e. gpgcheck=0), which can be a foolish thing to do. You want to maintain some level of assurance that what you're downloading is legit.

• Recompile PHP
  Find your existing PHP configure command and append this new flag, and recompile PHP. This takes a while and is generally quite bothersome, if not unacceptable like when you're in a production environment.
• Create a dynamic extension
  Compile a separate file (usually ending in .so) that you copy into a PHP directory, and edit php.ini. If you are running multiple machines on the same OS, you can just copy the file to all those machines as well. Much easier, and you can turn it on and off at will.

Here's how to create the extension for modules that appear in the PHP manual on a linux-based system (for third-party extensions, it's most likely the same).

1. Check that you have the PHP development package, which often comes in a separate package. Yum lists it as php-devel. You'll need its components in a few steps.
2. Download the PHP source code for whatever version you're currently running
3. In the source code, there is an ext/ directory that should contain a subdirectory for the module that you're looking for. Change to that subdirectory, i.e. ext/pspell/.
4. Type phpize
   (This won't work if you didn't verify step 1)
5. Type ./configure --with-pspell=/usr
   Replace the red portion with the text that is specified in the PHP man page for the module you want. For example, MySQL improved would be something like --with-mysqli=/usr/local/mysql/bin/mysql_config. Be aware that the path is sometimes a base directory, and sometimes needs to point to a specific file. Read the PHP docs carefully.
6. Type make
7. When finished, the compiler should tell you where it created the .so file (most likely in the modules/ subdirectory of your current location). Copy the .so file to your PHP extensions directory, i.e. /usr/lib/php/modules. If you don't know this, it's listed in your php.ini file under the extension_dir parameter. You'll need root access to do this.
8. Finally, tell PHP about your new extension by adding one line to php.ini:
   extension=pspell.so
   Alternatively, if you already have a bunch of extensions installed, you can place it in your /etc/php.d directory in it's own ini file for a cleaner installation approach.
9. Restart apache, if you're using it
10. Check phpinfo() to verify that your new module is installed

Bug Fixes (based on 2005-7-24 version of LiteSpellChecker)

The current implementation on his site has some bugs, so I've started to tackle some of them:

• Fixed: Redlines get misaligned when scrolling with arrow keys in Firefox
  When scrolling long text using Firefox, the redlines become misaligned as you move towards the bottom of the page. Once they begin to misalign, you have to manually refresh in order get it right again.
• Fixed: Ignore word function breaks if there are non-word segments in the text
  If the text contains characters like ++ or @@, then the ignore words function fails. This problem crops up whenever you have wiki markup syntax.
• Fixed: Numbers are flagged as misspelled
  Any word that contains a number is now ignored by the spell checker.

Performance Improvements

Since many of my users will be working with long documents, performance is key.

• Sped up ignore function by almost 5x
  The ignore word function loops through all words and feeds it back into the spellchecker. In long documents, the lag becomes noticable, and also causes a flicker of all the redlines. Instead of blindly looping through all words, I changed it to a case-insensitive search for the ignored word, and only processed the matching words. Venkman reports a speed up from 278.2ms to 57.95ms on a Powerbook G4.
• Improved responsiveness while editing long text
  Since the spell checker updates the spelling status on every keystroke, the UI becomes unusable when editing long text. I added a spell check delay that suspends the spell checker while typing continuously. You can adjust the sensitivity via the SPELL_CHECK_DELAY variable.

Download my source code. Important: read Emil's demo page before attempting to do anything with these files.

• litespellchecker.js
• spellcheckerbase.js

• Wait time: 8 days via USPS: 11/28 - submitted order; 11/30 - order shipped; 12/7 - order received; The package was delivered from Norcross, GA, so I'm assuming that the west coast has the longest wait.
• Package contents: index print, photos, Flickr sticker, "Inspected by #179" note.
• Print quality: The glossy 4x6 prints I ordered were printed on Fujifilm Fujicolor Crystal Archive paper, most likey by a Frontier laser system. The photo quality is what you'd expect from this standard pairing, and works great for snsapshot prints. No Ofoto-style color tweaking going on here.
• Metadata: Neither the index print or the text on the back of the photos show the title that you enter into Flickr, or the EXIF capture date. Only the date of development is printed, along with "Yahoo!_Flickr" on the back — not too helpful.

Overall, a well executed service that has been long awaited on Flickr. I'll probably try a matte print, and larger sizes soon.

This year I spent Thanksgiving not sitting at home in front of a heaping pile of white and dark meat, but rather in the middle of the desert — Death Valley to be exact. Although the valley is the hottest place in the world, it was a fantastic 75 degrees the whole time. See the pictures

Even though the AJAXSLT library supports Safari and Opera, it's still not ready for prime time, mostly because of performance reasons. In IE and Firefox, the AJAXSLT library is really just a pass-though for the compiled XSL services. However, in Safari and Opera the XSL transformations are done in interpreted Javascript, making it much slower than IE and Firefox. Many people have asked me if I could use this library to make direc.tor work with Safari. The answer is yes, but for anyone with more than a couple hundred bookmarks, the poor performance would become unbearable very quickly.

• del.icio.us on crack
  —Lifehacker
• ...yet another stunning remix
  —Jon Udell
• ...elegant alternate interface to your del.icio.us tags and bookmarks
  —Jesse James Garrett
• gorgeously designed Ajax-style browser for Del.icio.us
  —waxy.org
• Oh my god. del.icio.us direc.tor is my new best friend.
  —Mulling It Over
• Run. Don’t walk to try this out.
  —Lisa McMillan
• A lovely lovely shiny thing buried under quite a lot of brain-slide-offable verbiage
  —plasticbag.org
• ...this application will make you weep. Seriously.
  —Gadgetopia

We are a small startup, working on an IT solution that helps administrators find out what is going on in their data centers. Some call it a "Google for machine data", others call it a "super-grep". Whatever you call it, it's damn cool.

And we're in the same building as Al Gore's TV station, Current TV. Ohmigod, ohmigod, ohmigod, ohmigod.