I’ve got a lot to talk about. We’ve moved cities, I changed jobs, and Jodie does something new, cute, and amazing nearly every day.

So I’m going to talk about pens instead.

In theory, I’m going to get back on a roll and start updating the blog with all the other topics as well, but if not, this post will just be an island in the rough.

First of all, it’s tough having a japanese pen addiction (though this is not new). The few places online that carry the kind of pens I like often run out of stock and there’s pretty much no local place for me to go. If I lived in California or NY, there would be any number of locations I could go to satisfy my cravings, but Florida’s about as far way from both of those as you can be and still be continental United States.

I have, however, started to get a pretty good sense of what I do and don’t like in the pen import market. Unfortunately, this means sometimes the ones I like aren’t in stock anymore or even in production.

Take the Pilot Hi-Tec-C Slim Knock-S (fourth from the bottom), for example. It’s the perfect accessory for my passport wallet (Office Depot “Foray” in-house brand that is the perfect wallet since the passport side holds index cards for notes and todos and even has a small pen slot in the fold. Sadly, the Slim Knock-S is not currently available anywhere I can find. Fortunately, my options aren’t totally closed off. I can use the slightly more expensive Hi-Tec-C Couleur, or maybe the regular Slim Knock (though I suspect it might be too large — I’ll find out in a week or so).

Anyway, that whole build up is a pathetic attempt to justify how I spent much of my Christmas cash from various relatives. With orders from three separate locations, here’s how it breaks down.

JetPens order:

• 2 x Pilot Hi-Tec-C Cavalier Executive Pen Refill - 0.4 mm - Black (PILOT LHRF-15C4-B)
• 5 x Pilot G-2 Gel Pen Refill - 0.38 mm - Black (PILOT BLS-G2-38-B) (perfect to slip inside G2 07 bodies, or even 05 which is the smallest you can find stateside)
• 6 x Zebra Sarasa Clip Gel Pen - 0.4 mm - Black (ZEBRA JJSZ15-BK)

JStationery order:

• 1 x Hi-Tec-C Cavalier - 0.4mm Black Body (LCA-1SRC4-B)
• 4 x Hi-Tec-C Slim Knock 0.4mm - Black (LHS-20C4-B)

Phone order from Kinokuniya:

• 2x Hi-Tec-C Couleur - 0.4mm Grey Body (LCL-50C4-S)

One interesting side-note is that jstationery and jetpens are clearly using the same backend purchasing system. I copied/pastied the contents of their emails in to the bulleted list above. Look similary? Not only that, but here’s the “order status” url included in each one:

jstationery.com/account_history_info.php?order_id=####
jetpens.com/account_history_info.php/order_id/#####

That should keep me writing for another year or so before I binge again.

Gratuitous Tech | 5 Comments »

Skip this post right now if you’re not interested in details interesting only to web application security geeks.  Don’t complain, I warned you.There’s a lot of wrong ways you can try to secure a web application while still allowing content from users.   It’s a surprisingly difficult thing to do, and any time a non-security programmer tries to do it, they’re almost guaranteed to fail the first few times unless the content they’re trying to protect is extremely well-formed (IE: filter out everything but hyphens, periods, and alpha numeric from a “name” field).  The more you try to allow users to insert their own filtered HTML, the harder the problem is.So hard, apparently, that it’s easy to over-react.  Take a look at what apple did on their search page:

http://www.apple.com/search/?q=applescript 

Feel free to test manually by going to apple.com and searching for applescript.  An overzealous filter makes it impossible to accomplish a legitimate task.  Whoops.  The funny thing is that they don’t filter out “embed” or “object” as you’d usually expect to see along with “script”.  Of course, it looks like the page itself is generating most of the content via javascript.  If I were a betting man, I’d put money on a DOM based XSS showing up on sla.ckers.org before too long.  ;-) 

Gratuitous Tech | 5 Comments »

Macs are a lot of fun. Everybody gets to pretend they know how to edit a movie or write a song. Of course, no amount of cool toys will make my movies or songs come out better, but that’s a separate issue. Anyway, today I had need to burn a 14gb iMovie project that was burning up my disk but I wanted to keep a backup of. I looked for some GUI tool, some automated way to do it, then finally had to just settle for this:

tar -zc iMovieProjectName.iMovieProject|split -b8000m - iMovieProjectCompressed.tar.gz.

This produces iMovieProjectCompressed.tar.gz.aa and .ab. I’m using DL DVDs that can store up to 8.5gb a piece, so this was fine for me. For a smaller project or a project being burnt to CDs or single layer DVDs, simply adjust the -b option to split to have the files created in smaller chunks.

Not as elegant as a built-in Mac solution would surely be, and it requires a lot of extra space on your hard drive to create the files to burn, but it works.

Oh yeah, to restore, you’ll have to copy all the pieces back to one place, then you can use:

cat file1.aa file1.ab file1.ac|tar -zx

to extract the original project.

Gratuitous Tech | 1 Comment »

Am I the only one who thinks the Country Music Awards logo looks strangely like the Starfleet Command insignia from Star Trek: The Next Generation?

Random | 2 Comments »

I mostly got it right, but there were a few gotchas that bit me as I upgraded to Leopard from Tiger.  I always do a clean install instead of an upgrade since it helps clear out the cruft that builds up on my machine.  Anyway, here’s a few of the more important steps in the backup/restore process:

•  De-Authorize your existing iTunes account.  From iTunes, Store/Deauthorize Computer.
• Create extra backups of contacts and your address book (file backup or export, not sure which on Tiger — in Leopard it’s moved to export archive)
• Copy your ~/Library/ folder to an external device, but /NOT/ a FAT32 drive if possible.  You’ll lose the file permissions and it’s a real hassle to set them back (lesson learned).
• Backup your Music, Photos folders as necessary (mine are moved around a bit)
• Can’t wait for TimeMachine so I don’t have to worry about much of this next time!

Once you’ve got your new Leopard up and going, you’ll want to restore the following key bits:

• Login keychain (I renamed my existing login.keychain file in ~/Library/Keychains/ and then just copied over the old folder contents into the Keychains directory)
• Watch out for this potential calendar gotcha.
• Also, despite Mail.app saying it was “upgrading” my database, when I first ran it, I didn’t have all my accounts still set up.  This might have been a result of the keychain not put back, or a permission error.  Whatever the cause, after restoring the ~/Library/Mail directory again, setting permissions, and making sure to copy back the mail preferences file as well, everything worked fine.

Gratuitous Tech | 1 Comment »