Skip to content
September 13, 2017 / Jim Fenton

Colorado Road Trip Day 6: Boulder

Wednesday, August 23, 2017
Trip Odometer:1554

Boulder

Chautauqua Auditorium and Green Mountain, Boulder

Today is mostly a day to prepare for Celeste’s move-in tomorrow. So we parked near the campus and took a walk around it and some of the University Hill commercial district during the morning. We had a few things to pick up and expected that the local Target store would be very crowded, so we drove a few miles to another Target. There were still many CU students shopping there, but it was not excessively crowded.

We all (8 of us including Stan, Susie, Ken, and the kids) went out to dinner to observe Celeste’s last night before moving to CU. We ate at Next Door, a modern and very family-friendly restaurant on Pearl Street, Boulder’s primary commercial district. We had an excellent dinner in a semi-private alcove overlooking Pearl Street, where we could watch a few showers fall.

This article is part of a series about our recent road trip to Colorado and back. To see the introductory article in the series, click here.

September 12, 2017 / Jim Fenton

Colorado Road Trip Day 5: Colorado

Tuesday, August 22, 2017
Trip Odometer: 1340

With a short ride today, we had a somewhat more leisurely start from Rawlins. The first part of the trip continued along I-80 to Laramie, from which we took US-267 to Fort Collins, Colorado, bypassing Wyoming’s capital, Cheyenne. Celeste noticed that immediately upon entering Colorado, the surroundings were quite a bit more scenic: pine trees, interesting rock formations, and the like. We are wondering if the trees were planted as a “welcome to Colorado” gesture to travelers.

As we had planned, we had lunch in Fort Collins at Austin’s, a downtown restaurant we had enjoyed on a previous visit. The temperature was perfect for their sidewalk seating area.

For most of the trip, the highway speeds have been too fast (70-80 mph) for Celeste, still an inexperienced driver, to share in the driving. But as we left Fort Collins, she took over and very appropriately did the “anchor” segment of the trip to Boulder.

We arrived about 4 pm at the home of Susie and Ken, my cousin’s daughter, son-in-law, and family. My cousin Stan was there to greet us. Susie and Ken and their kids Zach and Molly arrived about 5 from school on their bicycles.

Celeste had made arrangements to meet some of her new roommates in town, so the rest of us had a fine time getting caught up on things over excellent tacos prepared by our hosts.

This article is part of a series about our recent road trip to Colorado and back. To see the introductory article in the series, click here.

September 11, 2017 / Jim Fenton

Colorado Road Trip Day 4: Eclipse

Monday, August 21, 2017
Trip Odometer: 1015

TotalEclipseToday is a relatively rare event: a total eclipse of the sun, stretching from coast to coast. The timing of Celeste’s move-in at University of Colorado made it possible for us to take a detour to central Wyoming to try to catch this.

Except that we didn’t stay in the path of totality, we prepared for the worst in crowds. We stopped at a grocery store last night to pick up sandwiches for a picnic lunch, expecting that the lunch offerings in the area of totality would be limited. We got up extra early, and departed a little after 7 am for the 2 1/2 hour drive (under normal conditions) to Pavillion, Wyoming, right on the centerline of totality.

There was more traffic than usual, but we were surprised and happy that there were no traffic delays on the way. We drove just past Pavillion to the centerline, which turned out to be about where the paved roads end. There had been warnings not to park on the grassland due to high fire danger (mufflers, etc. igniting the grass) so we found an elevated spot on the edge of one of the quieter dirt roads. We got there about 10:10 am, and totality was at about 11:40 am.

EclipseSite

The time went by quickly as I set up my camera and Kenna and Celeste played Frisbee (very appropriately, with a Frisbee painted as the moon). As totality approached, we spent more and more time watching the Sun through our eclipse glasses. The Sun got dimmer and the air got noticeably cooler.

EclipseTwilight

Then all of it sudden, it was twilight. We heard cheers from the other eclipse-watchers scattered nearby. I took a bunch of pictures, focusing on the spectacle of the Sun’s corona. Kenna and Celeste noticed that it looked like the sun had just set — everywhere! In all directions, there was light around the horizon. We took some panoramas of the horizon as well. Suddenly, it was over. The Sun got quickly brighter, and we re-donned our eclipse glasses. After a few minutes talking about what we had just seen, we enjoyed our picnic lunch.

A woman who lives nearby rode up with two small children on an all-terrain vehicle, and thanked us for coming all the way from California, and she hoped we were having a good time in her area. We asked her what we should see while we were there, and she suggested we see Sacajawea’s grave, which was just a few miles out of our way.

SacajaweaWe passed through the small community of Pavillion (population 232) on our way out. We drove past a park where there apparently had been an eclipse-watching party as well as by a small tavern. It was quite nice, especially considering that it is such an out-of-the-way place.

Our next stop was at Sacajawea’s grave, just outside the town of Fort Washakie. Sacajawea, the native guide for the Lewis and Clark Expedition, was nicely memorialized by a statue and plaques describing her important contribution to the Expedition. The graveyard was interesting too, with many colorful and well-decorated graves, primarily, I assume, of members of the Shoshone tribe of the Wind River Reservation.

LanderBakeShopWe started our return trip, and made good progress until we reached Lander, the county seat (and large town, with a population of about 5000). Traffic came to a dead stop, so we decided to wait it out at the Lander Bake Shop, a cafe we saw. While enjoying our drinks, we noticed that traffic was moving very little. Fortunately the shop had WiFi so we were able to look at traffic on Google Maps, and decided to stay a while. We walked around the town, visited a couple of art galleries (not what we expected in central Wyoming!) and returned for more coffee and an excellent ice cream sandwich, this afternoon’s ice cream treat.

At 5:00 the bakery closed, and we decided to press onward. We were optimistic because Google said that it would take a little under two hours to get to Rawlins, our stop for the night. But what we hadn’t considered was that much of the route has minimal to no cell service, so Google didn’t really know about the traffic along much of the route. While there were sections that got up to 70 mph, there were also long stretches that crept along at 15 mph or less. We arrived about 9:00, had a late dinner at the Burger King next to the hotel, and turned in for the night.

Overall, we had a great day in central Wyoming and were glad that we were able to be there for the total eclipse.

This article is part of a series about our recent road trip to Colorado and back. To see the introductory article in the series, click here.

September 10, 2017 / Jim Fenton

Colorado Road Trip Day 3: Utah

Sunday, August 20, 2017
Trip Odometer: 685

SaltFlats

Bonneville Salt Flats

After breakfast, we continued east on I-80. Our first stop was after only about 10 miles at the rest area adjacent to the Bonneville Salt Flats, where many land speed records have been set. We stopped there on an earlier trip (2006), but it’s striking to see the very white landscape, very much like snow.

After passing through the deserted western part of Utah, civilization returned. We stopped again at the Great Salt Lake state marina to have a look around and our morning snack. The snack was quickly cancelled because of the thousands of tiny bugs in the parking lot. They weren’t actually all that annoying but we didn’t want to let a bunch of them into the car. The marina was worth a look around, even with the $3 parking fee.

We then drove into downtown Salt Lake City, passing by the Mormon Temple and Tabernacle and then up to the State Capitol, high on a hill. There were an unusual number of motorcycles, which we found out were there for the annual Ride for Fallen Officers.

GreatSaltLake

The Great Salt Lake

Continuing east on our winding climb out of SLC, we decided to stop at Park City for lunch. This took us a few miles off the road, but we loved breathing the mountain air and enjoyed our lunch at a local cafe.

After a few more miles of winding road, things straightened out somewhat and the speed limit again went up to 80.

Soon after crossing into Wyoming, we came to Evanston, Wyoming, where we thought we would find a good place for ice cream. We checked out a couple of possibilities, and one was closed (it’s Sunday) and another looked like it had gone out of business. We decided to stop by Wendy’s for their Frosty (sort of a cross between soft serve ice cream and a milkshake), and were pleased to see that they were on sale: a small Frosty was only 50 cents. They weren’t all that small, either. $1.58 for three Frosties (including tax) will undoubtedly be the most economical ice cream stop of the trip.

Continuing from Evanston, we passed through some picturesque rock formations to the way to our destination for the night, Rock Springs. It’s striking how much the scenery changes each day.

This article is part of a series about our recent road trip to Colorado and back. To see the introductory article in the series, click here.

September 9, 2017 / Jim Fenton

Colorado Road Trip Day 2: Nevada

Saturday, August 19, 2017
Trip Odometer: 287

Outdoor climbing wall at the Whitney Peak Hotel

This is the day of the trip that we were least looking forward to: 400 miles across Nevada, with presumably little to see along the way.

Before checking out from the Whitney Peak Hotel, we decided to visit the second floor, where a notable rock climbing facility is located. Coming out of the elevator, we were there: many rock climbing walls that took up most of the second floor, except for a fitness center and small gift shop. Stepping onto the balcony, we got a better look at the outdoor rock climbing facility we saw in last night’s darkness: two large walls perhaps 50 feet tall, above which was a landing and two more narrow walls extending up several more floors. Climbing any of those would be an impressive achievement.

After checking out, we drove a short distance east to Sparks, and had breakfast at a Starbucks there. Then after filling up the tank we began our long drive. The first part of the drive, along the Truckee River, was quite scenic, much more so than I had expected (or remembered). Soon after leaving town, the speed limit increased to 80 mph and the surroundings changed to drier brush.

I-80 Scenery

Although the road seemed to be in excellent condition, a couple of road paving operations were underway that narrowed the road to a single lane and a speed limit of 55, which somewhat countered the benefit of the 80 mph sections. We stopped for lunch at a Subway in Winnemucca. We continued to Elko for our afternoon ice cream break (a tradition on some of our road trips), and then on through picturesque clouds and a few showers to Wendover, Utah, our stop for the night. Wendover is on the border between Nevada and Utah, with casinos on the Nevada side and considerably more staid surroundings on the Utah side. The Utah border is also the time zone boundary, causing us to “lose” an hour.

We took a short stroll back into Nevada, then returned to Utah for dinner at a nearby cafe.

This article is part of a series about our recent road trip to Colorado and back. To see the introductory article in the series, click here.

September 8, 2017 / Jim Fenton

Colorado Road Trip Day 1: Departure

As I have done for the past several years, I kept a journal on our summer vacation for publication on this blog following our return. This year the publication of the journal is delayed by three weeks from real time, and I intend to post one installment every day or so over the next two weeks or so. The recurring characters in our story are myself (Jim), my wife Kenna, and our daughter Celeste, who is on her way to college.


Friday, August 18, 2017

While we have done considerable travel this summer, we thought the most interesting trip to blog about would be our road trip to Colorado. Celeste begins at University of Colorado Boulder at the end of August, and we thought we would drive her (and her stuff) out to begin her freshman year.

We managed to fit almost everything she needs into our Volvo XC60, with roof box attached. The packing itself was notable. For example, Celeste found some clothing bags that allowed her to vacuum pack her winter clothing, so they didn’t take up so much room. It didn’t make them any lighter, though!

Amazingly, we left almost exactly on plan: 10 AM today. Our first stop was Stockton, to visit and have lunch with Kenna’s folks (Celeste’s grandparents, of course). We left mid-afternoon; our plan was to go via a scenic route, especially since much of the trip will probably not be all that scenic. So we took Highway 88, which also seemed to be the fastest route to Lake Tahoe. We haven’t driven 88 many times, and it was a very pleasant change of scenery.

Descending to Lake Tahoe, we stopped at a Scottish pub, MacDuffs Pub, for an enjoyable dinner and some nice banter with people at the adjacent table. We stopped by the lake just after sunset, and continued to our destination for the night, Reno.

It had been quite a long time since any of us had been to Reno. Probably because it was a Friday night, the downtown area was bustling with cars and pedestrians. Our hotel, the Whitney Peak Hotel, was centrally located, a former Fitzgerald’s casino and hotel that had been extensively renovated and now contains a large event space in place of the casino. Tonight the space featured an event with an impressive amount of deep bass (perhaps dubstep), making walls shake in the lobby area. But our room was completely quiet.

Kenna and I took a little walk around, admiring the famous Reno arch (just outside) and their new river walk area, an example of another city celebrating rather than turning its back on its river. Although there was quite a bit of foot traffic when we arrived, it seemed to taper off substantially later in the evening (like about 10 pm), very much unlike Las Vegas.

August 1, 2017 / Jim Fenton

The gaping hole allowing email spoofing

Bogus email messageIn today’s news there was a report that Anthony Scaramucci, the outgoing White House communications director, got “punked” by an email he thought was from Reince Priebus, the former chief of staff and his apparent rival. The messages actually came from a mail.com account.

Although not nearly as consequential, This sort of thing is commonplace. I have gotten several messages claiming to come from Facebook and other social media contacts, but actually from impostors using their names. Presumably the impostors mined the names from social media.

The email industry bears some responsibility for making this possible. Despite the enormous effort put into development and deployment of email authentication and anti-phishing technologies such as SPF, DKIM, and DMARC, there is a gaping hole: it isn’t readily possible to distinguish a message from someone at their expected email address from a message posing as them from a different email address entirely.

Email clients used to routinely display the email address as well as the “friendly name” when they displayed a message. They used to typically display:

From: John Doe <john.doe@example.com>

That isn’t all that pretty, and in this case a little redundant. It also takes more precious space on mobile devices. So today many clients simply display:

From: John Doe

But suppose someone wanted to pose as Mr. Doe? They could very easily send a message with a From header field like this (of course, substituting example.org with their own email domain):

From: John Doe <impostor@example.org>

On many email clients, this will display exactly like an actual message from the real John Doe.

What could be done about it? Obviously, this is an area that warrants some real usability research and a lot of users will need to be trained. But here are a few possibilities:

  1. Verify the address against the user’s address book. If it doesn’t match, display the sender’s name in a distinctive way, e.g. in red, with a big X, etc. Obviously there would be issues with someone in the address book as John Doe sending a message as Johnny Doe, but that can be handled too.
  2. Do the same as #1 but do something like the blue checkmark on Twitter: display something distinctive saying the message came from an address you recognize. The problem here is that meaning of the checkmark would be different: not verified by some central authority, but by one’s own address book.
  3. Display the email address, either with or instead of the friendly name, if it doesn’t match.

There is some risk of just “kicking the problem down the road”, however. If this becomes really effective, address book attacks would become useful. Attackers would try to trick you into accept address book entries (typically .vcf files) from them, and these might enable them to more plausibly pose as a trusted (or at least known) contact.

No matter what we do, some users will ignore it, and we can’t fix that. But we can, and should, give users the tools to easily spot messages that they should treat with more suspicion.

June 20, 2017 / Jim Fenton

Twitter threads: wrong medium

Spool of threadSince Twitter’s inception, users have been bumping up against the 140-character limit on tweet length. With support for images in tweets came images of text blocks — pictures of media articles (OK), but also pictures of text written for the tweet, which misses the point of Twitter as a short-form medium. These images also defeat the ability to search for the text, which limits its distribution and the ability to find it again when you want to cite it.

Twitter has been relatively faithful to the 140-character limit. Early rumors that Twitter might offer a paid premium service allowing longer tweets has not materialized. They have budged a bit, however, by shortening URLs and hostnames (which of course is useful to Twitter as a way to collect analytics) and recently by allowing reply tweets not to count the Twitter handles of the user(s) being replied to in the character count.

The current fad is Twitter threads; most Twitter users have seen these. These usually start with “Thread” and a series of numbered tweets immediately following. These are often one sentence, or one idea, per tweet that fit together. Sometimes, but not always, these are arranged as a string of replies to the initial tweet, so that a reader can follow them by following the replies.

Some composers of threads create them skillfully: they put each idea in its own tweet and it reads like very short installments of a serial. There is value in this; it’s a way of organizing thoughts, keeping points concise, and so forth. Others just write something and break it up into <140 character chunks. There’s even an site (pork.io) that will do this for you. The result is a tweet thread that has to be read together to make any sense and doesn’t require any particular composition effort.

Regardless of the composition of the thread, they can be hard to use. Perhaps I’m using the wrong tools, but when I encounter a thread that looks interesting (usually as a result of a retweet of either the thread header or some tweet in the middle), I usually have to go find the account of the writer of the thread and scroll back through their tweets so I can see the entire thread. This requires considerable effort, and limits their audience to people having the patience and time to do this.

There’s a better answer: use a long-form medium like this (remember blogs?). Tweet a link to the post. It’s much easier to read, it’s easy to add pictures, links, and other media if desired, and is much easier to read. It also respects Twitter’s value as a short-form medium, by not requiring one’s followers to scroll through a long tweet thread that they’re not interested in.

November 17, 2016 / Jim Fenton

Facebook is not a news source

NewspapersThere has been a lot of press about fake news stories appearing on Facebook and other social media. But what really shocks me is that, according to Pew Research Center, 44% of the US population gets its news from Facebook.

Read more…

August 21, 2016 / Jim Fenton

DNSSEC Signing Revisited

signingA couple of years ago, I signed the DNS records of my personal domain with DNSSEC, and wrote a blog post on the experience. Since then, life has been generally good, although there have been a couple of hiccups where the signatures expired and my domain became briefly unavailable to resolvers that verify DNSSEC. I figured out how to make the re-signing of the domain happen automatically, and those problems for the most part went away.

I recently upgraded my DNS server from the Debian “squeeze” release to the “jessie” release to ensure that I continue to get security updates. A month or so later, I got a notification that my DNS was broken again. I figured that the process that re-signed and published my DNS records had failed to start; quite a few things like that broke in the upgrade.

But it was worse than that: the dnssec-tools package that I have been using for signing (described in that blog post) is no longer available from Debian for jessie, apparently because of some unresolved bugs. I needed to quickly find another way to sign my domain.

BIND to the rescue

Looking around for alternatives, I found out that BIND 9.9, which is available as a jessie package, supports inline signing. I have always used BIND as my DNS server, and I welcome the prospect of signing without a lot of external dependencies. ISC provides a good (but incomplete – see below) how-to guide on turning on DNSSEC signing, so I followed those instructions.

My first problem was the keys themselves. Dnssec-tools seems to have used a different format for the public/private keypairs used by DNSSEC than BIND, so I needed to generate new keys. I started to do this, but it was taking forever! It turns out that dnssec-keygen needs a fair amount of cryptographic entropy to generate a keypair, and I was running it on a virtual private server that doesn’t get much entropy. So, despite my aversion to transferring private keys, I generated keys on my home Linux (Ubuntu) machine. This took long enough, even with me banging on keys and doing every other random thing I could think of.

Having transferred the keys (two keypairs, a Zone Signing Key and a Key Signing Key) back to the name server, I went ahead and signed the zone. But I realized something was missing: the ISC how-to guide doesn’t talk about publishing the DS records at the parent domain that are necessary to link my keys to the global DNS trust chain.

Fortunately, I found the instructions for this in a different ISC how-to guide. The dnssec-dsfromkey utility converts the public keys into the necessary format for the DS records. I then logged into my domain registrar’s website and added the necessary DS records.

Everything looked pretty good, and I was able to look up my records using my verifying resolver. But I also checked an online utility to see if it saw any errors. It said my DNSSEC was still broken. I thought maybe there were some old records in a cache somewhere so I waited a day or two.

Time didn’t help here, and I couldn’t figure out why it was still reporting an error. So I consulted a very knowledgeable friend – thank you Patrik! – who introduced me to a different tool, DNSViz, that showed that my slave DNS server, running on a different host, was returning different data. Specifically, it was showing several DNSKEY records from my old configuration that shouldn’t have been there.

I looked at the primary zone file, both the unsigned one I maintain and the one signed by BIND (using the named-checkzone utility, since the file is in a binary format). Everything looked fine; the extra DNSKEY records weren’t there. I re-transferred the zone to the secondary, but the extra records remained.

Finally, somewhat in desperation, I deleted the zone file and the associated .jnl file (not sure where the latter came from). Restarted BIND and everything was fine. I’m guessing that the .jnl (journal) file was telling BIND to make only incremental changes to the zone, and therefore the old DNSKEY records were untouched.

I will, of course, need to continue to watch to make sure that the signatures don’t expire since I don’t understand the key rollover methodology yet. But module a couple of problems getting started here, I’m optimistic that inline signing with BIND will be much easier than what I had been doing.