Category: Just Saying …

When my wife’s alarm clock went off, I pried my eyes open to look at my alarm clock. It showed 4:45am. I was a bit confused (a normal state at any hour of the morning), and wondered why she was getting up so early. She told me it was the usual time (5:45am).

Yeah, right. My alarm clock runs on atomic time, and automatically adjusts to the proper time. This is useful during power outages, as it will be one less clock I have to set after the power is restored.

Until I realized that this was the last Monday of the month of October. And then I remembered that my alarm clock was built before the change to the start and end of Daylight Savings Time. Which is now the first weekend of November, not the last weekend of October.

Which makes my alarm clock as confused as I am in the morning.

And now I remember that I have several other atomic clocks in my house that are similarly confused.

To add to all the coverage of the extra special (and critical) MS patch released yesterday, for the benefit of my three (that many?) regular readers (excluding family):

My first reading of the various links about this vulnerability and patch (see below) indicate that, although the rating is critical, and the patch should be installed immediately, there is less exposure to Vista and Server 2008 and XP SP2+ systems because their default settings enable the firewall and block ports 139 and 445. (You can check if those ports are blocked by using the ShieldsUp test at www.grc.com.)

Note that this vulnerability has the potential for the same impact as the Blaster and Sasser worms (the blocking of those ports and default firewall enable XP SP2 and Vista is one of the results of learning from the Blaster worm). That blocking will help with external attacks, but an internal attack (behind the firewall) may be possible. For instance, our organization was severely impacted by an internal attack of the Blaster worm, which caused a Denial of Service (DoS) type of attack on network traffic.

The initial takeaway is that the MS patch, and probable (already released now) upcoming AV patches will be very important for all users, even if a ShieldsUp test shows that you are blocking ports 139/445.

Corporate/network users are strongly advised to get this one installed on all external and internal systems, even if their firewalls are blocking those ports. And home users are especially urged to install the patch.

There are reports of some limited attacks using this vulnerability; I suspect the hacker community is frantically working on exploits.

A typical exploit might be to install spyware/malware on your computer to gather confidential information. It is less likely, I think, that an exploit would try to just do a DoS-type (Blaster) attack; most hackers are now targeting systems for confidential information for financial gain.

More general info here: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx From the MS SDL (Security Development Lifecyle) blog http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx ; an explanation of “why didn’t we catch this”.

Just remember safe computing practices: install updates, don’t click on links in emails alerting you to an update, pop-up messages while surfing the ‘net that alert you to malware are bogus and should be ignored, etc.

At the office, the usual wandering through the mail server, trying to figure out some problems with an outside user getting their mail blocked. It’s usually because a computer on their network is an evil spammer, usually without their knowledge. So they get on the private blacklist we use.

If you have Adobe Flash installed on your computer (most do):

Adobe has released their latest update to Flash (for multimedia on web pages) to fix the “clickjacking” bug. (This allows an evil hacker to place a hidden ‘button’ on a web page that will do nefarious things when you think you are just clicking on a link on a page. This exploit is not widespread, and not terribly easy to do, but is rather sneaky.)

You can check their Flash version by going to this Adobe page: http://www.adobe.com/products/flash/about/ . You’ll get your current version, and a list of versions for Windows, Mac/OSX, Linuz, and Solaris operating systems.

Notice that this update is not just for an Internet Explorer vulnerability, but also affects Firefox, Opera, etc. You should make sure that you have this update.

Thirty-three years ago today, I knelt across an altar in a room filled with family and friends. My view was to my soon-to-be bride, but the mirrors in back of each of us showed how our connection to each other and family was unending. We each made some simple promises to each other while we clasped hands across the altar. The setting reminded us that our promises were not just for this life, but eternal.

Now, thirty-three years later, we still keep those promises, and keep our eyes and hearts on the long-term promises we made. It hasn’t been all roses; there were a few thorns along the way. We’ve been through some good times and bad, and have grown from both of those types of experiences. We have children that give us joy, and children that are waiting to give us more joy. We have grandchildren to watch and enjoy (and spoil).

And we plan on continuing the same journey. Together. Husband and wife, as things should be.

According to this site http://www.publicprofiler.org/worldnames/Main.aspx , a lookup of my last name (“Hellewell”, in case you weren’t paying attention), shows that my surname is most common worldwide in the Yorkshire and Himberside area of the United Kingdom. The site claims 19 Hellewell’s per million (‘HPM’, I guess).

There’s a few in New Zealand, also, about 11.8 HPM. In the US, a bit over 1 HPM.

That area of the UK sort of corresponds to family lore about the origin of my surname. The theory is that our ancestors lived near a “Holy Well” in the UK. Although it was never explained how “Holy” became “Helle”.

Insert your theory here (in the comments). Interesting site, however. Good for a few minutes of wasted time.

I spent the last two days as part of a jury pool for a criminal case. The defendant was accused of trying to blow up a mobile home, and possession of explosive devices and materials.

The lawyers did extensive questioning of each potential jury member. Their questions included:

– is it ‘fair’ for the prosecution to bring up prior felony convictions (theft, drugs, kidnapping, rape) about the defendant as part of determining the truthfulness of any defendant testimony)?

– will knowledge of these prior convictions affect the juror’s judgement of the case (does it make the juror tend towards the prosecution or defense)?

– any prior jury duty experience?

– any knowledge or use of welding or explosives?

Some of the potential jurors had problems with being impartial. Some (usually female) had problems with the prior kidnapping/rape convictions. Some appeared to not be able to be impartial. So those potential jurors were let go. Some because of specific reasons, and some were dismissed with no explanation.

I have served on two juries, both as foreman. I have found that if you site at the head of the jury table, you are more likely to be elected foreman.

The first case was a civil case for ‘landscape rock theft’. The defendant was accused of taking without permission large landscape rocks from a fields, thereby causing damage to the ground and removing valuable rocks. Those are the large moss-covered rocks and boulders that are used for landscaping.

Now, you should know that at this time (about 10 years ago) that the wholesale price of landscape rocks was about $100/ton, and the retail price was about $1000 a ton. So, there is some good profit available, although you have to be careful about how you grab onto the rocks so that you don’t damage them.

During the two-week trial, we learned a lot about landscape rocks, statistical analysis of rock placement in the fields, and damage done to the ground by large equipment during the rock removal. We even got to take a field trip to the ‘crime scene’, where we noticed that the damage was minimal (and the tire tracks were ‘fixed’ by the cows that were grazing in the area).

So we finally got into the jury room. I was one of the last to get inside, so I got the seat at the head of the jury table. That got me elected as foreman. We discussed the evidence, and went through the process of determining the dollar amount of damages. We were provided a sheet with the formula to use to determine the damage. We ended up deciding that the one defendant (the owner of a one-person company, since out of business) did most of the damage, and the co-defendant (the company that apparently contracted with the guy to provide some rocks) was minimally responsible. We gave a total judgement of about $1200, as I recall. Not a large amount, and certainly not what the plaintiff was looking for (we thought he was looking for the deep pockets of the 2nd defendant).

So, it was an exciting trial.

The second trial was two years ago, and involved a DUI-caused accident. The DUI driver had done some wine tasting touring earlier that day, and was driving home in her restored 1970 Corvette) when she rear-ended a passenger van stopped at a traffic light. The defense’s main theme was that old brake fluid caused the accident. We sat through a day’s worth of testimony about how brakes and brake fluid work.

But the charge was not ‘driving with bad brake fluid’. It was “driving under the influence”. She was clearly over the limit for alcohol content, and shouldn’t have been driving. And since we (the jury) had to determine the guilt/innocence of the charges, the process was quite easy after we got past determining the “bad brake fluid” smokescreen.

Did the evidence support that the driver was under the influence? Yes. Did the evidence support that the driver’s drunken impairment caused the accident? Yes.

So a verdict of “guilty” on all four counts was returned. And that was that. Even though we thought there should be an additional charge of “stupid driver causing destruction of a classic car”.

So, back to the present. During my ‘voir dire’ (juror questioning), I explained my prior jury service (not as detailed as here). I did mention that I thought the ‘rock theft’ trial was not the best use of the court’s time, but that the plaintiff had the right to have that trial. And I mentioned that I had a brother with some prior drug convictions.

On the issue of using the defendant’s prior convictions, and the use of that information during the trial, I said that I thought that was reasonable to include that as part of the evidence to be presented. But I said that I thought that I would be able to use the evidence presented as part of my judgement of the case, and do that fairly.

Other juror’s voir dire took up to 20 minutes. Mine just took a few minutes.

And then the defense lawyer stated “The defense would like to thank and excuse Mr. Hellewell”. So I was done.

Apparently, defense lawyers don’t like me. And I wasn’t even wasn’t even wearing my Clint Eastwood “Hang Them High” t-shirt.