Heartbleed, A SSL Vulnerability

A weakness in the protocol that makes your secure sites, secure is no longer secure. At least for now. A patch has been made and being deployed but not everyone is patched yet. So what to do. I would recommend testing any SSL Site that you use with http://filippo.io/Heartbleed It’s not safe enough to just put the main site address but put the actually SSL host for example, my bank is  plainscaptialbank.com  but when i click to login to my online banking it takes me to ibank.plainscaptial.com.  I put that address in the test field and found that it is not patched from CVE-2014-0160. So while these sites are not patched, i’ll just avoid using them until they are corrected.

The risk here is that someone could be posing as the real site and scooping up any information you give them.  your browser won’t know any different and see that the certificate is valid and not warn you of any risk.

If you want more information on heartbleed visit:  http://heartbleed.com

Thanks to Riley for posing the question to me this morning.


sites which also appear to need to be patched,

Amigo Energy (my.amigoenergy.com)

Song Select (us.songselect.com)


http://ibank.plainscapital.com is now secure.

Goodbye Google Reader

Google announced Thursday that it would discontinue Google Reader from it’s line up of products.  About once a year they do a clean up of projects that are unpopular to focus on other projects.  Sadly Reader became considered unpopular.  I have a lot of time vested into reader and it’s my primary way of keeping to to date with all the websites i like to frequent.  Instead of visiting all the sites, cheezeburgers, tumblrs and news sites individually and try and remember where i left off, i just rss them all into Reader.   Continue reading Goodbye Google Reader

Using your smart phone with gloves

So it’s freezing cold outside and your all bundled up.  then your phone goes off and that’s when you find out you can’t swipe to answer your calls.  Actually you can’t do anything on your touch screen without exposing your hands to frostebite.  The reason for this is that most touch screens work through electrical tran-ductance.  The screen senses a change in electrical charge and reacts accordingly.  The gloves block the transfer of engery.  But alas, there is a solution.

Smartphone-friendly winter gloves are expensive (and often ugly). Skip shelling out for store-bought gloves when, armed with a needle and thread, you can turn any gloves into smartphone-friendly ones.

Over at Popular Science, Taylor Kubota shares the simple trick:

1. Order silver-plated nylon thread (silver conducts electricity). This can be difficult to find in stores, but major online retailers carry it.

2. Pick a pair of gloves to modify. Although leather works, it’s harder to push a needle through.

3. Stitch the figure of a star or other solid shape onto the glove’s index finger with the thread, making sure it will contact both the touchscreen and your skin.

4. Bundle up and tap away.

If you’re looking for a small volume of conductive thread (and would prefer to skip paying $40+ for a whole bobbin of it), Etsy seller Urbanstein has small 15 feet packets of silver-coated thread in various colors for $5.



Turn Your Favorite Mitts into Gadget Compatible Manipulators [Popular Science]

Security New and Improved

as opposed to old and inferior.  With a rash of security issues earlier this week, we have taken some steps to better protect your data.  If you try and log on to your website you’ll notice a new feature on your login screen.  Your old login will continue to work however we’ve enabled a multifactor authentication method for your website. You are free to chose if you want to use this or not, but of course we recommend that you do.  This requires you to not only have your password but also a 6 digit code generated by your smart phone.  This code changes ever minute to prevent someone from stealing your account.

Before you can enable Multifactor Authentication on your WordPress account, you’ll need to install the Google Authenticator app on your smartphone or tablet device.

NOTE: If you already have the Google Authenticatorapp on your smartphone or tablet device, you just need to click the “+” in the lower right corner (iOS) or open the settings for the app and click “Add account” (Android) and then proceed to the next section of this walkthrough.

Google’s official documentation on downloading and installing the app can be found here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447.

The app can be downloaded from your device’s App Store (or use Google’s direct link for BlackBerry):

Turn On Multifactor Authentication

  1. Once you have the Google Authenticator App installed, log in to your wordpress account and on the dashboardgo into your user profile on the uppermost right hand corner.  It should show “Howdy, person” Click on your name and chose Edit My Profile.  You should see a section called “Google Authenticator Settings”  image
  2. Enable the Activebutton to enable multifactor authentication.
  3. In the description field, enter the name as you want it to appear in your app, ie, mydomian.com (optional)
  4. Click the Show/Hide QR Codebutton.You will now see a QR Code and a 16-digit Secret Key that you will need to activate Multifactor Authentication.
  5. Use the Google Authenticator App to scan the QR code. If your device does not have a camera you can enter the 16-digit Secret Keyshown above the QR code into the app manually. If you have more than one device running Google Authenticator, scan the QR code or enter the key on every device that you want to use with this account.
  6. The Google Authenticator app will display a 6-digit passcode. Enter the 6-digit passcode in the Passcode field.If you are using counter-based codes you may need to press the refresh button to display the first code



  7. Click the Activate!button and we’ll make sure our servers are properly synced with your phone.Your account now has Multifactor Authentication enabled.
    If you suspect your account may be compromised (for example if you have lost your phone or mobile device), you can use the Regenerate Key button to invalidate the old key and create a new one.

Changes to Login with Multifactor Authentication Enabled

Once you’ve enabled Multifactor Authentication, you’ll notice changes to the Loginscreen and the steps necessary to access your account.

Your Login screen will look like this:


You will now see a Google Authentication Code field which you will use to enter the 6-digit passcode generated by your mobile device, and a Remember this computer?drop-down which will save you the step of generating and entering a passcode for either 1 week, or 1 month.

If you choose one of the options from the Remember this computer? drop-down such as 1 month, and log in during the time period you’ve selected, instead of the Multifactor Authentication Code field you will see a message indicating that your computer has already been verified.

After the time period you have selected expires, you will once again see the Multifactor Authentication Code field.

Changes When Logging in from a New Computer

Multifactor Authentication uses browser cookies to function, so if you try to log in from a new computer that has never been logged into DreamHost before, the Multifactor Authentication Code field will not initially be visible, and your first log in attempt will fail. After that first attempt, DreamHost will identify your account and make the Multifactor Authentication Codefield visible so that you can log in.

This error message will appear the first time you log in with a new computer or if you do not enter a Multifactor Authentication Code:

Getting the most out of your new Smart Meter

You may have noticed that AEP has been changing your old fashioned meter with a new Smart Meter.  What’s all the hub-bub about this new fandangle devices?  These are basically computers that transmit data back and forth from your meter to AEP.  It allows for new real time usage stats, it allows AEP to read you meter without sending someone to physically see your meter, it allows your new meter to talk to HAN devices in your home and it allows AEP to switch your power status remotely. 

How do you know if you have one of these new meters?  They are a few different varieties depending on the type of service you have but if you have a standard residential home with 110/220 power, it probably looks something like this…


So the past two days our home town has seen unseasonably cool weather for the past two days.  So by logging on to my meter I was able to see where we had our AC’s off and the windows open.  I can also see where they decided to close the windows and return to man made/paid cooling.


Although 15 minute reporting is a cool feature, the neatest thing about smart grid devices is the ability to add it to your HAN network.  You’ll start seeing appliances with HAN interfaces built-in soon.  Your dryer can be set to run when your power company tells you demand is low… or your dishwasher can be prevented from running during over-demand hours keeping the grid from brownouts.  You could also have a HAN thermostat to expand the wonders and possibilities. 

So how can you begin using your new smart meter,

log on to http://smartmetertexas.com/

You will need to register your residential/commercial meter. 

You will need to provide your name, email address, ESI Number (usually found on your bill) and your smart meter number, in my demonstration photo it’s the big number in the blue sticker that starts with 115    _ _ _    _ _ _  Yours may begin with something else, but it’s the 9 digit number. 

After you register you should get an email right away with a temporary password, login with that new password and then your all set!  Stay tuned for reviews on several HAN devices.

Some quick Google tips:

Ok so google still hasn’t made its way into gramer as a verb but there are more things you can do with google other than just actually googling something.  For example, need a quick (or not so quick) calculation?

try entering that pesky math problem in the search bar…


My server room monitor give me a readout in Celsius, but what is that in English (Fahrenheit)


Or if you found some Canadian money in your luggage and wanted to find out how much it was worth..


How many times have you needed to know what your ip address is so you know what to exclude from your next attack,


Are you going to need to bring a rain coat to work in the morning?


That show you’ve been wanting to watch starts in Eastern Time, what time is that?


Is my delivery package going to be in today? 


Did that guy just insult me?


What time is my flight leaving?


What’s showing tonight?


am I really alone?


Time for retirement yet?



So I was minding my own business checking up on status and seeing what everyone one else was doing.  I commented on a few post and even added an app which is rare.

Yes it appears facebook has become my one stop shop for social networks.  I have a linked-in, Google+ and twitter but the end of all of micro-blogging is FB for me.  Granted, there have been a few quirks when it comes to the balance of engaging/sharing and sharing way to much.  The controls are confusing and ambiguous at best.  The security settings should be written with a few preset modes that users can customize.

1) Voyeur – “Let the whole world see, I have nothing to hide”

2) Only if I know you – “If your my friend, then you can see”

3) Double Life – “If I know you and your in the right group” other wise you see the sanitized version

4) Paranoid – “what am i even doing here, i don’t want to share anything”

oh well.. maybe some day. So I was on my phone and started up my fb app and it asked me to login.  Strange.. but ok?  That’s when I got my first indication something was wrong…

mobile denied

So I got to my computer and tried to login there..


And I come to find that my account has been disabled.  Not limited or warned but flat out shut down.  My identity gone, Timeline information going back to 1985.  33 albums, 24 videos, poof.  My wife was suddenly single again, all of the apps I’ve developed were removed, the 5 pages I run were gone, some with a reach as high as 155,198.

So I clicked the link indicated and it took me to a page talking about community guidelines and using real identities instead of false ones.  So… FB decided that I was impersonating the real “John Munoz” ?  There was a form to fill out online asking for a copy of my drivers license.  So I sent that up (after redacting information they didn’t need) and then that off.  This was Sunday evening.  All day Monday was quiet.  My wife recently showed me “Where’s My Water” so that kept me somewhat occupied.  Finaly at 9:45 last night I got a message back

—————————- Original Message —————————-
Subject: Re: Disabled Account Appeal – ID Request
From:    “The Facebook Team”
Date:    Mon, August 20, 2012 9:46 pm

Hi John,

Thanks for verifying your identity.

After investigating this further, it looks like we suspended your account by mistake. I’m so sorry for the inconvenience. You should now be able to log in. If you have any issues getting back into your account, please let me know.


User Operations

So that’s that.. I’m back now.. a little wiser for the weary.  The ironic thing was Patti was just asking me, if FB ever died, what would happen to all of our data.  Hidden away inside your fb is an option to download a copy of all your fb data.  Visit this link and chose “Download a copy of your facebook data” at the bottom of the page.”  There are lots of 3rd party programs that you can use this data with.. but more on that later.  I’m just glad to be back.

Need more Dropbox space?

First of all.. if your not already a dropbox user.. what are you waiting for?  Never need another usb drive again, stop shuffling files between work and home and your laptops.. get access to all of those files on your mobile, iPhone or Android. Know that your data is backed up and you can even share data between teams of people for collaboration and projects.

So quit waiting and install Dropbox today. (It’s ok i’ll wait)

Now that you have Dropbox, you’ll find that you instantly have 2GB of free space.  But wouldn’t it be nice to have some additional space.  There are a few easy ways to instantly get more free space.

First is with this page.  http://www.dropbox.com/free  By doing a few things such as connecting your twitter, facebook and following dropbox and bragging a little about them, you can free space very easly.

Another method is with your email address.  By signing up with an address that ends in .EDU you can double your current space and get double referall credit.  Use this link to sing up for that.  http://www.dropbox.com/edu

Finally, there is a new beta version of dropbox.  It add a feature of importing photos/videos from your mobile devices directly onto your dropbox account.  Get it here.  So after you’ve installed it, plug in your phone, camera, etc. and instead of using the normal photo importer, you should see the option “import to dropbox”  For doing the initial import you get 500MB, then for every 500 MB of files you import this way, you get an additional 500MB.  You can get up 4.5 GB of data this way.  After you’ve gotten the credit just delete the ones you don’t really want and you have and additional 5GB of space.

The final way to get more space is to have your friends join dropbox too.  Go to https://www.dropbox.com/referrals to spread the happiness.  Your friends will thank you for it.  An important note about referral.  If you share a folder with someone who isn’t yet on dropbox, and they join, you do not instantly get credit for it, but if you go to https://www.dropbox.com/referral_status and enter their address (after they joined) you will get credited for their joining.  Also remember if you have a .EDU address you get double the credit (see above)