Wow. Eight months have flown by since my last update. I think that’s a record for me.

Just wanted to stop in to say I’m still around. This summer has flown by. I was just getting into the swing of things, now our first child has started Kindergarten. Yikes!

Back in May I participated in the Bayshore Half Marathon up in Traverse City, MI. The weather was beautiful and cool, which contributed to me setting a PR of 1:48:36. Hopefully I’ll be able to beat that at my next half marathon.

In June I had my hike up Half Dome in Yosemite National Park for which I was training through the Leukemia & Lymphoma Society’s Hike For Discovery program.

I combined that trip out to Yosemite with a 5-day backpacking trip with my friend Rob Totte. We started at the White Wolf campground, hiked down to the Tuolumne River and then followed it up, through Tuolumne Meadows, along the Lyell Fork to the highest point in Yosemite NP, Mt. Lyell (13,114 ft / 3997 m) and back down to Tuolumne Meadows. Nearby forest fires to the west of the park made many of the views quite hazy in the Grand Canyon of the Tuoumne River, but we could see for miles at the peak.

The kids, Jennifer and her mother also headed out to California during that time. After my excursion into the wilderness, we met back up in the San Francisco Bay Area and met up with old friends.

In August I took another trip back out to San Francisco to see the SF Outside Lands concert in Golden Gate Park. It was the first time a concert had been held in the park at night. The Radiohead performance opening night was spectacular.

A few days ago I participated in a 100 KM trail running 5-person team relay event in Hell, MI called Dances With Dirt. The course involved running along the trails of Pinckney State Recreation Area in widely varying levels of use (or disuse as the case may be). There were numerous fallen trees and branches, hills a’ plenty, sand patches, abundant poison ivy, thigh-high muck at stream crossings, a shallow lake crossing. Sounds like fun, no? Though we didn’t even come close to winning, it was well worth the experience. Pictures to come (hopefully!).

Last week I was checking out Amazon‘s Mechanical Turk web site. For those of you not familiar with the site, it allows people to set up simple tasks called Human Intelligence Tasks (HITs) for others to do that are easy for people to do but too difficult to automate by computer. The people who perform the tasks are then paid a modest amount for their effort.

I came across one HIT that I thought would interest some friends so I right-clicked the link to a preview of the HIT, chose Copy URL, then shared the link with the friends. After checking the site out, my friends astutely noticed that visiting the site logged them in as me. Looking closer at the URL, I realized it contained the actual session state. Rut roh! But that’s not all. There was a link to a “Your Account” page, which then linked to an option to change the name, e-mail address, and password on my Amazon account… without prompting for the current password. Double rut roh! Even after I changed the password, that URL could be used to log in and change it again.

Realizing the security exposure, I immediate deleted the credit card info that was on file. I then sent a few messages to the Mechanical Turk team through a few different channels describing the situation. Though I only got “Thank you for your feedback. We’ll be looking into the situation.” type messages from their team with no way to respond back, it appears they did act on the messages. Upon revisiting the site later that day I noticed that:

1. I could no longer find a HIT preview link with the state information included in the URL.
2. The offending URL brought up a page saying the request could not be completed successfully. However, this could just be because the session had expired. The top of the page still shows my name and there’s still a Your Account link. But…
3. When clicking on the link to change the password, the site now prompts for the existing password first.

Kudos to the Amazon Mechanical Turk team for addressing the issue so quickly after I reported it. I have to say, it was kinda fun, though a bit unsettling, to find a security issue with such a high-profile site.

A few friends asked me what I’ve been listening to recently, so I thought I’d share my response in case you’re looking for some new tunes.

• Wilco. Chicago band that makes music that’s kinda like Southern rock meets Radiohead. I haven’t heard their latest album but Yankee Hotel Foxtrot is one of my all time favorites.
• Calexico. Like their name sounds, the music is a mix of southern Cal/Mexican style folk rock. I like pretty much everything they’ve made.
• Beck – “Guero”. This came out a few years ago but it’s still high on my list. I haven’t heard much from his most recent album “The Information”, but what I’ve heard has been pretty good. He’s got an amazing ear for hooks.
• The Weepies – “Say I Am You”. Kind of a melancholy Six Pence None the Richer or Shawn Colvin sound. This was on heavy rotation in my iPod last year (just one of those years).
• CÈU – a Brazillian female vocalist. Latin American lounge with hints of hip-hop beats (her band includes a turntablist).
• DJ Shadow – “In Tune and On Time”. A live album from 2004 that’s a pretty good mix of all he’s done in the past (of which I’m a big fan). I haven’t heard his latest album but I heard it’s more of a hard-core hip-hop album so I haven’t had much interest in checking it out.
• MixMaster Mike. DJ for the Beastie Boys. I recently picked up Eye of the Cyklops and it’s pretty good albeit short (it’s an EP).
• Easy Star All-Stars – “Radiodread”. A well done reggae cover album of Radiohead’s “OK Computer”.
• Ashton Allen – “Dewdrops”. Very Elliot Smith-sounding indie artist.
• Camera Obscura – “Let’s Get Out Of This Country”. Another indie band with a female vocalist. The album has a optimistic, vintage sound if that makes any sense.
• Bonobo – “Days to Come”. Loungy, (mostly) instrumental downtempo trip hop. Nice relaxing music after a day of work.
• “Cinematic”. An album of remixes of a bunch of classic film scores.
• Jack Johnson – “In Between Dreams”. I’m sure you’ve heard his stuff on the radio. This is a good album for making breakfast to on weekends (or any day of the week really).
• Putumayo Presents “A New Groove” – Latin-American influenced groove compilation. Lots of catchy tunes.
• Rodrigo Y Gabriela – Virtuoso Spanish guitar street busker duo. You can check out some cool videos on YouTube.
• Radiohead – “In Rainbows”. Not their best album, in my opinion, but a decent showing. Good to hear some fresh material.

Other artists that I’ve recently come across and like but haven’t bought any music from yet:

• Basia Bulat – quirky folksy Canadian female vocalist. Check out the video for In The Night [Quicktime req]. She’s like Bjork with an autoharp.
• Bishop Allen – band from Brooklyn with a semi-retro and/or folksy sound
• Feist – another quirky Canadian female vocalist. You may be familiar with her song “1234” from the iPod commercial.

I ran the Big House Big Heart 5K this morning in Ann Arbor. Jennifer and the girls were gracious enough to join me by waking up before dawn and driving over an hour so I could run in an event that lasted less than 23 minutes (22:56 to be exact… a 7:21 minute/mile pace). The event itself was pretty fun. I met up with a friend and a few of her relatives before the race. As it turns out, the brother who was running with her was in a work group with me in one of my advanced math classes back in college. Small world! While I we caught up and waited for the event to begin, a small men’s college a cappella group entertained the crowd by singing various U of M anthems (Hail to the Victors, anyone?). I ended up running solo as the rest of them were going to be running at different paces.The route started at the NE corner of the Michigan Stadium, headed up State Street, around the diag, back down State Street, then along a path through the training fields on the athletic campus and to the stadium. It finished by going through the tunnel into the stadium, followed by an immediate turn down the sideline to the south end of the field and back up the center, passing through the finish on the 50 yard line. It was fun to participate for that part alone.I don’t know if it was just the fact that it was a beautiful Sunday morning and people were basking in its glory, or that I was in a fast enough pace group that everyone was pushing themselves too hard to talk (me thinks the latter), but as we passed the Union and Angell Hall I realized that no one in the immediate area was talking at all. The only sounds were those of the shoes hitting the pavement.Jennifer and the girls just missed me crossing the finish line by a few minutes as they stopped by our friends’ place after dropping me off but then had trouble finding parking at the adjacent Pioneer HS. Fortunately we were able to meet back up shortly after they arrived. Randomly, a few friends-of-friends noticed me in the crowd milling around after the finish so we chatted a bit.To complete our time in Ann Arbor, we made the obligatory side trip to Zingerman’s to pick up a loaf of chocolate cherry bread (among other things) and a trip to the Wasem Fruit Farm for apples, cider and donuts. Mmm… trans fats… 😛

I freaked out yesterday afternoon when Symantec Client Firewall started blasting me with messages indicating it was blocking outbound traffic coming from vmnat.exe and matching the destination ports associated with various Trojan horses.I run a number of VMware virtual machines and vmnat.exe is the program that manages a virtual network with NAT translation on the host environment. The situation is nice because I can have isolated environments for various activities, take snapshots of system state and roll back if necessary, clone a system, etc.At the time I was doing some stuff on the web in the virtual machine that I’ve got set up for accessing the Web, checking e-mail and instant messaging.I usually run a pretty tight ship. The operating system has all the latest patches, all applications are up to date and the anti-virus software enabled for real-time scanning. I use Firefox with Adblock Plus and NoScript extensions to prevent unnecessary cross site cookie and scripting attacks.I wasn’t sure what was causing the flood of traffic that tripped up Symantec Client Firewall. I checked the logs and sure enough saw messages saying it had blocked traffic for the “Rat”, “Bla”, “Master Paradise” and “DeepThroat” Trojan horses. What was even more troubling was that there were some from a few days prior.Could it be JavaScript code from a web site that I white-listed in NoScript? Did a virus/worm come through one of the IM applications I run? Was there a vulnerability in the VMware vmnat.exe that had been exploited by malware/virus/rootkit? Due to the amount of traffic, I thought it unlikely that it was a false positive… legitimate traffic just being flagged by Symantec.Not knowing for sure what was going on, I powered down the virtual machines, unplugged the network cable and disabled WiFi on the host system. I then got on a different computer and started looking into the Trojan horses. Based on the info on Symantec’s web site, I found that the ones that were reported were mostly Trojan horses from a few years ago and were only reported on Windows 2000. I’m running Windows XP for both the host and guess operating systems, so it was unlikely that I actually had those Trojan horses. But I thought it might still be possible for some JavaScript code or a rootkit on one of the virtual machines to implement the same protocol.I checked a number of security sites like Secunia to see if there were any recent vulnerabilities announced for VMware, Firefox, etc. but didn’t see anything that fit what I was experiencing.So to determine which virtual machine might be the culprit, I re-connected the network cable and downloaded Microsoft’s Network Monitor software. I started a capture and then booted up the virtual machines one by one. When I started the one I used for web browsing/email/IM, sure enough I saw traffic over SSL to a whole slew of IP addresses that I did not know. I did DNS lookups on a number of them and they resolved to things like ISP providers (e.g. comcast.net) and foreign countries (e.g. .il). I thought “Oh, great. A bot network sophisticated enough to communicate over an encrypted connection.”I disabled the virtual network connection for that virtual machine to isolate it from the rest of the world, then ran a full drive anti-virus scan on it to see if it came up with anything. Nada. Malware is getting sophisticated enough these days that it can work its way into the system so deep that it can actually avoid detection by many anti-malware tools. So my next step was to boot the machine from CD (actually a virtual CD) and do a scan before the operating system actually loads.I created a “slipstream” boot CD image using software called Ultimate Boot CD 4 Windows (UBCD4Win). This software builds a bootable Windows CD by extracting files from a Windows install disk and then also installs a bunch of tools for things like disk repair, anti-malware, etc. It actually creates a CD image, called an ISO, which you can then burn to an actual CD. However, one nice thing about the VMware software is that you can set up a virtual machine to boot from an ISO directly rather than using the host system’s physical CD/DVD drive.I booted the virtual machine with the ISO and proceeded to scan the drive image with about a dozen different anti-malware, anti-virus and anti-rootkit packages. All of them failed to find anything wrong (well, at least nothing attributable to the alleged Trojan horses).I was starting to get a little skeptical of the whole situation. Either the infection was cutting edge enough that it hadn’t made it into the latest signature files for all of these tools (which I did remember to update before creating the ISO), or the traffic actually WAS a false positive.I fired up the Network Monitor software again and then rebooted the virtual machine using the installed operating system. After shutting down the programs that I have launch at boot time (IM clients mostly), I re-enabled the virtual network adapter and started watching the Network Monitor capture. Nothing. I launched Firefox. Nope. Thunderbird. Nada. Pidgin. No. Skype. Bingo.There was a flurry of activity to random IP addresses at semi-random ports. There’s a new Skype worm for Windows that was recently announced, so I thought I might have somehow gotten that, but it actually requires clicking on a URL within a chat. So that didn’t seem right.Then I realized the ports weren’t exactly “random”. The activity to the random IP addresses came in batches, with the port number the same within the batch. It was starting to become clear what caused the sudden barrage of Trojan horse warnings. Skype had picked random ports to use in communicating with those other computers. It just so happened that when I received those notifications from the Symantec Client Firewall, it had picked ports that coincided with those used by the previously mentioned Trojan horses.I wanted to make sure my assumption was right, though… maybe see if others had experienced and documented similar behavior… and figure out why Skype was communicating with a bunch of random computers. I had assumed that it worked like most other instant messaging applications: connect to a central server at login, “register” your presence to let others know you’re online, then facilitate setting up a direct one-to-one link for actual text/audio/video chats.I got on the web and did a little research to see what I could learn about Skype’s network protocol. I didn’t find much, but I did a document for network administrators [PDF] on Skype’s website outlining steps to tune a network for optimal Skype usage. The overview explains that the network architecture is NOT like that of the other instant messaging services:

Skype communications rely largely on peer-to-peer communications techniques in order to improve the quality of voice calls and to reduce the latency of data transfers between users. The term “peer-to-peer”, frequently written as “P2P”, is a class of software applications that rely on resources located at the network edge, such as the large number of individual personal computers that are always connected to the Internet, rather than relying on large and costly centralized computer servers. Itís this aspect of Skype networking that makes it incredibly robust and tolerant of network failures: Skype has no single “critical node” upon which the service relies for its operation.

So after several hours of stress and research, I could finally rest easy knowing that the computer had in fact not been infected by some form of malware.Well… maybe not the rest easy part. Our youngest daughter woke up crying several times after I laid down at 2:30 AM. After patting her back for a bit, walking her around and giving her some gas drops, the clock read 4:15 AM before I was able to call it a night.

A few weeks ago I scared a skunk out of the drainpipe that runs under the end of our driveway while mowing the lawn. A day or two later I came across the same skunk (allegedly) flattened on the road outside our subdivision. That seems to have been a precursor the events this week; I’ve come across myriad roadkill during my bike rides: 4 squirrels, 2 deer (!), 1 cat and 1 mouse (different locations).If ever I were to have the desire to have a pet, this probably would not be the best time to act on it.

I recently received a Garmin Forerunner 305 for my birthday (thanks, Mom & Dad!) and decided to see what it would record while mowing the lawn.Well, the above image is what it recorded. Due to the low-res map data that is bundled with the Training Center software, “Detroit” is prominently displayed in this decidedly non-Detroit suburb in which we reside.The yellow area on top (to the North) is our front yard. The white gap between it and the backyard below is the large driveway pad, the house, and some of the flower beds surrounding the house.I’ve also included the stats and pace vs. heart rate graph. It’s interesting to see that my heart rate was higher initially, probably because I was going in and out of the ditch along the road during that time. Also, apparently I walked just shy than 2 miles as I traversed back and forth across approximately 1/4 of an acre (about half of our 1/2 acre lot).