Woe is Me -or- Going through TSA with a broken finger...

Sorry it's been so long since I've written - I had a broken finger!  It's mostly better now, but for awhile there, I kept my typing to mostly work specific activities. Typing when down an index finger is not the easiest thing to do, especially since I've been touch typing since I was 12 years old, not to mention the finger just plain hurt.

What does this have to do with the TSA you might ask?  Well, I did this on my way to the airport when I was coming back from a trip to Fort Wayne, IN.  Being rushed, talking to my sister on the phone, and my dad and a friend in the car, while getting out to get a coffee... something fell through the cracks. Well, or got stuck in it... slammed that finger right in the door! The folks at Starbuck's were kind enough to give me a bag of ice, but that was not something I really needed at that moment. While I didn't know it was broken, I did know it hurt like nobodies business.

Fast forward 20 minutes and we're going through TSA. The Fort Wayne airport, while very small, seems to have the most well provisioned TSA division in all of America.  If there's a new process or tool, they have it.  Plus, they don't really have any lines, so what's the rush?

I'm not a big fan of the new scanning machines. I think they were rushed into the airports, aren't well studied, and are a great example of industry lobbyist pushing "safety" standards, so I wanted to opt out.  One of my traveling companions has recently had a lot of radiation (treatment for cancer) and also opted out.

This airport isn't really set up for this - as the line just puts every single passenger through the scanner, so anybody that opts out has to go through an unusual procedure.  As my friend was also a female, she had the one female agent on pat-down duty totally occupied, so I had to send all my luggage through the x-ray and wait on the outside of the metal detector.

Even though my finger was in excruciating pain, I waited until my friend cleared.  My pat down was uneventful and no worse than I've gotten before when setting off the metal detector. I was neither embarrassed nor threatened, the TSA agent was respectful and friendly, and she screened her gloves for explosives after the pat down.

But then I set off an alarm.  Hrm. Even though my finger was in excruciating pain, I had to go to another room and get another pat down, this one slightly more invasive. After awhile, the agent and her supervisor took pity on me and brought me the ice my husband had gotten for me, which helped a lot.

But then I set off the alarm again.  This time nobody knew what to do next. They decided they needed to double search my bags (by rescreaning, hand check and check for explosive residue), but that's where there was another pickle. In all that time where I was not able to get to my luggage, my husband had repacked it for me. And since he was standing with our traveling companions and TSA didn't know, 100%, if something may have been handed over - my companions all got rescreaned. They (and all of our luggage) were negative for any residue or suspicious items.

I finally thought of what might have been causing the alarm: I'd gone to an antique store with my Dad that day, and he'd looked at antique guns. Was it possible I actually *did* have residue on me?

Two TSA agents and two supervisors later, we were all on the airplane!

Coming home, my husband thought of a more likely cause: I'm always fertilizing things in our garden and may have done so in those same jeans right before I left.  Word to the wise, don't wear clothes to the airport that you may have worn in your garden! Or go antiquing ;-)

As I was walking away, one of the TSA supervisors asked the other, "Did you write down her name?", and I heard, "Yes, it's right here."  Which, of course, means I'll be sure to be extra early for all of my future flights.

Now, why is this all so frustrating? I'm sure you've all heard of the guy last month that was flying around with expired boarding passes.  He wasn't arrested the first time he was caught, but the second time.  Are we really spending our efforts in the right place?

This post is syndicated from Thoughts on security, beer, theater and biking

Sun Metaslot and my missing keystore

By Karen Tung on Jun 14, 2005

[VAF: This entry was transfered from Karen Tung's old Sun blog, due to its relevance to the Solaris Cryptographic Framework]

Since The Solaris Cryptographic Framework is integrated into Solaris 10, we have added some new features to the framework. One of these features is the Sun Metaslot, which will be generally available in the next Solaris Update release. In case you can't wait till the next Solaris Update to try out this exciting feature, this is also available since Solaris Express 2/05, and in Solaris Patch 118918.

The Sun Metaslot will greatly simplify the life of developers who write applications that uses PKCS #11. Now that Open Solaris is a reality, I can talk about the implementation of this new feature and clarify one question I often get from users who are used to using the framework the way it was in Solaris 10.

What is Sun Metaslot?

The Sun Metaslot is a new additional slot to the The Solaris Cryptographic Framework. It provides the virtual union of capabilities of all other slots in the framework. Instead of having to deal with many slots, an application can simply choose the Sun Metaslot, which have access to features of all slots currently plugged into the The Solaris Cryptographic Framework. It also does the tedious work of managing sessions and objects on different slots so an application can use the best slot for a particular mechanism without having to move objects and sessions back and forth. The Sun Metaslot behavior conforms to the PKCS#11 Standard. Applications should treat it as if it were any PKCS#11 slot with normal PKCS#11 semantics.

When you install the next Solaris Update release (or Solaris Express 2/05 or the patch), you will get the Sun Metaslot feature by default. There is no special configuration necessary. The Sun Metaslot is always presented as the first available slot in the The Solaris Cryptographic Framework. As such, if your application is written in such a way that it just uses the first capable slot to perform cryptographic operations for your application, your application will use the Sun Metaslot with no modification at all. If your application is very particular about the exact slot in which an operation is done, all slots in the originalThe Solaris Cryptographic Framework is available as usual except a minor catch, which I am going to explain below.

Why is one of my slots missing?

Ever since I gave the beta version of my Sun Metaslot implementation to other Sun internal engineers to try, I often get this question in my email. I am sure many of you might have exactly the same question. So, it's probably useful to explain it here for the last time, hopefully.

Here's the typical email:
I installed the Sun Metaslot feature into my test system, and everything seemed to work fine. However, when my application does a C_GetSlotList(), I found that the "Software RSA PKCS#11 softtoken" slot is missing. Is this a bug?

This is working as designed. When the Sun Metaslot feature is enabled, one visible difference you see on your system is the slot that is configured to provide persistent storage for "token" objects (aka keystore) is "hidden". The Sun Metaslot does not have its keystore. It uses the keystore from one of the actual slots. By default, Sun Metaslot is configured to use the "Software RSA PKCS#11 softtoken" slot, so, users will see that it is "missing".

The slot to be used as Sun Metaslot's keystore is configurable. See the cryptoadm(1M) command on how to configure a different keystore for Sun Metaslot.

During the Metaslot implementation, we found that making the keystore slot as one of the available slots will cause a problem with "object aliasing" between the Sun Metaslot and the keystore slot. If an application accesses the Sun Metaslot and the keystore slot at the same time, we won't be able to control the authentication state. For example, if the application first calls C_Login on the Sun Metaslot, Sun Metaslot will call keystore slot's C_Login(). Now, if the application makes the a sequence of a C_FindObject calls to retrieve the list of private objects from on the keystore slot, it will be able to successfully get the list. However, this is not the right behavior since the application hasn't done a C_Login to the keystore slot yet.

To prevent the above problem, we decided that it is best to hide the keystore slot. Even though an application won't be able to access the functionality of the keystore slot directly. All its functionality are still available via the Sun Metaslot.

Life is a Cabaret at Sunnyvale Community Players!

Me and the gang went out to see Sunnyvale Community Player's production of Cabaret on Saturday night and we all had a great time!

It's interesting to see a show with such a small staff. Lee Ann Payne doubled as director and choreographer (no easy task, given the complexities of the choreography in this show) and Dan Singletary was music and vocal direction. It seemed to me that this gave them a better way to focus their efforts and the results were a seamless production that was beautifully staged.

As I've said before, one of my favorite things about seeing shows with the Sunnyvale Community Players is that the actors and actresses are not typically mic'ed, leading to a amazingly rich and rewarding sound.  We could hear the gentle shakes in Emily Bliss's voice as she belted out the title song, Cabaret, as the lead of Sally Bowles. While her emotion was clearly written on her face, hearing the subtlety in her voice made the number that much more enchanting.

Dan Singletary did a great job balancing the orchestra with the vocals - I could hear both perfectly at all times!

The Emcee, Paul Araquistain, was just downright amazing! Every time he appeared, the stage brightened (or darkened, depending on his intent) and the cast just seemed to focus around him.  One of my favorite numbers was "Two Ladies", where Araquistain was joined by Cheryl Ringman (Kit Kat Girl/Susan) and Denise Lum (Kit Kat Girl/Ting Ting).

The costumes were sexy, where necessary, and total period otherwise. Great job by Ana Williams (costume design), Sue Howell, Mary Beth Buzzo and Barbara Morgen (costume construction).

It's hard to call out specific actors or actresses that stood out, as everyone was great, totally in character, always in the moment. Very impressive, indeed!

I'm not exactly sure which revival this one was based on, but did miss the darker ending of the last version I had seen.  Let's face it, Nazi Germany was not a fun place for homosexuals and Jews in the early 1930s...

One thing is for certain, this show only runs for one more weekend (through May 15th) and deserves a sold out house! Treat yourself, you'll enjoy it!

Punctate Inner Choroidopathy -Or- My Crazy Eye

Those of you that follow me on twitter are aware I've been having some major weirdness in my right eye over the last couple of weeks.

As someone that has always had bad vision, losing my eye sight has always been my biggest fear. Having an eye do strange things where one Ophthalmologist even said, "I've never seen anything like this before" ... well, it's disturbing, to say the least. I waver between wanting to share with everyone what is going on to just wanting to be left alone and hope for the best, so please understand.

About two weeks ago, I noticed a blurry/fuzzy spot in my vision. I called Kaiser, where fortunately I had already been referred a few months back to Ophthalmology due to 2 spots my optometrist detected on my retina [1]. My optometrist was concerned that I might have Presumed Ocular Histoplasmois Syndrome (POHS) - blood tests confirmed, though, that I did not.  My doctor in ophthalmology told me to come back in 6 months or if I noticed any vision changes. That brings us back to two weeks ago.

I was initially told I'd have to wait until May 10th to see someone, but as every day I had new flashes and fuzzy spots, I didn't want to wait. I showed up at the main hospital and sat until my ophthalmologist was able to see me (he took me on his lunch break). He ordered lots of tests: OCT (retina scan), Optomap (picture of the back of the retina), Visual Field Assessment (fuzzy spots and flashing lights cause problems with seeing little tiny dim flashing lights in peripheral vision...it turns out), and an optical angiogram (where I was injected with yellow dye, dilated and more pictures were taken of my eye to check for bleeding - there was none -  *whew*).

Still, my ophthalmologist was stumped. He could see there were things going on in my retina, but it was nothing he'd ever seen before.  He sent me to a retina specialist for my next visit.

My retina specialist has seen something like this before: Punctate Inner Choroidopathy (PIC for short!). I'd give you a link to a great sight on this eye disease, but... none exists. It's a very rare condition that nearsighted, healthy women in their thirties get.  My specialist gave me a great paper on it, published in the Survey of Ophthalmology in January 2011 by Dr. Radgonde Amer and Dr. Noemi Lois.  Unfortunately, the major conclusion of this paper is that PIC needs more research.

There are no known treatments, and the majority of the cases spontaneously get better on their own with no long term vision impact. It's the side effects that can be problematic, so let's hope I don't get any of those!

Fortunately, as of now, my central vision is still crystal clear and my left eye is 100% normal, so I can still totally and safely function in my daily life.

But, still very freakish.  I have toyed with whether or not to write this blog post - perhaps it's over sharing. I don't know, at this point I kind of want to share to see if anyone has any ideas or luck with any experimental treatments.

So, let's hope I'm in the majority of this one!  And let's face it, there are worse things to get!

[1] In 2008 I had very similar symptoms as to what I'm having now, but was diagnosed with having a perfectly normal vitreous detachment. Well, 2.5 years later, my optometrist noticed the retinal scarring, and presumed POHS.  Drs. Amer and Lois said in their paper, "After 2-3 years, some scars become distinct and pigmented and resemble the scars associated with POHS."  So, I'm betting I was misdiagnosed before. Not that it makes a difference, as there is no treatment for either vitreous detachment (it's caused by age and onsets earlier for the nearsighted folks) or PIC.  But, knowing I probably had this in 2008 and completely got better... well, I'm very hopeful for a full recovery).

September 19, 2012 Update:

As a lot of you have asked, and I've failed to write a new blog entry on this subject, so I just wanted to give you an update!  My eye has stabilized after one oral course of Prednisone and one injection of cortizone in my eye itself. I regained almost full vision, with just a small fuzzy spot in between my central vision and peripheral vision that correlates with scarring on my retina. I was lucky and did not get any bleeding (CNV).  I hope that it stays this way.  And, thank you everyone that has commented and brought to my attention these great sites: PIC World, Eye Wiki - PIC page.  We are not alone! Here's to stable vision!

Review: Shattered Dreams: My Life as a Polygamist's Wife

Shattered Dreams: My Life as a Polygamist's Wife
by Irene Spencer

My rating: 5 of 5 stars


This was an amazingly heart breaking tale of a young girl who's upbringing led her to seek to become someone's second wife. She was a fourth generation polygamist, growing up all over Utah and Arizona. The Church of Latter Day Saints had long ago shunned the practice, so these "pligs" were left to fend on their own, making their own churches, following their own "prophets" (all of which insisted that the more wives you had, the better your chances of securing a place in heaven were).

As you can imagine, having many wives with even more children was an untenable situation. Growing up, Irene was at the lowest level of poverty, living off of the US Government welfare system, wearing clothing made of old flour sacks, and wondering where her next meal would come from. As only one wife was recognized as the legal wife, the rest of them were "single mothers" and able to collect benefits from the Government.

Irene's mother did eventually leave her father and take up the monogamous lifestyle so much of the rest of America considered normal, and begged Irene to marry a man that was not interested in multiple wives. But would Irene listen?

Every step of the way, as a reader, I was shouting out to Irene to make different choices. To me, raised in a traditional family, it seemed obvious that Irene was making the wrong choices, dropping out of school to "marry" her half-sister's husband and move down to Mexico.

Irene recounts her time living in Mexico, Nicaragua, Utah and Arizona, often with no electricity, no running water, and no food to feed her ever increasing family. In the end, her husband had 10 wives and over 50 children.

I could not put this book down, I can't recommend it enough!





View all my reviews

Hey Jerk, who are you callin' a jerk, Jerk? And... progress!

Pardon me while I jump up on my soap box again.   Riding into work today with two other riders on a wide, quiet road (4 lanes with a large shoulder) I was riding partially next to one of my companions.  A man in a white car with a black roofbox on top decided to cut us off, stop on the right blocking the shoulder to give us this important safety message: "RIDE SINGLE FILE!!!!!!!"

Then he tore off again, demonstrated that his brake lights were out and then ran a red light. Way to be a jerk, jerk!

I rarely ride double and never do so unless there is loads of room. We were hardly a large pack, with only two of us sort of overlapping, and the road was wide and relatively deserted.

The good news is, though, I WAS RIDING MY BIKE! :-)  I'm commuting into work 2-3 times a week now with little to no pain.

I've met another one of my goals as well: I have gone on 2 pleasure rides with hills! (Up Steven's Creek Canyon and back)

Oh, and I can get in and out of a car like a normal person !

I've started doing one-on-one Pilates where my instructor is working on correcting a lot of my compensatory behaviours and I'm already seeing results - hopefully some day soon I'll see the bottom of my left foot again! :-)

Smartphones: Is it worth it?

Many years ago, I can remember the delight attendees at DefCon II had at learning how they could easily eavesdrop on others (and make free phone calls) by abusing a poorly installed PBX phone system at Circus Circus in Las Vegas.

It was so simple to use a scanner (or even another cell phone, like my Motorola Microtac Ultra-Light) to listen to people on their cordless phones or analogue cell phones sitting nearby.

I was so excited, then, when I heard about all of the new digital telephony standards that would make such eavesdropping impossible.

Fast forward more than a decade and many of us are carrying smartphones that have a handy built-in GPS.  That GPS is great when you want to find a good taqueria nearby, or get turned around walking in an unfamiliar city - but not great when police start pulling the data off of your phone with no warrant!

Seems far fetched and paranoid, doesn't it?  Well, I found out today that Apple is storing all of your locations on your iPhone (and transferring it to your "host" computer that you sync with) in an unencrypted file, along with nearby wifi information.  I'm sure this is for some future app that will tell you where to go for free wifi, or something, but the privacy implications are staggering!

Combine that with the fact that some Michigan police officers are carrying around mobile phone "extraction" devices that they are using in some routine traffic stops to download GPS information along with photos and text messages from people ... without a warrant!

Surely we shouldn't have to give up this information just because we want the convenience of finding a great place for beer?  Well, we can't say that Susan Landau didn't warn us...many times.