Nothing much, really.  But I was thinking as I made my cappuccino this morning about some article I read, years and years ago, bluenoseishly decrying the evils of rock music on the grounds that it was bad for your health, because ... well, basically because some songs feature a downbeat, is what it came down to.  And according to the author, this was terribly dangerous because it was, you know, the opposite rhythm to your heartbeat, and this was sure to weaken your heart and might even eventually kill you.

Anyway, I couldn't help but think that this was an opinion on music from the viewpoint of someone whose knowledge of music had apparently never grown to encompass anything beyond oompah bands.

So, not much of a revelation for the day.  Just an example of the kind of random stuff that goes through your mind while you're standing in the kitchen on a Monday morning waiting for your doppio to run through the filter.

"Disproving" atheism using [something almost, but not quite, entirely unlike] science.

Words fail me.

(Update:  It has been suggested to me that the original source for this particular piece of headdeskery may have been Landover Baptist Church, which those familiar with the name will recognize as satire.  I do not at this time have proof either way of this assertion.)

LiveJournal just mailed me a batch of comment notifications from two years and one month ago.  Oooookaaaaay.......

In other news, freetrav mentioned having seen the theme-resetting behavior before, and said that in his case it was caused by a corrupted LiveJournal cookie, but he couldn't figure out which one, so he deleted ALL livejournal.com cookies and it fixed the problem.  So, I did the same thing a few days ago.  And HOLY CRAP there were a lot of cookies. I think there was a cookie from every journal I've looked at or seen a post from in the last six months.  I wish Firefox cookie control was granular enough to let me say "Save my LiveJournal login cookie and cookies related to my account itself, and expire all other LiveJournal cookies at end of session." But it doesn't appear I can actually do that.

So, anyway, we'll see whether it works or not.

Note to LiveJournal:  Maybe LiveJournal might behave more reliably if it didn't rely on quite so many damned cookies.....?  I deleted almost a hundred of the cursed things.

Yeah, it's just a fail-y day today.

If you go to sign up for GTE Federal Credit Union online, you will find that the first thing it does is have you create a site login.  Then it goes on to the actual application form.  Currently, you can't get past the first page, because (here comes fail #1) the "Job Title" field is a text field, but the page verification logic thinks it's a drop-down list, and will reject the page forever because you haven't selected a job title from the drop-down list.  Which you can't, because it doesn't exist.

So, suppose you think they'll surely notice an error like that and fix it soon, and you decide to come back in a couple of days and try it again.  Well, the next thing you discover is that when you come back, you now need to create a new login identity.  Because, even though the site failed and wouldn't let you complete the application, it saved your login data.  So the login identity you created has been consumed (fail #2).¹

"Well," you figure, "maybe I can log in with that ID and resume or retry my application."  Nope. That produces a site error.  In fact, customer service confirms that there is no way to log in with that identity and resume or restart your application.  (Fail #3.)  But the identity will expire after ... some time.  They don't know how long.

I really wonder sometimes at the stupidities committed by supposedly professional web application designers.  If online shopping worked this badly, online vendors would charge your credit card before determining whether the item you wanted was actually in stock or even available.

[1]  A malicious individual could probably figure out a way to use this as a denial of service, by robotically completing just that first page with throwaway data and consuming all available user identities, since nothing on the first page except for the username is verified to be valid or unique.  Fail #4.

Damage repaired.  Again.

But I'm getting really massively tired of this shit.  This is the fifth time, now.

(I'd actually like to customize this style further than this, but I can't because the layer source code is flagged non-viewable.  In Post-Soviet Russia, source code changes you.)

Short and sweet:  I have somewhere between 20 and 30 unused Dreamwidth invite codes.  If you want one, comment and let me know an email address to use (comments are screened), and I'll send you one.

Specifically, a question for Leslie Fish fans.  Even more specifically, a question for any Leslie Fish fans who happen to possess a copy of the Fish/Kipling Cold Iron CD from Random Factors as sold on this page.

The question:  Can anyone tell me which version/mix this CD is? Is it the original 1983/1986 Off Centaur mix, with the Celtic harp on Puck's Song; or the 1991 Fly-by-Night ... er ... I mean, Firebird remix with the godawful electroharp, and with Leslie's voice shot from too much smoking?  Or something else again?  If you have this CD, please tell me about it.  All I have is a Firebird tape cassette copied-over (with gain problems that I discovered too late) with the Off Centaur tape, and I'd like to get a better version.

The iTunes 10 update fiasco:  Or, in which Apple screws its customers again.

This is not unique to Apple, of course.  A number of Microsoft games (Halo 2, for example) require DirectX 10 — as in, the installer will refuse to run unless you have DirectX 10 installed — even though they use no DirectX 10 functionality.  DirectX 10, of course, is available only for Windows Vista and later.  There is no apparent reason for this other than Microsoft trying to force Windows users to buy upgrades to Vista.

I've always been a fan of Mike Oldfield.  In 1994, Mike released his 16th album, The Songs of Distant Earth, based on and inspired by Arthur C. Clarke's SF novel of the same title (and with Clarke's full approval and cooperation).  The CD was re-released very shortly afterward as an "enhanced" CD containing CDROM content including a VR experience built upon the Myst engine.  A second edition of the enhanced CD added more multimedia content including the full-length video for the second track, "Let There Be Light".

So far, so good.  But all is not perfect in the digital world.  There are two problems with the enhanced CD.

The first is that the CDROM data content is encoded and formatted for PowerPC Macs running OS7 through OS9 — because, in 1996, the Mac was arguably the best common graphics platform around.  If you try to load the enhanced CD into a Windows or Linux PC, it can't read that track.  Current versions of OSX no longer include OS9 compatability and cannot run PowerPC binaries, so a current OSX Mac can't read it either.

So, forget the multimedia content, unless you have a classic Power Mac around that's still running either OS9 or an older version of OSX with the OS9 compatibility installed (which is really just an embedded OS9 installation).  But you can still play the music, right?

Well ... maybe.  You see, the other problem is that the CDROM track is the first track on the CD.  And if your optical drive and your computer can't read that first track, they can't play the CD — and in fact, in the case of Linux and Windows at least, they fail to even detect valid media in the drive. If you're using an ordinary "dumb" standalone CD player, it will simply skip the first track (because it can't read it either) and play the rest of the CD.  But if you're trying to play it on a computer?  You're pretty much boned.  (You might be able to skip past that first track and play the rest of the CD on an OSX Mac.  I haven't tried it.  I don't do Macs.)

So, if you bought the enhanced CD and want to play it on a computer, you're pretty much out of luck.  And if you're only going to play it on a regular CD player ... well, then you can't access the multimedia content, so why would you get the "enhanced" CD?

So now you want to find a copy of the audio-only original-edition CD?  Good luck with that.

Well, hey, it probably seemed like a great idea at the time.  But less than fifteen years later, its "enhanced" multimedia content is de facto unplayable, because it was coded for a niche system that de facto doesn't exist any more outside of computer museums and a few relict private collections.

There's a lesson here, and it's one that's already a significant concern among people in the computer industry who think ahead about things like this:

"Will we still be able to read this medium, or this data, in fifty years?"

Here's one we can't read after only fifteen.

We've all heard lots of examples of security breaches, most recently Sony's entire PSN gaming network getting totally 0wn3d and virtually every bit of user credential data stolen including credit card data.  Some companies handle it well.  Some handle it poorly.  Sony actually reacted relatively well this time, shutting down PSN until they'd cleaned and re-secured it, publicly owning up to the breach, and notifying all their customers.  After the Hannafords data breach a couple of years ago, RBS Citizens Bank pre-emptively replaced all customer debit cards that had been used at a Hannafords store, just in case they might have been compromised.  (This not only protected customers, it made sound business sense too; it's cheaper to preemptively replace a bunch of cards that would have been replaced in the next year or two anyway, than to clean up fraudulent transactions later and possibly eat losses of anywhere from hundreds to thousands of dollars per card.)

Other companies haven't handled it so well.  I'm not naming any names, but there have been companies which it has transpired have suffered massive customer data breaches and simply didn't bother to tell anyone until they were outed, and other companies that only notified their customers of breaches in states where the law forced them to do so.

Here's an example of doing it right.  Lastpass.com is an online password-keeper service.  On Tuesday morning, they noticed a network traffic anomaly during routine (for them) analysis of network traffic logs.  They couldn't be certain what it was; but they couldn't be 100% certain that it wasn't evidence of a breach.

So they played safe, and handled it as though it was.

In this case, we couldn't find that root cause.  After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server).  Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed.

A lot of their customers are complaining about being forced to change their master passwords.  But this is the right way to handle a possible security breach.  If you cannot rule out a breach, you study the evidence you have, you figure out the worst probable case consistent with the available evidence — and then you handle it as though that worst case happened.  Because in the long run, it's MUCH safer, and much less expensive, to assume you were breached and later find out that you were not, than to assume you were not breached ... and later find out that, actually, yes, you were.