Apr 23 2012

Reagan.com Email is a Misguided Effort

Categories:

Politics, Technology and Science

April 23, 2012

I heard a commercial with the booming and illustrious voice of Rush Limbaugh. After I recovered from banging my head against my desk, I reflected on what was said in the commercial.

Rush pointed to the popular free email providers (Yahoo, Google, and others) to remind you that they scan your email. To remind you that they sell your email address, and other information about you, to the highest bidder. To remind you that the use of these free email addresses may increase your risk of spam mail. In contrast, purchasing an email address from Reagan.com provides you with private and secure email, and your email address will never be sold.

I was intrigued.

I found that Rush was not the only conservative advertising this service though. Fox, CBS, and many others also endorsed it, though for slightly different political reasons; they primarily portrayed it as an email alternative “for conservatives”. They said that, unlike these free services, Reagan.com email would not have you unknowingly contributing to “the liberals”.

Michael Reagan, founder of Reagan.com and son of, you guessed it, Ronald Reagan, has this to say about his service:

[...] every time you use your email from companies like Google, AOL, Yahoo, Hotmail, Apple and others, you are helping the liberals. These companies are, and will continue to be, huge supporters financially and with technology of those that are hurting our country.

Because apparently liberals are the only ones that are interested in using technology to advance our country. And apparently “the liberals” are the only people benefiting from these huge corporations. Obviously, they would never help “the conservatives”. Regardless, this is a relatively empty claim as its never actually substantiated.

Politics aside, allow me to explain to you from a technical perspective why the commercials endorsing Reagan.com and even the information on Reagan.com is largely misleading.

 

First, let’s address the script Rush was fed in his advertisement. It is well known and accepted that free email providers, along with many paying internet providers as well, will harvest and sell your information to advertising companies. It’s well known because these companies clearly state this in their Privacy Policies. The claim is that the Reagan email service, which costs you $40 per year, does not do this. However, if you read through the Privacy Policy for Reagan.com, it is true that Reagan.com says they will not collect your information, but they do allow their affiliates to collect your information.

We may also use one or more advertising network providers to help present advertisements or other content on this website. These advertising network providers use cookies, web beacons, or other technologies to serve you advertisements or content tailored to interests you have shown by browsing on this and other websites you have visited. Advertising network providers collect non-personally identifiable information such as your browser type, your operating system, web pages visited, time of visits, content viewed, ads viewed, and other click stream data.

The key phrases here are that their “advertising network providers” have the right to collect information about “content viewed”. I don’t know about you, but the content I primarily view while logged onto my email is … email.

The use of cookies, web beacons, or similar technologies by these advertising network providers is subject to their own privacy policies, not our privacy policy for this website or its Service.

Reagan.com uses the affiliate networkadvertising.org for their ads (why they show ads on a service they charge for is beyond me). Ironically, if you look through the list of partners of Network Advertising, four companies may quickly jump out at you: Microsoft (Hotmail), AOL, Yahoo, and Google. Just to name a few. Which means much of the same ad revenue that these companies may generate from your use of their free email services may still be generated for them through your use of Reagan.com.

This last point is key to highlighting the disconnect between the claim of the Reagan.com email service and the reality of the internet’s interconnectivity. This disconnect has also recently been highlighted with the controversial SOPA and PIPA bills passing through Congress. You have politicians proposing bills, or in this case making a buck using the influence of politics, on technical subjects in which they have little to no understanding.

If privacy is what you seek, you cannot use the internet, and you certainly cannot use email (unless it is isolated to an internal network). Even if a given email was secure and private while on the Reagan.com servers, any incoming and outgoing messages will go through a server at some point somewhere in the world that is likely owned, operated, or affiliated with one of the internet or server giants, including Google. Coincidentally, even if you had a Reagan.com email address and sent an email to yourself, the email would still go through one of these external servers before returning to you.

 

Next claim. Reagan.com is email for conservatives, right? So supposedly using Reagan.com will support a conservative agenda rather than a liberal agenda. Perhaps directly, and on the very surface, but indirectly (and about half an inch below the surface down to bedrock) no. As I said before, you can’t take something as intertwined and complex as the internet and expect to take the biggest internet giants out of it. Ironically, on the same site that Michael Reagan is falsely boasting that his service will get you away from those Big Brother liberal companies, he provides instructions for how to configure his email to service to work on your mobile device. You know, the one made by Blackberry, Apple, or Motorola (owned by Google) running the Android OS (also owned by Google).

Let’s give Reagan the benefit of the doubt. Let’s assume he’s not trying to insinuate it’s Big Business we should distrust. Maybe he’s suggesting Google, Yahoo, and the like sell your information to the government, and that’s where the privacy risk comes in. This is half true … although they don’t sell it. And, again, Reagan.com won’t get you away from this. Even when using Reagan.com, as soon as the email leaves the Reagan.com servers, the United States government will have the opportunity to seize and view the email. They probably won’t, unless you’re a terrorist suspect, but they always have the right, no matter your provider, thanks to the Patriot Act. Heck, even on the Reagan.com servers the government has the right to seize it under this act.

 

There’s a phrase that somebody said once goes something like:

Is it really free if it costs you your privacy?

That’s up to you to decide, really. But if you believe internet companies are the only ones tracking personal information about your daily habits … well, let’s just say you should stop shopping at Target. Or Wal-Mart. Or Best Buy. Or really any major chain in America. Personally, I don’t think a corporation tracking your habits to better server you with ads related to your interests is an invasion of your privacy.

The cost of Reagan’s supposedly private and secure email service is $40 per year. This service is rented from a man who has no technical expertise and is not a server administrator. His Terms of Service clearly and painfully guarantee you nothing in terms of support, up-time, warranty, or back-up. And if you’re expecting new features in the future … well, don’t hold your breath.

On the other hand, companies like Google and Yahoo have incentive to provide you with new features. They have incentive to guarantee you up-time, because every second their servers are down is ad revenue lost for them. They have dedicated support teams to ensure their servers are always running at peak health, and they have redundantly connected servers and farms, just in case.

Reagan’s servers go down? I’m sure they’ll get it back up eventually. But, you know, you’ve already paid them your $40, so they don’t lose money by the second when the service is down. And it is owned by a politician … so don’t expect a quick turnaround.

This post has no tag

3 comments

Permanent link to this article: http://alexlaird.net/2012/04/reagan-com-email-is-a-misguided-effort/

Mar 23 2012

The Falsities Regarding Oil Production Under Obama

Categories:

Politics

March 23, 2012

President Obama has this ad out that cheerily says, “Boost U.S. oil production? Under President Obama, it’s already the highest in eight years.” Then this fancy graph swoops across the screen to impress you with the vast amounts of oil barrels being produced each day. And, if you’re wishing the U.S. was producing more barrels of oil, this graph should make you proud.

Of course, no political ad can last too long without words of affirmation from the opposition. And, true to their form, they lobbed the rock back within twenty-four hours. U.S. oil production isn’t up under Obama, they said. The oil reflected in that graph is all on private land, they said. Obama has all but stopped domestic oil production on public lands.

Can it be? Our President lied in an ad? Actually, no. For two reasons.

Firstly, the President did not actually claim personal credit for the growth of U.S. oil production. I believe the point he was trying to illustrate was that oil production, regardless of where it’s produced in the United States, is at a record high, so production does not need to increase. You could try to suggest that the ad is misleading, but the conclusion of the ad makes the point pretty clear by pointing you to his All of the Above campaign. I would submit that if you believe it is misleading, it is because you are placing a false premise on it.

Secondly, the accusation that the president has all but stopped domestic oil production on public lands is, in fact, false. Crazy as it may seem, drilling permits and records are actually published by the U.S. Department of the Interior Bureau of Land Management (you know, the guys who keep track of said permits and the like). That means you can look these facts up for yourself.

So, what are the facts? According to the Bureau of Land Management’s Oil and Gas Statistics for domestic drilling on public land:

During Bush’s first term, on average, 2,598 new leases were issued per year, 4,166 permits approved each year, and 2,994 new wells were started annually

During Bush’s second term, on average, 3,360 new leases were issued per year, 6,264 permits approved each year, and 4,884 new wells were started annually.

During Obama’s first term, on average, 2,546 new leases were issued per year, 4,273 permits approved each year, and 3,231 new wells were started annually.

Conclusion: oil production on public lands has not all but ceased. In fact, it is slightly higher than Bush’s first term.

Now let’s review. Is U.S. oil production up? Yes. Is oil production on public lands up compared to Bush’s first term? Yes. Is oil production on public lands up compared to Bush’s second term? No. Did Obama suggest oil production on public lands was up compared to either of Bush’s terms? No. Between both of Bush’s terms, was his average public oil production higher than Obamas? Yes. Did the government fudge these numbers to mislead the general public? If you believe that, there are bigger things than gas prices that you should be worried about.

On average between both of Bush’s terms and Obama’s first term, Bush approved more permits. But you can’t argue that Obama’s approval lesser approval of permits and new leases on public lands (as compared to Bush’s second term) isn’t consistent with driving trends, because it is. In fact, even as driving trends have decreasedObama has continued to increase oil production on public lands. I could also elaborate on a point that this demand and consumption ratio bares no real consistency when compared to the price of crude oil or the gasoline that is made from it.

However, to elaborate further on these points would get away from the main point of both this post and the commercial, which really have little to do with Obama’s oil production permits and everything to do with the entire country’s oil production. It is through the roof, domestically, yet gas prices have not declined (and will not, I predict, even under another President). More importantly, the claims that Obama has done everything in his power to all but stop the approval of new wells and permits is absolutely false.

Consequently, the lesson to glean from this has nothing to do with oil production. I’d say the more pertinent point is this: your government may not be as dishonest and corrupt as you’re always led to believe; perhaps it is the source continually demeaning your Commander and Chief that’s feeding you falsehoods.

But don’t take a random person’s word for it, even if that person is behind a monitor or a microphone. When someone (yes, even me) tells you something, don’t just perpetuate the “shocking truth” without checking it out for yourself first.

 

This post has no tag

6 comments

Permanent link to this article: http://alexlaird.net/2012/03/the-falsities-regarding-oil-production-under-obama/

Mar 01 2012

Using VirtualBox to Host a VPS

Categories:

Technology and Science

March 1, 2012

Oracle’s VM VirtualBox is a virtualization program that allows you to run another operating system from within your native operating system. Though it is most commonly used to run fully functional operating systems such as Linux or OS X from within Windows 7 (or vice versa), it can also be used to host a Virtual Private Server (VPS).

This post does nothing to compare benchmarks between more efficient (and recommended) VPS environments such as VMware or Linux-VServer, and I would not recommend using VirtualBox as a VPS in a production environment. However, it is useful in many situations, and I’ll let you be the judge of when this should or should not be done. It is certainly acceptable for personal and developmental purposes. And hosting a VPS through something like VirtualBox that is extremely simply to setup and use allows you to easily experiment with configurations and operating systems, or even jump between multiple VPSs on the same computer.

This tutorial assumes you have a rudimentary knowledge of server software and operating systems. I’m going to be explaining virtualization to you, not the details of the server installation and configuration.

 

Setting Up VirtualBox

First, some definitions. When I refer to the host operating system, that is the primary operating system that your computer boots into. When I refer to the guest operating system, that is the virtualized system that is run from within VirtualBox. There will also be references to IP address and ports on the host and guest. They follow the same theme. Now that we’ve got that of the way …

You can pick up VirtualBox for free from their website here. Download and run the installer for your host operating system. Congratulations. VirtualBox is now ready to run. Unfortunately, it doesn’t have a guest operating system installed or configured yet, so it doesn’t do much for you. But before we actually install one of those, let’s create a virtual environment for it and configure some VirtualBox settings.

In VirtualBox, click New to create an environment where we install a guest operating system. I’m assuming you’re a civilized human being and installing a Linux server operating system, so select Linux, then select the version of operating system you’re using. If the exact version isn’t in the VirtualBox list, select the parent Linux distribution (for instance, for CentOS you’d select Fedora).

Ideally, you should grant at least half of your host system’s memory to the guest operating system. You should dedicate at least 8GB to the guests hard drive space. Luckily, since this is a virtual environment, you can select to dynamically allocate this space, so the virtual hard drive will only consume space on your host’s hard drive as it is needed. Finish up the wizard, and the guest environment will be created.

Now, to make that guest environment accessible to our host computer. Right-click on the newly created environment and select “Settings”. Click on “Network” in the list on the left, and click on “Adapter 2″. Enable this adapter and, from “Attached to:” select “Bridged Adapter”. This will cause the guest environment to resolve DHCP IP information directly from the host operating system, which means we can now forward some host ports directly to the guest operating system.

Go back to the “Adapter 1″ tab, make sure this adapter is “Attached to: NAT”, and click “Advanced”. Click on “Port Forwarding” and add a new TCP forward. Let’s call it “SSH”. Specify 22 for the host and guest ports. This will forward the host machines port 22 to the guest machines port 22—they don’t have to be the same, they just have to match other configurations on the host and guest side of things. It’s also worth adding an “HTTP” forward for port 80 as well as any other the forwards for ports controlling any other services you’d like accessible from the guest environment.

 

Server Operating System

If you haven’t already, now’s the time to choose what operating system you’re going to use for your guest environment. I recommend Ubuntu Server if you’re used to Ubuntu or Debian environments, and CentOS is another wildly popular one, though it’s not my cup of tea. Whatever operating system you choose, download the ISO for it’s installation and open up VirtualBox again.

Right-click on your guest environment and select “Settings”. From the list on the left select “Storage”, and point your virtual disc drive to the ISO you just downloaded. Once this is done, you can simply start the guest environment and it will boot with that disc “in the drive”, so you can install that operating system in the guest environment.

If you’re installing Ubuntu Server, selecting OpenSSH during the install process as well as LAMP and any other services you’d like available will make things much easier for you. However, as I said above, this tutorial assumes you have a rudimentary knowledge of server operating systems, so I’m not going to go into the details of installing those services. But to prove that our port forwards worked, you should at least install OpenSSH (during installation or as soon as you boot into the environment), and if you are able to SSH to your host computer on port 22 and access the guest environment, then everything worked the way it should have.

 

Access from External IP

Login to your router and go the Port Forwarding section. Add a new port 22 forward, and forward that port to the IP address of the host. Do the same for port 80 and any other ports you added during the configuration above. Now, by typing in the external IP address of your network, you can SSH into the guest operating system through port 22, and you can utilize other services available to other ports.

There’s a lot more than can be done from here (using DNS to propagate to your external IP address, mail servers, etc.), but this tutorial has gotten you to the point where you can use tutorials for non-virtualized environments tutorials to accomplish those goals now. Good luck with your endeavors!

 

Tags: ,

Leave comment

Permanent link to this article: http://alexlaird.net/2012/03/using-virtualbox-to-host-a-vps/

Feb 28 2012

Secure PHP Login

Categories:

Technology and Science

February 28, 2012

When perusing the internet for discussions on PHP sessions and cookies in regards to credential validation and user logins, I’ve never been satisfied with the approaches I find. Many of the tutorials are just plain lousy or incomplete. And the others seem to imply that you should only use sessions or cookies and never mix-and-match, a confusion that would probably trip up many PHP novices. So I’ve decided to post a tutorial explaining the complete PHP login format I use for my sites and web applications.

 

How it Works

The way to create secure pages using PHP is a simple enough concept: determine the pages that can only be visited by logged in users and put a piece of code at the top of them to redirect logged out users to a login page. If a user visits the login page and is already logged in, they should be redirected to the main page.

So, how do you determine if a user has been logged in? You have PHP to see if there’s a fingerprint that pairs the server to the client’s computer. To do this, PHP provides access to two mechanisms: sessions and cookies. Once a user has logged in with a valid username and password, you fingerprint either the server (session) or the client’s computer (cookie). Once the fingerprint is in place, each secured page just needs to check to see if it exists. If it does, show the page to the user; if not, kick the user back to the login page.

It’s that simple.

 

Comparing Sessions and Cookies

Before you can really proceed, you need to understand the primary differences between sessions and cookies in PHP (and, well, anywhere). Let’s break them down for comparison:

Cookie

  • Stored on client’s computer
  • Slower, since they have to be sent to the server from the client’s computer
  • Limited on size and how many can be stored on the client’s computer
  • Can be used across multiple servers
  • Can have a lengthy lifespan
  • Can be viewed and modified by client
  • Not available until page reloads (since cookies will be sent to the server on page load)

Session

  • Stored on server
  • Faster, since they are already on the server
  • Less bandwidth transfer since, rather than sending all data from client to server, the session only sends the session ID to be stored in a cookie on the client’s computer
  • Size of a session is dependent on the PHP memory limit set in php.ini, but my guess is that limit is significantly higher on your server than the 4k generally allotted to cookies
  • Cannot be used across multiple servers
  • Lifespan is very short; always destroyed when browser has been closed
  • Can only be accessed through the server, so much more secure than cookies
  • Available immediately in code without a page reload

From the above, you should be able to deduce that if you are working with sensitive data (passwords, credit card data, etc.), a session should be used. If you simply want to carry non-sensitive data between pages (the contents of a shopping cart), a cookie may be used.

Now that we understand the differences between sessions and cookies functionally speaking, what are they? Basically, as far as the code is concerned, they’re just arrays. The cookie array can be accessed using $_COOKIE['val-name'], and the session array is conditionally accessible by referencing $_SESSION['val-name']. The session array is only accessible if you have started a session by calling session_start().

To store a value into a cookie, we use the provided function setcookie(‘val-name’, $myData, time () + $keepAlive). Now let’s break this down: val-name will be the string used to reference this cookie as shown in the paragraph above. Whatever is in $myData is the string that will be stored in the cookie, and the cookie will stay alive until $keepAlive seconds from the current time have passed.

To store a value into a session is much easier. After a session has started, you simply execute $_SESSION['val-name'] = $myData. The values will be accessible as shown above so long as the session exists—that is to say, so long as the browser has not been closed and session_destory() has not been called.

With this understanding of sessions and cookies now, you should be able to see that a session will be useful in allowing a user to login to a secured page, but that it will not allow a user to close the browser and return to that page still logged in. We’re just about to dive into the code that will allow for both of those things, but first let’s look at a common oversight.

 

The Shared Server Conundrum

This is a sneaky issue, because you likely won’t know that it exists until your security has been compromised, so I’ll let you in on the secret now.

PHP session variables are stored in /tmp by default, and this is true for any user on a server. Since the HTTP server software has access to read and write from this folder, and all users of a shared server execute from that same user, there is never a complete guarantee that your sessions are completely safe when you’re in a shared server environment. It is also possible for session collisions to occur because of this, for instance, if you and another user on a shared server are using the same session string. For this reason, it’s a good idea to regularly regenerate the session ID, and it’s also smart to use session strings that are related to the application you’re working with.

Another issue with shared server sessions in PHP is their timeout time. Though you may set a session timeout to be five hours, if another user on the shared server sets the timeout to be something else, say two hours, all of your sessions will also timeout in two hours, since PHP does not disambiguate between users within the /tmp folder.

I don’t know of a remedy for the timeout issue, though you may be able to contact your server admin to ask if there is a user-based php.ini file that could be configured to store your sessions somewhere other than /tmp. There are also ways to store your sessions in a database, which would get rid of both of these potential issues.

Regardless, neither of these issues are extreme vulnerabilities, but they should be something you’re aware of. If your application simply cannot share its sessions with other users, or your session data needs to be tightly maintained and secured, your best bet is to go with a dedicated server.

 

User Database

Before we can make a secured page that only certain users have access to, we need an access list of those users and their credentials, right? The way we achieve that goal is with a database. In our code example below, we’re using a MySQL database, so you’ll need to perform the following steps using MySQL:

  • Create a database named project_name
  • Create a table within project_name named Users
  • Users should have (at least) three columns: UserID int(10)Username char(25), and Password char(40)
    • The UserID column needs to be unique and auto incrementing, starting at one (1)—the code below checks for a UserID equal to zero, which means that the user was not in the database
    • Ideally, the UserID column should be the primary index for the table
  • Users should have (at least) one row added: plain text Username, and SHA hashed Password

Once a MySQL database setup like this, you’re ready to write the PHP code.

 

The Code

The snippets of PHP code below are robust enough to be deployed with a large-scale web application. If all you require is a simple authentication page and don’t much plan on using the session variables throughout your user’s stay, this code can easily be trimmed down to fit those needs as well. So, let’s walk through the code, shall we?

 

class-databasehelpers.php

If you are making a large-scale web application a database helpers class can help streamline repetitive database calls. If you are making a more simple login interface, you can move the functionality within this class to functions.php.

Ideally, you should not just use SHA for password storage. You should salt the SHA password with your own random variables. If you do this, don’t forget to modify the length of the Password column in the MySQL database.

If your application eventually has a settings.php file, it’d make more sense to move the defined database constants out there.

<?php

define (DB_NAME, 'project_name');
define (DB_USERNAME, 'sql-username');
define (DB_PASSWORD, 'sql-password');

class DatabaseHelpers
{
   public static function passHash($password)
   {
      $sha = sha1($password);
      return $sha;
   }

   public static function getDatabaseConnection()
   {
      $dbh = new PDO('mysql:host=localhost;dbname=' . DB_NAME, DB_USERNAME, DB_PASSWORD);
      
      $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
      
      return $dbh;
   }
}

?>

class-userdata.php

The UserData class should be an almost identical interface to the MySQL Users table. Almost identical. You should not have the Password field, as PHP will handle checking that value and beyond that the user’s password, hashed or not, should never be stored anywhere.

<?php

class UserData 
{
   public $UserID;
   public $Username;
}

?>

class-users.php

The Users class is used to retrieve, assess, and modify data stored in the UserData class. For our purposes, we only need a checkCredentials() function to validate the given username and password against MySQL database elements.

<?php

require_once ('class-databasehelpers.php');
require_once ('class-userdata.php');

class Users
{
   public static function checkCredentials($username, $password)
   {
      // A UserID of 0 from the database indicates that the username/password pair
      // could not be found in the database
      $userID = 0;

      try
      {
         $dbh = DatabaseHelpers::getDatabaseConnection();

          // Build a prepared statement that looks for a row containing the given
          // username/password pair
         $stmt = $dbh->prepare('SELECT UserID, FROM Users WHERE '
                 . 'Username=:username '
                 . 'AND Password=:hashedPassword '
                 . 'LIMIT 1');

         $hashedPassword = DatabaseHelpers::passHash ($password);

         $stmt->bindParam(':username', $username, PDO::PARAM_STR);
         $stmt->bindParam(':hashedPassword', $hashedPassword, PDO::PARAM_STR);

         $success = $stmt->execute();

         // If results were returned from executing the MySQL command, we have a valid
         // username/password pair
         if ($success)
         {
            $userData = $stmt->fetch();
            $userID = $userData['UserID'];
         }

         $dbh = null;
      }
      catch (PDOException $e)
      {
         $userID = 0;
      }

      return array ($userID);
   }
}

?>

pages.php

This class acts as an enum of pages on your site.

<?php

// To get around the fact that PHP won't allow you to declare
// a const with an expression, define our constants outside
// the Page class, then use these variables within the class
define (LOGIN, 'Login');
define (INDEX, 'Index');

class Page
{
   const LOGIN = LOGIN;
   const INDEX = INDEX;
}

?>

functions.php

Here’s where it gets fun. As you create more pages that should only be accessible to validated users, make sure you add them as an OR to the return of isSecuredPage().

The checkLoggedIn() function is our primary work house. This function checks to see if the current page requires validation. If the page requires validation and the user is not logged in, they are redirected to login.php. If a user has been logged in and visits the login page, they are redirected to the main page. If the user has been logged in, this function allows them to access secured pages. The checkLoggedIn() function is also responsible for completing both the login and logout process, and on successful login it sets the proper session and cookie variables.

<?php

require_once ('class-databasehelpers.php');
require_once ('class-users.php');
require_once ('functions.php');
require_once ('pages.php');

function isSecuredPage($page)
{
   // Return true if the given page should only be accessible to validation users
   return $page == Page::INDEX;
}

function checkLoggedIn($page)
{
   $action = stripslashes ($_POST['action']);
   
   session_start ();
   
   $loginDiv = '';
   
   // Check if we're already logged in
   if (isset ($_COOKIE['project-name-userID']))
   {
      // Always regenerate the ID so it's harder to trace
      session_regenerate_id ();
      
      // Ensure our session variables are set
      if (!isset ($_SESSION['project-name-userID']))
      {
         $_SESSION['project-name-userID'] = $_COOKIE['project-name-userID'];
      }
      
      // Only redirect us if we're not already on a secured page and are not
      // receiving a logout request
      if (!isSecuredPage ($page) &&
          $action != 'logout')
      {
         header ('Location: ./');
         
         exit;
      }
   }
   else
   {
      // If we're not already the login page, redirect us to the login page
      if ($page != Page::LOGIN)
      {
         header ('Location: login.php');
         
         exit;
      }
   }
   
   // If we're not already logged in, check if we're trying to login or logout
   if ($page == Page::LOGIN && $action != '')
   {
      switch ($action)
      {
         case 'login':
         {
            $userData = Users::checkCredentials (stripslashes ($_POST['login-username']),
                                                 stripslashes ($_POST['password']));
            if ($userData[0] != 0)
            {
               $_SESSION['project-name-userID'] = $userData[0];
               if (isset ($_POST['remember']))
               {
                  // We set a cookie if the user wants to remain logged in after the
                  // browser is closed
                  // This will leave the user logged in for 168 hours, or one week
                  setcookie('project-name-userID', $userData[0], time () + (3600 * 168));
               }
               else
               {
                  setcookie('project-name-userID', $userData[0], false);
               }
               
               header ('Location: ./');
               
               exit;
            }
            else
            {
               $loginDiv = '<div id="login-box" class="error">The username or password ' .
                           'you entered is incorrect.</div>\n';
            }
            break;
         }
         // Destroy the session if we received a logout or don't know the action received
         case 'logout':
         default:
         {
            // Destroy all session and cookie variables
            $_SESSION = array ();
            setcookie('project-name-userID', '', time () - (3600 * 168));
            
            // Destory the session
            session_destroy ();
            
            $loginDiv = '<div id="login-box" class="info">Thank you. Come again!</div>\n';
            
            break;
         }
      }
   }
   
   return $loginDiv;
}

?>

login.php

This is the base for a login form on the login page. Notice that now we’re modifying front-centric PHP files, the only reference you see to heavy lifting is a simple call to our checkLoggedIn() function. The form handles POSTing to this page to log the user in and redirect them to index.php.

The $loginDiv that we receive from checkLoggedIn() allows us to display informative statuses to the user, for instance, if they try to login with the wrong password.

<?php

require_once ('functions.php');

// Check to see if we're already logged in or if we have a special status div to report
$loginDiv = checkLoggedIn (Page::LOGIN);

?>

<html>
   <body>
      <h2>Sign in</h2>
      <form name="login" method="post" action="login.php">
         <input type="hidden" name="action" value="login" />
         <label for="login-username">Username:</label><br />
         <input id="login-username" name="login-username" type="text" /><br />
         <label for="password">Password:</label><br />
         <input name="password" type="password" /><br />
         <input id="remember" name="remember" type="checkbox" />
         <label for="remember">Remember me</label><br />
         <?php echo $loginDiv ?>
         <input type="submit" value="Login" />
      </form>
   </body>
</html>

index.php

Last, but certainly not least, our secured pages. All the work we’ve done above to ensure a robust application allows us to make one simple call from a secured page: checkLoggedIn(). Everything we’ve done above handles the rest. Add this call to any page you want to be secured and you’re good to go!

One thing to note is the logout button, which simple POSTs a logout action to login.php.

<?php

require_once ('functions.php');

checkLoggedIn (Page::INDEX);

?>

<html>
   <body>
      <form name="logout" method="post" action="login.php">
         <input type="hidden" name="action" value="logout" />
         <input type="submit" value="Logout" />
      </form>
   </body>
</html>

 

The Common Exit Issue

Take special note that as soon as it has been determined that checkLoggedIn() in functions.php succeeded or failed (i.e. following a header call to redirect), exit has been called. This is crucial if your secured page makes ready use of your session or cookie variables, because it tells PHP to cease construction of the page immediately. It is a common mistake to not call exit after a header redirect, which is not necessarily insecure, but it is poor practice. If you fail to call exit immediately, the remainder of the page will still be evaluated by PHP (though the variables may not have been initialized), and error reports may occur. Not data will be displayed to the user, but you neglecting to call exit may fill up your PHP error logs.

 

The Payoff

You now have login page, secured content areas, cookie storage for returning users, and working sessions throughout your pages. What’s cool about this from this point forward is that you can easily apply this new knowledge of cookies and sessions outside of the credentials realm.

You now have live sessions on your pages, so you can store additional values in the $_SESSION variable to carry them between pages. You’ve seen how cookies work, so you can curse your clients with crumbles of your website for the next time they return (don’t be evil).

If you have any further questions regarding the login process, sessions, or cookies, or if you just found this tutorial useful, let me know in a comment.

 

Tags: ,

Leave comment

Permanent link to this article: http://alexlaird.net/2012/02/secure-php-login/

Jan 18 2012

SOPA Highlights

Categories:

Technology and Science

January 18, 2012

The Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA) are two bills currently mingling in the United States House of Representatives. It would take too much time and effort for me to explain how ludicrous it is that we have misinformed politicians writing litigation for an internet that they apparently do not understand. Instead, I’ll assume you understand the basics of these bills, and I’ll just point out my favorite things I’ve seen relating to them as the bills have progressed. If you do not understand these bills and are confused by an internet search for them (they are extremely complicated), you can ask me about them apart from the blog, and I’d be happy to explain them to you as best I can.

 

So, these bills just stop online piracy, right? How could stopping illegal activity be bad? This is the notion being perpetuated by the media, the MPAA and RIAA, and some big copyright holders–translation, the supporters of the bill. It’s also a sentiment shared by people who generally don’t understand how the internet works. The truth is, these bills do far more in what they don’t say than in what they do say. Ultimately, they’re creating an internet blacklist controlled by the government. Translation: government censorship.

The bills were proposed by a Republican Congressman from Texas named Lamar Smith. Yes, this is the same Lamar Smith who got the Digital Millennium Copyright Act passed. It’s also the same Lamar Smith who has admitted that he does not have a full understand of the internet. Two things seem ironic here: first, we have politicians who admit that they do not fully understand “something” passing legislation against that “something”. Second, we have apparently “small government” Republicans trying to pass censorship bills.

Today, the Internet Blackout is taking place, and it’s essentially the first day the media corporations have at least nodded their head in the direction of this legislation. Why? The bills have been tossed around for months. By all appearances, it would appear that the media was trying to keep the bills hushed up so they would quickly pass. Unfortunately, the internet giants have made sure to get the word out. Only now, after people have started hearing about the bills through other sources, has the media started covering them. That makes sense, considering the MPAA, RIAA, and other media outlets have financially supported the drafting of the bills.

When SOPA was shelved last weekend, that was the first time the media really covered the story. They were very careful to use strong language like “killed” and “terminated” in reference to the SOPA bill. However, the bill was not “killed”. It was temporarily shelved, sure to come back in the near future (quietly, they’ve said they’re taking it back off the shelf in February … that’s not far from now). And there sure was a lot of attention focused on SOPA being shelved when PIPA was still alive and well, proceeding toward a vote.

There are several provisions at the beginning of the SOPA bill which state the bill intends to defend the First Amendment, protect the integrity of the internet, and promote cyber security. Interestingly, the very nature of the bill breaks down each of those things, which illustrates the lack of understanding the drafters of the bill have in regards to the internet.

This next point is particularly controversial, but SOPA and PIPA assume all forms of copyright infringement are intentional and inherently evil. Recent surveys indicate that over 20% of Americans have pirated something at some time. Over 70% of Americans 25-35. And over 90% of Americans under the age of 25. Does this mean 90% of Americans 25 and under are actively striving to steal? No, it means that the very nature of the internet is advertising and publicity. It may seem a stretch to suggest that piracy is publicity, but it’s no more a stretch than the MPAA and RIAA make when stating that every pirated download is a lost sale. More importantly, however, this illustrates that much of the internet’s piracy is not intentional theft, and therefore cannot be counted as “lost sales.”

Lamar Smith, lead supporter and Congressman who introduced the bill to the house, actually illegally hosted copyright material on his website until a few weeks ago. The background image of his website was a photograph taken by DJ Schulte, used without permission. The website went down shortly after a news article pointed this out, and the image has since been removed. However, SOPA doesn’t have any clauses for forgiveness. He hosted copyrighted content without permission. Shouldn’t he be held responsible? This is not an example of how copyright infringement is okay or should be tolerated. This is illustrating how even well-intentioned websites would be subject to blocking merely because they inadvertently used copyright infringing material.

But Alex, you say, shouldn’t copyright holders be able to force someone to take their content down if they are using it without permission? Yes. And they can. There are already laws in place for that. SOPA is not meant to do that, SOPA is meant to give the government the ability to force blocking those websites.

Of course, under SOPA Lamar’s website would not actually be taken down. SOPA strives to block foreign websites, as most copyright infringing hosts are not domestic to the United States. An example of this used time and time again is ThePirateBay.org, a Swedish website, Hollywood’s nemesis, that hosts torrents of anything and everything. Unfortunately for Congress, though the registrar and servers to ThePirateBay are foreign, the registry of the domain is hosted on a .org domain, which is actually domestic to the United States. Some have argued whether this is truly what the bill meant to say, so it may prove to be a moot point, but on the surface it certainly looks like their poster child for evil is immune from the bill.

When chief analysts and internet architects (including Vint Cerf [TCP/IP], Jim Gettys [HTTP/1.1], Leonard Kleinrock [ARPANET], and more … read: “the guys who created the internet”) approached Lamar and Congress to explain to them that their bill was fundamentally flawed, would break the internet, and would destroy the constructs of cyber security, Congressman Smith replied by saying that the opinions of the opposition “do not matter.” Which, in my opinion, is a great way to get re-elected. He also went on to say that the opposition was a “small minority” of the internet. Really? You would consider hundreds of millions of users, not to mention every internet giant and nearly every other tech corporation to be a “minority”? I guess we’ll see how big a “minority” can be after the petition results come out after today.

After the bill started receiving heated response from the internet community, the White House came out with their opinion on the matter. They expressed that they did not approve of the bills, and it was implied that President Obama would simply veto the bills if they were passed. This was when SOPA was shelved. However, when asked about the White House’s response, Lamar and other SOPA supporters said they were “glad to have the support of the White House,” and that they were now “looking forward to pushing this bill through to passing.” Sounds like denial to me.

 

Ultimately, this legislation does nothing to stop the problem they claim to be solving: piracy. It slaps a band-aid on a symptom (or at least tries to), but in doing so it sinks to the level of China’s internet censorship. The proposed laws also draw very solid lines in where the government would have to stop censoring. Copyright protection laws already exist. SOPA and PIPA merely try to take the burden of maintaining their rights off of the copyright holders and moving them onto the content providers. For small providers, this might be manageable. But for giants like Google, Facebook, or Twitter, it’s absurd to suggest that those companies should monitor what their users are doing (First Amendment violation) and remove linked content based on what another website is doing.

What I have pointed out are only surface level absurdities to the SOPA and PIPA bills proposed. I have many other opinions when it comes to matters of piracy, the figures of monetary “losses” the MPAA and RIAA claim each year that are apparently due to pirating, and internet censorship. But it would take far too many blogs to explain all of those as well. But it comes down to the fact that the verbiage of the bills is tamper not just with the content of the internet, but with the security and the infrastructure of the web as well. They may appear to simply be “protecting copyright material”, but you shouldn’t just rip up a street because the street may lead to an unrepeatable city, or to the house of a thief. Go arrest the thief. Don’t prohibit anyone from driving on a road near him. And, as Congressman Lamar Smith should probably learn, you may want to better define what a “thief” truly is.

 

If you’re interested in understanding the evils of SOPA and PIPA, check out this article on reddit—the Devil is in the details. I also strongly urge you to sign Google’s petition against SOPA and PIPA before January 24th.

Tags: , , , , , , ,

1 comment

Permanent link to this article: http://alexlaird.net/2012/01/sopa-highlights/

Nov 03 2011

Investment vs. Loan Payoff

Categories:

Life and Lists

November 3, 2011

The Thought

A few weeks back, I was contemplating various ways Jess and I could possibly payoff school debt sooner rather than later.  I had a spreadsheet detailing my current Loan Payment Plan, but I was more than willing to knock months off the bottom of that plan, if at all possible.  So I mulled over several schemes for paying them off sooner: embezzlement, bank robbery, pirated movie sales.  The usual.  But none of these options gave me complete confidence that they were bullet proof.

And then another, slightly more ethical thought crept into my mind: what if I pulled money from my own investments and used that to pay off school loans?  After all, my investments were earning less interest on a monthly basis than the loans were accruing interest.  Surely it made sense then to use the money from investments to payoff the loans.

Additionally, though I would be lowering the balance of the investments for the short term, I would more quickly be able to put larger monthly contributions toward them, as I would no longer be putting those monthly payments to my student loans.  This seemed intuitive.  And, after Googling the idea, I found that this isn’t all that uncommon of a practice, and many of the articles encouraged this practice.  The other half of the articles suggested that it’s not possible to take money from a mutual fund (like a 401k or an IRA) before you’re 59 and 1/2, but this isn’t true.  I know.  I called several brokerages.

 

The Realization

However.

Upon further research, and with an Excel spreadsheet that was the brain child of my brother, I have found these assumptions to be untrue.  It seems common sense—and it seems reason would suggest that pulling low interest investments out and putting the money toward high interest loans would save you money in the long run, but the long-term ramifications of this were actually quite startling.

The attached spreadsheet, I believe, will speak for itself.  But the understand you at least need to have going into it is knowing why the these posts suggesting pulling from a mutual fund is a good idea; they’re missing the concept of exponential growth.

In the short-term, you believe that pulling a few thousand out of mutual funds now won’t matter, because you’ll quickly pay that few thousand back, with interest.  But you’re missing how fast mutual funds start to grow exponentially each subsequent year, and the more you pull out, the more difficult (or even impossible) it will be for you to catch up with payments over the long-term.

 

The Big Idea

Download the spreadsheet, plug your numbers in, and see if pulling from your investments is a good idea for you (there are a few circumstances where, if you’re disciplined, you can pay yourself back soon enough).  But I would suggest against this.

But here’s the Big Idea, and the real heart of the issue.  Withdrawing money from your investments, whether you can ultimately pay the amount back in full, or whether you’ll save money by paying off your loans sooner, gives you a dangerous mindset toward long-term investing.  It puts the thought into the back of your mind that, if absolutely necessary, your mutual funds may be liquid cash.  And they’re not.  They shouldn’t be.  You will need those funds for you in thirty years when inflation is catching up with your finances, when your kids start looking at college, and when you’re thinking about retirement.

 

 

 

Tags:

Leave comment

Permanent link to this article: http://alexlaird.net/2011/11/investment-vs-loan-payoff/

Oct 30 2011

The Government Sucks at Budgeting

Categories:

Politics

October 30, 2011

Most recently, I wrote a post regarding the proposed cuts to the United States Defense budget.  In that article I detailed that, when budget cuts are being discussed in Congress, Defense is always first and foremost on the chopping block, it seems.  Defense is the figment that Americans take for granted because they can’t see it; it isn’t tangible to them.

I suggested, in turn, that the Entitlement Programs be more thoroughly evaluated for cuts instead.  Naturally, I was not presuming no cuts to Defense.  I’m open to some cuts from Defense, but primary cuts should come from elsewhere.  Unfortunately, that suggestion is exactly what would never get me elected.  Cut Entitlement Programs, lose those votes (which is most of America); cut Defense, people foolishly assume they’re not affected.

The simple fact is, however, something must be cut.  I believe we’ve past the point of mutual exclusion, unfortunately, between Republican ideas and Democratic proposals.  It’s time for a compromise.  The only way our country will ever truly recover from our governments reckless spending will be to raise taxes and cut programs.  Let’s see how the U.S. Government’s current budget looks …

 

Two things you can easily identify from the above charts: first, the expenses for 2010 exceed the income by 1.3 trillion.  This seems a problem, if you ask me.  Second, if you cut the entire Defense budget, we would still have a deficit.  This would lead me to the correct assumption that Defense is not the entire problem.

Though the above paragraphs and diagrams have been factual, from here we can only continue into opinions.  Opinions of what you believe government should be to people.  Personally, here is what I believe: Social Security is a ponzi scheme (wait, that one’s a fact, not an opinion) that assumes the citizens of the country aren’t smart enough to think and plan for themselves.  While this may be true, I don’t believe this is the place of government.

Medicare and Unemployment Insurance are for the government to manage, but they are secondary to the government’s primary responsibility, which is the protection and security of its citizens.  Therefore, the two combined should be equivalent to the government’s Defense budget.

But guess what?  Cutting these programs out or down still wouldn’t resolve our budget issues.

Here’s my point: we continue analyzing new budget proposals, but no politician will properly look at the areas that are truly pushing the budget over because it wouldn’t get them re-elected (or elected in the first place).

Don’t you love politics?  I sure do.  Formulate your own opinions on what should be cut, but the simple fact is, some of everything needs to be cut, and Defense is more of a necessity than the average American believes.  I’ll leave you with a few more fun graphs regarding the U.S. budget.


Tags:

Leave comment

Permanent link to this article: http://alexlaird.net/2011/10/the-government-sucks-at-budgeting/

Oct 27 2011

Urge Congress to Support Defense

Categories:

Airplanes and Rockets, Politics, Technology and Science

October 27, 2011

Not sure what your stance is on this issue, but in the case that you lean toward cutting Entitlement Programs rather than National Security programs, please fill out the templated letter to our Congressman below.  It literally takes less than fives minutes to fill out and read the pre-written letter, so if you agree with this, then exercise your right as an American to voice your opinion!

 
 

For a bit of background, Defense is almost always the first thing Congress looks to when trying to cut the budget (they’ve cut 460 billion from the Defense budget over the last ten years), presumably because the general public believes Defense does not directly affect them.  Obviously this is not true, but regardless, the currently proposed cuts would have a severe impact on the protection and security of our country, as well as over one million jobs throughout the country.  Obviously, jobs are affected either way: cut National Security, Defense jobs are affected; cut Entitlement Programs, those employed by those programs may be fired.  But I would argue that you won’t have Entitlement Programs at all if you don’t maintain a defense of the country that’s promising them to you.

The current defense budget is about 4.9 percent of GDP—the lowest ever during wartime and well below the post-war average of 5.3%.  In 1970, Defense took up almost 40 percent of the federal budget; today it makes up less than 16 percent of federal spending.

The thing that worries me most is that people talk about the defense budget as though that’s where the deficits and the debt have incurred. You could wipe out the entire defense budget and not solve the debt problem.

The first responsibility of government is to protect the American people. It’s important to have priorities and a strategy and know what you would like to do and then fund against those priorities and those strategies.

- Former Defense Secretary Donald Rumsfeld

 

 
 

Tags: ,

1 comment

Permanent link to this article: http://alexlaird.net/2011/10/urge-congress-to-support-defense/

Oct 18 2011

Puppy Potty Training

Categories:

Life and Lists

October 18, 2011

Dante, our little Shih Tzu ball of fluff, is finally fully potty trained (now I’m crossing my fingers that I didn’t just jinx things by announcing that).  I can finally relax when the chubby little guy waddles out of the room unattended–I no longer have to chase him down and ensure the door is closed so he sticks close by.  I don’t wander about prolonged silence anymore.  But, after Jess’ and my potty-training endeavours, I feel compelled to share with my audience two key points it seems all of the puppy potty training guides I ready seemed to conveniently (and frustratingly) ignore.

You see, Dante isn’t exactly the quickest, most intelligent of his breed.  In fact, it took him well over a month to even grasp the concept of not peeing inside, and nearly two months before I would say he was truly potty trained (to the point where he’d come tell us when he needed to go out).  Yet every how-to guide I read on puppy potty training said the same thing: do x, y, and z for one week and your dog will be potty trained.

First, I wonder if their definition of “potty trained” simply means that, when your dog is outside, it knows to go potty.  Dante had that figured out after a few days.  But that certainly didn’t mean he didn’t regularly continue to have accidents inside for more than a month after learning outside was the place to go.  If this is the definition of “potty trained” they are meaning to use, they all need to be much more clear about it.  And if you’re finding this blog after making the assumption I did (that “potty trained” meant, you know … fully potty trained), then I’m hear to offer you hope: there is light at the end of that tunnel.  Or at least dry carpet.

Second, none of the guides I read were written with apartment dwellers in mind.  And I know we’re not the only apartment dwellers with pets, since every one of our neighbors has yappy dogs.  Oh, as a little tangent about training and obedience: just like a child, yelling at the offender, empty threats or whatever springs into your crazy mind, does nothing if you don’t actually back it with discipline.

So, the lesson that I’ve learned in potty training a puppy that I’d lake to share and encourage you with is this: it takes time, patients, and consistency.  But most of all patience.  What the guides won’t tell you (though you should probably just assume this … duh) is that every dog is different.  Dante wasn’t disobedient in any other way.  He’s good with commands, he loves doing what makes his masters happy, and he tries oh-so-hard to please us 100% of the time … but he just has a tiny bladder.

I did read many guides that straight up said, “If it takes longer than a week to potty train your dog, you’re doing it wrong”.  I submit the writers of these guides either don’t really know what they’re talking about, or maybe you just need to refer to my first point (on the definition of “potty trained”) … or I don’t know what I’m talking about.  Which is also possible.

My point is, whether I know what I’m talking about or not, and whether I properly potty trained my dog or not (I was consistent, stern, and determined, and followed The Guides to a T), he is now potty trained; it just took a lot longer than expected.  So if you’re in the process of potty training your puppy, and you keep finding all these “I’m so good at training a dog, listen to me” guides that are discouraging you, don’t fret!  There is hope!  Keep doing what you’re doing, and keep encouraging your puppy when he does what is right.  Someday, he’ll have a bladder big enough to oblige the desires of his heart (which are to make you happy) and your request for him to not soil your shoes.

Tags: ,

Leave comment

Permanent link to this article: http://alexlaird.net/2011/10/puppy-potty-training/

Sep 24 2011

Information You Won’t Find Useful, Vol. 5

Categories:

Airplanes and Rockets, Information You Won't Find Useful, Politics, Technology and Science

September 24, 2011

UARS, the Forgotten Satellite

For those of you who don’t have interaction with the outside world (and I’m honored that you’ve chosen your first interaction to be with my blog), you’re probably not aware that a satellite recently came crashing out of the sky.  The satellite knows as Upper Atmosphere Research Satellite (UARS) was a research satellite used to track and observe weather patterns and the Earth’s atmosphere … this is code for saying it was a spy satellite, obviously.

At any rate, UARS launched into space in 1991 with the Space Shuttle Discovery.  Twenty years later, UARS was out of fuel and out of options as it slowly (“slowly” being loosely defined as, you know, 15,000 MPH) lost momentum in its orbit and inched toward the Earth.

Finally, early this morning, it crashed into the Pacific.  Somewhere.  We’re still not actually sure where exactly it hit.  There are rumors that fragments of the 6-ton satellite may have scattered into parts of Canada’s land mass, which is totally fine since no one lives up there anyway.  Luckily, the populated portions of the Earth are safe.

If you do happen to be an adventurous traveler in the confines of Canada (a moment of silence for the poor lost soul) and you find debris from UARS, NASA says not to touch it.  They promise there’s no space radiation on it, so my guess as to the reason they say not to touch it is that the small martians that live on it may jump out and bite you.

 

Don’t Ask, Don’t Tell

This week, Obama repealed the infamous Don’t Ask, Don’t Tell restriction for the United States military.

On Thursday, a few audience members booed a gay soldier who asked Rick Santorum if he would reinstate Don’t Ask, Don’t Tell were he the newly elected president.  Yes he would, he said, and most conservative candidates tend to agree with him.

I would say any type of sexual activity has absolutely no place in the military. And the fact that they’re making a point to include it as a provision within the military—that we are going to recognize a group of people and give them a special privilege [...] removing Don’t Ask, Don’t Tell, I think, tries to inject social policy into the military. And the military’s job is to do one thing, and that is to defend our country.

Now, as a Christian, I do not agree with a homosexual lifestyle.  I believe it is wrong, and I do not condone it.  However, I disagree with Santorum, because I also believe my beliefs on the morality of your sexual orientation have little to do with politics or your ability to serve your country.  And it seems to me that reinstating Don’t Ask, Don’t Tell would be more of a social injection than removing it has been.

I believe issues of legality should be things we take into consideration when allowing someone to serve in the military.  However, homosexuality is not an issue of legality, it’s a matter of personal lifestyle.  The United States will not kick you out of the military for being a particular religion, or if you are an habitual liar, or if a heterosexual has been unfaithful to their wife.  Yet somehow Don’t Ask, Don’t Tell assumes that homosexuality is just that sin that goes too far.

The apparently obvious conclusion Santorum and other conservatives try to come to is that “any type of sexual activity has absolutely no place in the military”.  However, people who make statements like these generally just stop the assertion wherever is most comfortable for them.  For instance, this assertion seems to stop at soldiers and feelings and lifestyles.  It seems to make the assumption that soldiers are robots that have one duty and one duty only: “to defend our country”.  Anything beyond that, apparently, is wrong for a soldier.  So, for conservatives to truly stick to their word in reinstating Don’t Ask, Don’t Tell, they’d also need to ban any heterosexual activities or discussion that would indicate his sexual orientation or personal lifestyle.  That would even prohibit a soldier from talking about his wife back home.  That would obviously be silly and pointless.  Good, then I’ve made my point.

And the loud-mouth idiot(s) in the audience booing the gay soldier asking the question of Santorum enjoys the safety and peace this homeland offers him because of that very soldier.  Now that’s gratitude.

My final thought: government regulations or not, it doesn’t really matter—the people you fight next to and live and die with are going to know more about you than a silly regulation allows or bans.

On a lighter note, Jess pointed out to me, “You know, if they do reinstate Don’t Ask, Don’t Tell and we ever have a draft, just come out and say you’re gay.  Then you won’t be allowed to serve.  That’d be an amusing way to stick it to ‘em.”

 

Juanita’s First Scratch

Juanita, the new VW Jetta SE Jess and I purchased in August, has been given her first scratch.  Observe.

Really, not that bad at all.

We were on our way home from Red Robin (I’m currently eating the leftovers as I write this), and we were making a left off Collins to Edgewood.  There are two left turn lanes there—I was in the leftmost lane—but the old man in the right lane didn’t seem to notice that.  He seemed to think he needed to move into my lane now.  And he did so.  Well, he tried to, anyway.  No blinker, by the way.

Somehow I suspected he was going to try this, so I already had my hand on the horn and let it blare as he inched his way into my lane.  He quickly veered back into his lane, and we both safely made our left turns in separate lanes to Edgewood.

Jess and I both let out sighs of relief, and we discussed in length the craziness of the man who did not use his blinker, nor did he look over his shoulder.

“That would have been the first damage to our car if he had hit us,” I mused.

Moments later we heard a loud *whack*.

“Oops,” I muttered.

“What was that?”  Jess shrieked.

It was someone’s bumper.  Not on their car, mind you.  It had fallen off their car.  It was just in the middle of the lane we were in.  Unfortunately, I hadn’t seen it until it was too late, and there was a car to our right anyway.   I ran it over, it got caught up in my tires, and half of it flew up and scratched poor Juanita.

Luckily, I happen to have the interior/exterior protection plan, which covers this sort of thing.  Juanita should have that scratched buffed out of her by this time next week.

 

Mass Effect: The Movie

According to an announcement at Comic-Con, Legendary Pictures plans on creating a movie adaptation of the popular video game series Mass Effect.  Or rather, they plan on making a film based upon the first installment of the video game.

The writers and directors have put the trilogy on par with Star Wars and Lord of the Rings, which I would tend to agree with … in video game form.  Mass Effect is by far one of the best and most immersive video games I’ve ever played, and this goes for the story, gameplay, graphics, and character development equally.  For those of you who have not played Mass Effect, the game mixes role-play with first-person-shooter in a choose-your-own-ending sort of way.  Literally.  There are thousands of choices that you make within the Mass Effect series, and dozens of game paths you can travel down.

In the grand scheme of things, your character develops one of two personas: paragon or renegade.  Paragon being the diplomatic, quick-witted, honorable soldier that is known of for his dignity and heroic acts, and renegade being the insolent antagonizer who is known for the fierce antics he uses to get the job done.

And that’s really just the problem with the possibility of a movie.  Shepherd, the main character that you control, could be one of two very opposite personalities, or anywhere in between.  Not only that, but players of the game are used to not just controlling Shepherd’s actions (like the average video), but also choosing the words he speaks during conversations.

The writers for Legendary Pictures have said that they’re aware that most movie adaptions of video games have failed, but they believe that this movie will be different due to Mass Effect’s immersive and intriguing story.  I think that’s the very reason the movie will be a pretty big disappointment to fans.

Anyway, assuming there is a movie, you’d better get caught up by playing the games.  Follow the links for the images below to purchase the series from Amazon.com:

Tags:

Leave comment

Permanent link to this article: http://alexlaird.net/2011/09/information-you-wont-find-useful-vol-5/

Page 1 of 1812345...10...Last »