Daniel E. Renfer’s Blog

David,
I must give you credit. Of all the 419 scams I have ever seen, your’s has (by far) the best grammar and spelling. Unfortunately, at this time, I am unable to assist you in transferring the 8.35 Million that your very generous late father has left you, but I wish you luck in your future scams.

—– Original Message —-
From: Dav Sol
Sent: Sunday, October 8, 2006 6:52:54 AM
Subject: Your Mail: From Dav

Your Mail: From Dav
Greetings from David / In Confidence

Hello dear

I am David Solumtochi from seirra leone but residing in Ivory Coast in Africa. It is my desire to contact you on honesty and sincerity to assist me in transferring the sum of $8,350,000 inherited from my father late Mr.Solumtochi. I am motivated in contacting you and hope to gradually build trust, relationship and confidence in you as i get to know you better.

So please i want to know if you will be of assistance but first i want to get to know you better. I am willing to offer you a reasionable ammount for your effort input after the successful transfer of this money and investment. Indicate your interest towards assisting me by sending your phone # and address so that i can communicate with you at any time.

I will be waiting for your response
my skype contact: davsolu
Thanks
David.

I’m not at work.

Normally, I should be at work right now, but I was given 3 days of medical leave. Last Tuesday, I was on my way to work when I got a flat tire. Just as fate would have it, this was the one day when my wife wasn’t at home. She had spent the night at her mom’s house, because they had some stuff to do in the morning, so there was no one I could call at home. I called off work and began walking the 4.77 miles to get home. Have you ever walked 4.77 miles? Don’t listen to the propaganda out there. There are a lot of people that say “Sure, walking 4.77 miles is fun! I do it all the time. See, I’ll do it right now.” Don’t listen to these people. Chances are that anyone that says they like walking 4.77 miles has a small parasitic alien attached to the base of their skull feeding off the pain receptors in their brain. Walking 4.77 miles actually sucks pretty bad, despite what the pod-people might tell you.

Anyway, in the process of trying to get home, I ended up developing an abscess under my left armpit. I’ve had similar things before. Never quite this big, and they’ve always gone away in time. This was huge. And it hurt. I was prepared to deal with it. I was expecting it to last a few days and go away. I was half right. It lasted a few days, but no signs of it going away. It took me getting to the point of not being able to move my arm without being nearly reduced to tears due to pain. That’s when I decided to go to the doctor.

We went to St. Mary Mercy Hospital because Toby had spent the night with his grandma the night before so we could go to a friend’s birthday party the night before. (which I may or may not write about next) I had to drive because my wife doesn’t know how to drive a stick. (which is what my car is.) The doctor scolded me for not coming in sooner, and said she would need to drain it. Which she did.
Let me tell you… I would’ve given anything to have one of those walking-type people stop by and lend me their parasitic alien for a bit.

Needless to say, it was painful. The nurse says that she must have given me some sort of anesthetic, but I don’t really think she did. If she did, I say we do an audit of that drug company, because someone is seriously skimping on the stuff that deadens the pain. I kept my cool. I knew that it wasn’t wise to piss off the woman squeezing and poking needles into a very sore spot on my body. I was tempted, but I held my tongue. (also known as being incapable of speech) She would keep saying, “Ok, I’m done, I’m done now.” and then keep going. I wanted to scream “You fucking liar! You’re not done. You know you’re not done. If you were done, you wouldn’t keep… ow… doing… ow… ahh… ow… this.”

She had to leave some gauze packed into the hole so it would keep draining, and gave me a referral to go to a surgeon the next day to remove the gauze and take care of it the rest of the way. I was given my work release, a prescription for some antibiotics and Vicodin and sent on my way. The next day I tried to set up the appointment with the surgeon she referred me to, but he was out of town(?) and wouldn’t be able to see me for 2 days, so Amanda got me an appointment with a different doctor for the next day.

The next day came, we dropped Toby off at his grandma’s again, and borrowed her van in case I wouldn’t be able to drive. We went to the doctor’s office, I checked in, I filled out my complete medical history, (Again! You know, for once, I’d like these doctors to communicate with each other so I don’t have to keep remembering the surgery I had when I was 6 every time I go to a doctor.) and we waited for the doctor to get there. A half hour later, they called me in. I took off my shirt. He took a pair of tweezers and yanked the gauze out while a nurse put fresh covering over it. This was nothing that I wouldn’t have been able to do on my own. I guess that’s why he gets paid the big bucks. (my big bucks.)

So, I’m mostly better now. I have to go back to work tomorrow night, and I have a few Vicodin left. Let this be a lesson. Always make sure you have a spare tire in your car, unless you have a starving parasitic alien sucking on your neck. In which case, do whatever you want.

About a year ago, I decided that I wanted to upgrade the blogging service I was using on my site. I had a whole bunch of old stuff filling up my database that I had imported from Livejournal when I first switched over. I didn’t know about the custom import script for LJ at the time, and manually copied all of my old posts from an XML export that Livejournal had provided me. In doing so, a few errors had seeped through. I was also, at one time, a sucker for those stupid quizzes and memes that infest Livejournal. If there is one thing that can be said about those quizzes, it’s that they take absolutely no care to provide you with clean HTML. Being the semantic freak that I am, I vowed to one day go back and clean up those old posts so that my site would one day be pure XHTML across the board.

That day never came…

I did a dump of my MySQL DB, loaded it into my favorite text editor, and began fixing the problems in my old posts. Not wanting my DB to get out of sync with the copy I was working on locally, I kinda gave up on posting new content. Once the momentum of not doing something gets going, it’s really easy to keep not doing it. (Ask Issac Newton. The guy really started slacking off after March 31, 1727)

Well, that’s all over now. My old posts arn’t as clean as I would like, (or at all) but I at the very least have upgraded my blog software. While I don’t think I’ll ever have time to go and do the deep, in-depth posts like I used to when I was single, unemployed, and living at home, you can expect to see post coming out of this site more than the once every few months. So wish me luck. Daniel E. Renfer is once again a blogger.

I just updated my old installation of Wordpress 1.5 with a brand spanking new Wordpress 2.0.* install. If your feed reader picks up my older posts several times, I’m very sorry. Things should be stabilizing here shortly.

This took me so long to write, and I went off into such a rant that I thought I should reproduce it here.

We have 2 issues here. SSL on the RP, and SSL on the IdP. I think the interchanging of the two is causing a lot of confusion on this thread about what the security issues are, and where they lie.

SSL on the IdP for the end user is vital, but should not be required. As an end user, choosing a IdP means that I must trust that particular company to protect my identity.This is really two parts, I must trust my claimed identity to give the correct server information to the RP, and I must trust the delegated IdP to be secure.

If the flow between my personal website and the RP becomes corrupted, then the RP could be made to believe that I trust http://authorize.everybody.com/openid as my IdP as opposed to https://authorize.onlyme.com/openid. On the other hand, as an end user, I have to make sure I trust the most secure IdP out there. I’m going to want to make sure that onlyme.com is the most secure IdP available. myopenid and verisign are going to be much bigger targets for hackers than the hundreds/thousands of individual bloggers/net-citizens that delegate to them.

Socially, any IdP that is not using SSL should be shunned and is probably not a good choice as the guardian of your identity, just as a site that accepts unsecure username/passwords is probably not the wisest site to use the same username/password combo that you use for your bank. (This is worse with OpenId because one of the design goals was to create a verifiable link between the usernames at the two sites.) A security-conscious RP (like my bank) is going to be concerned about the strength of the assertion coming into it’s site just as they want me to have at least 6 characters with at least one number, but if I don’t secure my own identity, that’s really not the fault of the RP is it? If I call up my bank and tell them “I posted my username and password to 30+ newsgroups and now all my money is gone, WTF man?” they wouldn’t really be able to claim a flaw in their security.

I can see the ultra-secure RP’s rejecting me, or at least advising that my Id contains potential security flaws because I didn’t know any better and I thought that maybe http://authorize.everbody.com/openid was a good choice and point me to an FAQ explaining that I might want to consider a secure IdP like https://authorize.onlyme.com/openid instead. As an end user, I’d probably appreciate that. I would probably get a little annoyed if a site denied my login because my IdP used http, unless maybe it was a government or medical site, then I might understand. If some new site that I was checking out wouldn’t let me use my identity, I would probably get annoyed that they were being pedantic and move along to some other site.

So that about covers SSL on the IdP. I want to make the choice to have a good company guarding against a hacker having access to all of the sites that I go to. SSL on the RP really depends on the nature of what I’m doing on that site. If my bank accepted OpenId’s and they only had http, I would probably look for a different bank. If johnqblogger.com used OpenId, I wouldn’t be overly worried giving my identity in the clear, the worst thing that’s going to happen is someone might be able to post a comment as me. OpenId goes a long way towards being secure even over unencrypted communication, (in most cases) so SSL being required on the RP should be important to the end user, but not mandated.

Forcing RP’s to use SSL for OpenId means that I, as well as all of the other small-time domains running little more than a Wordpress install on a shared host wouldn’t be able to implement OpenId without shelling out the extra money for a unique IP address. I understand the benefits of SSL, but I doubt that most people would be willing to pay extra just so they can do a slight upgrade to their commenting system identifying what would otherwise be only semi-anonymous comments.

For any site that deals in sensitive information, SSL is a must. I think the general web-browsing public is just starting to understand that if you don’t see that little lock icon at the bottom of your browser, then there is the possibility of that information being intercepted. Posting my reply to some blogger is not the same as posting my SSN and Credit Card Number and list of venereal diseases contracted in the past 6 months. (in my case, none)

I’m +1 to strongly suggesting that SSL be used at every step of the chain, but I’m -1 to SSL being a MUST at any step of the chain.

What’s wrong with taking a baby skydiving

I may not know all the words, but I have “The Warrior” by Scandal stuck in my head

I finally filled up 1% of my GMail inbox

I’m sorry, but when you buy property on a place called “Haunted Hill”, you have no right to act suprised when you find out your new home is posessed.

What do you call someone who doesn’t know about agnostics?

I wonder if efficency would go up if we started selectively breeding monkeys for Shakespeare-writing abilities?

I need to find a discordian preist that’s willing to travel to michigan to perform a wedding ceremony

Dora and Diego wouldn’t last 5 minutes in the real world without the kids in the audience shouting out what to do.

I just managed to get myself an invite to Orkut If you want an invite, message me.

You know, no one ever rolled their eyes when a classical pianist played some Mozart cover.

I came within $310 of qualifying for the Earned Income Credit.

It takes a special dinner to get drunk off tacos

I want this shirt for X-mas

If there is one thing youd like to know about me, ask and i will try to come up with a convincing lie! Anything, nothing is out of bounds here. Ask away people!

(stolen and slightly modified from kargowolf’s post)