Heather on Wheels

We gave Heather a pedal bike on her birthday last year, but she still needed to improve her balance before she'd be able to pedal.  So I took the pedals off so she could focus on balancing (she had outgrown her balance bike).  Last weekend she was ready to level up and add the pedals back.  She really improved her balancing ability and lifting her feet to the pedals went off without a hitch.  She is greatly pleased with this new skill and enjoys riding laps around the neighborhood at every opportunity now.

Download video here: VID_20170513_140642507 (28 MB)

A Trip to the Coast

We took an extended-weekend trip out to the northern California coast last weekend.  We left Wednesday afternoon (April 5) and headed out to the Red Lion Hotel in Eureka.  We got in a little late so it was straight to bed the first night.

On Thursday we headed out to the Elk River Trailhead & Old Town of Falk Walking Tour to take the ~2 mile round-trip path out to what I was led to believe was a ghost town.  But, at least as far as we could see from the trail, there really isn't anything to see left of the old logging town.  You can see some of the remnants of the old caretaker's house from the 1970's, but that's about it.

Though the goal of the hike was a bit of a letdown, I really liked the quiet of walking through the redwood forest with mostly nobody else around.

After our hike we headed to the Loleta Cheese Factory (not to be confused with the Cheesecake Factory restaurant).  They had already completed their cheese production for the week so we didn't get to see any being made, but we had lunch at their grilled-cheese bar and then completed their garden scavenger hunt.

We bought some cheese to bring home and then headed back to the hotel.  For dinner we walked across the street to the China Buffet.  Corinne was happy to have a plate of green beans and honeydew.

On Friday we got up and headed out to the Samoa Cookhouse for breakfast.  They claim to be the last operating cookhouse (from the logging days).  They have a daily-changing, set, all-you-can-eat menu served at communal tables.  We had pancakes, eggs, sausage, orange juice, and biscuits with gravy.

We needed to fill up for our drive up north.  Our first stop was at Trees of Mystery and stereotypical tourist trap, but with the unique draw of gondola rides through the redwood forest.  We were thwarted in this plan due to a power outage and the gondolas weren't running.  So we kept on driving up to Crescent City to see the Battery Point Lighthouse.

The road up to Crescent City from Eureka (US 101) seems to have suffered some damage from California's rain this year.  Several sections were down to one lane due to landslides, with construction going on to rebuild the lost roadways.

Here the stormy weather made for a much more interesting visit.  You can see a wave crashing over the far side of the cliff upon which the lighthouse sits.  It's an operating lighthouse with a 24/7 staff.  Its cliff is an island during all but low-tide and when low-tide aligns with midday they offer tours.

We got there a little early for the tour, so we headed to the Apple Peddler for lunch where we narrowly avoided getting caught out in an impressive hailstorm.  After lunch we headed back to the lighthouse for a tour.

The stormy sea made for some moody pictures I really like:

I would have taken more long exposure pictures of the waves, but I didn't bring my tripod, so I took a few by setting my glove down on some seaweed on a rock and putting the camera on that.  This rather limited my subject options.

On the way back from Crescent City we tried Trees of Mystery again, but the power was still out.  However, I snapped this picture from the parking lot.

Dinner was at Marcelli's Pizzeria.

Saturday morning we got up and had breakfast/lunch at Kristina's Restaurant before heading out to Trinidad State Beach.  Our GPS unit doesn't understand where that is and attempted to kill us.  It wanted me to drive down some steep, dark, dirt/mud, little one-lane road. I vetoed that option and Jess used her phone to find our way to actual beach access.

I call this "Heather versus the ocean"

After the beach we ate at the Lighthouse Grill in Trinidad and then headed back in to Eureka to get dessert at Vampire Penguin (shaved snow sundaes).

On Sunday we packed up and headed on the road back towards home.  We drove through Avenue of the Giants where I snapped this picture:

Then we stopped off at Chandelier Tree to see if I could squeeze the van through a tree.  We managed to squeak through but not much room to spare.

Heather and Corinne desperately needed to get out of the van and run around for a bit, so we stayed at the tree for a little while.  Heather explored the meadow and Corinne played with the gravel.

Then it was back in the van until we managed to find a Taco Bell for a quick dinner before pushing on home.

Facebook's Image Recognition/Tagging System

I've noticed recently that Facebook has been applying an automatic image recognition/tagging process to any pictures that are uploaded to their system.  The general idea is to get a computer to "understand" what's in a picture.

In Facebook's case, images are given a textual description automatically which is used to provide meta-data that can be accessed by screen-readers (used by the visually impaired when using computers).  This isn't about facial recognition (though Facebook is doing that as well).

For example, I came across this picture from a friend of mine:

Which Facebook's artificial intelligence system automatically tagged with this information:

Image may contain: sky, twilight, outdoor and nature

Automatic image tagging/recognition has been a popular field of research, but this is the first time I've seen it actually used in a production system for something useful.

It's pretty good too.  Here's one of interest to the Dickerson family at large:

Which Facebook automatically describes as:

Image may contain: 8 people, people smiling, people standing and indoor

I just found that interesting.  That's all.

Who's waging war against HTTPS?

In April 2016, Let's Encrypt went live.  Let's Encrypt is a group making it significantly easier to encrypt web traffic.  Some entity seems to have begun waging a war of public opinion against them.

Previous to their existence conveniently securing web traffic meant paying money to a company which would then provide you with a "certificate" for your website.  Servers and browsers use these certificates to create a secure communication path between them.  This secure path (denoted by URLs starting with "https://" rather than "http://") prevents entities between your computer and the website from seeing or altering the data being sent to and from the website.

Because of the cost and inconvenience many websites used unsecured connections.  However, places like banks, shopping, and healthcare providers have pretty much always used secure connections.  It took a few years but eventually social media websites began using secure connections by default as well.

Before Let's Encrypt, millions of websites only had their content available via unsecured communications.  For many people, like myself, running websites without any goal of making money from them the expense and hassle of certificates wasn't worth it.  Now, my websites are all available through secured connections, for free, thanks to Let's Encrypt.  (To be clear, many websites still haven't taken advantage of this service yet, but they at least have the option now.)

But, if banks and such use secure connections anyway, why do we care about Let's Encrypt, should I care if "someone" can see that I'm reading this blog post?

Maybe.

On March 28 Congress voted to repeal FCC regulations that prevented your Internet Service Provider (ISP) from spying on your web traffic and using that information to their financial benefit.  The regulations also prevented ISPs from altering your web traffic for similar purposes (e.g., injecting ads into a webpage when you view it).

Maybe you don't care if Comcast, or AT&T, or Verizon knows you like to knit and shop at JoAnn's Fabrics.  But maybe you'd be concerned if they started selling information to other companies about you visiting cancer treatment websites, or rape support groups, or divorce attorneys, or any number of kinds of sensitive information.

Using encrypted connections doesn't solve this problem entirely, but it makes the information available to your ISP a lot less useful.  For example, your ISP would still be able to tell you're looking at Amazon.com, but they wouldn't be able to tell if you're looking at knitting needles or books about infertility treatments.

Regardless of your stance, someone seems to be working hard to turn public opinion against Let's Encrypt and again make it harder to encrypt web traffic.  Articles like this one: "14,766 Let's Encrypt SSL Certificates Issued to PayPal Phishing Sites" have been showing up all over the Internet recently, all making similar claims that it is Let's Encrypt's fault that people are falling for fake PayPal scam websites.

I don't think it's actually PayPal behind these articles, because this problem is nothing new, but the concerted, direct attack on Let's Encrypt is new.

Let's Encrypt does not verify the identity of the person requesting a certificate (which other certificate providers will do for steep fees, $300+ per year, these "verified" certificates are significantly different than the "non-verified" certificates issued by Let's Encrypt).  Instead Let's Encrypt verifies that you control the website for which you're requesting a certificate, slightly different.

The argument made by these articles is that now someone can get _a_ certificate for "paypall.com" and people will think that the green lock icon on their browser means they're connected to "paypal.com" instead.  Which it doesn't and never has.  The "verified" certificates show up differently in your browser.  For example, on this blog you'll see something like this:

With a "verified" certificate you'll instead see something like this:

This indicates that the company issuing the certificate verified that the company requesting the certificate is "PayPal, Inc." and the certificate is for "paypal.com".

The articles want you believe Let's Encrypt is somehow at fault if people end up at "paypall.com" with a green lock and think it's "paypal.com".  Let's Encrypt isn't providing "verified" certificates or trying to solve that problem.  The problem they're trying to solve is that too much web traffic is unencrypted by default because certificates were expensive and inconvenient.

Someone with a vested interest in being able to read and/or modify your web traffic has been working really hard to get these articles out and make it look like some kind of "public safety" issue.

I have no idea who that entity may be, but it's making me really annoyed.  Let's Encrypt is a good thing for anyone that thinks that their Internet communications should be private by default.

Update 3/31: Engadget just ran one of the attack pieces too: "When the 'S' in HTTPS also stands for shady".  Which is the most mainstream source running these articles that I've seen thus far.

To be completely clear, when a URL starts with HTTPS it only means that your connection is encrypted between your computer and the website--it has never meant anything about who is running the website is or whether the website operator is trustworthy.

Corinne's 2nd Birthday!

Corinne turned 2 yesterday.  The night before, she decided sleep was for the weak and stayed up 4 hours past her bedtime.  She was happy as could be, but she needed to be asleep.  The consequences were felt the next day.

Also, being St. Patrick's Day, Heather had special activities at school and was totally worn out by the time she got home.  (She did not manage to catch any leprechauns either at home or at school.)

Corinne doesn't seem to have a favorite food other than grabbers, so we tried Chick-fil-A for dinner.  She wasn't interested in any of the food.  She did have fun wandering around the restaurant though.

So then it was home for presents and cake.  She very much enjoyed opening presents.

(FYI: If you know kids that like My Little Pony Friendship is Magic, seasons 1-3 are only $12 each on Amazon; which is not only reasonable, but a good price, especially for a kids' show where the norm seems to be to gouge.)

But things went downhill when we started singing Happy Birthday.

And Heather was saddened by the whole thing too:

Corinne's been sick on and off since Christmas.  This week she got her third ear-infection diagnosis in that time frame.  Hopefully her future birthdays are a little healthier and more enjoyable.