One of the sites I visit a lot, fark.com, recently changed their design. I think it's an attempt to look "grown up" or something, as the guy who runs it is pimping a book, being interviewed on CNN, etc. So they wanted to myspace it up a little, and the new design is hard on the eyes and looks generally bad. It's slower, too.

There's a very nice Firefox plugin called Stylish which can fix that. You basically get to selectively override style sheets with the extension. So you can make cnn.com look like it's being rendered in Netscape 0.9b. Or you can fix fark.com's borked design and make it more readable again. Just use this:

@namespace url(http://www.w3.org/1999/xhtml);

@-moz-document domain("fark.com") {

	body {

		font-family: Arial, Helvetica !important;

		background-color: #666699 !important;

	}

	#commentsArea {

		width: 100% !important;

		text-align: left !important;

	}

	#commentsArea BR {

		margin: -1px !important;

	}

	#commentsArea .ctableTF{

		margin: 0px !important;

		padding: 4px !important;

		padding-left: 175px !important;

		width: 100% !important;

		border: 0px !important;

		background-color: #e0e0e0 !important;

		color: #000000 !important;

	}

	#commentsArea .ctableTF a{

		color: #880000 !important;

	}

	#commentsArea .ctable{

		margin: 0px !important;

		padding: 4px !important;

		padding-left: 175px !important;

		width: 100% !important;

		border: 0px !important;

		background-color: #eeeeee !important;

		color: #000000 !important;

	}

	#commentsArea .ctable a{

		color: #880000 !important;

	}

	#commentsArea .cdate{

		position: absolute !important;

		left: -5px !important;

		width: 150px !important;

		font-size: 10pt !important;

		text-align: left !important;

	}

	#commentsArea .ctext {

		margin: 0px !important;

		padding: 2px !important;

		padding-left: 5px !important;

		padding-right: 5px !important;

		width: 100% !important;

		text-align: left !important;

	}

}

Now everything is (almost) back to normal, and your eyes won't hurt.

(Special thanks to TheEndless.)

UPDATE: You can also use Cthulhon's Fark Reskin to make further enhancements.

Someone decided to take the time to plot the president's approval rating over the course of the presidency. It's sad, in a "why did we bother with Iraq (again)" or "Isn't Iraq kinda looking like Vietnam 2 Electric Bugaloo, Mr. Cheney" kind of way.

But what I'm really curious about when looking at that graph is who the 30% are who approve of what he's done. Are they straight right-edge jingoists? War mongers? Those bumpkins with "Nuke Iraq" stickers on their trucks? I know plenty of gun-toting, died-in-the-wool republicans who are digusted at this nonsense Bush has dragged us into. And this chart is telling me that if I rounded up 1024 Americans, I'd find at least 300 who say they think he's doing a great job? What has he done that one would approve of? I can't think of anything, honestly.

Maybe it's the 8.7 trillion dollar deficit they think is fine. Or there's a large group of folks who think sending another 25,000 soldiers "surging" into a pointless war (something even Nixon couldn't bring himself to do) is a good thing? They like his policy of relegating the US to the backwaters of stem cell research? His efforts to tie our government to one kind of religion? They think he's a great public speaker? They like C students leading them? What is it?

What do the 300 people I talk to approve of exactly? Seriously, how, exactly, has he made our country a better place then before he was elected? What has he done that was good? What is he now doing that will leave us in better hands?

I just don't get it, and have yet to find anyone that can give me any examples of why he is in any way a good leader. Beyond the idiotic "I vote the party" horseshit, I mean. And he was elected (well, uh, you know, kinda-sorta) twice! It's just sad that we'd do that to ourselves.

Dear Mr. BizDev Guy in Cube Across the Hall:

I'm really curious if you are a double amputee or not. Because I just can't figure out why you always have to use your speakerphone on ultra-loud volume all day. I mean, you must not be able to lift the receiver to your ear, right? And have you heard of a headset? I'd think even a guy with a pair of hooks for hands could manage to wrangle one of those on in the morning (I mean, if you know you're going to be on the phone all day, why not get set up early?). They give headsets out for free at the tech stop. You might even be able to flag down some flunkie to make the 150 yard walk for you. Why don't you avail yourself of one instead of using your speakerphone. See, because nobody uses their speakerphone. Because it's rude!

Do you want to the rest of the office to know you're a mover and shaker? Probably. Is it your over-inflated sense of self-importance? Almost certainly that's part of it. But when you can can be heard waaaaaay over in the bathroom (easily 100 feet away) then you have a problem. It's called a lack of concern for the well-being of others, jackass. You work in a shared office for fuck's sake! Have a sense of responsibility for the comfort of the 200 other people who have to work near you!

Nobody cares who it is you're talking to. I've talked to people at big-shot companies too. Nobody cares that you're "going to have to put this under NDA before we move forward". I've signed more NDAs than I can remember. Nobody cares about synnergy, taking it to the next level, bringing [insert group name here] in the loop, or any other horseshit marketer-dronespeak that comes out of your filthy hole at the top of your voice. Everyone just wants you to shut the fuck up and use your phone like everyone else.

You want to swagger aroud the cube while being Important with a capital I? Fine, nothing wrong with that, Mr. Always Be Closing. Just get a headset and long cord. Don't continue to foist your conversation on everyone else. You already foist your goddam cologne on us (what do you do every morning, bathe in that shit?). What other senses can you assualt us with? No, I mean it: you touch me and you're in trouble.

Signed:

A guy who has to put up with your shit while actually trying to get the work done which you converse about with so much bravado.

P.S. If I once more have to hear you check voice mail more than 6 times an hour, I'm going to leap over the cube wall and stab you in the neck with my scissors. There's a fucking light on the phone which tells you if you have voicemail, you nitwit! Are you really too stupid to look for the flashing red light on the phone, or are you hot for the sound of the voicemail lady's voice? You just like pressing your PIN and the pound key a lot? You like to be reassured that you can press zero for more options?!? What is it? Why, damn you, WHY?

Well, about 75% full anyway. Want proof? Try this.

I don't know about anyone else, but I still get pretty darn good results using Google -- and they come up really fast without annoying ads all over the place. The rest of that nonsense I don't know anything about. P/E this, Chinese that... whatever. Use whatever search engine you like and quit your bitching, says I.

Oh, and the motto isn't "Do no evil". It's Don't be evil. There's a difference (besides semantics). I strongly believe in that motto, too.

And that's pretty much all I have to say about that.

So I changed offices today at work. They put me back in with the guys I used to be with -- except for one fellow. And as luck would have it, my beloved Model M keyboard was too loud for the new space. And I was using the quiet version even -- specially bought for this shared office situation!

So I had to march myself down to the parts guys and get a new, quieter, shitty keyboard. It's fucking hell typing on that thing. My wrists hurt after only a couple hours. I'm bringing in a quiet-ish, less shitty (but still not completely good) keyboard tomorrow. If that one isn't quiet enough, then I'll bring in my vintage 1987 loud-ass Model M and type out a novel on it.

In retaliation, I availed myself of the lamb curry from the cafe and was inclined to take it to-go, so that I could eat lunch in my new office.

If you find yourself the recipient of a spammy blog comment, and the spammer happens to be using a Gmail account as their "return address" for the comment, then Google provides a handy way to report the abuse.

The cool part was that I didn't even have to go log into a work machine to find out who I needed to talk to (at work) about these low-lifes! I've met a few guys on the Gmail team, but looking up their email addresses and writing them an email from my work account would involve dragging out the laptop and such. Too much effort for a Saturday morning. I (sort of recursively, I guess) did a Google search for Gmail spam abuse and there was the form. How meta-handy is that?

It's much better to use the official abuse form than try to "back channel" it anyway. Added bonus is that anyone can report Gmail abuse using that form, and it wasn't hard to find.

I've never bothered looking for a Yahoo abuse form, since I long ago blocked any yahoo.com address from being able to leave comments here. So I can't say what those guys are doing. Seems like a lot of junk comes from the yahoo.com domain, though. (Maybe because it's been around longer than gmail.com?) I did some numbers a while back and close to half of the spammy comments left here had a yahoo.com at the end of the email address. So rather than report each one, I just blocked the entire domain.

But the really sad part was the spammy comment left today was for a kid's website. Kids! The website they wanted to clog search results with was this one: http://www.funbrain.com/. As you can see from a little cursory digging for the phrases used in my spam comment, this particular slimeball has been quite busy lately. Just pathetic...

Anyway, I'll try pretty darn hard to see that they don't get to leave any more spam with that account.

I rarely wish harm on anybody. But sometimes I do. Not often, but every so often. Usually when I run across assholes wonderful human beings like these guys: http://www.mytrafficbutler.com/ (paste that URL into a browser; I'm not helping their ranking by legitimately linking to them). To wit:

BLOGS: Other 3rd party sites are in development right now and they plan to charge you a high price for services like this, plus by then, the blog blasting advertising method will be saturated. Start blasting your web site and your ad to thousands of blogs while the advertising method is still new. You'll get noticed by 1000's and get results. Plus, search engines list these and list YOUR AD AND URL.

That's a description of one of the "services" they offer.

This site got posted to fark.com, with a "cool" tag and a headline like "Send thousands of targetted visitors to your site". Another guy on Fark chatted with a customer servcie rep from their site. Here's his actual transcript, which he posted in the thread:

Please wait for a site operator to respond. You are now chatting with 'Winston' Winston: Hello there you: Never in my life have I seen somebody with the nuts to brag about blog spamming as an advertising method. You must be proud. Winston: yeah sometimes it hurts you: Do you stick to the 10k-plus readers metric before you spam, or will you nail the little guys too? Winston: the blogs are owned for the sole purpose of letting others post on them Winston: Im not sure what youre refering to - if its actualy emailing people or what] you: And would you say that the purpose of owning a blog is to have others saturate them with advertising so the discussion they were intended for is rendered impossible? Winston: its for search engines - not for people to read you: That doesn't make it any less detrimental to the people running the blogs, though, does it? Winston: they run them for the sole purpose of letting people post in mass Winston: thats the only thing theyre used for Winston: the owners want it that way you: You don't think they intend for people to post, say, on the topic of the blog itself? Winston: the whole point of it is to post on them in mass - for the purpose of search engine ranking Winston: nothing more you: heh, right. Well, justify it any way you like, I guess. Have fun with that, but you sure as hell won't get my business.

That's abhorrent. And what's really super annoying is that nearly every blog out there runs on software which removes the blog spam temptation from a technical perspective. Spamming a blog doesn't help your ranking. And it can even hurt it!

The sad part is that people actually pay them to do this. The web's been around over ten years now and some folks still don't get it.

UPDATE: The guy who posted the link to Fark actually responded to the posts and said that he had "removed the blog spam service from the site" (probably due to the guy who posted the chat session above, but also maybe from a post I wrote explaining why blog spam is useless). I was composing a reply to his comments, but by the time I hit "send" the article had been deleted. A shame. I had some valid questions for winston7, and was hoping he'd answer them for me. I've never been able to talk directly to one of Satan's minions before, and was looking forward to a rare opportunity...

The government confirms it: Yahoo, AOL, and MSN were also asked to supply search records information, and all complied. Google (rightly so) told the Feds to get bent.

This administration needs to go. Really now: Make up your own porn search terms. Don't ask a private organization to get involved in your judicial spats over silly and unproductive (and overturned!) laws.

I'll not be trusting Yahoo, AOL or MSN much. (Not that I did before, but still...) They gave everyone up without hesitation. The correct thing to do was refuse. They failed to do this correct thing, and it shows where they place their users and privacy in the grand scheme of things.

(Note: This is all my personal opinion, not authorized by anyone at work, blah blah blah.)

So this dullard submits a story to Slashdot about Google Analytics inviting more people to the service. And he calls it a "snazzy web site hit counter". That's like calling a 747 a "little airplane". It's just a bit more complex than a hit counter. Just a little.

It is sort of sad if people would sign up only to use it as a hit counter, though. There are a lot of people that would get much more use out of it than them. The "it would really help their online business" sort of use.

"Hit counter". Bullocks!

Grumble...

So Tess and I have these left over IKEA bookshelves (the Billy model; yes I know that sounds vaguely sensual) from our old house. They survived the trip and so I thought I'd use them to cover up the dance studio-like floor-to-ceiling mirrors in our front room by truning them into quasi-builtins. We went down to IKEA, got a corner unit and two other Billy shelves in the same color only to find that, once assembled and standing next to our legacy shelving, they don't match what we have in the slightest. It's not even close to the same color. It looks like two different kinds of wood even!

Up yours, you Swedish-like people!

So that means I have to go to IKEA again (about a 3 hour process) to grab two more shelves and hope they are the "new birch veneer" color as well. And it also means that I'm left with another two Billy shelves which will have no home.

We don't have what you would call a lot of space for shelving (I know that sounds odd, but so is the house), and I already have another two Billy shelves (in dark brown) that were destined for the spare bedroom. Actually, there's one more set (non-Billy; a model with deeper shelves) floating around as well. And a half-height Billy, too, that was left over from my old office. So that's, what? 5 ½ extra shelves which need a place to live?

I guess I can take the lighter color ones, the deep shelf can go in the spare room, one Billy can stay in the garage, and 1 ½ shelves get a "Free to a good home" sign on them and are placed on the curb for the Oompa-Loompaz in Da Hood to take away.

I like IKEA and all, but enough is enough. I should have just custom built shelves in front of the mirrors. Probably would have been faster.

I have a solution for the cruise ship piracy problem: arm the vacationers. You know how they used to offer trap/skeet off the stern of cruise ships a while back? It'd be like that. Except way more fun. Here's how it works...

At several points around the upper deck, there are unobtrusive white weatherproof lockers. In those lockers are surplus bolt action rifles -- like old Enfields or something. They're about $80 each, and so almost disposable. Stock each locker with, say, two dozen rifles and 2,400 rounds of ammo on stripper clips (for faster loading), and 6 shotguns with perhaps 50 rounds of 00 buck each. You need about one locker for every 60 linear feet of deck railing.

Every locker has two crew members assigned to it, each with a key. All the lockers also have a centrally-controlled internal lock, and each is alarmed. The crew members wield the shotguns, and act as spotters. The passengers get to use the rifles. They sign up for deck rifle duty early on in the cruise -- before the ships weighs anchor.

Right after the life jacket drill, the volunteers get training on how the anti-piracy program works, and basic marksmenship. This only needs to be about an hour at most. Each person signs a heavy-duty waiver, is inducted into the shipboard militia, given an oath swearing to upload maritime law and the ethical dictates of the captain and crew, and finally assigned a locker station to report to in case of defensible action in warranted.

When word of impending piracy is broadcast, the locker crews immediately attend to their assigned locations. Those passengers cleared for rifle duty are asked to report to their deck station. Everyone else is asked belowdecks.

The gun crews check in each passenger using the barcode on their picture IDs, and assign each militia member a weapon (also barcoded) and 100 rounds of ammunition. Each newly-armed passenger is assigned a portion of railing, a field of fire, and given the order to call out any targets.

Once pirates are spotted, locker crews report the contact to the bridge, and ask permission to fire. (If the ship is fired upon first, return fire is immediately warranted, and able to be authorized by the locker crews directly.) The bridge makes the call to open fire or hold fast.

What this basically boils down to is a big cruise ship bristling with rifles that have an effective range of about 600 yards. Since all militia passengers can't be relied on to accurately shoot that far, the concept relies on volume of fire, purely as an ersatz area-of-effect weapon.

Piracy would end abrubtly, which would be a shame. The world would be much better off without those who would prey on the unsuspecting in it. The passengers would get a bit of extra excitement, and the sense that they are improving the lives of everyone who comes after them. Without something, they're basically trapped there like cattle, at the mercy of a glorified rape whistle. If you take an African cruise, pray that you get a ship with high-tech defenses. But really, a more permanent solution is warranted.

Morally, there's no grey area with any of this. These are guys who pile into little fast boats with rocket launchers, bent on maiming, killing and stealing. They'd leave an entire ship's complement for dead in a heartbeat. The minute they come after a cruise ship, the jig is up. They know what they are there to do, and so does the crew of their would-be target. A lower form of life than these I cannot imagine.

Besides, it'd be hellaciously fun to teach these bastards a terminal lesson in the differences between right and wrong. I'd pay double for a room on that cruise ship.

The answer is: Not very damn much. Check out this Rolling Stone article which does a breakdown of where the money goes when you spend $15.99 for a CD:

$0.17 Musicians' unions
$0.80 Packaging/manufacturing
$0.82 Publishing royalties
$0.80 Retail profit
$0.90 Distribution
$1.60 Artists' royalties
$1.70 Label profit
$2.40 Marketing/promotion
$2.91 Label overhead
$3.89 Retail overhead

Of the $1.60 the artist is making from the sale of their CD, they have to pay out for recording studio fees, and other miscellaneous costs, so they basically wind up with little to nothing.

The next time anyone gives you crap about legally importing music from Russia, and taking advantage of good exchange rates rather than line the pockets of the RIAA, show them the numbers above. Then tell them that if they really want to "support the artists" they should go see a live show and buy a t-shirt on the way out, because the artists aren't making shit off that CD you bought.

I'm really curious to see what the breakdown is for iTunes Music Store. It costs about the same amount of money to download every song on a CD from them as it does to buy the actual disc, so I assume that the breakdown is the same.

If you ever find yourself the recipient of the Evil Eye when out in public, get yourself some magical string and be protected! Or, just take a shower and stop wearing patchouli and then maybe people will stop scowling in your presence, you smelly hippie.

Seriously, are there really people who believe this shit? Though I have to admit, there's something really appealing about fleecing new age morons by selling them $20-a-yard yarn. These are the same people who drink animal water and believe that life force energy somehow exists. They probably also take metaphysical advice from their cats and believe in (and buy!) pyramids. Honestly, sixty bucks for a nine inch wide wire pyramid? That's $10 a foot! For wire! Man, I really wish I could get me some of that hippie cash. I know where to get wire. And wire's cheap, too.

Some people might wonder how these new age hucksters sleep at night, but I think it's a really righteous burn, picking on the mentally disadvantaged like that.

Now this news story is just plain weird.

Steve Ballmer is just not right. No ape required.

It's my birthday. I'm in a temporary apartment in Mountain View. I was supposed to go home to San Diego and play poker with my wife and my friends, but I had to work today (and tomorrow).

I'm listening to Booker T & The M.G.s doing a cover of Day Tripper. I'm mostly through the last half of a bottle of 2001 Clos Du Bois Cabernet. I was writing a Python script for work, but now I'm cleaning a Star Model BM. I have a brace of fish sticks in the oven. Woo-woo.

Tracy and the poker crew just called in for B-day wishes, and that was awfully nice. I wish I was there with my wife and friends. I hope I didn't sound totally nonsensical on the phone, but my head has sort of been drawn inwards all night on this script I've been trying to write -- which has languished in the face of uneeded gun-cleaning.

No new work for me tonight I think.

I've written about that thing called 10x10 before. There's this guy named Jonathan, and he's got this site which takes images that are timely and presents them in a certain cool way that lets you "see" what's going on in the world. You look and get a "feel" for what's happening, rather than just read about it. It's actually a pretty cool idea. Novel, certainly. And worth a look.

Where it concerns me is the guy running it, Jonathan, tries in vain to spam-proof his email address by spelling it out as jjh at number27 dot org. And so I get a lot of his mis-addressed mail at my domain 27.org. It's kind of annoying, but can also be somewhat amusing.

Normally, I don't even bother to read the mail that should have gone to him; I just delete it like the spam that it is. (I've asked that he spam-proof his email in a way that is technically viable as well as 27.org-friendly, but those requests fell on deaf ears.) I do have a bounceback in place that explains the situation in small words. So the Illiterati will eventually reach Jonathan. My concession to Net Karma. Yeah, I'm a softy.

Anyway, I was in the process of deleting one particular email, because I thought it had come though my normal spam filters. But for some reason, I opened it (probably to make sure that it wasn't addressed to me). I just about died laughing.

Here's the mail I got (personally-identifying information has been changed to protect the dimwitted). My translation is in the small blue font in between the lines of the original email.

So it was time for my weekly "get rid of 300 spam comments" routine, when I notice about 200 spam comments from this company called the Dis aster Re covery Gro up (those spaces are intentional; the whole point of their spams was to increase their PageRank with Google, and I can't really talk about them without doing just that). You can get to their domain by running the words in their name together and adding a .com to the end.

I went to their website to see what they were all about and lo and behold they're based in Moreno, CA. And their contact page has a phone number: 951-488-0304. So I called it. You should too. That they're hiding behind an answering machine message is funny in and of itself, but their message is downright hilarious.

I'd love to know how a company can accidentally spam enough websites that they have to let an answering machine be their balls for them. And I'd also like to know what they are doing when they are "looking into the problem". And why they can't do anything about it. And who told them they can't do anything about it.

I ought to drive up there and ask them in person...

So there's this guy Jonathan, and he made this pretty cool online image thingy called 10x10. Well, he also has a web site called number27.org, and he uses this domain for his email. And that domain slightly resembles my other domain 27.org. So much, in fact, that lots of people who try to decipher Jonathan's simple spam-proofing of his email address as 'jjh at number27 dot org' actually send their email to 'jjh@27.org'. You'd be surprised how many people can't figure out how to email him and wind up emailing me instead. And some of them are people that you'd think would know how to read, like reporters from USA Today and CNN. Boggles the mind when you think about it.

I used to just reply to the illiterate person who mistakenly emailed me and CC: Jonathan on that reply so that he'd get the email, but I got tired of doing that about a month ago. I shouldn't be in the business of hooking up Jonathan with the more unlettered members of his fan base. I mean, I like the guy, and his web project is cool and all, but I have better things to do with my time than be his email forwarding service. And honestly, if he can't be bothered to ditch that hoky spam-proofing job, then I can't be bothered to forward mail frompeople who can't figure out how to email him, right? Frankly, I'm a little tired of getting spammed by people wanting to email him.

This morning I decided to automate the process of letting people know they can't read. Now they can send all the email they want to jjh@27.org and my bounceback message will help sort them out.

I wish I had written this. The guy's right on the money.

This article wasn't at all surprising. Almost expected, really.

Someone wake me up when the government starts burning scientists at the stake.

So I check mail this morning, and at some point last some some goddam bottom feeding spamming asshole has posted 112 spam comments to this website. And you know the best part? The two URLs they used have underscores in the host names. And you can't have underscores in hostnames, can you? No, you can't, because hostnames can only have alphanumerics and hyphens. So they aren't even smart assholes. They're dumb assholes. They've been at me constantly for like 9 months now, the spamming bastards. Thankfully, MT-Blacklist keeps most of them away (now if only there was a way to automatically update the blacklist).

I don't really wish harm on anyone, but after spending 20 minutes deleting comments and email there's at least one person out there who I wouldn't mind putting the hurt to. Seriously, would it really be a crime if you killed a spammer? I mean, they're a spammer, you know? It's not like they're human or anything. It's like killing a chicken or something. No big deal, right? You'd probably only have to kill like a dozen or so before the rest would shun the temptation to spam. And the world would be ten times the better place for those dozen sub-humans being gone. It sounds like a deal to me. If you spam, you should be put to death. Easy, quick, simple. No more intrusion on your digital life.

So I'm going through comment after comment and every time I click the delete button I just keep imagining the sound of a 2x4 pulping that fucker's throat. Ah... all better...

It took me 24 minutes to get home from work tonight. I consider that a relatively speedy journey. Way better than 100+ minutes, in any case.

Argh... SoCal...

It took me 103 minutes to drive home from work today. My odometer says that I work 11.2 miles from home. 11.2 miles in 103 minutes. It boggles the mind why I continue to live here.

The cause for my lengthy and blood-pressure raising trip? Some light rain and the average Californian's complete fucking inability to understand the phrase "Do not block intersection". Yuppie assholes.

Me and one of the roadway 'tards had a lengthy "discussion" on the way home tonight after he ran a red light (it'd been red for over a minute) and tried to get in front of me by squeezing in between two lanes full of cars. I swear if I had had a baseball bat there'd be one less white Honda CRV on the road tonight.

Oy, me achin' head.

I'm going to go find my calming place, and be in that space.

Here's why I need my own machine:

wee@storm:~$ uptime
10:44:58 up 10 min, 9 users, load average: 13.37, 11.54, 6.70

Tried to log this morning, couldn't. Finally got on, and ran the above command. Which took over 30 seconds to complete. Pine took two minutes to start.

The three numbers at the end are the load average. The higher those numbers are, the worse performance is. The numbers above, while not amazingly high, aren't good. There are a lot of people on that box:

wee@storm:~$ ls -l /home | wc -l
      456

And one of them obviously started doing something that required a reboot, ruining the server for everyone. Keep in mind we're talking about a quad Xeon machine with 2GB of memory. And this has been happening all the time lately. How you could get it wedged like that so regularly is beyond me.

Luckily, a new machine is ready to go, waiting in the wings.

Well this is just great news. The FBI knows that I went through Las Vegas over Christmas. Can't be too careful. Them pesky holiday travelers might do any number of things. Best to keep tabs on us -- just in case. I'm sure any sane judge would agree. Oh, wait. No judge need be consulted anymore. How con-veeeen-yent...

I wonder if they've correlated my past travel data with my book-buying habits or grocery purchases at Von's. Makes me want to fly to Mexico, buy a copy of the Anarchist Cookbook online, and then order all the normal household chemicals needed to make a stupidly ineffectual bomb. But then (secretly!), I'd throw that dumbass book away, plant chiles, fertilize my garden and clean my windows with the stuff instead -- just to stick it to The Man. Maybe then I might even -- gasp -- buy an almanac afterwards. Yeah, that would show 'em!

It's like Ashcroft's taking pages out of the Geheime Staatspolizei playbook or something...

You'd think Microsoft would at least try to make just this one page render properly in browsers other than IE. If just one page on their site had to look good on a non-Microsoft platform it should be that one, right?

You'd think so. But that would probably make far too much sense.

I'm sure everyone has seen this article by now. It's an interview with Red Hat's CEO which says in part:

Matthew Szulik, chief executive of Linux vendor Red Hat, said on Monday that although Linux is capable of exceeding expectations for corporate users, home users should stick with Windows: "I would say that for the consumer market place, Windows probably continues to be the right product line," he said. "I would argue that from the device-driver standpoint and perhaps some of the other traditional functionality, for that classic consumer purchaser, it is my view that (Linux) technology needs to mature a little bit more."

I used my Red Hat Network (their service you use when you pay for support) account to email their sales/customer service folks. I asked for my money back.

Check out this blurb from Red Hat's press release announcing Red Hat 9:

Red Hat's community-based distribution became an option for home computing with the introduction of the BluecurveTM graphical interface in 2002. In Red Hat Linux 9, we've refined the installation and interface, adding new tools and applications for end users," said Brian Stevens, vice president of Operating Systems Development at Red Hat. "The result is an open source desktop operating system that is flexible and simple to use for mainstream technology enthusiasts.

So Red Hat's CEO admits that he has, over the course of many years, knowingly and intentionally sold me and others an inferior product unsutiable for its stated purposes. That's bullshit. He's been plenty happy taking my money for the past 6 years. Last January, Red Hat 9 was perfect for the desktop. This month, it isn't? I'm sure this has nothing to do with Red Hat discontinuing their commercial version of Linux.

I smell class action.

Don't ask why, but I was recently reading the Wikipedia entry about Hermann Göring. Frankly, I found that it was far more flattering than I would have written it (how one could be objective about a vile creature like Göring I do not know). The thing that caught my eye was a quote from a statement he made during his trial in Nuremberg:

Why of course the people don't want war. Why should some poor slob on a farm want to risk his life in a war when the best he can get out of it is to come back to his farm in one piece? Naturally the common people don't want war; neither in Russia, nor in England, nor in America, nor in Germany. That is understood. But after all, it is the leaders of the country who determine policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country.

Now, I'm not saying anything in particular, or making any accusations, or calling anyone a Nazi (there are few greater insults). I'm just pointing out the possible parallels to our current situation which are, IMO, surreally spooky. Was he just repeating what is obvious to any leader taking his country to war? Restating common political knowledge? Giving out free advice? Who knows. As for any parallels to our current leadership, let's just say that Herr Göring knew how to work a crowd and leave it at that.

Forbes.com has an article called Linux's Hit Men which describes the attempts by the Free Software Foundation to get Linksys to adhere to the terms of the GPL (Linksys used Linux as the operating system in their line of wireless router/firewalls). The author clearly doesn't understand the GPL, or what the FSF is all about, and the article is pure nonsense. I wound up using the "Reply to this" link at the bottom of the article. Here's what I wrote (with minor formatting changes):

Regarding your article (at http://www.forbes.com/2003/10/14/cz_dl_1014linksys.html) about Cisco/Linksys being asked to honor the (free) license they agreed to when they used GPL'ed Linux code in their SOHO routers:

1. One reason Linksys sold so many units was that they used pre-written code, at zero monetary cost, to produce their product. This gave them a leg-up on the competition -- with no outright expense save allowing others to use their code in a similar way. How can you construe this as being bad? I would think that a pro-business publication like Forbes would have applauded Linksys for their decision. Using a free license cannot possibly do anything but help their bottom line.

2. You state that Linksys having to give back their changes to the GPL'ed code they used would mean that "anyone can make a knockoff of (their) product". At the risk of repeating what I said above, isn't this exactly what Linksys did in the first place when they built their product on top of Linux? And wouldn't it also be somewhat difficult for "anyone" to recreate a router such as what Linksys produces? You'd need to acquire the proper hardware and such, which is well beyond the capabilities of anyone but the most dedicated organizations. Regardless, a Linksys competitor somehow building a nearly-identical product merely because Linksys gave back their changes to Linux would find themselves in court in very short order.

3. You say that using GPL'ed software can be "more dangerous" than using commercially licensed code because it could mean either paying money or sharing your work (as you yourself have shared). Can you imagine how you have to would re-word your article if Linksys had bought just one licensed copy of WindowsCE or QNX for use in all 400,000 units they've sold? Would you attack Microsoft or QNX Software Systems in a similar fashion -- in essence comparing them to murderous mobsters? Do you suppose those companies would take kindly to such libelous speech? Would Linksys paying licensing/royalty fees on 400K units sold be better or worse than simply releasing their changes to a freely available GPL software base? Linksys didn't have to pay a dime. They could have simply given back what they had changed, and all would be well. It's only when they violated the teams of the license they agreed to that they are being asked to comply -- not necessarily pay.

4. The discussions between Linksys and the FSF have hardly been secret. I've not been following such news at all, and yet I've heard about it for months. A simple Google search (such as this one for 'linksys free sofware foundation' which yields some 9,000 hits dating back as far as June of this year) as the simplest of all possible research would have have disabused you of this notion that the FSF is somehow scheming and plotting in the dark to attack Linksys. The facts, apparently, don't make for juicy copy.

5. In the article you state "These disputes might scare companies away from using open source software." It's very clear the author does not understand the GPL. The GPL puts no obligation on the user of GPL'ed software. It *does* put an obligation on the a distributor of GPL'ed software: you are required to share as you have borrowed, nothing more. This is an important point. One can put a GPL'ed application on every corporate desktop computer and not incur any obligation under the GPL.

6. The article also states "the Free Software Foundation doesn't want royalties--it wants you to burn down your house". This is incorrect, and clearly meant to incite negative feelings in the reader rather than convey meaning through metaphor. A closer "house" comparison would be that the FSF wants you to make available the blueprints to the house you built using someone else's blueprints.

7. Finally, Linksys knew what the terms of the GPL stated well before they decided to use GPL'ed code. The license wasn't sprung on them, or introduced surreptitiously. They knew that the cost of using others' non-commercial work as basis for their own commercial product was that they would have to share their changes, and they apparently thought this was a fair deal (it certainly is simple enough to understand, despite the author's best efforts to the contrary). If Cisco acquired Linksys without knowing that their flagship product was built using GPL'ed code, and that they would have to give their changes back, then Cisco made a *huge* blunder. Cisco cannot hope to claim ignorance of the GPL without admitting that they performed almost no due diligence in their acquisition of Linksys. This would not instill a lot of confidence in those who own (or hope to buy) CSCO.

Please do a little more research before producing articles such as these. And if at all possible, try to avoid ad hominem arguments (viz. 'Linux Hit Men', 'comrade', etc.). It does your publication (and your apparent agenda) an injustice.

Yeah, it's pissing in the wind, I know. But I got up earlier than normal so I had a couple minutes to kill. Plus I couldn't just let that nonsense stand without comment.

So this guy named Gabe from this company called Valve got his machine (or machines) compromised recently. No big deal, right? Well, all he had to do was use insecure email (as in, when you check email remotely, a username and password fly in the clear), and use Outlook (you preview stuff, and "somehow" these bad guys' programs start running on your machine without you knowing it). Yet he was rooted. Weird, huh? Yeah. Very strange. 'Cause, like, all Microsoft's software is, like, really safe and stuff. You just have to patch and you're fine. Really. Honestly. You can trust these guys.

Well, tell that to Gabe. He got pantsed something fierce, primarily due to his company's use of Microsoft software. When I say "pantsed", I mean it in a "All our competitors can now see everything we've been working on for the past five years: our flagship product -- one we had hoped to release before the upcoming holidays in order to make a lot of money and pay for all this development time we've been taking..." sort of way. Not the "Oh shit, now all the bottom-feeding script kiddie assholes can figure out to how to cheat in our online game and possibly ruin our market share" sort of way.

But I think both ways might come to pass. I intended to buy and play Half-Life 2. There is not one single, small chance in hell will I run it or any of its variants now. Not after five years of development which relied on security through obscurity. I have no confidence that they can both finish the game and fix all the security holes before the holidays. If they would have been able to finish the game with that added effort, it'd be done and we'd have a patch by now. The game is hugely anticipated. They'd have released it if they could. Now with the added pressure to release anyway as close to Christmas as possible, I'm not sure what all holes can be fixed. But are people thinking like me? Are they just waiting for the game? I remember Eudora's release cycles. A word you never wanted to hear was 'showstopper' (you usually heard it Friday night at about 8:30pm the weekend you had show tickets). And while this would be a showstopper ("showkiller"?) for certain, there is going to be a lot of pressure to release the game regardless of what was leaked. But I hope not.

This is bad beyond belief and it will have repercussions. At worst, Valve, as a company, might go away. People will lose their jobs, decades of man-hours of work will be lost. Because Gabe used Microsoft Outlook. At best, Valve goes back to its parent company and asks for a couple million carry over payroll and R&D costs while they figure out how to tighten up their software and clean up the mess. I feel really sorry for Gabe. He was only trying to do his job, using tools his employer gave him. Security shoudln't have had to have been his job.

Was he patched? No idea. Does it matter? Probably not. If a very sophisticated group wanted the HL2 source code, they would get it, no matter what Valve did. Vavle could have used the most secure operating systems and the most secure software, and it wouldn't have matter had the interloper(s) been seriously determined. Having said that... Do you think Gabe will ever feel safe using completely patched and up-to-date Microsoft software ever again? You think he'll use non-SSL webmail or Outlook or IE ever again? I don't think so. Was it Gabe's fault? Not in the slightest. Not even by a longshot. He was using industry-standard tools. Tools his empoyeer gave him, and tools every employee probably used. Tools most of our government uses.

You scared yet?

Who did this? Koreans? Chinese? Nvidia? Saddam Hussein?

What got Gabe can get your congressman. It can get your doctor and your lawyer and your mom. And there's nothing you can do about it. Put the word 'porous' in your mind where user-level security is concerned. And no, firewalls don't help. That Linksys router you bought your folks/sister/whomever (updated that firmware lately?) is in some cases utterly useless. Exponentially so if the software behind it is unpatched. Or written by Microsoft.

I think we're entering a new and very scary world of networked applications and hardware, and Mr. Gates' obvious history of trading of security for convenience (read: sales) has done us nothing but a great disservice. It's a wonder the lawsuits didn't start sooner. Software from MS can harm you. It's as plain as that, and anyone with a clue knows it, too. They've known it for a long time. And now software from Valve can harm you. It might be able to harm you for a very long time to come.

Bah... The more I think about all this, the more apathetic I get. Maybe this is a sign to play fewer games and spend my online/offline time more constructively. Couldn't hurt. Unlike using Outlook or IE.

I spent a few hours last night trying to find out why the web server log files on the new he.net servers don't like to be parsed properly by Webalizer or AWStats, and I came across this entry:

12.148.209.198 - - [30/Sep/2003:22:12:05 -0700] "GET /wee/news/archives/2003_09.html HTTP/1.1" 200 49685 "-" "NPBot (http://www.nameprotect.com/botinfo.html)"

Apparently, it's a little web spider, and it comes by every other day and grabs all our pages. They very nicely provide a link to the FAQ about their spider in the bot's user-agent string. So I went looking to see what it was all about.

According to the link above, this NameProtect company's mission is "Digital Brand Asset Management", and they "engage in crawling activity in search of a wide range of brand and other intellectual property violations that may be of interest to our clients." Is it just me, or is it starting to smell a lot like bullshit in here? No, I'm definfitely picking up faint whiffs of it. Most certainly. It's the smell of sales, of marketing. It's the smell of people who talk of " comprehensive digital brand protection" and "Intellectual Property challenges of the digital era" with a straight face. It's the smell of people who over-use words like 'paradigm' and 'solution' and 'brand' even in non-business conversation. It's big, bangly Omega watch-wearing, Callaway club-using golf playing types who wear enough Calvin Klein cologne to choke even those annoying perfume ladies at the entrances of stores like Macy's.

Oops. I used brand names just then. And with no little ® tags, either. My bad. The sales weasels will be after me for sure now.

Disney. Mickey Mouse. Whoops. Microsoft. Windows. Uh, I mean, "Nothing." Coke, Pentium, Dickies, Zerox, Lego, T-Mobile. Big Mac. Strike all that, wasn't me. Kleenex.

Damn this Tourette's Brand Illness! Damn it, I say!

So I just noticed that PHP's < a href="http://php.he.net/manual/en/function.date.php">date() fucntion will let you convert dates and times into something called Swatch Internet Time. Can someone tell me what the hell is up with this? Did I miss that memo which said the current UTC/GMT/Zulu time system that everyone and their bank uses isn't working? Did we need a new time system?

And what's up with dividing the day into 1,000 "beats"? One thousand is a really stupid number to use. Computers don't think in units of ten. People do, but divide the day into three equal work shifts if you don't believe me when I say 1,000 beats per day is just a moronically arbitrary number. Someone wasn't thinking when they came up with that one. You'd think a watch company would understand how time works.

Seriously, can anyone look at a normal analog clock and figure out what time it is in Swatch Time? No? You mean you can't figure the number of minutes from midnight in Switzerland and then divide by 86.4 to get the current time in beats? You can't do that? Idiot. You're not part of the digerati. You should just buy a hip new watch if you want to tell time like all the cool people do.

The word "hoodwink" just popped into my head. Oh wait... so did "swindle". Nope, now I've moved one to "hornswaggle" and "bamboozle". OK, I've settled on plain old "scam".

Swatch Internet Time. A more completely pure load bullshit you will not find.

Today I got to find out what's worse than having an office mate that listens to hip hop/dance music: having an office mate that listens to Michael Jackson. But even worse than that? Can it be possible? I didn't think so until he started singing along. Out of key.

And here I had gone so very long without hearing Michael Jackson's "music", too...

As a public service, I offer a link to a list of Unpatched IE security holes. I think I may change this to the default home page on the Windows 98 laptop downstairs (which probably needs to be re-imaged by now; it's been 4 years and is pretty crufty).

My cell phone just rang, and when I answered it (a rarity for me since the phone is either off or in my car or both) I got an earful from a very pissed off fellow. He was not phoning nicely. Luckily, it was a wrong number. Kinda.

Near as I can figure out, at some point in the recent past these lawyers moved offices, and by doing so changed their number. Their new number is one digit off from that of my cell phone. I used to get the occassional call, and I didn't sweat it. My home phone is one digit off from the local Domino's Pizza, and that's way more annoying (although it can be fun if I happen to be in a spiteful mood).

The problem is that in the last two months, the call volume I've been getting to that "wrong" number has increased substantially. I get very irate calls filling up my voicemail box. I've been getting a lot of calls for that lawyer guy. Some of them are pretty angry, too. A lot of people want to know why "I" haven't called them back or why "I" wasn't at some place or the other. They start bitching pretty much as soon as I say hello. Every once in a while I can get a question in edgewise through their hate speech. I did so just a few minutes ago and I think I know what's going on.

Come to find out, a few months ago one of the lawyers there started giving people my number instead of his. Yeah: the lawyer got his own number wrong, and I'm getting calls. Whether the lawyer got his number wrong on purpose is a matter I'll leave to the angry dude that I just hung up with. Although judging from the increase in not-so-nice phone calls for this lawyer, I just might suspend impartiality and side with him on the issue. The guy who just called swears he was given my number. Other callers have said the same thing. It does seem awfully coincidental.

So I guess my only recourse is to call the law offices and tell them that they might want to double check their number before they give it out to people. I just hope they haven't printed up business cards with my number or something. Although... Is it a crime to impersonate a lawyer over the phone?

Gee, I don't know... Should I pay SCO? Or FedEx them a bag of human feces? Which, do you think?

Either way, I'm putting corn on the dinner menu, just in case.

Let's just get this out of the way right now: SCO (in general) and Darl McBride (in particular) can suck my ass.

And Darl, leave Linus the hell alone.

It looks like the French are angry that the French language is dying out internationally. Everyone doesn't want to speak French? Oh no! France had better form a government committee to study the reasons why French entertainment and language isn't popular! They should enact legislation to subsidize the spread French culture around the world! They should create a government agency that makes sure the French language isn't sullied by foreign words and concepts! They should restrict the importation and broadcast of non-French movies and music!

Oh wait... they've already done all that. Thanks to Vichy France and Uncle Adolph, it would seem. You have to be at least a little suspicious of a country whose citizens rely on a government solution for everything -- even if that government doesn't have Nazi roots.

But why would an isolationist country with 71% of it's workforce employed in services industries expect to be able to export anything culturally? Why would they think their language would be internationally prevalent if their major contribution to the world economy is tourism and government employees? I'll be the first to admit that putting the adjective "American" in front of words like "cuisine" and "culture" can make for some wonderful oxymorons, but face facts: if your country researches and invents and produces things which the world needs and wants, then your country is bound to have some global influence. Now with the Internet genie out of the bottle, the English language will only get more popular, regardless of what the French government does. And that's how it should be. You can't legislate everything into being the way you want it to be. The world is getting smaller. Expect shrinkage.

If you want to support out President and our country, don't bother with this nonsense. That has got to be one of the silliest things I've seen in a long time. I thought it was a joke, but I guess they're serious. If you want to help the US, just pay your taxes, vote during elections and try to be a good person. Citizenship makes no mystical requirements of its participants.

If someone really wanted to help the country, they'd figure out a way to keep jobs from leaving country. The US is going to have service industries and entertainment as its only domestic products before too long. In honor of this "momentum" I decided to play a little Ravi Shankar.

Anyone in the state of California who has ever used a social security number as a primary key in a database now has a new and compelling reason to revisit their status as an ignoramus.

Any entity that retains "unencrypted" (SB1386 doesn't say anything about what counts as encryption) "personal" (another toss-up for the courts) information which gets compromised must report the incident to the people whose information was involved. Put simply: if you are using SSNs as a key (or anywhere) in your database and that database get lifted, the box gets hacked, a bug leaks information, whatever, then you have to let everyone in your DB know what went down. That's a shit sandwich of which I'd rather not bite.

Did people really need a reason to not use SSNs as DB keys? Apparently so, even though it's a bone-headed thing to do. Folks can and do change their SSN. Then there's the fact that SSNs aren't really guaranteed to be unique. Intended, yes. Guaranteed? No. Besides, it's just not a good idea to use SSNs in databases. Nearly every RDBMS has a built-in feature to generate and use unique numbers and such for keys. People should use those features and stop colleting SSNs.

I'm not even going to get into the privacy implications of a person's SSN being bandied about willy-nilly. We have a law which will hopefully discourage such behavior now and as much as it pains me to admit it, I'm kind of in favor of SB1386 for that reason alone. Then again, I'm a freak. You should have seen my reaction at the DMV when I first got a California license to replace my Arizona one. The minion behind the cage bars flat out told me that unless I coughed up an SSN I wouldn't be issued a license. I damn near had kittens. She told me to tell it to the judge, and then called the next number. She was used to the complaining and would have none of it. I eventually knuckled under and went back to give it up, but not before I did some online research and found some "blank" SSNs that I might use. The little blurb about perjuring myself with false info caused me to begrudgingly use my real number.

Get ready to hear about SB1386 for some time to come. The SSN is persvasive, the cracker pernicious.

Bill Gates came to speak at my workplace today. I had zero urge to see him or hear him talk, the trollish multi-billionaire. The man is a vampire. He is to the computer literate as ripple is to a hobo. He's the Jim Jones of the computer age. You can tell who drank his kool-aid by the "innovation" gibberish they spew. Name one product MicroSoft has actually developed all by themselves. I dare you.

He offers "to devote a lot of money to research and develop new products and technologies", but that's a Faustian bargain . "Innovation can be co-opted; anyone will sell out -- or else." That should be their message. MicroSoft exists only to take over the world. If you don't believe that you either hold MSFT or you're a prostitute who wants a job. Nobody with even a single scruple would work for MicroSoft.

The dude with the pie had the right idea.

I just did a web-based authentication system at work. We have a new web site structure, and we wanted to protect an area for faculty and staff only (I work at a university, in the CS department). I wrote up some scripts and a small database that lets people choose (and reset) their own passwords. In so doing, I had to come up with a scheme to "force" good passwords for use with the web site (since there will be stuff in that private area that students should never be able to see). It's harder to do than you might think. There's a very fine line between pissing people off with strong passwords and letting them slide by using things like "qwerty".

In the end, I came up with this:

• >=6 characters
  
• At least one non-alphanumeric character
  
• Cannot be based on username (forward or backward)

That's it. Pretty easy going, right? Not really. I've had a couple people complain already (it's been two days since we went live). I even removed the "Cannot be based on a dictionary word" requirement. We also removed the "Cannot be the same as your Unix system password" requirement (over my loud protestations). I did get to add a blurb on the initial form "strongly encouraging" people to use different passwords.

I actually had a professor (a computer science professor, mind you) ask that I make it more lenient. He lamented to me that because he had to choose a "strange" password (since his "normal" password didn't pass my tests), he had already forgotten what he had chosen. He then asked me to email him and let him know what his password is. After I got done laughing, I prepared a carefully-worded LARTish email explaining to him what a one-way hash is and why I wasn't able to tell him what his word was, even if I wanted to send it to him in email. I also threw in a little bit of "weak passwords are the #1 security hole" boilerplate (although it's actually number 8 in the top ten list) and explained that I was glad that his normal system password wasn't able to be used on the web site. That I (me!) have to explain any of this to a full-on computer science professor is astounding.

I haven't sent the email yet; I thought it might be too harsh so I decided to sit on it overnight. I think on one hand that anyone clueless enough to use a password that can't pass even my lame scheme deserves to be cut down a notch or two. Then I think that he's a tenured prefessor, and I should be more respectful. Then I think that he's a tenured professor, and yet is a complete idiot, and I go back to the first thought.

Besides, I've always wanted to give a prof what-for.

Microsoft is going to let the Chinese government take a look at the source code to Windows. Take a guess on how much respect the Chinese have for anti-piracy/intellectual property laws. Yeah. So this basically means that the Windows source code will be freely available before too long. I give it 9 months (revised from my earlier estimate).

It's pretty sad when your software has a reputation for being so completely shoddy and insecure that you have to give foreign governments the source in order to get them to trust you. You'd think giving away source would also be bad for U.S. national security and help us lose wars, but I guess that's not the case (anymore).

I tried to register the username 'galileo', without any hesitation or forethought at all. I'm nearly positive that the mere attempt was offsides in some way. I could have picked bruno, but I figured that "letters from exile" worked better as a metaphorical device than "letters from a guy who got burned at the stake for trying to learn shit". I don't know... astronomy has never been my strong suit and seems, historically at least, to be something of a touchy subject.

I happened to see on fark that the homeless are using mouthwash as a beverage in great numbers lately. I don't know why, but this sort of astounded me. You have a mouthwash that's basically 58 proof liquor, but it's really cheap, can be bought at any hour of any day even in dry areas, and is hardly ever locked up. It's like schnapps without the sugar. No wonder the hobos are downing Listerine! I was really curious (enough to forgo sleep, at any rate) as to why it is this loophole exists.

Apparently, the alcohol in mouthwash is a certain type of denatured alcohol. The BATF calls this specially denatured alcohol (or "SDA"). There are apparently 50 varieties of and formulas for denaturing alcohol into SDA, according to this page (whose authors seem to know what they are talking about). SDA for mouthwash has no component considered all that harmful for drinking (ie, no methanol, unlike paint stripper or the like), but the whole product meets the requirement that "no potable alcohol cannot be derived from it" -- and so gets no liquor tax applied to its sale.

Now I had a thought: why not produce a mouthwash that is basically the same as all the others (inasmuch as it can still be called "mouthwash" as far as the ATF and FDA are concerned), but make it such that you can sell it at half the cost? You don't need all the "special" ingredients of the "real" mouthwashes since you aren't out to remove plaque or prevent gingivitis. You don't need Methyl Salicylate, Thymol, or any of those others; adding things that will actually wash one's mouth will only drive up the cost. What you want is water, SD alcohol, Minty Freshness Extract^TM, and coloring. That's as close to mouthwash as you'd need to get, and it'd be really cheap to make. A feasibility study would need to be done in order to make sure that you can beat the competitor's price. I think it could be done.

If Listerine sells for $3.99 per 50-ounce bottle, then you'd need to undercut them by at least a buck. Selling those 50 ounces at $1.99 would be best. You'd need to figure out how much it would cost to make in bulk and how much it costs to set up the whole operation before final pricing can be determined, but since you wouldn't advertise or do any marketing of any kind (word of mouth would surely sell your product) then you could certainly undercut a national name brand like Listerine.

Once you have the formula down, you get all the ATF permits in place, set up a producer/packager (Mexico would work), line up a distributor to open the retail channels and then sit back and facilitate the winos' need for non-seizures. You'd be doing them a favor by preventing them from ingestin