Detail, east Portland photo, courtesy Miles Hochstein / Portland Ground.



For old times' sake
The bojack bumper sticker -- only $1.50!

To order, click here.







Excellent tunes -- free! And on your browser right now. Just click on Radio Bojack!






E-mail us here.

About

This page contains a single entry from the blog posted on January 22, 2013 2:46 PM. The previous post in this blog was For the "lowest of the low," a new landlord. The next post in this blog is Streetcar lemon guy gets deal for Admiral Randy Memorial Boathouse. Many more can be found on the main index page or by looking through the archives.

Archives

Links

Law and Taxation
How Appealing
TaxProf Blog
Mauled Again
Tax Appellate Blog
A Taxing Matter
TaxVox
Tax.com
Josh Marquis
Native America, Discovered and Conquered
The Yin Blog
Ernie the Attorney
Conglomerate
Above the Law
The Volokh Conspiracy
Going Concern
Bag and Baggage
Wealth Strategies Journal
Jim Hamilton's World of Securities Regulation
myCorporateResource.com
World of Work
The Faculty Lounge
Lowering the Bar
OrCon Law

Hap'nin' Guys
Tony Pierce
Parkway Rest Stop
Utterly Boring.com
Along the Gradyent
Dwight Jaynes
Bob Borden
Dingleberry Gazette
The Red Electric
Iced Borscht
Jeremy Blachman
Dean's Rhetorical Flourish
Straight White Guy
HinesSight
Onfocus
Jalpuna
Beerdrinker.org
As Time Goes By
Dave Wagner
Jeff Selis
Alas, a Blog
Scott Hendison
Sansego
The View Through the Windshield
Appliance Blog
The Bleat

Hap'nin' Gals
My Whim is Law
Lelo in Nopo
Attorney at Large
Linda Kruschke
The Non-Consumer Advocate
10 Steps to Finding Your Happy Place
A Pig of Success
Attorney at Large
Margaret and Helen
Kimberlee Jaynes
Cornelia Seigneur
Mireio
And Sew It Goes
Mile 73
Rainy Day Thoughts
That Black Girl
Posie Gets Cozy
{AE}
Cat Eyes
Rhi in Pink
Althouse
GirlHacker
Ragwaters, Bitters, and Blue Ruin
Frytopia
Rose City Journal
Type Like the Wind

Portland and Oregon
Isaac Laquedem
StumptownBlogger
Rantings of a [Censored] Bus Driver
Jeff Mapes
Vintage Portland
The Portlander
South Waterfront
Amanda Fritz
O City Hall Reporters
Guilty Carnivore
Old Town by Larry Norton
The Alaunt
Bend Blogs
Lost Oregon
Cafe Unknown
Tin Zeroes
David's Oregon Picayune
Mark Nelsen's Weather Blog
Travel Oregon Blog
Portland Daily Photo
Portland Building Ads
Portland Food and Drink.com
Dave Knows Portland
Idaho's Portugal
Alameda Old House History
MLK in Motion
LoveSalem

Retired from Blogging
Various Observations...
The Daily E-Mail
Saving James
Portland Freelancer
Furious Nads (b!X)
Izzle Pfaff
The Grich
Kevin Allman
AboutItAll - Oregon
Lost in the Details
Worldwide Pablo
Tales from the Stump
Whitman Boys
Misterblue
Two Pennies
This Stony Planet
1221 SW 4th
Twisty
I am a Fish
Here Today
What If...?
Superinky Fixations
Pinktalk
Mellow-Drama
The Rural Bus Route
Another Blogger
Mikeyman's Computer Treehouse
Rosenblog
Portland Housing Blog

Wonderfully Wacky
Dave Barry
Borowitz Report
Blort
Stuff White People Like
Worst of the Web

Valuable Time-Wasters
My Gallery of Jacks
Litterbox, On the Prowl
Litterbox, Bag of Bones
Litterbox, Scratch
Maukie
Ride That Donkey
Singin' Horses
Rally Monkey
Simon Swears
Strong Bad's E-mail

Oregon News
KGW-TV
The Oregonian
Portland Tribune
KOIN
Willamette Week
KATU
The Sentinel
Southeast Examiner
Northwest Examiner
Sellwood Bee
Mid-County Memo
Vancouver Voice
Eugene Register-Guard
OPB
Topix.net - Portland
Salem Statesman-Journal
Oregon Capitol News
Portland Business Journal
Daily Journal of Commerce
Oregon Business
KPTV
Portland Info Net
McMinnville News Register
Lake Oswego Review
The Daily Astorian
Bend Bulletin
Corvallis Gazette-Times
Roseburg News-Review
Medford Mail-Tribune
Ashland Daily Tidings
Newport News-Times
Albany Democrat-Herald
The Eugene Weekly
Portland IndyMedia
The Columbian

Music-Related
The Beatles
Bruce Springsteen
Seal
Sting
Joni Mitchell
Ella Fitzgerald
Steve Earle
Joe Ely
Stevie Wonder
Lou Rawls

E-mail, Feeds, 'n' Stuff

Tuesday, January 22, 2013

Is new library software unsafe to use?

A reader who seems to know something but won't sign his or her real name lobbed something over the transom earlier today. We'll leave it to the intertube experts out there to tell us if it's worth worrying about.

We've noticed in accessing the Multnomah County Library's website the last few days that they're promising "a new website coming in February." Our reader wonders whether it will be secure enough:

As a daily reader of your blog and a fellow supporter of the Multnomah County library, I wanted to mention a startling security concern that I hope you might make public. For anyone that uses the library, this is a big deal:

Something very important and elemental is missing from the library's upcoming redesign: basic web security. The library's web form pages (not the log in page) don't employ the Secure Socket Later (SSL) protocol, leaving users exposed to unnecessary online risk when they fill out the site's online forms.

This means that anyone trying to reach the library through pages in its Contact tab -- including Suggest a purchase, Email a librarian, and Comments and suggestions --- are vulnerable to having their card numbers, PIN numbers, names, emails, phone numbers, etc. exposed. Identity theft crooks look for easy targets first, and this is a day-glow bulls-eye with prison yard spotlighting.

Perhaps this oversight is connected to the offloading of website management to BiblioCommons; that's a whole 'nother issue. But standard online security practices dictate that *any* web page requiring users to provide personal information should employ SSL protocol.

As someone that supports the library through regular use and votes, and who is happy that it now has a permanent (and expensive) source of funding, I have to wonder ... how could someone get this most basic web security issue wrong?

There's likely a personal agenda under that comment, but the reader's motive isn't really the question. Is it a valid concern?

Comments (9)

God what happens in 10 years when 99% of the books are eBooks?

Then again, it'll make it that much easier for big brother to track what you are reading.

In a word, yes. I do not post any information of a personal nature on site without SSL. Currently https shows up when you renew etc on the current site. It looks like one will have to do some discovery steps to see if SSL continues. The OP seems to think (or know?) not.

Is it a valid concern?

Yes, it is a valid concern. As the original author notes, any time any sort of personal information is solicited by a web site with a legitimate (or even illegitimate) reason for doing so, that information should be secured. This includes log-in forms for online services (i.e. forums, blogs, etc., that require users to log in). The amount of unencrypted personal data floating around throughout the ether is amazing. And there are folks (scum mostly) that intentionally purchase server time on mass web hosts with the sole purpose of raking unencrypted data over the intertubes.

SSL certificates are relatively inexpensive these days. There is no excuse for not doing it.

If the online services vendor that the MCL contracts with is not capable of supporting this, they need to find a new vendor that does.

There is likely (but unseen) a 'personal agenda' at root, because that's LIKE every humanmade (not Act-of-Nature) initiative: Someone has a MOTIVE. Behind it. That MOTIVATES it /action /event.
There is always the inevitable 'Why?' As in Who What Where When WHY (and How)?
As in: a Reader. by Email. (at)Bojack. Today. ... but WHY? Which -- the 'Why' -- is NOT reported in 'news' reports anymore these days. Just sayin'. Why not?

The whole Psychological Inflammation promotion, goes on frightening the public with specious threats -- 'identity theft' 'bank account theft' 'reputation theft' -- as long as computer tech remains a mystery. The ordinary person has no idea of internet's operation and, without knowing better then he or she easily believes anything. Somebody can steal your I.D. - be very afraid!

But WHY? Why would 'who' even want your I.D. If you got Big liquid Bucks stashed away -- you're RICH, then maybe someone faking your I.D. could spend it. But if a bank robber in-person robbed your Big Rich bank account, then the bank replaces the ('your') money and absorbs the loss, (insured). Why not if electronic transfer robs it? Why is that not the bank's liability, (insured); Why is there the saturation fear blared and trumpeted that it is your liability?

And so on, in perhaps partial risk exposure danger maybe somewhat, worrisome possibilities sorta are concoctable maybe, for many other hypothetical special cases, but all in all, as a general truth in-fact: for the 99% of us, NObody tries to steal our I.D. Sorry if that deflates anyone's Self-Important Vanity Bubble.

If anyone is going to pry into your personal information, if anyone is going to make you a victim of data theft, then -- like 97-out-of-every-100 personal crimes -- you KNOW the PERP. Person-crime Victims know the Criminals! Friends and acquaintances are the largest cause of personal crimes. Crimes of passion, crimes of envy, crimes of abuse, and embezzlements -- almost always it is someone you know; people get shot by guns that are already in the house and the victim knew it; almost never do strangers burst in, or rob you, and if they do then probably someone you know put them up to it; (again, statistics are different if you have a million dollar Picasso hanging in plain sight, or you don't notice leaving a trail of benjamins falling out of your purse along the sidewalk leading to your front door ....) Real risk of strangers in the real world targeting YOUR I.D. and life-position is less a real worrying threat than the flying fickle finger of Fate finding you, and that finger is fiction.

Yet hundreds of millions of I.D.s and information files are stolen. So Why? Where? Who is stealing? How?
Whoever it is, the FBI can't seem to ever find them. Or do find them and 'they' pull rank and the FBI lets them go. Either way, catching the thieves or letting them go, the public never hears about it. How do they steal? Physical possession. Laptops and harddrives and memory sticks and CD copies and cellphones -- the physical containers of personal information are stolen by grabbing them. Where? Off the seats of unlocked cars; out of office desks, at work by coworkers (you know), at home by roommates (you know); out of purses and briefcases.

The FEAR! PANIC! WORRY! about your personal private information affairs is all incredibly overblown, if you ask me. Why does anyone want your individual information? Self-flattery is the primary source of paranoia.

On the other hand there ARE some 'entities' desiring to have EVERYbody's information, all in one Big Brother master file. Updated daily, or hourly, if possible. (You 'know' who I mean, but even there it remains reasonable to ask Why? 'entities' do it)

Here's a partial list from a curated archive of news reports of data thefts:

Personal data thefts February 2009 - December 2010

Target | Date | Number of persons affected | Type of data | Method

Dean Health Systems, Madison, WI Dec, 2010 3,288 Med data, DOBs Physical theft
Mountain View Medical Center Dec 2010 2,200 Med data, DOBs Physical theft
University of Alberta Dec 2010 2,700 Med data, DOBs Physical theft
University of Arizona Dec 2010 8,300 SSNs, DOBs Physical theft
University of Wisconsin-Madison Dec 2010 60,000 SSNs, DOBs Physical theft
Henry Ford Health System, Detroit Nov 2010 3,700 DOBs, Medical data Physical theft
Messiah College, PA Nov 2010 43,000 SSNs, DOBs Physical theft
Accomack County Virginia Oct 2010 35,000 SSNs, DOBs Physical theft
Keystone Mercy Health Plan Oct 2010 280,000 SSNs, DOBs Physical theft
University of California Davis
Oct 2010 900 SSNs, DOBs Physical theft
City University of New York Sep 2010 7,000 SSNs, DOBs Physical theft
St. Vincent Hospital, Indianapolis
Sep 2010 1,200 SSNs, DOBs Physical theft
Martin Luther King, Jr. Multi-Service Ambulatory Care Center, L.A. Sep 2010 33,000 Medical, DOBs Physical theft
Rice University Sep 2010 7,250 Financial, DOBs Physical theft
Fraser Health Authority (BC) Sep 2010 600 SINs, DOBs Physical theft
City University of New York Sep 2010 7,000 SSNs, DOBs Physical theft
University of Florida Aug 2010 8,300 SSNs, DOBs Physical theft
Yale School of Medicine Aug 2010 1,000 Med data Physical theft
Cook County Health & Hospitals System Aug 2010 7,000 SSNs, DOBs Physical theft
University of Connecticut Aug 2010 10,174 SSNs, DOBs Physical theft
University of Kentucky Aug 2010 2.027 SSNs, DOBs Physical theft
Eastmoreland Surgical Clinic & Vein Center (Portland, OR) Aug 2010 unknown SSNs, DOBs Physical theft
Aultman Health Foundation (OH) Aug 2010 13,800 SSNs, DOBs Physical theft
Oregon Health & Science University Aug 2010 4,000 SSNs, DOBs Physical theft
Portland Community College (OR) Aug 2010 2,900 SSNs, DOBs Physical theft
Fort Worth Allergy and Asthma Associates Aug 2010 25,000 SSNs, DOBs Physical theft
Montefiore Medcial Center, NY Jul 2010 23,000 SSNs, DOBs Physical theft
Texas Children's Hospital Jul 2010 1,600 Med data, DOBs Physical theft
American Airlines Jul 2010 79,000 SSNs, DOBs Physical theft
Prince William County, VA Jul 2010 669 SSNs, DOBs Physical theft
South Shore Hospital, MA Jul 2010 800,000 SSNs, DOBs, med. data Physical theft
Connecticut Dept. of Labor Jul 2010 5,000 SSNs, DOBs Physical theft
Cooper University Hospital, Camden, NJ Jul 2010 unknown SSNs, DOBs Physical theft
Thomas Jefferson University Hospitals Jul 2010 21,000 SSNs, DOBs Physical theft
Rainbow Hospice & Palliative Care, Chicago Jun 2010 unknown SSNs, DOBs Physical theft
West Berkshire Council (UK) Jun 2010 unknown data on children Physical theft
Safe Harbor Med Evaluations Jun 2010 unknown SSNs, DOBs, med. data Physical theft
University of Maine Jun 2010 4,585 SSNs Physical theft
A4e (UK) Jun 2010 24,000 NINs, DOBs Physical theft
Lincoln Medical and Mental Health Center Jun 2010 130,000 Med. data Physical theft
University Hospital (Augusta, GA) Jun 2010 13,000 Med. data Data "Loss"
Caritas Medical Center Jun 2010 3,000 Med. data Physical theft
Oregon National Guard Jun 2010 unknown# SSNs, DOBs Physical theft
Bank of America Jun 2010 unknown SSNs, Tax ID nos, DOBs Physical theft
Safe Harbor Med Evaluations Jun 2010 unknown SSNs, DOBs Physical theft
West Berkshire Council (UK) Jun 2010 unknown "sensitive data" on children Physical theft
Rainbow Hospice and Palliative Care Jun 2010 unknown SSNs, DOBs Physical theft
Cincinnati Children's Hospital Medical Center May 2010 61,027 DOBs, med. data Physical theft
Curtin Manufacturing May 2010 1,990 SSNs, tax data Physical theft
City of Charlotte May 2010 5,220 SSNs, DOBs "Loss"
Peterborough District Hospital (UK) May 2010 1,100 DOBs, med. nos. Physical theft
Oconee Heart Center (SC) May 2010 600 DOBs, Med. nos. Physical theft
New Mexico Human Services Department May 2010 9,500 SSNs, DOBs Physical theft
Dept. of Veterans Affairs May 2010 644 SSNs, DOBs Physical theft
US Army Reserve May 2010 207,000 SSNs, DOBs Physical theft
John Muir Health Apr 2010 5,450 DOBs, Med. nos. Physical theft
LPL Financial Apr 2010 unknown SSNs, DOBs Physical theft
Mass. Eye and Ear Infirmary Apr 2010 3,526 DOBs, Med. nos. Physical theft
Medical Center of Bowling Green Apr 2010 5,416 DOBs, Med. nos. Physical theft
St Jude Medical Heritage Center Apr 2010 20,000 SSNs, DOBs Physical theft
United Imaging Apr 2010 1,700 SSNs, DOBs "Loss"
Massachusetts Eye and Ear Infirmiry Apr 2010 3,526 DOBs, Med data Physical theft
LPL Financial Apr 2010 unknown SSNs, DOBs Physical theft
John Muir Health Apr 2010 5,450 DOBs, Med data Physical theft
Educational Credit Management Corp. Mar 2010 3,300,000 SSNs, DOBs Physical theft
Griffin Hospital Mar 2010 @ 1,000 Radiological data Physical theft
Proxima Alfra Investments LLC Mar 2010 Unknown SSNs, DOBs, tax nos. bank nos. copies of passports Physical theft
Shands Healthcare Mar 2010 12,500 SSNs, DOBs Physical theft
Arrow Electronics, Inc. Mar 2010 4.004 SSNs, DOBs Physical theft
Vanderbilt University Mar 2010 7,174 SSNs, DOBs Physical theft
California State Univ. Los Angeles Mar 2010 232 SSNs, DOBs Physical theft
Connecticut Office of Policy and Management Mar 2010 11,000 SSNs, DOBs Physical theft

The collection of news items is six or seven years deep. 10s and 100s of millions of personal records are already out the barn door ... so, yeah, maybe they should fortify the Security Lock on the browser software on the machines at the Library. seriously?

What, is someone selling security software?

Clean up on aisle #13, verbal mess spattered all over the place by a drive-by Tenskwat.

Yup, I'm guessing it's a problem.

From the "Firesheep" website:


"Firesheep

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL."

Sorry -- I meant to add that Firesheep is a Firefox plugin designed to hijack other users accounts that don't use SSL. It was written by Eric Butler in 2010 to point out the widely ignored vulnerability.

Hi Jack,

The library’s new website (web.multcolib.org) is currently in the beta testing/Quality Assurance phase and we expect a full launch of the new site next month. The new site will provide a much-improved user experience, including more relevant search results, mobile optimization, translation features, improved accessibility standards and expanded features to discover and share your next good read.

We invite all members of our community to provide feedback on the new library website in a short survey so that we can continue to improve, secure and refine. You can find the survey here.

The site incorporates 256-bit encryption and other best practices to ensure patron privacy. We take patron privacy very seriously and appreciate the community’s efforts to help us in that endeavor. (Read our privacy policy here.) Community feedback is an important part of the planning and implementation of any new website and we certainly value it.

Thank you.

Jeremy Graybill
Marketing and Communications Director
Multnomah County Library
503.793.0881
jeremyg@multcolib.org
web.multcolib.org

The problem is that the Library website doesn't encrypt ALL the pages you visit while logged in. See the posting above about Firesheep: Once a user is logged in, if that user visits a unencrypted page, their login session cookie is vulnerable to being hijacked.

There's a reason why Facebook, Gmail, Yahoo mail, Amazon and many others moved to 100% SSL in 2010 and 2011. Their users were getting hacked this way. It's not theoretical -- I've seen it in action and helped clean up after.

I urge Mr Graybill to visit this website for info on this simple exploit. http://codebutler.com/firesheep/


Sponsors


As a lawyer/blogger, I get
to be a member of:

In Vino Veritas

Chloe, Pinot Grigio, Valdadige 2013
Edmunds St. John, Bone-Jolly Gamay Noir 2013
Kirkland, Pinot Grigio, Friuli 2013
St. Francis, Red Splash 2011
Rodney Strong, Canernet, Alexander Valley 2011
Erath, Pinot Blanc 2013
Taylor Fladgate, Porto 2007
Portuga, Rose 2013
Domaine Digioia-Royer, Chambolle-Musigny, Vielles Vignes Les Premieres 2008
Locations, F Red Blend
El Perro Verde, Rueda 2013
Chateau Ste. Michelle, Indian Wells Red 2
If You See Kay, Red 2011
Turnbull, Old Bull Red 2010
Cherry Tart, Cherry Pie Pinot Noir 2012
Trader Joe's Grand Reserve Cabernet, Oakville 2012
Benton Lane, Pinot Gris 2012
Campo Viejo, Rioja, Reserva 2008
Haden Fig, Pinot Noir 2012
Pendulum Red 2011
Vina Real, Plata, Crianza Rioja 2009
Edmunds St. John, Bone/Jolly, Gamay Noir Rose 2013
Bookwalter, Subplot No. 26
Ayna, Tempranillo 2011
Pete's Mountain, Pinot Noir, Haley's Block 2010
Apaltagua, Reserva Camenere 2012
Lugana, San Benedetto 2012
Argyle Brut 2007
Wildewood Pinot Gris 2012
Anciano, Tempranillo Reserva 2007
Santa Rita, Reserva Cabernet 2009
Casone, Toscana 2008
Fonseca Porto, Bin No. 27
Louis Jadot, Pouilly-Fuissé 2011
Trader Joe's, Grower's Reserve Pinot Noir 2012
Zenato, Lugana San Benedetto 2012
Vintjs, Cabernet 2010
14 Hands, Hot to Trot White 2012
Rainstorm, Oregon Pinot Gris 2012
Silver Palm, North Coast Cabernet 2011
Andrew Rich, Gewurtztraminer 2008
Rodney Strong, Charlotte's Home Sauvignon Blanc 2012
Canoe Ridge, Pinot Gris, Expedition 2012
Edmunds St. John, Bone-Jolly Gamay Noir Rose 2012
Dark Horse, Big Red Blend No. 01A
Elk Cove, Pinot Noir Rose 2012
Fletcher, Shiraz 2010
Picollo, Gavi 2011
Domaine Eugene Carrel, Jongieux 2012
Eyrie, Pinot Blanc 2010
Atticus, Pinot Noir 2010
Walter Scott, Pinot Noir, Holstein 2011
Shingleback, Cabernet, Davey Estate 2010
Coppola, Sofia Rose 2012
Joel Gott, 851 Cabernet 2010
Pol Roget Reserve Sparkling Wine
Mount Eden Chardonnay, Santa Cruz Mountains 2009
Rombauer Chardonnay, Napa Valley 2011
Beringer, Chardonnay, Napa Reserve 2011
Kim Crawford, Sauvignon Blanc 2011
Schloss Vollrads, Spaetlese Rheingau 2010
Belle Glos, Pinot Noir, Clark & Telephone 2010
WillaKenzie, Pinot Noir, Estate Cuvee 2010
Blackbird Vineyards, Arise, Red 2010
Chauteau de Beaucastel, Chateauneuf-du-Pape 2005
Northstar, Merlot 2008
Feather, Cabernet 2007
Silver Oak, Cabernet, Alexander Valley 2002
Silver Oak, Cabernet, Napa Valley 2002
Trader Joe's, Chardonnay, Grower's Reserve 2012
Silver Palm, Cabernet, North Coast 2010
Shingleback, Cabernet, Davey Estate 2010
E. Guigal, Cotes du Rhone 2009
Santa Margherita, Pinot Grigio 2011
Alamos, Cabernet 2011
Cousino Macul, Cabernet, Anitguas Reservas 2009
Dreaming Tree Cabernet 2010
1967, Toscana 2009
Charamba, Douro 2008
Horse Heaven Hills, Cabernet 2010
Lorelle, Horse Heaven Hills Pinot Grigio 2011
Avignonesi, Montepulciano 2004
Lorelle, Willamette Valley Pinot Noir 2011
Villa Antinori, Toscana 2007
Mercedes Eguren, Cabernet Sauvignon 2009
Lorelle, Columbia Valley Cabernet 2011
Purple Moon, Merlot 2011
Purple Moon, Chardonnnay 2011
Horse Heaven Hills, Cabernet 2010
Lorelle, Horse Heaven Hills Pinot Grigio 2011
Avignonesi, Montepulciano 2004
Lorelle, Willamette Valley Pinot Noir 2011
Villa Antinori, Toscana 2007
Mercedes Eguren, Cabernet Sauvignon 2009
Lorelle, Columbia Valley Cabernet 2011
Purple Moon, Merlot 2011
Purple Moon, Chardonnnay 2011
Abacela, Vintner's Blend No. 12
Opula Red Blend 2010
Liberte, Pinot Noir 2010
Chateau Ste. Michelle, Indian Wells Red Blend 2010
Woodbridge, Chardonnay 2011
King Estate, Pinot Noir 2011
Famille Perrin, Cotes du Rhone Villages 2010
Columbia Crest, Les Chevaux Red 2010
14 Hands, Hot to Trot White Blend

The Occasional Book

Saul Bellow - Mister Sammler's Planet
Phil Stanford - White House Call Girl
John Kaplan & Jon R. Waltz - The Trial of Jack Ruby
Kent Haruf - Eventide
David Halberstam - Summer of '49
Norman Mailer - The Naked and the Dead
Maria Dermoȗt - The Ten Thousand Things
William Faulkner - As I Lay Dying
Markus Zusak - The Book Thief
Christopher Buckley - Thank You for Smoking
William Shakespeare - Othello
Joseph Conrad - Heart of Darkness
Bill Bryson - A Short History of Nearly Everything
Cheryl Strayed - Tiny Beautiful Things
Sara Varon - Bake Sale
Stephen King - 11/22/63
Paul Goldstein - Errors and Omissions
Mark Twain - A Connecticut Yankee in King Arthur's Court
Steve Martin - Born Standing Up: A Comic's Life
Beverly Cleary - A Girl from Yamhill, a Memoir
Kent Haruf - Plainsong
Hope Larson - A Wrinkle in Time, the Graphic Novel
Rudyard Kipling - Kim
Peter Ames Carlin - Bruce
Fran Cannon Slayton - When the Whistle Blows
Neil Young - Waging Heavy Peace
Mark Bego - Aretha Franklin, the Queen of Soul (2012 ed.)
Jenny Lawson - Let's Pretend This Never Happened
J.D. Salinger - Franny and Zooey
Charles Dickens - A Christmas Carol
Timothy Egan - The Big Burn
Deborah Eisenberg - Transactions in a Foreign Currency
Kurt Vonnegut Jr. - Slaughterhouse Five
Kathryn Lance - Pandora's Genes
Cheryl Strayed - Wild
Fyodor Dostoyevsky - The Brothers Karamazov
Jack London - The House of Pride, and Other Tales of Hawaii
Jack Walker - The Extraordinary Rendition of Vincent Dellamaria
Colum McCann - Let the Great World Spin
Niccolò Machiavelli - The Prince
Harper Lee - To Kill a Mockingbird
Emma McLaughlin & Nicola Kraus - The Nanny Diaries
Brian Selznick - The Invention of Hugo Cabret
Sharon Creech - Walk Two Moons
Keith Richards - Life
F. Sionil Jose - Dusk
Natalie Babbitt - Tuck Everlasting
Justin Halpern - S#*t My Dad Says
Mark Herrmann - The Curmudgeon's Guide to Practicing Law
Barry Glassner - The Gospel of Food
Phil Stanford - The Peyton-Allan Files
Jesse Katz - The Opposite Field
Evelyn Waugh - Brideshead Revisited
J.K. Rowling - Harry Potter and the Sorcerer's Stone
David Sedaris - Holidays on Ice
Donald Miller - A Million Miles in a Thousand Years
Mitch Albom - Have a Little Faith
C.S. Lewis - The Magician's Nephew
F. Scott Fitzgerald - The Great Gatsby
William Shakespeare - A Midsummer Night's Dream
Ivan Doig - Bucking the Sun
Penda Diakité - I Lost My Tooth in Africa
Grace Lin - The Year of the Rat
Oscar Hijuelos - Mr. Ives' Christmas
Madeline L'Engle - A Wrinkle in Time
Steven Hart - The Last Three Miles
David Sedaris - Me Talk Pretty One Day
Karen Armstrong - The Spiral Staircase
Charles Larson - The Portland Murders
Adrian Wojnarowski - The Miracle of St. Anthony
William H. Colby - Long Goodbye
Steven D. Stark - Meet the Beatles
Phil Stanford - Portland Confidential
Rick Moody - Garden State
Jonathan Schwartz - All in Good Time
David Sedaris - Dress Your Family in Corduroy and Denim
Anthony Holden - Big Deal
Robert J. Spitzer - The Spirit of Leadership
James McManus - Positively Fifth Street
Jeff Noon - Vurt

Road Work

Miles run year to date: 349
At this date last year: 214
Total run in 2013: 257
In 2012: 129
In 2011: 113
In 2010: 125
In 2009: 67
In 2008: 28
In 2007: 113
In 2006: 100
In 2005: 149
In 2004: 204
In 2003: 269


Clicky Web Analytics