Detail, east Portland photo, courtesy Miles Hochstein / Portland Ground.

For old times' sake
The bojack bumper sticker -- only $1.50!

To order, click here.

Excellent tunes -- free! And on your browser right now. Just click on Radio Bojack!

E-mail us here.


This page contains a single entry from the blog posted on January 22, 2013 2:46 PM. The previous post in this blog was For the "lowest of the low," a new landlord. The next post in this blog is Streetcar lemon guy gets deal for Admiral Randy Memorial Boathouse. Many more can be found on the main index page or by looking through the archives.



Law and Taxation
How Appealing
TaxProf Blog
Mauled Again
Tax Appellate Blog
A Taxing Matter
Josh Marquis
Native America, Discovered and Conquered
The Yin Blog
Ernie the Attorney
Above the Law
The Volokh Conspiracy
Going Concern
Bag and Baggage
Wealth Strategies Journal
Jim Hamilton's World of Securities Regulation
World of Work
The Faculty Lounge
Lowering the Bar
OrCon Law

Hap'nin' Guys
Tony Pierce
Parkway Rest Stop
Along the Gradyent
Dwight Jaynes
Bob Borden
Dingleberry Gazette
The Red Electric
Iced Borscht
Jeremy Blachman
Dean's Rhetorical Flourish
Straight White Guy
As Time Goes By
Dave Wagner
Jeff Selis
Alas, a Blog
Scott Hendison
The View Through the Windshield
Appliance Blog
The Bleat

Hap'nin' Gals
My Whim is Law
Lelo in Nopo
Attorney at Large
Linda Kruschke
The Non-Consumer Advocate
10 Steps to Finding Your Happy Place
A Pig of Success
Attorney at Large
Margaret and Helen
Kimberlee Jaynes
Cornelia Seigneur
And Sew It Goes
Mile 73
Rainy Day Thoughts
That Black Girl
Posie Gets Cozy
Cat Eyes
Rhi in Pink
Ragwaters, Bitters, and Blue Ruin
Rose City Journal
Type Like the Wind

Portland and Oregon
Isaac Laquedem
Rantings of a [Censored] Bus Driver
Jeff Mapes
Vintage Portland
The Portlander
South Waterfront
Amanda Fritz
O City Hall Reporters
Guilty Carnivore
Old Town by Larry Norton
The Alaunt
Bend Blogs
Lost Oregon
Cafe Unknown
Tin Zeroes
David's Oregon Picayune
Mark Nelsen's Weather Blog
Travel Oregon Blog
Portland Daily Photo
Portland Building Ads
Portland Food and
Dave Knows Portland
Idaho's Portugal
Alameda Old House History
MLK in Motion

Retired from Blogging
Various Observations...
The Daily E-Mail
Saving James
Portland Freelancer
Furious Nads (b!X)
Izzle Pfaff
The Grich
Kevin Allman
AboutItAll - Oregon
Lost in the Details
Worldwide Pablo
Tales from the Stump
Whitman Boys
Two Pennies
This Stony Planet
1221 SW 4th
I am a Fish
Here Today
What If...?
Superinky Fixations
The Rural Bus Route
Another Blogger
Mikeyman's Computer Treehouse
Portland Housing Blog

Wonderfully Wacky
Dave Barry
Borowitz Report
Stuff White People Like
Worst of the Web

Valuable Time-Wasters
My Gallery of Jacks
Litterbox, On the Prowl
Litterbox, Bag of Bones
Litterbox, Scratch
Ride That Donkey
Singin' Horses
Rally Monkey
Simon Swears
Strong Bad's E-mail

Oregon News
The Oregonian
Portland Tribune
Willamette Week
The Sentinel
Southeast Examiner
Northwest Examiner
Sellwood Bee
Mid-County Memo
Vancouver Voice
Eugene Register-Guard
OPB - Portland
Salem Statesman-Journal
Oregon Capitol News
Portland Business Journal
Daily Journal of Commerce
Oregon Business
Portland Info Net
McMinnville News Register
Lake Oswego Review
The Daily Astorian
Bend Bulletin
Corvallis Gazette-Times
Roseburg News-Review
Medford Mail-Tribune
Ashland Daily Tidings
Newport News-Times
Albany Democrat-Herald
The Eugene Weekly
Portland IndyMedia
The Columbian

The Beatles
Bruce Springsteen
Joni Mitchell
Ella Fitzgerald
Steve Earle
Joe Ely
Stevie Wonder
Lou Rawls

E-mail, Feeds, 'n' Stuff

Tuesday, January 22, 2013

Is new library software unsafe to use?

A reader who seems to know something but won't sign his or her real name lobbed something over the transom earlier today. We'll leave it to the intertube experts out there to tell us if it's worth worrying about.

We've noticed in accessing the Multnomah County Library's website the last few days that they're promising "a new website coming in February." Our reader wonders whether it will be secure enough:

As a daily reader of your blog and a fellow supporter of the Multnomah County library, I wanted to mention a startling security concern that I hope you might make public. For anyone that uses the library, this is a big deal:

Something very important and elemental is missing from the library's upcoming redesign: basic web security. The library's web form pages (not the log in page) don't employ the Secure Socket Later (SSL) protocol, leaving users exposed to unnecessary online risk when they fill out the site's online forms.

This means that anyone trying to reach the library through pages in its Contact tab -- including Suggest a purchase, Email a librarian, and Comments and suggestions --- are vulnerable to having their card numbers, PIN numbers, names, emails, phone numbers, etc. exposed. Identity theft crooks look for easy targets first, and this is a day-glow bulls-eye with prison yard spotlighting.

Perhaps this oversight is connected to the offloading of website management to BiblioCommons; that's a whole 'nother issue. But standard online security practices dictate that *any* web page requiring users to provide personal information should employ SSL protocol.

As someone that supports the library through regular use and votes, and who is happy that it now has a permanent (and expensive) source of funding, I have to wonder ... how could someone get this most basic web security issue wrong?

There's likely a personal agenda under that comment, but the reader's motive isn't really the question. Is it a valid concern?

Comments (9)

God what happens in 10 years when 99% of the books are eBooks?

Then again, it'll make it that much easier for big brother to track what you are reading.

In a word, yes. I do not post any information of a personal nature on site without SSL. Currently https shows up when you renew etc on the current site. It looks like one will have to do some discovery steps to see if SSL continues. The OP seems to think (or know?) not.

Is it a valid concern?

Yes, it is a valid concern. As the original author notes, any time any sort of personal information is solicited by a web site with a legitimate (or even illegitimate) reason for doing so, that information should be secured. This includes log-in forms for online services (i.e. forums, blogs, etc., that require users to log in). The amount of unencrypted personal data floating around throughout the ether is amazing. And there are folks (scum mostly) that intentionally purchase server time on mass web hosts with the sole purpose of raking unencrypted data over the intertubes.

SSL certificates are relatively inexpensive these days. There is no excuse for not doing it.

If the online services vendor that the MCL contracts with is not capable of supporting this, they need to find a new vendor that does.

There is likely (but unseen) a 'personal agenda' at root, because that's LIKE every humanmade (not Act-of-Nature) initiative: Someone has a MOTIVE. Behind it. That MOTIVATES it /action /event.
There is always the inevitable 'Why?' As in Who What Where When WHY (and How)?
As in: a Reader. by Email. (at)Bojack. Today. ... but WHY? Which -- the 'Why' -- is NOT reported in 'news' reports anymore these days. Just sayin'. Why not?

The whole Psychological Inflammation promotion, goes on frightening the public with specious threats -- 'identity theft' 'bank account theft' 'reputation theft' -- as long as computer tech remains a mystery. The ordinary person has no idea of internet's operation and, without knowing better then he or she easily believes anything. Somebody can steal your I.D. - be very afraid!

But WHY? Why would 'who' even want your I.D. If you got Big liquid Bucks stashed away -- you're RICH, then maybe someone faking your I.D. could spend it. But if a bank robber in-person robbed your Big Rich bank account, then the bank replaces the ('your') money and absorbs the loss, (insured). Why not if electronic transfer robs it? Why is that not the bank's liability, (insured); Why is there the saturation fear blared and trumpeted that it is your liability?

And so on, in perhaps partial risk exposure danger maybe somewhat, worrisome possibilities sorta are concoctable maybe, for many other hypothetical special cases, but all in all, as a general truth in-fact: for the 99% of us, NObody tries to steal our I.D. Sorry if that deflates anyone's Self-Important Vanity Bubble.

If anyone is going to pry into your personal information, if anyone is going to make you a victim of data theft, then -- like 97-out-of-every-100 personal crimes -- you KNOW the PERP. Person-crime Victims know the Criminals! Friends and acquaintances are the largest cause of personal crimes. Crimes of passion, crimes of envy, crimes of abuse, and embezzlements -- almost always it is someone you know; people get shot by guns that are already in the house and the victim knew it; almost never do strangers burst in, or rob you, and if they do then probably someone you know put them up to it; (again, statistics are different if you have a million dollar Picasso hanging in plain sight, or you don't notice leaving a trail of benjamins falling out of your purse along the sidewalk leading to your front door ....) Real risk of strangers in the real world targeting YOUR I.D. and life-position is less a real worrying threat than the flying fickle finger of Fate finding you, and that finger is fiction.

Yet hundreds of millions of I.D.s and information files are stolen. So Why? Where? Who is stealing? How?
Whoever it is, the FBI can't seem to ever find them. Or do find them and 'they' pull rank and the FBI lets them go. Either way, catching the thieves or letting them go, the public never hears about it. How do they steal? Physical possession. Laptops and harddrives and memory sticks and CD copies and cellphones -- the physical containers of personal information are stolen by grabbing them. Where? Off the seats of unlocked cars; out of office desks, at work by coworkers (you know), at home by roommates (you know); out of purses and briefcases.

The FEAR! PANIC! WORRY! about your personal private information affairs is all incredibly overblown, if you ask me. Why does anyone want your individual information? Self-flattery is the primary source of paranoia.

On the other hand there ARE some 'entities' desiring to have EVERYbody's information, all in one Big Brother master file. Updated daily, or hourly, if possible. (You 'know' who I mean, but even there it remains reasonable to ask Why? 'entities' do it)

Here's a partial list from a curated archive of news reports of data thefts:

Personal data thefts February 2009 - December 2010

Target | Date | Number of persons affected | Type of data | Method

Dean Health Systems, Madison, WI Dec, 2010 3,288 Med data, DOBs Physical theft
Mountain View Medical Center Dec 2010 2,200 Med data, DOBs Physical theft
University of Alberta Dec 2010 2,700 Med data, DOBs Physical theft
University of Arizona Dec 2010 8,300 SSNs, DOBs Physical theft
University of Wisconsin-Madison Dec 2010 60,000 SSNs, DOBs Physical theft
Henry Ford Health System, Detroit Nov 2010 3,700 DOBs, Medical data Physical theft
Messiah College, PA Nov 2010 43,000 SSNs, DOBs Physical theft
Accomack County Virginia Oct 2010 35,000 SSNs, DOBs Physical theft
Keystone Mercy Health Plan Oct 2010 280,000 SSNs, DOBs Physical theft
University of California Davis
Oct 2010 900 SSNs, DOBs Physical theft
City University of New York Sep 2010 7,000 SSNs, DOBs Physical theft
St. Vincent Hospital, Indianapolis
Sep 2010 1,200 SSNs, DOBs Physical theft
Martin Luther King, Jr. Multi-Service Ambulatory Care Center, L.A. Sep 2010 33,000 Medical, DOBs Physical theft
Rice University Sep 2010 7,250 Financial, DOBs Physical theft
Fraser Health Authority (BC) Sep 2010 600 SINs, DOBs Physical theft
City University of New York Sep 2010 7,000 SSNs, DOBs Physical theft
University of Florida Aug 2010 8,300 SSNs, DOBs Physical theft
Yale School of Medicine Aug 2010 1,000 Med data Physical theft
Cook County Health & Hospitals System Aug 2010 7,000 SSNs, DOBs Physical theft
University of Connecticut Aug 2010 10,174 SSNs, DOBs Physical theft
University of Kentucky Aug 2010 2.027 SSNs, DOBs Physical theft
Eastmoreland Surgical Clinic & Vein Center (Portland, OR) Aug 2010 unknown SSNs, DOBs Physical theft
Aultman Health Foundation (OH) Aug 2010 13,800 SSNs, DOBs Physical theft
Oregon Health & Science University Aug 2010 4,000 SSNs, DOBs Physical theft
Portland Community College (OR) Aug 2010 2,900 SSNs, DOBs Physical theft
Fort Worth Allergy and Asthma Associates Aug 2010 25,000 SSNs, DOBs Physical theft
Montefiore Medcial Center, NY Jul 2010 23,000 SSNs, DOBs Physical theft
Texas Children's Hospital Jul 2010 1,600 Med data, DOBs Physical theft
American Airlines Jul 2010 79,000 SSNs, DOBs Physical theft
Prince William County, VA Jul 2010 669 SSNs, DOBs Physical theft
South Shore Hospital, MA Jul 2010 800,000 SSNs, DOBs, med. data Physical theft
Connecticut Dept. of Labor Jul 2010 5,000 SSNs, DOBs Physical theft
Cooper University Hospital, Camden, NJ Jul 2010 unknown SSNs, DOBs Physical theft
Thomas Jefferson University Hospitals Jul 2010 21,000 SSNs, DOBs Physical theft
Rainbow Hospice & Palliative Care, Chicago Jun 2010 unknown SSNs, DOBs Physical theft
West Berkshire Council (UK) Jun 2010 unknown data on children Physical theft
Safe Harbor Med Evaluations Jun 2010 unknown SSNs, DOBs, med. data Physical theft
University of Maine Jun 2010 4,585 SSNs Physical theft
A4e (UK) Jun 2010 24,000 NINs, DOBs Physical theft
Lincoln Medical and Mental Health Center Jun 2010 130,000 Med. data Physical theft
University Hospital (Augusta, GA) Jun 2010 13,000 Med. data Data "Loss"
Caritas Medical Center Jun 2010 3,000 Med. data Physical theft
Oregon National Guard Jun 2010 unknown# SSNs, DOBs Physical theft
Bank of America Jun 2010 unknown SSNs, Tax ID nos, DOBs Physical theft
Safe Harbor Med Evaluations Jun 2010 unknown SSNs, DOBs Physical theft
West Berkshire Council (UK) Jun 2010 unknown "sensitive data" on children Physical theft
Rainbow Hospice and Palliative Care Jun 2010 unknown SSNs, DOBs Physical theft
Cincinnati Children's Hospital Medical Center May 2010 61,027 DOBs, med. data Physical theft
Curtin Manufacturing May 2010 1,990 SSNs, tax data Physical theft
City of Charlotte May 2010 5,220 SSNs, DOBs "Loss"
Peterborough District Hospital (UK) May 2010 1,100 DOBs, med. nos. Physical theft
Oconee Heart Center (SC) May 2010 600 DOBs, Med. nos. Physical theft
New Mexico Human Services Department May 2010 9,500 SSNs, DOBs Physical theft
Dept. of Veterans Affairs May 2010 644 SSNs, DOBs Physical theft
US Army Reserve May 2010 207,000 SSNs, DOBs Physical theft
John Muir Health Apr 2010 5,450 DOBs, Med. nos. Physical theft
LPL Financial Apr 2010 unknown SSNs, DOBs Physical theft
Mass. Eye and Ear Infirmary Apr 2010 3,526 DOBs, Med. nos. Physical theft
Medical Center of Bowling Green Apr 2010 5,416 DOBs, Med. nos. Physical theft
St Jude Medical Heritage Center Apr 2010 20,000 SSNs, DOBs Physical theft
United Imaging Apr 2010 1,700 SSNs, DOBs "Loss"
Massachusetts Eye and Ear Infirmiry Apr 2010 3,526 DOBs, Med data Physical theft
LPL Financial Apr 2010 unknown SSNs, DOBs Physical theft
John Muir Health Apr 2010 5,450 DOBs, Med data Physical theft
Educational Credit Management Corp. Mar 2010 3,300,000 SSNs, DOBs Physical theft
Griffin Hospital Mar 2010 @ 1,000 Radiological data Physical theft
Proxima Alfra Investments LLC Mar 2010 Unknown SSNs, DOBs, tax nos. bank nos. copies of passports Physical theft
Shands Healthcare Mar 2010 12,500 SSNs, DOBs Physical theft
Arrow Electronics, Inc. Mar 2010 4.004 SSNs, DOBs Physical theft
Vanderbilt University Mar 2010 7,174 SSNs, DOBs Physical theft
California State Univ. Los Angeles Mar 2010 232 SSNs, DOBs Physical theft
Connecticut Office of Policy and Management Mar 2010 11,000 SSNs, DOBs Physical theft

The collection of news items is six or seven years deep. 10s and 100s of millions of personal records are already out the barn door ... so, yeah, maybe they should fortify the Security Lock on the browser software on the machines at the Library. seriously?

What, is someone selling security software?

Clean up on aisle #13, verbal mess spattered all over the place by a drive-by Tenskwat.

Yup, I'm guessing it's a problem.

From the "Firesheep" website:


When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL."

Sorry -- I meant to add that Firesheep is a Firefox plugin designed to hijack other users accounts that don't use SSL. It was written by Eric Butler in 2010 to point out the widely ignored vulnerability.

Hi Jack,

The library’s new website ( is currently in the beta testing/Quality Assurance phase and we expect a full launch of the new site next month. The new site will provide a much-improved user experience, including more relevant search results, mobile optimization, translation features, improved accessibility standards and expanded features to discover and share your next good read.

We invite all members of our community to provide feedback on the new library website in a short survey so that we can continue to improve, secure and refine. You can find the survey here.

The site incorporates 256-bit encryption and other best practices to ensure patron privacy. We take patron privacy very seriously and appreciate the community’s efforts to help us in that endeavor. (Read our privacy policy here.) Community feedback is an important part of the planning and implementation of any new website and we certainly value it.

Thank you.

Jeremy Graybill
Marketing and Communications Director
Multnomah County Library

The problem is that the Library website doesn't encrypt ALL the pages you visit while logged in. See the posting above about Firesheep: Once a user is logged in, if that user visits a unencrypted page, their login session cookie is vulnerable to being hijacked.

There's a reason why Facebook, Gmail, Yahoo mail, Amazon and many others moved to 100% SSL in 2010 and 2011. Their users were getting hacked this way. It's not theoretical -- I've seen it in action and helped clean up after.

I urge Mr Graybill to visit this website for info on this simple exploit.


As a lawyer/blogger, I get
to be a member of:

In Vino Veritas

Lange, Pinot Gris 2015
Kiona, Lemberger 2014
Willamette Valley, Pinot Gris 2015
Aix, Rosé de Provence 2016
Marchigüe, Cabernet 2013
Inazío Irruzola, Getariako Txakolina Rosé 2015
Maso Canali, Pinot Grigio 2015
Campo Viejo, Rioja Reserva 2011
Kirkland, Côtes de Provence Rosé 2016
Cantele, Salice Salentino Reserva 2013
Whispering Angel, Côtes de Provence Rosé 2013
Avissi, Prosecco
Cleto Charli, Lambrusco di Sorbara Secco, Vecchia Modena
Pique Poul, Rosé 2016
Edmunds St. John, Bone-Jolly Rosé 2016
Stoller, Pinot Noir Rosé 2016
Chehalem, Inox Chardonnay 2015
The Four Graces, Pinot Gris 2015
Gascón, Colosal Red 2013
Cardwell Hill, Pinot Gris 2015
L'Ecole No. 41, Merlot 2013
Della Terra, Anonymus
Willamette Valley, Dijon Clone Chardonnay 2013
Wraith, Cabernet, Eidolon Estate 2012
Januik, Red 2015
Tomassi, Valpolicella, Rafaél, 2014
Sharecropper's Pinot Noir 2013
Helix, Pomatia Red Blend 2013
La Espera, Cabernet 2011
Campo Viejo, Rioja Reserva 2011
Villa Antinori, Toscana 2013
Locations, Spanish Red Wine
Locations, Argentinian Red Wine
La Antigua Clásico, Rioja 2011
Shatter, Grenache, Maury 2012
Argyle, Vintage Brut 2011
Abacela, Vintner's Blend #16 Abacela, Fiesta Tempranillo 2014
Benton Hill, Pinot Gris 2015
Primarius, Pinot Gris 2015
Januik, Merlot 2013
Napa Cellars, Cabernet 2013
J. Bookwalter, Protagonist 2012
LAN, Rioja Edicion Limitada 2011
Beaulieu, Cabernet, Rutherford 2009
Denada Cellars, Cabernet, Maipo Valley 2014
Marchigüe, Cabernet, Colchagua Valley 2013
Oberon, Cabernet 2014
Hedges, Red Mountain 2012
Balboa, Rose of Grenache 2015
Ontañón, Rioja Reserva 2015
Three Horse Ranch, Pinot Gris 2014
Archery Summit, Vireton Pinot Gris 2014
Nelms Road, Merlot 2013
Chateau Ste. Michelle, Pinot Gris 2014
Conn Creek, Cabernet, Napa 2012
Conn Creek, Cabernet, Napa 2013
Villa Maria, Sauvignon Blanc 2015
G3, Cabernet 2013
Chateau Smith, Cabernet, Washington State 2014
Abacela, Vintner's Blend #16
Willamette Valley, Rose of Pinot Noir, Whole Clusters 2015
Albero, Bobal Rose 2015
Ca' del Baio Barbaresco Valgrande 2012
Goodfellow, Reserve Pinot Gris, Clover 2014
Lugana, San Benedetto 2014
Wente, Cabernet, Charles Wetmore 2011
La Espera, Cabernet 2011
King Estate, Pinot Gris 2015
Adelsheim, Pinot Gris 2015
Trader Joe's, Pinot Gris, Willamette Valley 2015
La Vite Lucente, Toscana Red 2013
St. Francis, Cabernet, Sonoma 2013
Kendall-Jackson, Pinot Noir, California 2013
Beaulieu, Cabernet, Napa Valley 2013
Erath, Pinot Noir, Estate Selection 2012
Abbot's Table, Columbia Valley 2014
Intrinsic, Cabernet 2014
Oyster Bay, Pinot Noir 2010
Occhipinti, SP68 Bianco 2014
Layer Cake, Shiraz 2013
Desert Wind, Ruah 2011
WillaKenzie, Pinot Gris 2014
Abacela, Fiesta Tempranillo 2013
Des Amis, Rose 2014
Dunham, Trautina 2012
RoxyAnn, Claret 2012
Del Ri, Claret 2012
Stoppa, Emilia, Red 2004
Primarius, Pinot Noir 2013
Domaines Bunan, Bandol Rose 2015
Albero, Bobal Rose 2015
Deer Creek, Pinot Gris 2015
Beaulieu, Rutherford Cabernet 2013
Archery Summit, Vireton Pinot Gris 2014
King Estate, Pinot Gris, Backbone 2014
Oberon, Napa Cabernet 2013
Apaltagua, Envero Carmenere Gran Reserva 2013
Chateau des Arnauds, Cuvee des Capucins 2012
Nine Hats, Red 2013
Benziger, Cabernet, Sonoma 2012
Roxy Ann, Claret 2012
Januik, Merlot 2012
Conundrum, White 2013
St. Francis, Sonoma Cabernet 2012

The Occasional Book

Marc Maron - Waiting for the Punch
Phil Stanford - Rose City Vice
Kenneth R. Feinberg - What is Life Worth?
Kent Haruf - Our Souls at Night
Peter Carey - True History of the Kelly Gang
Suzanne Collins - The Hunger Games
Amy Stewart - Girl Waits With Gun
Philip Roth - The Plot Against America
Norm Macdonald - Based on a True Story
Christopher Buckley - Boomsday
Ryan Holiday - The Obstacle is the Way
Ruth Sepetys - Between Shades of Gray
Richard Adams - Watership Down
Claire Vaye Watkins - Gold Fame Citrus
Markus Zusak - I am the Messenger
Anthony Doerr - All the Light We Cannot See
James Joyce - Dubliners
Cheryl Strayed - Torch
William Golding - Lord of the Flies
Saul Bellow - Mister Sammler's Planet
Phil Stanford - White House Call Girl
John Kaplan & Jon R. Waltz - The Trial of Jack Ruby
Kent Haruf - Eventide
David Halberstam - Summer of '49
Norman Mailer - The Naked and the Dead
Maria Dermoȗt - The Ten Thousand Things
William Faulkner - As I Lay Dying
Markus Zusak - The Book Thief
Christopher Buckley - Thank You for Smoking
William Shakespeare - Othello
Joseph Conrad - Heart of Darkness
Bill Bryson - A Short History of Nearly Everything
Cheryl Strayed - Tiny Beautiful Things
Sara Varon - Bake Sale
Stephen King - 11/22/63
Paul Goldstein - Errors and Omissions
Mark Twain - A Connecticut Yankee in King Arthur's Court
Steve Martin - Born Standing Up: A Comic's Life
Beverly Cleary - A Girl from Yamhill, a Memoir
Kent Haruf - Plainsong
Hope Larson - A Wrinkle in Time, the Graphic Novel
Rudyard Kipling - Kim
Peter Ames Carlin - Bruce
Fran Cannon Slayton - When the Whistle Blows
Neil Young - Waging Heavy Peace
Mark Bego - Aretha Franklin, the Queen of Soul (2012 ed.)
Jenny Lawson - Let's Pretend This Never Happened
J.D. Salinger - Franny and Zooey
Charles Dickens - A Christmas Carol
Timothy Egan - The Big Burn
Deborah Eisenberg - Transactions in a Foreign Currency
Kurt Vonnegut Jr. - Slaughterhouse Five
Kathryn Lance - Pandora's Genes
Cheryl Strayed - Wild
Fyodor Dostoyevsky - The Brothers Karamazov
Jack London - The House of Pride, and Other Tales of Hawaii
Jack Walker - The Extraordinary Rendition of Vincent Dellamaria
Colum McCann - Let the Great World Spin
Niccolò Machiavelli - The Prince
Harper Lee - To Kill a Mockingbird
Emma McLaughlin & Nicola Kraus - The Nanny Diaries
Brian Selznick - The Invention of Hugo Cabret
Sharon Creech - Walk Two Moons
Keith Richards - Life
F. Sionil Jose - Dusk
Natalie Babbitt - Tuck Everlasting
Justin Halpern - S#*t My Dad Says
Mark Herrmann - The Curmudgeon's Guide to Practicing Law
Barry Glassner - The Gospel of Food
Phil Stanford - The Peyton-Allan Files
Jesse Katz - The Opposite Field
Evelyn Waugh - Brideshead Revisited
J.K. Rowling - Harry Potter and the Sorcerer's Stone
David Sedaris - Holidays on Ice
Donald Miller - A Million Miles in a Thousand Years
Mitch Albom - Have a Little Faith
C.S. Lewis - The Magician's Nephew
F. Scott Fitzgerald - The Great Gatsby
William Shakespeare - A Midsummer Night's Dream
Ivan Doig - Bucking the Sun
Penda Diakité - I Lost My Tooth in Africa
Grace Lin - The Year of the Rat
Oscar Hijuelos - Mr. Ives' Christmas
Madeline L'Engle - A Wrinkle in Time
Steven Hart - The Last Three Miles
David Sedaris - Me Talk Pretty One Day
Karen Armstrong - The Spiral Staircase
Charles Larson - The Portland Murders
Adrian Wojnarowski - The Miracle of St. Anthony
William H. Colby - Long Goodbye
Steven D. Stark - Meet the Beatles
Phil Stanford - Portland Confidential
Rick Moody - Garden State
Jonathan Schwartz - All in Good Time
David Sedaris - Dress Your Family in Corduroy and Denim
Anthony Holden - Big Deal
Robert J. Spitzer - The Spirit of Leadership
James McManus - Positively Fifth Street
Jeff Noon - Vurt

Road Work

Miles run year to date: 5
At this date last year: 3
Total run in 2017: 113
In 2016: 155
In 2015: 271
In 2014: 401
In 2013: 257
In 2012: 129
In 2011: 113
In 2010: 125
In 2009: 67
In 2008: 28
In 2007: 113
In 2006: 100
In 2005: 149
In 2004: 204
In 2003: 269

Clicky Web Analytics