The Joys of Having an Expired SSL Certificate

Posted on July 5, 2017 by Maria Langer

A frustrating waste of time.

A few months ago, when it became clear that the Republican led congress was going to allow ISPs to sell our browsing history to the highest bidders, I got a bit more concerned about security. In my research, I came across an article that recommended that users never visit a website without an SSL certificate.

If you don’t know how to tell whether a site has an SSL certificate, the easiest way is to look at the full URL. If it starts with https:// instead of http:// it has an SSL certificate. Think of that extra character, the s, as standing for secure.

Also, some web browsers display a special icon — such as a lock — near the URL or possibly in the status bar at the bottom of the page.

One thing is for sure: You should only enter personal data in pages that are SSL-protected. So if you don’t know how to check for a secure page in your browser, learn.

Of course, at the time, this blog did not have an SSL certificate. I’d done some research in the past and decided it wasn’t worth the cost. After all, although I do get a few donations — thank you generous supporters! — it isn’t as if this site earns any money for me. Hosting costs enough money; buying a certificate wasn’t in the budget.

Still that article made me wonder if I were losing visitors because I didn’t have that certificate. So I did some more research and discovered that my WordPress host, Bluehost, offered a free SSL certificate for subscribers. I made a few calls, clicked a few links, installed a WordPress plugin, and voila! I had a coveted https:// URL.

And then I pretty much forgot about it. After all, typing in the old URL (without the s) still pointed people to the new one. And who types in the whole thing anyway? If you put in any combination of URLs to get to this site — or if you clicked a link that took you here — some sort of behind-the-scenes magic put you on a secure page.

Yesterday changed that. I went to check the site and was faced with the following message:

WTF?

Of course, I discovered this about 30 minutes before a friend was due to arrive to detail my helicopter and I had about a half dozen other things I wanted/needed to do before he arrived — like get dressed? (It was 5:30 AM.) So I did the easy thing: I called Bluehost and asked them what the hell was going on.

The support guy I got was very fond of the hold button. I don’t know if it’s because he really needed help or if he was working on more than one call at a time. I was on hold for most of the 45 minutes our call lasted. While I waited, my friend came, I greeted him in my pajamas, I made him coffee, and I put a bowl of cherries in front of him, occasionally interrupting our conversation to speak with the Bluehost support guy when he came back on the phone.

My big concern was this: people would be scared away by that message. They’d click a link, get to my site, and leave, thinking they’d get a virus or something. I needed the problem resolved quickly.

I was told that Comodo, the organization that provided the SSL certificates, had sent me some sort of verification email that I needed to click a link in. I told him I’d never gotten a message, although it could have been sorted into spam and automatically deleted. He asked me to check a specific email address. I told him I didn’t have that email address. “Well, that’s where the message was sent.”

This made no sense. It was not the email address I had on file with Bluehost. It was an email address on my domain that I had never set up. I checked and verified that it didn’t exist. Comodo had sent an email message to an address that I’d never created or used.

Seriously: WTF?

Mr Hold Button told me to create the address, which I did while he waited. Then, after putting me on hold for a while longer, he told me they’d send a new message and that I should follow the instruction in it.

By this time, I was tired of dealing with the problem. I needed to get dressed. I needed to pull the helicopter out so my friend could get started on it. I needed to do the other things I needed to do. So I told him I’d check in a while and hung up.

And then I forgot about it.

You see, I have a life and that life does not revolve around dealing with computer issues. That was my old life. My new life is far more interesting.

Besides, I had no intention of adding that new email address to any of my email clients on any of my devices. That meant I had to sit at a computer and go to the Webmail feature on Bluehost to check the message. Not exactly something I’m likely to remember.

But I got reminded again this morning when it still didn’t work right. One of my readers emailed me. I also noticed when I attempted to approve two comments.

I checked that stupid email inbox. Empty.

I got on the phone with Bluehost.

This time I got a guy who didn’t like touching the hold button. He stuck with me while we worked through the problem. There was a lot of silent time. He was texting with Comodo. I was starting to write this blog post. Occasionally, he would update me. Occasionally I’d whine to him about how ridiculous the whole thing was. He was suitably sympathetic. I was as apologetic as I could be. After all, it wasn’t his fault.

In the end, the email message finally came. I clicked the link — but not after lecturing him about how we’re not supposed to click links in email messages. I entered the secret code. He confirmed some stuff on his end. I snacked on some cherries. When he said, “Try now,” I did.

The problem was fixed. It had taken 22 minutes.

We wished each other a nice day. When I got the survey at the end of the call, I gave him a good score.

So it looks like this site is secure again — at least until the next time Comodo decides it needs to verify me.

And yes, this did impact site traffic. I had less than half my usual visitors yesterday and started today at about one quarter the traffic I should have had by noon.

The FAA’s Irrational Application of a Rule

Posted on June 18, 2017 by Maria Langer

A little about my Vertical column and the responses to it.

If you’re a helicopter pilot, you’re likely familiar with Vertical Magazine. Simply put, it’s the premiere helicopter pilot/operator publication, with great articles and amazing photography. It not only informs those of us in the helicopter industry, but it keeps us enthusiastic about being part of what’s admittedly a rather elite club.

If you read the June/July issue (download here as a pdf), you may have seen page 10’s Talking Point column. And if you know this blog, you probably realized that the Maria Langer who wrote that month’s column is the same Maria Langer who has been blogging here since 2003. Yeah: me.

I haven’t blogged about this yet because, frankly, I still can’t believe it happened.

While I wasn’t paying attention, the FAA issued FAR Part 135.160, which requires Part 135 on demand charter operators like me to install a radio altimeter. The rule has a loophole, which my Primary Operations Inspector (POI) at the Flight Standards District Office (FSDO) told me about: a waiver was available for helicopters less than 2,950 pounds max gross weight. My R44 has a max gross weight of 2,500 pounds and is VFR-only. Surely I’d get the waiver.

I didn’t.

What’s the Big Deal?

If you’re not familiar with what a radio altimeter is, you likely don’t understand how incredibly idiotic it is to require one in an R44. Here’s the deal. A radio altimeter — which is also sometimes called a radar altimeter — uses radio waves to measure the exact height of an aircraft over the ground. It then sends this data to a readout on the aircraft’s instrument panel so the pilot has this information handy.

Of course, a Robinson R44, which is what I fly, is a VFR-only aircraft. That means it’s only legal to fly in VFR (visual flight rules) conditions. That means you can see out the aircraft window. And that’s what Robinson pilots — all VFR pilots, for that matter — do when they want to know how high off the ground they are. They look. After all, they’re supposed to be looking outside anyway.

So for the FAA to require this kind of instrument on an aircraft that’s never going to need one makes absolutely no sense whatsoever.

Being the gadget person I am, I might not mind having a new toy in the cockpit. The trouble is, my cockpit’s panel must be modified to accommodate it, thus reducing my forward visibility, and the damn thing is going to cost me $14,500 to buy and have installed. And the helicopter will be offline for about a week while the mechanic tears it apart and drills holes in the fuselage to put it in.

There’s more to the story, but it’s mostly covered in the Vertical column. Go read it now; it’s on page 10. It’s short — they wouldn’t let me have more than 1,000 words. (I know; I gave them 1,200 and they cut 200 out.) See if you can read my frustration between the lines.

Responses

I got a number of responses to the column.

This is kind of cool: they listed me as a contributing editor in that issue’s masthead.

The very first was from my friend Mike in Florida. He sent me an email message that included the Contributing Editor list you see here and a link to the article with his congratulations. Mike has also written for Vertical; he has a ton of experience and great writing skills.

A handful of other folks I knew texted or emailed me that they’d seen it. That was gratifying. I really do like writing for publication and should make a conscious effort to do it more often.

Then, the other day, about two weeks after it was first published, I got a call from someone at Helicopter Association International (HAI). HAI is a professional organization for helicopter pilots and operators. I used to be a member. It cost $600 a year and the only thing I got from them was a wooden membership plaque and a lot of paper. Safety posters, manuals, letters, newsletters, magazines. All kinds of crap to add to the clutter that had already taken over my life. When I dropped my membership after two or three years, they called to find out why. I told them they did nothing for small operators like me. They promised to change and conned me into joining for another year. Nothing changed. I was throwing my money away. I dropped my membership for good.

The HAI guy who called started by asking why I hadn’t come to HAI with the radio altimeter issue. After all, part of their member benefits was to be the voice of helicopter operators in Washington DC. Wrong question. I told him I wasn’t a member and then explained, in many, many words, why I’d quit. Then we talked a bit about the radio altimeter issue. He said he’d been working on it for a few days and he certainly did know a lot about it. He said that he wasn’t sure, but thought that HAI, which had been involved in the rulemaking comment process, had assumed it would only apply to medical helicopters. He said I shouldn’t get my hopes up but he and HAI were going to work on it. He wanted to stay in touch. Whatever. I gave him my email address.

When I hung up, I wondered why they were trying to close the barn door after the horse had already gotten out. After all, the FAA was not going to change the rule, especially after so many operators had already gone to such great expense to meet the requirement. HAI had dropped the ball for its small operators yet again. At least I hadn’t paid them to do it on my behalf.

The most recent response came just today and it prompted me to write this blog post. It was an email from a Facebook friend. I actually got two versions of it; I think this is the one he sent first which he apparently thought he lost:

Hey Maria
My name is Scott ##### and I took a $40 ride with you at the 2006 Goodyear Airshow out to PIR and back.
In 2007 I started flight training. We’re “friends” on Facebook and I always enjoy your posts and writings on your blog.
I just finished reading your article in Vertical magazine and couldn’t resist contacting you with my comments.
What a horrible situation for you. I’m severely confused as to why a Federal, as in a single national government agency, interprets the rules differently at each FSDO. It should be the same across the United States! How frustrating I’m sure this is for you.
This industry is tough enough as it is and for a single pilot, single aircraft operator, you’ve been extremely successful. Now this?
At least you got the temporary A160 but you shouldn’t have to have the radar altimeter installed at all! To me it’s very cut and dry: 135.160 does not apply to VFR aircraft weighing less than 2,950 pounds! Where’s the Misinterpretation?
I guess you can’t just cancel your installation appointment at Quantum in December, but hopefully you can get around paying for equipment you’ll never use.
Good luck to you Maria.

First, I have to say how gratifying it is to have been instrumental in a person deciding to learn how to fly helicopters. Wow. Just wow.

Second, it’s cut and dry to me, too! And most of the folks I spoke to that don’t happen to work at the FAA. And there’s nothing I’d like more than to cancel my December appointment with Quantum to get the radio altimeter installed.

But I wrote him a more informative response and I thought I’d share it here. It says a few things I couldn’t say in Vertical. (Or maybe they were in the 200 words that had to be left on the cutting room floor.)

Hi, Scott. Thanks for writing.
Unfortunately, every word of my Vertical piece is true. The FAA will NOT give me the waiver. They don’t care that my helicopter is small or VFR-only or or that the panel is full or that the rule was written in such a way to exclude R44s like mine. They do not operate logically. I worked with AOPA and an aviation attorney. I got my Congressman and one of my Senators involved. I had an email correspondence going with THREE men with the FAA in Washington who are responsible for making the rule. My lawyer spoke to people in Washington, too. They won’t budge. In fact, they told my lawyer that they’re going to rewrite the guidance so R44 helicopters can’t be excluded.
Problem is, medical helicopters crashed and people made noise at the FAA. The FAA needed a fix to turn down the heat. Radio altimeter makers promised a solution that would work and lobbied hard for it. They’re all over the comments for the regulation proposal. And since they have more time and money to throw at it, they won. The FAA bought into their Band Aid — or at least made us buy into it — whether it can help us or not. They didn’t seem to care that the real fix was better pilot training, less pressure on pilots to fly in IMC conditions, and a company culture that values safety over profits.
Understand this: the FAA doesn’t care about small operators or even pilots. They exist to regulate and ensure safety — or at least the illusion of safety. Your best chance of having a successful aviation career is to stay off their radar.
I pissed off a lot of people with my radio altimeter fight and I suspect they gave me the temporary waiver just to shut me up. I got a call from HAI the other day and they say they’re going to follow up. Too little, too late. But at least someone else will be making noise since I, like my fellow Part 135 Robinson owners, have given up.
I’m nearing the end of my career. I figure I have about 10 years left as a pilot. So I don’t mind throwing myself under the bus in an effort to seek fairness and logic. I don’t recommend you doing the same.
Unless HAI or someone else is successful in talking reason into the FAA on this matter, I’ll be plunking down $14,500 in December to have this useless instrument installed. And then I’ll pull the circuit breaker and let the panel stay dark so it doesn’t distract me from what’s outside the cockpit — which is where every VFR pilot should be looking.
And life will go on.
I’m fortunate in that even though it will take YEARS for me to earn that money back with Part 135 work, my cherry drying and frost work puts enough money in the bank to make the expenditure possible. Without that, I’d likely have to cease charter operations and possibly close up shop. I suspect others have found themselves in that situation. So much for government helping small businesses.
Thanks for your concern. Best wishes with your endeavors.
Maria

And that’s about all I have to say on the matter.

Wells Fargo New Payee Scam

Posted on June 15, 2017 by Maria Langer

Another sloppy phishing attempt that might fool you.

My only interaction with Wells Fargo is the truck loan held by Wells Fargo Dealer Services. So imagine my surprise when I got a message from billpay@wellsfargo.com to confirm that a new payee had been added to my Bill Pay service.

Wells Fargo Phishing
Honestly, if you’re fooled by this and open the attached file, you should have your Internet privileges revoked.

Of course, it’s a scam. They want you to open the attached file. Malware is likely installed when you do so.

Don’t open attachments in email messages unless they are from someone you personally know and you are expecting the attachment.

This is pretty sloppy, too. The message makes no sense. But all they need is for people not paying attention to open the file. Then they’ve got another victim. Don’t let it be you.

Another Waste of Taxpayer Money

Posted on June 14, 2017 by Maria Langer

I knew the FAA was slow, but this is ridiculous.

I’m terrible about opening my mail. I routinely fetch it from my mailbox (which is two miles from my home) and leave it on the dashboard of whatever vehicle I’m driving. Or toss it behind the seat. Or bring it inside, but leave it in my “inbox” pile. No matter where it enters my life, it sits there for a long time. Truth be told, there’s a six-month period in early 2014 when I just stuffed it all in a box and lost it in my garage. (I honestly think there’s a black hole in there.)

This time of year, when I’m actually expecting checks, I pay a little closer attention to what comes in the mail. That’s why I noticed the letter from the FAA and opened it within two weeks of receipt. (Heck, I knew the FAA wasn’t sending a check, so why rush?)

Inside was the letter dated 5/19/2017 that you can see below.

FAA Letter
So the FAA basically waited 17 years to give me an opportunity to opt out of releasing my address to the public.

It basically says that back on April 5, 2000 (not a typo), Congress and the President — Bush 43, I guess — enacted a law that required the FAA to make pilot addresses available to the public. Fortunately, I can opt-out of this invasion of my privacy by signing the letter and sending it back to the FAA.

But I have to hurry! Even though it took them 17 years to send me this letter, I only have 90 days to respond.

Can you believe this crap?

My first thought was what a waste of taxpayer money this is. Wikipedia reports that there were 590,039 certificated pilots in the United States as of 2015 year-end. That means the FAA had to print and mail 590,039 letters just like the one I got.

Maybe that’s why it took so long? Maybe they just got up to the Ls?

So the FAA has blown through 1181 reams of paper and a similar number of boxes of envelopes. Even if they got bulk rate on mailing all those envelopes, they’ve still spent well over $100,000 on postage. Somebody had to handle the mailing — even if a machine stuffed the envelopes, someone still had to tend to that machine and get them to the post office. How many trips to the Post Office is that? Do they have trucks standing by for mass mailings like this?

So how much money have they pissed away on this so far? A quarter million? More?

And then there’s the processing. I’m not going to the website. I’m going to sign the letter and mail it back. There’s got to be some poor slob in Oklahoma City who’s sitting at a desk just waiting for envelopes with signed letters to come in. He or she has to look up each one in the system and toggle a check box to say we want our addresses kept private. And then what? Do they actually file all that paper? Stick it in filing cabinets? How many filing cabinets do they have? How many rooms does that fill? Do they have buildings filled with filing cabinets of paper?

Paper!

And for what? What gives Congress and the President the right to decide that the public is entitled to the addresses of certificated pilots? What is the benefit of such a rule? Why would they even do this?

And who the hell wouldn’t opt out?

This is stupid from start to end. it’s wallpapered with stupid.

But that’s our tax dollars at work. Imagine how many educational programs the cost of this mailing would have funded. How many Meals on Wheels dinners. How many airport improvements, for Pete’s sake.

Why are the people in Washington so damn stupid with our money?

Easy Microwave Yogurt

Posted on June 10, 2017 by Maria Langer

Quick tips for making yogurt at home.

I’ve been making my own yogurt for nearly five years now. I began in October 2012 using a recipe posted by my friend Tammy on her blog. Since those first few times, I’ve come up with a method that’s quicker and easier.

I’m a multi-tasker. That means I really can’t tolerate standing at the stove to stir a pot of milk while it heats to a certain temperature. So I heat the milk without a stove: in the microwave.

I make a half gallon of yogurt at a time. I have an 8 cup Pyrex measuring cup — which I believe every serious cook should have — and I fill that with the milk. Then I pop it in the microwave, set the timer, and start it up.

Every microwave is different — I can’t stress that enough. I set mine for 14 minutes on high and when I pull the milk out, the temperature is right around 190°F. I didn’t come up with this time by happy accident. It was a lot of incremental zapping and temperature measuring that got me there. If you want to use this technique, you’ll have to do the same thing so you know the magic number for your microwave.

Unless you have a microwave-safe thermometer, do not leave the thermometer in the milk while it’s in the microwave. (But you knew that.)

Of course, the time will vary depending on the quantity of milk. That’s one reason I almost always do a half gallon at a time.

Once the milk has heated to the right temperature, I leave the measuring cup on the countertop, normally on a rack so air can circulate around it. I leave the thermometer in it so I can check the temperature periodically. I stir it once in a while when I remember to. Room temperature will determine how quickly the milk cools.

Heating milk in the microwave for yogurt-making is quick and easy.

When it gets to about 120°F, I whisk in about 2-3 tablespoons of unflavored yogurt. I don’t buy yogurt starter, although I do occasionally buy plain yogurt to use as starter. This ensures success, although using my own yogurt for a starter could work, too. (I honestly can’t understand why people will spend several dollars on starter for a batch of yogurt when existing yogurt works fine.) I usually mix up the yogurt with some of the milk before combining everything and whisking to ensure there’s no lumps.

I love my Instant Pot.

Once that’s done, I pour the milk into four pint-sized canning jars and cap them with plastic caps. I use pint jars because that’s what fits into my Instant Pot, which I use to finish processing the yogurt. If you don’t have an Instant Pot or other yogurt maker, you should consult Tammy’s recipe to see how she uses a regular picnic cooler. That’s the way I used to do it, with quart sized jars, and it works very well. Nowadays, it’s easier to just load it in the Instant Pot than to haul up a cooler, fill it with hot water, and have it sit around for 6-8 hours.

For timing, I’ve discovered that 6 hours is just right, at least in the Instant Pot. If I let it go longer, it gets a sort of slimy consistency that I really don’t like.

Once the yogurt is done, I usually put the jars in the fridge to chill them. That gives me yogurt ready for smoothies.

The Euro Cuisine Greek Yogurt Maker is another handy gadget for yogurt or cheese makers.

But if I want Greek yogurt, I go one step further and put it into a yogurt strainer. I love the one I have, the Euro Cuisine GY50, which I also use for making certain fresh cheeses. (It’s reusable so it’s a a lot cheaper and neater than dealing with cheesecloth. Mine’s plastic, but a stainless steel version is also available.) I can fit a quart of yogurt in it and let it drain in the fridge for as long as I like. The whey collects in the bowl at the bottom. After straining out the whey, you’re left with about half the amount of yogurt you started with. So a quart of regular yogurt yields about a pint of Greek yogurt.

Lately, I’ve been straining all the yogurt I make and saving some of the whey in the fridge. Then I can use the Greek yogurt in my smoothies but add back whey to thin out the mix without adding juice or milk. If I have a lot of whey I put the excess in my chickens’ water, supplementing their diet with calcium and protein to help them make stronger eggshells.

In the past, people have asked me when I add the flavor. What flavor? I like my yogurt plain. But if you want flavor, mix in some jam or preserve when you’re ready to eat it. I like mine with granola for a good crunch.

Those are my homemade yogurt tips. If you use any of them or have your own to share, please do use the comments to let us know.

An Eclectic Mind

Web site and blog for Maria Langer, writer, video producer, jewelry artist, boat captain, and helicopter pilot. Blogging since 2003.

Author Archives: Maria Langer