18 April 2016

Care & Feeding of a Mystery Bookstore Part 2



More pointers on mystery bookstores:
Best laid plans of Mice and Technology Challenged Woman known as Jan Grape. I looked through several boxes of photographs and found ones I wanted to use in this article. Took my phone out and snapped photos of my photos. Got some fairly nice photos.

Oh dear, these are on my phone and my phone doesn't do email. Well, it would if I knew how to set it up but haven't been able to do that and haven't been able to get to Sprint store to get the guys there to help me. Got my tablet out and retook all the photographs. They turned out fairly well. Actually about as well as taking them by phone. Tried to send them to myself via email. That wouldn't work. And tablet is set to do email. in fact, that's how I do daily email. Have no idea why it wouldn't work. I was connected to Internet and could read and sent email but not the photos.

Finally, gave up and am just writing a few words about our bookstore and how we did things. What this will be is a bit of history but a little reminder of how authors can utilize their favorite Independent Bookstore if you are lucky enough to be near one.

First thing that is important is to remember most Indies have a limited budget to order author's books. However, if you live close to one then go in and meet the owner or manager. Tell them you write and who publishes you,  that you would like to do an autographing event and see if they are interested. Tell them your book is mystery, thriller, romantic suspense or whatever. If you have previous books, take one in and give it to the owner. If this is your first book, give them as much information as possible, a jacket cover or any reviews or blurbs. This might entail you making up a press kit. Also if you know there are other mystery writers in your area try to work out a joint signing with them.

We always enjoyed having 2 or 3 or 4 authors and have them do a panel discussion and/or a reading and that helps insure more people will attend. Because the other authors may have a following already and that will bring in more people. Also if you have a mail list or email list to give to the store that's even better. If you have any promotional materials tell the owner or bring them one if you have it. Find out if they might need a few extra dollars for refreshments. You can make cookies or candy and if you have another author or two see if y'all can pool money for coffee or soda. Most stores have a budget for drinks but offer and then let them tell you.

Also offer to get publicity out in your local newspaper. Maybe you can get someone to write a review for the paper's book section. Or if you have a favorable review already use it. Make up a poster, using your jacket cover and your photograph. If you don't have a jacket cover yet, call your editor and tell them you are trying to set up publicity for a book signing. Sometimes even a small press will do a couple of posters for you.

If you don't have an Indie store in your area, go to the big box store and get acquainted with their community or publicity director. See if you can get something set up with them to do a signing. Especially if you have a writer friend or two who might do an event with you.

Maybe next time I can get those photographs to make this all more interesting.



17 April 2016

RansomWare 3,
Recovery


 WARNING  In part 1, we discussed a nasty type of malware (malicious software) called ransomware and in part 2, we recommended preventive steps. In this final article, we explore options in the event your computer is attacked.

Don’t Pay

That’s the advice of most professionals. Besides filling criminal coffers, a better reason leaps out. FireEye Security and technical advisor Alain Marchant estimate only 60% of payees get their computer back intact. BitDefender estimates even dimmer odds, as few as half of those who pay see their files returned. Symantec hasn’t published figures but they’re also not optimistic about the odds of success.

The poor odds of successfully retrieving files has drastically impacted the ‘business’ of extorting stolen files. TeslaCrypt perps have taken two unusual steps.
  1. They set up a secretive TOR ‘dark web’ message center to facilitate payment.
  2. To prove they can actually decrypt files, they offer to decrypt a small (very small) file of the user’s choice.
Yet, as they try to extract payment, their pages hint at the myriad failures and pitfalls: «If step 2 goes wrong, then attempt this and if that goes wrong then try that and maybe try again in 10-12 hours… which may exceed the allotted time… blah, blah.»

Then consider the matter of who reaps the stunning profits from ransomware. It’s tempting to blame ordinary criminals but in fact, ransomware funds terrorist groups like Daesh/ISIS and al-Qaeda. State-sponsored extortionists include the obvious suspects, China, North Korea, and Russia. Technical authors Gregory Fell and Mike Barlow further accuse Iran and Israel of sponsoring attacks at the expense of the rest of us.

Ransomware is an international problem. The Russian security firm Kapersky Lab was reportedly hit with ransomware and thus turned their attention to addressing the problem. French security consultant Alain Marchant, who goes by the name xépée and cheerfully admits Marchant may not be his real name, has developed a client base of victims ranging from individuals to major companies. Here at home, developers of anti-virus products have trained their sights to the problem.

The Costs

Worldwide, malware sucks more than a half-trillion dollars out of the annual economy. Some target individual countries like Japan (TorLocker) and Russia (Kryptovor), but others are indiscriminate. The US alone loses $100-billion annually.

Cyber crime is lucrative and safe. While one or two man operations bring in as little as $1100-5500 daily, Symantec traced one revenue stream that amounted to $35 000 a day, a number consistent with a study by FireEye Security. At the upper end of the scale, Cisco’s Talos Group calculated the Angler exploit (CryptoWall, TeslaCrypt) each day targets more than 90 000 users, pulling in $100 000… every day.

Losing family photos is one thing, but businesses have lost their files, charities their revenue, hospitals their patient records, government agencies their data, and– in at least three cases– people their lives.[1],[2]

Practicalities

Acquaintances of ‘Mark’, a victim mentioned in last week’s article, casually recommended caving to demands and paying off, ignoring the odds and consequences. Those acquaintances may be well-heeled and untouched by ordinary concerns like money and terrorist funding, suggesting if one can afford it, why not? Fortunately, Mark had a friend to help see him through the worst of a bad situation.

If you are a victim, only you understand your circumstances or desperation, but treat pay-offs only as an absolute last resort. Be prepared for the worst– your payment may go for naught.

Easy Pickings

Chances are you’ve seen web pages or pop-up windows that claimed your computer has been damaged or compromised and to call ‘Windows’ or ‘MacOS’ where ‘professionals’ for a fee will help you stamp out this insidious nuisance, one they created, although they don’t tell you that.

These are usually simple browser attacks– JavaScript on a web page seizes control of your Edge browser, or Internet Explorer, Safari, Chrome, FireFox, etc. The good news is they’re relatively easy to defeat, although getting out of the situation can puzzle an average user.

In these cases, don’t panic and don’t call the toll-free number the bad guys so thoughtfully provided. You may want to call a friend for technical assistance, but you may be able to solve it yourself.

The key to recovery is killing the script, the little program abusing your browser. You may be able to simply close the page, and if so, job well done.

Another approach is to open the browser Preferences or Options and disable JavaScript. Once JavaScript if paused, you can close the web page at your leisure, alt-ƒ4 or the more nuanced ctl-w for Windows, cmd-w (⌘-w) for the Mac. Unfortunately, FireFox made the decision to remove the option to disable JavaScript, but add-ons like QuickJS, NoScript and Ghostery give users that option. For the Mac, typing command-comma (⌘,) normally brings up preferences, but the malicious script may thwart that move.

What happens if you can’t close the web page and can’t disable JavaScript? You have no choice but to kill the browser and restart with a goal of stamping out the offending window. Use the Macintosh Force Quit (⌘-opt-pwr) or the venerable Windows Task Manager (win-shft-esc). You may be able to right-click on the program icon to close it. When restarting Safari and Edge, use finger dexterity to close the offending window– you may have to force-quit and restart a couple of times to succeed. FireFox is helpful here: They provide a dialogue box asking which pages you want to reopen (or not).

Note that you may have to smack down more than one browser window. At least one exploit deploys two pages using one to reopen the other if it’s closed. Both pages need to be killed.

Trust Issues

As with other ‘exploits’ (short for exploitations in professional parlance), you can (and should) take the preventive measure of downloading an alternative browser to your computer, say Opera, FireFox or Chrome. If a bad script has nailed your Safari or Edge browser, you can fall back on an alternative until you can get help.

The other key step is not to download anything you don’t trust. Don’t fall for messages claiming your Java or Flash or SilverLight player needs to be updated. Be extremely shy of web mail that offers to upgrade Windows 10. The safe way to update is not to click on the helpful button, but to locate the official web sites and manually download any updates yourself. Make certain the URL says java.com, adobe.com, or microsoft.com (with or without the www.) and no variation like javaupdate.com.

In the past, professionals have disdained automatic updates and that’s fine for them. Let them micromanage if they will, but for the average user, I break with my colleagues and suggest automatic updates might prove safer. The reason is that if you already trust a program, then its updates are reasonably safe as well. At worst, you may get a message saying that FireFox must be restarted, although if you don’t restart immediately, the updates will kick in after you quit your current session.

Apple and Microsoft occasionally check for updates. While I approve of the automatic mode, I suggest running the update check one time manually so you know what to look for.

RansomWare

Thus far we’ve discussed the simplest form of ransomware that merely subverts your browser. At present, you’re more likely to encounter web exploits than the really nasty kind that takes over your computer by encrypting files and user programs.

True ransomware programs demand payments ranging from $200 to over $2300 ($475 appears average) in untraceable digital payments, up to tens of thousands of dollars when targeting hospitals, corporations, and crippled city and county governments. There is no single flavor of ransomware. At least half a dozen strains are extant plus offshoots and variants. Each makes up its own rules and demands. Early models sought cash transfers via Western Union and later Ukash, MoneyPak, and PayPal My Cash, but nearly all now demand payment in anonymous digital money– BitCoin.

The other characteristic found in most ransomware is the imposition of a deadline, after which the bad guys state they’ll refuse to restore your files altogether and at least one variant claims it will permanently ruin your hard drives, not merely beyond recovery but beyond formatting (a highly dubious claim).

The time limit serves one primary purpose, to apply pressure and rattle the victim, to preclude the user from thinking his way out of the dilemma. A time limit makes it difficult to gather information, tools, and help. The target may not have sufficient opportunity to order recovery tools or a second drive to work from or a create a bootable disc.

Besides your backup, you will need a reinstallation disc. These days, few computers come with installation DVDs. Some computers feature a bootable partition that contain tools and recovery programs. In other cases, you must download a so-called ISO file from the internet to burn to an optical drive (Blu-Ray DVD, etc)– but you can’t safely do that from your compromised system– you either need to boot from a trusted drive or ask someone to download a recovery ‘disc image’ for you.

As far as the threat to permanently wreck a hard drive, it’s hypothetically possible but unlikely. Black hats may alter your boot tracks or drivers, but those can be repaired with a disc formatting program. In the unlikely case that bad guys were to zap your drive’s firmware, they’d have to strike after the time limit they imposed. Long before then, an aware user should have powered down his computer.

Demanding Money with Menaces

British use the term “demanding money with menaces” regarding blackmail, extortion, and kidnapping for ransom. The threat of ransomware is clear: If you don’t pay, you lose your files. But if you do pay, you may still lose your files. Damned if you do, damned if you don’t, the track record is not good.

Beyond the substantial risk a victim will never see his files after payment, there are sound reasons for not paying or attempting to communicate in any way. The victimized may inadvertently expose more information than realized such as passwords and bank account information. My colleague Thrush says paying or trying to reach out tells the bad guys “they have a live fish on their line.”

If a victim attempts to reach his bank on-line, an infected computer can forward passwords and account information to the miscreants. Because the bad guys have control of their subject’s computer, they may be able to extract injurious information. A wise solution is to quickly disconnect from the internet to interrupt the outflow of information.

One-Way Communication

Security consultant Alain Marchant says about 12½% of victims opt to pay, but less than ⅗ of those cases see the return of their files even after payment. He suspects the percentage may be considerably worse because of under-reporting.

Marchant’s stats are highly consistent with FireEye reports. He attributes failures to restore hostage files to a number of factors.
  • There may be no hidden server that can unlock the files. The victim has only the criminal’s word such a server exists. Maintaining servers exposes the bad guys to risks they may not be willing to take.
  • Perpetrators may simply not bother. A one-man operation can easily bring in a minimum of thousands of dollars (or euros or pounds) a day, millions a year without lifting a mouse-finger. An extortionist whose biggest problem is hiding money from authorities may feel no obligation to release hostage files.
  • Hidden servers, if existing at all, may be taken down by its ISP, by government raid, by weather, by a denial-of-service (DoS) attack, by power failure or other outage, or by the bad guys themselves to evade detection. Perpetrators, particularly those on the move, may rely on laptops that are on-line only for brief periods. A perpetrator who can’t connect can’t repair the damage.
  • Because of a restricted ability to test malware, perpetrators’ programs may be bug-ridden and unable to recover the data. FireEye reports that files encrypted and then decrypted by TeslaCrypt turn out corrupted.
  • Perpetrators may not have the sharpest grasp of time zones, which may cause a premature trashing. Problems are exacerbated within one time zone of the Greenwich meridian and worldwide during daylight savings time changes. Ransomware does not take into account weekends, holidays, and banking hours.
  • Perpetrators may not have the sharpest grasp of exchange rates. For example, a ransom page may demand $300, but with worldwide reach, may receive $300 Canadian instead of US dollars and therefore not release the files.
  • Victims’ machines may be knocked off-line by the same problems above that affect perpetrators’ servers.
  • Victims’ drives may be so badly damaged, that recovery becomes impossible. Moreover, perpetrators may encrypt the very keys or tokens victims need to communicate with their bank.
  • Victims usually don’t possess a clear understanding of bitcoins. Some attacks require users to install modified TOR browsers to arrange payments. While these measures help perpetrators hide from authorities, victims lose time and possibly their files while trying to figure out the process.
  • Victims’ anti-virus software may belatedly catch and delete the ransomware program making recovery impossible.
  • Multiple malware infections may collectively interfere with each other. Victims may inadvertently exacerbate the problem by researching malware on the internet, triggering secondary infections that make recovery impossible.
  • Victim’s computers may reinfect themselves as drives are brought on-line.

Recovery

Clearly the odds of recovery are better with anti-ransomware programs, assuming data hasn’t been deliberately damaged beyond encryption. If at all possible, create and work from an external drive. You may find better success removing the computer’s hard drive and hooking it up to a clean computer. The idea is to keep the virus dormant while attempting to remove it and correct the damaged files.

At the end of the countdown period (typically 72 or 96 hours), some malware strains sabotage the rest of the hard drive, erasing boot tracks and directories. Marchant suggests it might be possible to turn back the clock in a PC BIOS by several hours to extend the period of analysis and recovery. For this to work, the computer must remain disconnected from the internet.

If there is an extant key, it may not reside in a remote server at all but could be buried in your machine. That can help assist programs in decryption.

Following are a few Mac and Windows resources to help in preventing and recovering from ransomware.

Be safe out there!

16 April 2016

The Man With the Golden Typewriter



by John M. Floyd


A couple weeks ago I did something unusual: I chose to ignore all the novels and short-story magazines in my towering to-be-read stack and bought a book of nonfiction. Or maybe not that unusual, since this was the third time this year that I've delved into NF. But the first two books were In the Heart of the Sea by Nathaniel Philbrick and Cities of Gold by Douglas Preston, and I knew before reading those that I would enjoy them because they were true-life adventure stories, sort of like Unbroken and The Perfect Storm. I had doubts about this one.

The book turned out to be a good choice. It's called The Man With the Golden Typewriter, a 400-page collection of letters from and to Ian Fleming. The letters begin in 1952, when he started work on his first book, and continue until his death in 1964, at the age of 56. During that time he wrote two works of nonfiction, a three-volume children's story, twelve James Bond novels, and two collections of Bond short stories. All the Bond books were created at Goldeneye, Fleming's vacation home in Jamaica. The letters, compiled by his nephew Fergus Fleming, provide a fascinating look into the working life and the personal life of a bestselling author at the peak of his success.

To me, the most interesting of the letters were those to and from his publisher, Jonathan Cape of London, and the editors and agents who worked with him on the novels. Other exchanges included those with readers and fans; with friends like Somerset Maugham, Noel Coward, and Raymond Chandler; and with film producers Cubby Broccoli and Harry Saltzman. Here are some excerpts:


To Michael Howard, editorial director at Jonathan Cape, April 22, 1953:

"In the course of the innumerable editions of Casino Royale which will now, I presume, flow from your presses, could you please correct a rather attractive misprint on page 90, line 13, and make the 'Ace of Spaces' into the 'Ace of Spades'?"

To Sir Winston Churchill (along with a gift copy of Live and Let Die), April 1, 1954 :

"It is an unashamed thriller, and its only merit is that it makes no demands on the mind of the reader."

From friend and editor William Plomer, May 31, 1954:

"Dear Ian . . . I have been through it [Moonraker] with minute care and a pencil & have applied both to your punctuation and spelling . . . you have a tendency, as the climax approaches, to increase the strain on the reader's credulity . . . Not pleased with the title. I should like Hell Is Here . . . I think you should be careful about letting your characters grunt, bark, and snarl too freely."

To actress Claudette Colbert, April 28, 1955:

"I am very sad that you will not be in Goldeneye next winter . . . I have little hope of getting out to Los Angeles this year. I was there in November and I have absolutely no excuse for another holiday unless Hollywood decides to film one of my books."

To Michael Howard (who'd just designed the cover for Diamonds Are Forever), February 14, 1956:

"Forgive the tropic scrawl. I am sitting in the shade gazing out across the Caribbean & it is heroic that I am writing at all."

To Raymond Chandler, April 17, 1956:

"Dear Ray . . . You after all write novels of suspense--if not sociological studies--whereas my books are straight pillow fantasies of the bang-bang kiss-kiss variety."

From editor Daniel George, regarding From Russia With Love, June 7, 1956:

"Similes should be used only when they are helpful . . . in the first chapter . . . you say the man's eyelids twitched suddenly like the ears of a horse. Up to that moment I'd visualized the scene perfectly. You destroyed my illusion by bringing in a horse . . ."

To Michael Howard, Feb 4, 1957:

"I have done nearly 40,000 of No. 6. . . Set near Jamaica. Called Doctor No, I think. A simple tale. It shouldn't be longer than 60, you'll be glad to hear."

To a complaining reader who knew his trains, July 19, 1957:

"Your quick eye has missed one grievous error [in From Russia With Love] pointed out by another train enthusiast. I gave the Orient Express hydraulic brakes instead of vacuum."

From William Plomer, June 28, 1958:

"My dear Ian, I have just finished Goldfinger, and it stuck to me like a limpet, or limpet-mine . . . I found the tension of the [golf] game tremendous. In fact I believe you could create extreme anxiety out of a cake-judging competition . . ."

To Plomer, March 29, 1960:

"I have just finished a giant Bond, provisionally called Thunderball . . . I have just begun correcting the first chapters. They are not too bad--it is the last twenty chapters that glaze my eyes."

To Robert Kennedy, June 20, 1962:

"Thank you very much for your charming note of June 1st . . . Over here we are all watching with fascination your gallant attempts to harass American gangsterism. If James Bond can be any help to you please let me know and I will have a word with M."

To William Plomer, regarding You Only Live Twice, September 11, 1962:

"I have no idea how Bond in Japan will turn out, but I have in mind an absolutely daft story in which Blofeld meets his match."

To Aubrey Forshaw, head of Pan Books, Ltd., May 20, 1964:

"I don't think much of Harry Saltzman's new jacket for Goldfinger. The golden girl looks like a man and there is far too much jazz about the film. Why the hell should we advertise Saltzman and Broccoli on one of my books? And on the back I see that Sean Connery gets at least twice the size type as the author."



The book is full of these little glimpses into the world of Fleming and Bond. I loved it.

If anyone's interested, here's a list of Ian Fleming's works:

Casino Royale (1953)
Live and Let Die (1954)
Moonraker (1955)
Diamonds Are Forever (1956)
From Russia With Love (1957)
Dr. No (1958)
Goldfinger (1959)
For Your Eyes Only (1960)*
Thunderball (1961)
The Spy Who Loved Me (1962)
On Her Majesty's Secret Service (1963)
You Only Live Twice (1964)
The Man With the Golden Gun (1965)
Octopussy and The Living Daylights (1966)*
The Diamond Smugglers (1957)
Thrilling Cities (1963)
Chitty-Chitty-Bang-Bang (1964-65)

*short-story collections


And here are the Bond movies, so far:

Dr. No (1962)
From Russia With Love (1963)
Goldfinger (1964)
Thunderball (1965)
You Only Live Twice (1967)
On Her Majesty's Secret Service (1969)
Diamonds Are Forever (1971)
Live and Let Die (1973)
The Man With the Golden Gun (1974)
The Spy Who Loved Me (1977)
Moonraker (1979)
For Your Eyes Only (1981)
Octopussy (1983)
Never Say Never Again (1983)
From a View to a Kill (1985)
The Living Daylights (1987)
License to Kill (1989)
GoldenEye (1995)
Tomorrow Never Dies (1997)
The World Is Not Enough (1999)
Die Another Day (2002)
Casino Royale (2006)*
Quantum of Solace (2008)
Skyfall (2012)
Spectre (2015)

*Casino Royale also appeared in 1954 as an episode of the TV drama series Climax! (Barry Nelson was Bond) and as a spy comedy in 1967.


Most readers know that Fleming picked the name of his hero from a real book called Birds of the West Indies by James Bond, but there are a Bentley-load of other interesting facts about him as well. And Fleming did actually own a gold-plated typewriter--a gift to himself for having completed his first novel.

Part of my interest in all this came from the fact that I had read all the Bond books when I was in high school--my mother made me hide them if the local minister came to visit (because, I guess, of the cover art)--and I've seen all the Bond movies, several times each. Apparently I'm not alone: In the book, Fergus Fleming says it has been estimated that one in five of the world's population has seen a James Bond film.

I now plan to re-read all the novels and re-watch all the movies, in order--I have all of them right here on my shelves--and I'm already halfway through Casino Royale. I don't have any caviar in the house or an Aston-Martin in the garage or any Turkish-and-Balkan-blend cigarettes to smoke while I read, but I do have a tux in the closet if I need it, and I try to imagine that my glass of orange juice is a medium dry martini with a thin twist of lemon peel.

And my OJ was shaken, not stirred.




15 April 2016

Lost and Found—and Tasty Too!


I've mentioned before—and often—how I was a big fan of the Nancy Drew books as a child, and while I respect and understand my colleague B.K. Stevens' frustration with them, I never experienced any of those feelings myself. I stayed—and still remain—enamored of both the character and the series. (I've even taught a Nancy Drew book in my classes at George Mason and plan on doing so again in the fall. Plenty to talk about there, which I'll likely revisit here when the time comes.)
So much of a fan was I that sometime in the late 1970s (or was it early 1980s?), I ordered a copy of The Nancy Drew Cookbook: Clues to Good Cooking, and while I can't remember the year, I do remember distinctly the moment of picking up that special order from The Book Cellar in Jacksonville, NC, and more specifically several layers of mixed emotions about it: excitement about the possibilities the book offered, since I also loved to cook (and still do); amazement at this joining together of two things I enjoyed so much; and—admittedly—a little self-consciousness about both those enthusiasms, there on the eve of my adolescence and clearly aware of how strongly each of them leaned toward "girl" stuff.

No matter. It was mine and, hesitations be damned, I loved it.

Fast forward to more recent years and to my wife Tara and I collating our respective editions of Nancy Drew on a shared shelf after we got married. Whose copy of each title was nicer? Which ones were we still missing? What to do with duplicates, and how to track down the ones we still needed?

And then: where was that cookbook that I know I had?

Despite my best efforts to go through the boxes of books I'd relocated from my parents' house to my own home, it never turned up—until a couple of weekends ago during a visit to North Carolina when I discovered some other boxes up in the attic, boxes of younger children's books, picture books, etc. Pulling those down to explore for my own son (who's now 4), I found that tucked in among that stash of books the title I thought had been lost for good.



Memory is a fickle thing, of course. Looking through the book now, I can't remember which recipes I might have made all those years ago. But I did immediately begin noting which recipes I wanted to try today. Many of them are fairly standard recipes, as you can imagine, the kind of thing I imagine might have been taught in Home Ec classes around that time; as the introduction from Carolyn Keense states, "Nancy's friends have helped with her cookbook and Hannah Gruen has lent advice. Bess likes rich foods, George the slimming ones. The boys are experts on barbecues, picnics and beach parties." Of course, all of the recipes come with clever names tying into the world of Nancy Drew. Among the ones I've got my sights on now: Hollow Oak Nest Eggs, Ski Jump Hot Chocolate, the Mapleton Milk Shake, A Keene Soup, and Missing Map Cheese Wafers. And we've already made one, which turned out simply delicious and which I decided might be worth sharing here.

The Ringmaster's Secret Chicken



4 chicken breasts
1 cup sour cream
1 tablespoon Worcestershire sauce
1/2 teaspoon red hot sauce
1/8 teaspoon garlic salt
1 1/2 teaspoons paprika
1 teaspoon salt
1 cup fine dry bread crumbs

Wash the chicken and dry with paper towels. Mix together sour cream, Worcestershire sauce, hot sauce, garlic salt, paprika, and salt. Place the chicken breasts in this mixture and leave in the refrigerator overnight to marinate.

Take the chicken out of the mixture and roll each breast in the bread crumbs. Put them in a large baking dish, arranging them in a single layer. Cover the dish and place in the refrigerator for at least 1 1/2 hours.

Heat the oven to 325°. Uncover the dish and bake the chicken for 1 hour and 15 minutes.

EXPERIMENT
Make your own bread crumbs: crush stale bread or crackers with your fingers, then sift them until you have a cup of fine crumbs.

Malice Domestic 

Two weeks from today, Malice Domestic will already be underway, as Barb Goffman previewed a couple of days ago in her own post—and congrats to her and to B.K. Stevens for being Agatha Award finalist in the short story category and to B.K. for also being a finalist for her YA novel Fighting Chance. I'm pleased that my book On the Road with Del & Louise: A Novel in Stories has been named an Agatha finalist for best first novel (the full list of finalists in all categories is here), and I'm thrilled to be appearing at several events throughout the weekend. Here's my schedule for the convention—busy busy each day!
  • Panel (as moderator): “Make It Snappy: Our Agatha Best Short Story Nominees,” with Barb Goffman, Edith Maxwell, Terrie Farley Moran, Harriette Sackler, and B.K. Stevens • Friday, April 29, 1 p.m.
  • Opening Ceremonies • Friday, April 29, 5 p.m.
  • Panel (as panelist): “New Kids On the Block: Our Agatha Best First Novel Nominees,” with Margaret Maron (moderator), Tessa Arlen, Cindy Brown, Ellen Byron, and Julianne Holmes • Saturday, April 30, 10 a.m.
  • Agatha Awards Banquet • Saturday, April 30, 7 p.m.
  • New Author Breakfast • Sunday, May 1, 7 a.m.
Looking forward to seeing old friends in a couple of weeks—and to making new ones too!

14 April 2016

If Only We Had LAWS Against This Stuff...


"If only we had LAWS against this stuff..." and other crazy statements:
Okay, a few reminders just to catch everyone up.
    Joop Bollen and then-Governor,
    current SD Senator, Mike Rounds,
    in happier days
    • Back in 2009, Joop Bollen was appointed to run EB-5 – which was a federal program designed to trade green cards to foreign investors for $500,000 a whack - by our former governor, current Senator Mike Rounds, who, when questioned recently about all of this, said, "The state of South Dakota would use different federal programs on a regular basis and you always assume that if the federal program is in place that they have a control process in place. We’re finding in some cases that that is not the case " (Mike Rounds interview).  Like when you put Joop Bollen in charge of that federal program, allowed him to privatize it in SDRC Inc., and told everyone what a great job he was doing?  (I swear to God, you can't make this stuff up... Sadly...)  
    • There's still as much as $120 million missing from the EB-5 program. 
    • For two years, the only person held responsible for any missing funds was Richard Benda, who according to our fearless AG shot himself in the stomach with a shotgun in a field because he'd embezzled $500,000.  
    AND NOW FOR THE LATEST !!!  HEADLINE NEWS !!!

    Image result for eb-5 south dakotaFirst of all, our own Attorney General, Marty ("I'm going to be running for governor in 2018, so I need to get something on paper") Jackley has FINALLY indicted Joop Bollen on five felony counts of violating SDCL 44-1-2, “unauthorized disposal of personal property subject to security interest.” In other words, Bollen used EB-5 money, transferred to his own private corporation, SDRC Inc., for his own personal purchases.   $300,000 here, $96,000 there, to a total of about $1.2 million. He sent some to Pyush Patel of Griffin, Georgia (who owns gas stations and has been participating in Bollen's corporation creationism since 2005), some Bollen just pocketed, and some (and this is my favorite part) Bollen spent on Egyptian artifacts from Christie's and the Harer Family Trust.

    NOTE: Bollen, through his lawyers, claims he's being scapegoated.  Mr. Bollen is also free on an unsecured $2,500 bond. (That should make you spit your coffee out in shock:  let's face facts, you'd have to post a lot more money than that if you'd just robbed a casino and gotten only $200 bucks.)

    NOTE WITH FACEPALM:  Nor has the Dutch born and raised Bollen been asked to surrender his passport.  Jackley said that “at this point” he “did not have concern” about the passport, “as long as we’re made aware of certain travel,” since Bollen has “significant ties financially to this community.” (Bollen Initial Appearance - dakotafreepress.com - once again, thanks Cory Heidelberger for GREAT coverage!)  Again, you'd have a rougher time of it if you'd robbed a casino and gotten only $200 bucks...

    And here's the best part: Right now our fearless AG Jackley - who, as I said, for 2 years has blamed Richard Benda for any and all EB-5 problems - is now blaming the whole mess on (drum roll, please!) a lack of tough laws making conflict of interest a felony! Personally, I would have thought that our laws making embezzlement, fraud, etc., felonies would have been enough, but apparently not.  We need more.  So it's really all the South Dakota legislature's fault...

    Oh, and one quick note about the Gear Up! scandal (6 people dead and counting) and the missing Westerhuis safe (The Chinese Are Coming). “I don’t know where that safe is at,” Jackley said. “I don’t know if it burned in the fire or if Scott Westerhuis took it out and threw it in the Missouri River.” (Jackley Conspiracy Theories, Argus Leader)  Feel free to insert obvious questions here:

     __________________________________________________________________________

    US District Attorney Marty Jackley.png
    Marty Jackley
    Meanwhile, Mr. Jackley, having apparently solved everything about EB-5 and Gear Up! (except that pesky $118.5 million in EB-5 money, the pesky $4 million in Gear Up! money, and the pesky missing Westerhuis safe), is far more interested in investigating the destruction of the Flandreau Santee Sioux Tribe's marijuana crop in November (some of the burning was shown on television) after the tribe suspended plans to legalize marijuana on its reservation.
    "I don’t think for a minute that they destroyed $1 million worth of marijuana. I don’t know where that went and it’s an open case. We never shut that case," Jackley said in an interview with Argus Leader Media. “We never got an opportunity to check what was destroyed." (Up in Smoke?)  

    Priorities, priorities...

    And now, repeat after me: "Life is always going to be stranger than fiction, because fiction has to be convincing, and life doesn't." Author Neil Gaiman.

    Will keep you posted, from South Dakota, where we talk like Mayberry, act like Goodfellas, and the crazy just keeps on coming.

     

    13 April 2016

    Nights in Berlin


    NIGHTS IN BERLIN is the fourth of Janice Law's period mysteries featuring the painter Francis Bacon. The first book takes place during the Second World War, and the next two follow chronologically, but NIGHTS IN BERLIN takes us back to Weimar Germany in the 1920's, when Francis is only a teenager - although far from innocent - some years before he begins his art career.
    Berlin, in the Weimar era, has a reputation for being wide open. "Life is a cabaret, old chum - " and you better believe it. Francis is sent off in the care of his uncle Lastings, in hopes Lastings will make a man of him, Francis being more than a little gay, but uncle favors a bit of rough, himself. He's also a scoundrel, working the black market, with a sideline as an informer, which turns out to be the part that proves dicey. Lastings is selling secrets to the highest bidder.  

    In the event, uncle takes it on the lam and leaves Francis to his own devices. Playing fast and louche, Francis lands a job as a hatcheck girl at a drag bar. It's good cover when British Intelligence recruits him - blackmails him, in point of fact - because Uncle Lastings was freelancing for them. Berlin is in political ferment, with Bolsheviks, Freikorps thugs, SA brownshirts (Goebbels just arrived as Nazi party gauleiter), Prussian reactionaries, all stalking each other with violent and criminal results.

    Francis is an entertaining guide to these wilder nooks and crannies, his voice alternating between the knowing aside and his native provincialism. There's something to the story of a Boy's Own Adventure, reminiscent of John Buchan, say, or Erskine Childers' RIDDLE OF THE SANDS. I think partly this is the age between the wars, revanchist, tribal hatreds boiling to the surface, but no real sense of the cataclysm about to swallow the Old World entire. It's also a function of our hero's age. Francis is old and wiser, and sadder, in the first three books of the series, whether London or Tangier or the Cote d'Azur, whereas turning the clock back, we see a previous, vanished Berlin, and through a younger pair of eyes. What contributes further to this is an avoidance of historical ironies. Hitler doesn't get a walk-on, or Sally Bowles, either. NIGHTS IN BERLIN is very much of the moment, as Francis inhabits it, and that lends it a sort of wandering air, the kid a little too much in pursuit of sensation for his own good.

    The politics are really a side issue. The story is how the experience imprints on Francis. What did he learn? he writes to ask his former nanny. That the most unlikely people can teach us odd and useful things. And with this in mind, he's off to Paris at the end of the book. Both enterprising and alarmingly fey, in some respects, Francis seems like something of a blank slate, yet to be written on. In other words, we're still in the opening pages. The rest are empty. Francis will grow into himself. As the world itself will, passing into the savage 1930's, and then the war years. Pages yet to be written.





    I jumped at the chance to read NIGHTS IN BERLIN. Janice had me at the title. I'm crazy about the premise, and the period, of course. I've lived in Berlin, I've read up on it quite a lot, I've written about it myself. I also recently discovered Philip Kerr's fabulous series of historicals, with the wartime German homicide cop Bernie Gunther. There's something endlessly fascinating to me about the city in the past century, with its many changes of clothing, Weimar, the Nazis, Occupation and the Cold War. I think if Berlin didn't actually exist, we'd have to invent it, as a metaphor, and for the purposes of fiction.


    12 April 2016

    It's Aliiive!


    by Barb Goffman

    It's aliiiive!
    Everyone, meet Plant.

    Plant is my houseplant. I never bothered to name him (Her? How do you tell?) because I learned long ago not to get invested in plants. You see, no matter how much I've cared for and loved my plants, they all ultimately ... often quite prematurely ... have died.

    We'll start with the pretty flowering plant I bought my mom for Mother's Day when I was in elementary school. (Okay, yes, technically this wasn't my plant, it was hers, but it was the beginning of my plant curse.) I planted it in the yard for her, and less than a week later our gardener mowed over it. Rest in peace, poor plant.

    Moving onto sophomore year of college, I bought a little plant for my dorm room. Kept it on the windowsill where it could get lots of light. As the year went on, I noticed that no matter how much water I gave it, that poor plant was not thriving. I couldn't figure it out until the day I happened to set my hand on the windowsill and discovered it was freezing. And thus the poor plant clearly had been freezing all this time. Too bad plants can't shiver so I'd have had a clue. I moved it the plant to another location in the room but ... yep, you can guess ... it died.

    The following year, my best friends went to a florist in town for my birthday gift. They explained my black thumb and said they wanted to buy a plant I could not kill. The florist sold them a peace lily. It was dead in a month.

    A few years ago, a friend bought me an orchid plant. It had a bloom going when the poor thing arrived in my house, but that bloom withered quickly. I kept hoping for more flowers out of it, but I think the orchid must have felt my bad juju, because the poor thing didn't last very long.

    And that brings us to Plant. Plant was a housewarming gift from some poor fool who didn't know that I am The Plant Killer. But the fool has been on me because Plant is now nearly ten years old. Heck, that deserves more than regular type. Plant is now nearly TEN YEARS OLD. I think Plant is living to spite me. I over-water it sometimes, Plant lives. I forget to water it sometimes, Plant lives. I better add Plant to my will, because apparently, no matter how hard I try (or don't try, as the case may be), Plant will live on way longer than I will. So, anyone want responsibility for Plant when I die? It clearly doesn't need a lot of work. Believe me, if I can keep Plant alive, anyone can.

    In other news, the Malice Domestic mystery convention is in two weeks. Convention attendees will be able to vote for the Agatha Award in six categories. Fellow SleuthSayer B.K. Stevens and I each have stories up for the Agatha in the short story category. (B.K. is also a finalist in the children's/YA category! And SleuthSayer Art Taylor is a finalist in the best first novel category!) If you'd like to read all the short story finalists (and please, do read before you vote), they're available online here. Scroll down to the short stories. Each title is a link to that story. Happy reading!




    11 April 2016

    Quote Unquote


    by Susan Rogers Cooper

    I was recently in the market for a good quote for a talk I was asked to give. So I started doing my research and found more than I bargained for. Unfortunately I can't bombard my listeners with all the great quotes I found, so, instead, I intend to bombard the reader. Go forth at your own risk.

    On the act of writing:

    “Sit down and put down everything that comes into your head and then you're a writer. But an author is one who can judge his own stuff's worth, without pity, and destroy most of it.”
    Colette

    “I've always believed in writing without a collaborator, because when two people are writing the same book, each believes he gets all the worry and only half the royalties.”
    Agatha Christie

    “Nothing you write, if you hope to be any good, will ever come out as you first hoped.”
    Lillian Hellman

    “All books are either dreams or swords. You can cut or you can drug with words.”
    Amy Lowell

    “Looking back, I imagine I was always writing. Twaddle it was too. But far better to write twaddle or anything, anything, than nothing at all.”
    Katherine Mansfield

    “The difference between a story and a painting or photograph is that in a story you can write, 'He's still alive.' But in a painting or a photo you can't show “still.” You can just show him being alive.”
    Susan Sontag

    “There is no such thing as a moral or immoral book. Books are well written or badly written. That is all.”
    Oscar Wilde

    “The art of writing is the art of applying the seat of the pants to the seat of the chair.”
    Mary Heaton Vorse
    *Note: I have also seen this quote attributed to Ernest Hemmingway.

    “Writing a book is like scrubbing an elephant: there's no good place to begin or end, and it's hard to keep track of what you've already covered.”
    Anon.

    “The answers you get from literature depend upon the questions you pose.”
    Margaret Atwood

    On the consequences of writing:

    “It is rarely that you see an American writer who is not hopelessly sane.”
    Margaret Anderson

    “I was gravely warned by some of my female acquaintances that no woman could expect to be regarded as a lady after she had written a book.”
    Lydia M. Child

    “A person who publishes a book appears willfully in public with his pants down.”
    Edna St. Vincent Millay

    On the opinions of others:

    “This is not a novel to be tossed aside lightly. It should be thrown with great force.”
    Dorothy Parker

    “Nothing stinks like a pile of unpublished writing.”
    Sylvia Plath

    “The more sins you confess, the more books you will sell.”
    Anon.

    On criticism:

    “There is probably no hell for authors in the next world – they suffer so much from critics and publishers in this.”
    C.N. Bovee

    “What I like in a good author is not what he says, but what he whispers.”
    Logan Pearsall Smith

    “Every author, however modest, keeps a most outrageous vanity chained like a madman in the padded cell of his breast.”
    Logan Pearsall Smith

    “Authors are partial to their wit, 'tis true,
    But are not critics to their judgment too?”
    Alexander Pope

    “Criticism is a study by which men grow important and formidable at very small expense.”
    Samuel Johnson

    “People ask you for criticism, but they only want praise.”
    W. Somerset Maugham

    What are some of your favorite quotes about writing, authors, books, criticism, etc.?  Maybe that's something we all, we writers, can reach for -- to be quoted some day.  Would that be cool, or what?

    10 April 2016

    RansomWare 2,
    Vampires and Zombies


     WARNING  Last week, we discussed a particularly vicious type of virus, one that poses a severe risk to your computer’s contents. It’s called RansomWare and it’s coming to a computer or cell phone near you. This week, we offer specific steps to protect yourself.

    Zombies vs Vampires
    To infest and infect, one of the givens of vampires is that they must be invited into one’s home. Dracula and his ilk may mesmerize or seduce, but only when a victim throws open the window can the creature waft in.

    Viruses– and more typically a variant called Trojan horses– work the same way. A colleague hands the victim a flash drive, or she (or he) clicks a disguised download button or the attachment of an email. Voilà, she’s unknowingly invited the devil into her life.

    Sometimes the effects are relatively minor– they may quietly turn the target into a zombie server, a computer that sends out spam, illicit files, and even malware without the owner’s knowledge. The truly bad infections can suck the lifeblood out of the system. Ransomware falls into this latter category.

    Recently, Dale Andrews received an apparent email from Velma with an attachment. Strange… she rarely emails and I knew our secretary hadn’t emailed anything since the beginning of the year. Fortunately Dale didn’t open the attached payload. It may have been nothing more than a Nigerian scam letter… or it could have been considerably worse.

    Pleadings

    My colleague Thrush keeps enough computers to power Bulgaria, nearby Serbia and Romania. He thinks like a pro; he takes security very seriously.

    His friend Mark phoned– he’d been hit with ransomeware. Arriving home in the evening, Mark had sat down at his computer, tired and less than alert. One of his emails raised the spectre of a lawsuit; it included attached court documents.

    He downloaded them and… innocently unleashed the wolves. Whatever had been attached, they weren’t pleading papers. A screen popped up… his computer had been encrypted by ransomware, demanding a few hundred dollars to return his goods.

    The man immediately detached his computer from his local network (LAN), one that included his backup mechanism and his wife’s computer, which fortunately contained their most critical files. His desktop was done for, but quick action saved their most important files.

    Defense

    The best protection against malware (malicious software) and ransomware in particular is to prepare your fortress now.

    I. Backups

    Back up, back up often. I previously mentioned it’s critical to back up to drives or discs that can be detached. The reason is that if your backup drive is on-line when malware strikes, you could lose your backup and everything on it.

    A simple strategy used in the early days of computing is to make grandfather-father-son backups: You cycle through your discs (or tapes or other media) reusing your oldest backup each time. This includes one vulnerability in that you may back up defective or damaged files without realizing it. For that reason, archive a backup each month or so. Tuck it in a drawer or bank vault and exclude it from the recycling.

    Consider using Blu-Ray discs with write-once technology. Those discs are not only less expensive than rewritable discs, they’re safer in that they cannot be later altered and their life span could last for decades.

    The Macintosh includes a backup program called Time Machine. It can operate in manual mode, which is useful for detachable drives. It also offers a continuous mode in which changed files are backed up every hour to an attached drive, the cloud, or a NAS (network area storage) unit. Continuous backing up is great unless ransomware attacks the backup files.

    A method of safe continuous backup is possible for desktop computers using these steps:
    1. Ensure files you want backed up are either in your public folder or outside your home folder altogether. In other words, make sure items to be backed up are visible beyond the confines of your user folder.
    2. W-D USB back-up drive
      W-D My Passport back-up USB drive
      Establish another user account called Backup. If set up properly, it should be able to see the files and folders you want backed up. Keep things pure. Do not use this account to surf, read email, or shop on-line.
    3. Attach a back-up drive, cloud storage, or NAS using a password. Only the Backup account should have the passwords readily available. Don’t access these drives from your main user account(s). (Western Digital external drives not only provide good back-up programs, they also allow the drive to be password protected.)
    4. Start the back-up program, providing its security services with passwords if needed. Don’t log off the Backup account when returning to the main user account.

    While you’re working, the Backup account will quietly save your data. If you are attacked, malware won’t be able to get at the back-up drive. You need only consider this for continuous automatic back-up programs like Time Machine.

    II. Modems, Routers, and Firewalls

    The Backup account acts as a sort of firewall to seal off back-up drives from the rest of the machine. Chances are your router as well as your computer contain software firewalls. Because of the variety of manufacturers, I won’t attempt to address specifics other than to suggest learning how or seeking help in using them.

    With the router, keep open ports to a minimum. Use long passwords for both your modem and your router. Be careful whom you let into your network. Some wireless routers allow ‘guests’ with imposed limitations. If both your router and your guest’s computer, tablet, or phone features a WPS button, you can permit guests to connect without giving out a password.

    III. Computer Settings


    Besides judicious sharing and firewall settings, a seemingly minor option offers major potential. By default, both Windows and the Mac don’t display common extensions (.doc, .rtf, .gif, .mp3, .exe, .app, etc.) An invisible extension might look a little prettier, but that extra piece of information might help you save your computer.

    Say you get a breezy email purportedly from a friend containing an attachment called FamilyFotos.jpg. You start to open it but, if you’ve activated the showing of extensions, you’ll see the full name is FamilyFotos.jpg.app … uh oh!

    Or, say you visit SexyBuns.com, download HunkyGuys.mp4 (yes, I’m talking about you, Jan Barrow Grape of 103 Rodekyl Lane, Armadillo, Tx 78657) and spot that the complete file name is hunkyguys.mp4.exe

    These are big clues that those files are not friendly.

    Show extensions by visiting Control Panels Files and Folder Options (Windows) or Finder Preferences (Mac) and checking the appropriate box. Now you can have more confidence that LegalPapers.pdf is truly what it claims.

    MacOS Finder prefs
    MacOS X show extensions
    Use extra caution with .doc and .docx files. Unknown files may contain malicious macros and may even suggest you turn macro support on if it’s not. More recent variants reportedly can leap the divide from MS Word to infecting the rest of your computer.

    If you wish to peek at unknown Word files, use WordPad (Windows) or TextEdit (Macintosh) or equivalent text processors that ignore embedded macros. Whenever possible, use .rtf instead of .doc as a far safer alternative.

    Windows File and Folder Options
    Windows hide extensions
    Email filtering not only keeps annoying mail out of your in-box, but it can also provide a line of defense against malware. Even if you blacklist/whitelist, keep in mind that bad guys may have hijacked a friend’s contacts list and try to spoof their address relying upon your trust.

    IV. Too Helpful

    Be wary of too-helpful emails and pop-up windows that offer updates to Flash, Silver Light, or Java, and especially shortcut links to your banking web site. If you receive an email supposedly from PayPal, your financial institution, HealthVault, IRS, Social Security, or other site containing personal and financial information, don’t click on any embedded links. Instead, type in the URL address yourself to be assured you’re not accessing a ‘spoof’ site trying to trick personal information from you.

    virus infection irony
    Consider the irony
    Notices urging upgrades– usually employing pop-up menus– can serve as fronts for malware. Don’t fall for the false convenience. Be cautious of notices your computers has been infected with a virus. If your browser screen locks up, get help. Don't call the toll-free number on the screen.

    Such notices may try to trick you into installing nasty stuff. If you think you might need a newer Flash player or Java component, then hie directly to their web sites and check for download versions.

    V. AntiVirus Protection

    Obtain a good anti-malware suite, either free (like AVG) or from Kaspersky Lab, Symantec/Norton, BitDefender, Malwarebytes, or WinPatrol. They each take different approaches. BitDefender’s defense works as a sort of vaccine. The free Panda Ransomware Decrypt Tool tries to restore deliberately damaged files.

    If at all possible, remove the wounded drive from its computer, or create and boot from an external drive to work on the damaged device. It’s possible the infection has altered the boot sectors of your hard drive. If you’re able to decrypt your damaged files, move them to a safe place and totally reformat the damaged drive.

    The Myth of Customer Service

    One of the internet ‘memes’ floating around the web speaks of ransomware ‘customer service’. This irresponsible wording is tantamount to insisting a rapist gives good customer service if he doesn’t kill the victim. Even professional developers who should know better use this expression, an indication of naïveté rather than an expert opinion. A paid criminal that restores files only 50-60% of the time does not exhibit good customer service.

    More on that next week. In the meantime, avoid zombies, vampires, and malware.