One might think the news of lead in toys would prompt a manufacturer to recall them immediately. Not so in Illinois, where a toy company has questioned the validity of state authority to determine safety. The disagreement seems to hinge on whether state or federal regulations should determine acceptable exposure to lead:

llinois authorities thought they had reached an amicable agreement late last year with Ty Inc. to have the company voluntarily remove its Jammin’ Jenna dolls from retailers because the toys contained high amounts of lead.

But a few days later, the state attorney general’s point person on the issue was surprised to see Jammin’ Jenna for sale in a candy store near her office. The next morning, the official spotted another one at a grocery store near her home.

When the attorney general’s office confronted Ty, best known for its Beanie Babies, the Westmont-based company said it would no longer sell new versions of Jammin’ Jenna to Illinois retailers. But it refused to recall dolls already in stores, according to the state.

Note the detection method. An official went to a store and saw the toy was still being sold. Could there be a more automated method? Will checkout tills soon have the ability to detect harmful substances? Probably too costly, compared with spot-checks, but I am reminded of airport security. If the risk is high-enough, even just from a public perception/fear perspective, then maybe toy retailers will have safety-enabled checkout scanners.

Speaking of retailers, I wonder why they could not get the retailer to refuse to sell the toy. Later in the same article, another similar story comes to light, but it does not target the manufacturer.

State authorities also are upset at national retailer Party City, which told investigators and the Tribune in the fall that it had stopped selling a pirate skull ring found by the newspaper to contain high lead levels. A spot check by the Tribune later found the ring still for sale.

The newspaper bought and tested the ring again. It exceeded safety limits for lead.

A Party City spokeswoman said the chain had instructed its 500 stores across the country to pull the rings and thought the order had been carried out. The firm said it re-issued the order earlier this month after the Tribune informed the company that the tainted product was still on some shelves.

The retailer also said it has instructed its stores to withdraw a similar pirate necklace, which the Tribune found in a follow-up test contained lead levels more than 200 times the state limit.

This story puts into perspective the hassle of chasing down NT4 and Windows 2000 servers and getting them off the network.

One last thought. Remember the robot in Buck Rogers? I think it said “Eat Lead, Suckers!” Ty should consider licensing that little guy for their beanie baby line…

I have been asked to work on some Sun Sun Ray (yes, it’s a redundant name).

They seem very much a throw-back to X terminal days, and in particular they remind me of a Sun Java Thin Client box I had to work on in 1997. My conclusion on the Java terminal at the time was DOA. There were literally no apps. Can’t believe it has been ten years already…anyway, the issue I am looking at relates to VPN connectivity.

Sun promises great new security functionality in their Sun Ray Software 4, as described in this beta release page:

…great new features such as the VPN/IPsec client in the Sun Ray firmware. This allows customers to simply plug their Sun Ray clients into nearly any network and connect back to their corporate desktop. Please note that the VPN/IPsec client only works initally with Cisco gateways that support the Cisco EasyVPN protocol.

Grammar check. Should that be “client initially only works with Cisco”? Hmmm, only Cisco? This looks like a not-so-easy EasyVPN protocol.

Why did Sun, a self-proclaimed champion of open standards, grab onto such a proprietary/rare IPSec configuration? Is Cisco a big consumer of the Sun Ray?

So that is what I have been researching lately. I love the X terminal concept, but it surprises me to hear there is no alternative to Cisco’s IKE implementation. That and the fact that Sun Ray documentation only points to IKE-DES3-MD5, rather than more contemporary options like IKE-AES-SHA1.

Well, being away from my log for a while has left some interesting bread crumbs to sift through.

For example, I have noted that someone in Iran (80.191.136.xx) has been trying to attack my site.

I tracked back a couple very sloppy attempts to the Isfahan municipality computer services organization.

Basically, in the latest attempt, they have been searching for a vulnerable version of wp-trackback.php, and submitting “‘ and 1=1” to post.php.