Am I Crazy?

Should I just stop now before it's too late? 

I want a big, wooly blanket for my couch. Well, when I buy a couch.

I don't have one yet. But when I get a couch, I want a big, wool blanket tossed on the back of it.

And I really, really want it to be wool, not acrylic.

I bought some Lion Brand Fisherman's Wool and started on this sample in the round.

The blanket is very simple but pretty.

The red stitch marker marks the beginning of the round. Barely noticeable. After blocking it should all blend in.

It's worked in the round, center out in alternating groups of 4 knit rows and 4 purl rows.

Good mindless knitting. Perfect for working on while I'm reading or doing other things.

It's soft and squishy and has that soothing wool smell to it. So far I love it.

But those nagging thoughts keep popping up in my head.

For one, if I keep going to full size like I planned, this thing is going to be heavy.

I want it to be big enough to fully snuggle under so it has to be at least 72 inches wide.

I already know that a blanket that size worked in the round is going to make me crazy toward the end.

I have considered working in blocks approximately 20 inches wide and seaming them together.

I figure if I end of a purl ridge and then work one round of knit stitches I could kitchner the stitches to the next block and it would all blend in.

That would solve the problem of working a big, heavy blanket in the round. But I keep thinking the real problem here is the fact that Fisherman's Wool is labeled as "Perfect for Felting."

I love Fisherman's Wool. I love the smell. I love the softness after it's washed. And I love how large the skeins are. This sample is already at 14 inches and I am barely halfway through the first skein.

But I really feel like the felting thing is going to come back to bite me.

I am knitting it at a firm gauge to make it less likely to felt. I'm knitting at 6sts/in. The ballband is labeled at 4sts/in.

Even so, realistically, there is no way I can hand wash this thing. It's going to be way too big and too heavy to wash in the bathtub.

And where would I lay it to dry?

Eventually I am going to have to throw this beast in the washing machine to clean it.

Did I mention I have 3 cats? Yeah, I'd also like to toss it into the dryer to get the cat hair off of it.

I know this seems crazy. I was planned on knitting it extra big to account for a little bit of felting and shrinkage. If I was it on delicate and dry it on Fluff could I get away with it?

I'm thinking I will finish this ball off and see what happens when I wash it gently in the machine.

I Was Looking Right At It

I'm a big fan of mindless knitting. I have an attention problem so I can't knit anything too complex without extreme effort. Even though I know I have trouble paying attention, I still find myself shocked when I do something so stupid.

Isn't is amazing how far into a project you can be before noticing a giant, in-your-face, how-can-you-not-see-me error?

I like shawls. I usually knit simple triangle or heart shaped shawls in simple stitches. This time I decided to mix it up a little. Mistake number 1. Instead of working the usual triangle shape, top down, I thought let's work the triangle back-and-forth, working top up. After working a garter stitch triangle back and forth I planned to add a simple YO, K2tog edging.

The triangle part started out just fine.

It was going well... K2, YO, knit to last 2 sts, YO, K2, next row Knit, repeat.

About half way up the triangle I think I started doing double increases on each edge because it started to take on more of a heart shape. But it was still fine.

When I was around half way through the ball of yarn I began the edging. A very simple YO, K2tog.

I only have a little bit of knitting time every day so I spent weeks working on this. Literally. Weeks went by without my having a clue what I was doing.

Some of you have already caught it and are laughing the sympathy laugh right now.

I was almost to the end of the ball and was trying to estimate how much yardage I used on each round so I could figure out exactly when to begin binding off.

And then I finally saw it. 

I had been knitting the edging onto the neck edge instead of the bottom edge of the shawl. There was no way to turn this into a design element. It had to be ripped out.

Off to the frog pond it goes.

Damn You Auto Correct

I was making a reminder to myself to blog about the pile of yarn that I keep knitting over and over again.

When I wrote the word 'reknit' auto correct changed it to 'eek it.'

How does that make more sense than 'reknit'? How does that make any sense at all?

Knit Picks is a Slow Learner

KP Foolishly Attempts to Silence Angry Knitters by Blocking Posts to KP's Facebook Page

As if that would work.

n00bs

After the blowup on Ravelry, Facebook, Twitter and Reddit about the security breach, Knit Picks responds by trying to block knitters from posting to their Facebook page.

They removed the post box so you can't write directly to the page. They also modified it so you can no longer click on the drop down box and select "Posts by Others."

What you can do is reply to a post of theirs, which may actually be more visable than if you posted directly. When you post directly to a Page is gets tucked away in a little box in the upper right hand corner of the feed. But when you reply to a post it is just...there... visable in the middle of the page for all to see.

I haven't tested it out but I suspect the tagging should also still be working.

If you're interested in following the story there is a new Facebook page for victims of the Knit Picks breach.

https://www.facebook.com/pages/Knitpicks-Breach-Victims/336035513164460

Also some info on their blog:  http://kaycie51782.wordpress.com/

Knit Picks Bows to Public Pressure

Fear the Knitters; Ignore the Quilters and Artists

I'm now convinced even more than before that Knit Picks is only issuing a public statement because so many knitters are complaining on social media.

I've looked at the Facebook Pages and websites for both Connecting Threads and Artists Club, the other two Crafts Americana companies affected by the security breach. I can find no notice on either website or Facebook pages.

Connecting Threads

Website: http://www.connectingthreads.com/Quilting.cfm
Facebook: http://www.facebook.com/home.php#/pages/Connecting-Threads/121383646130
Blog: http://www.connectingthreads.com/blog/

Artists Club

Website: http://www.artistsclub.com/index.cfm
Facebook: http://www.facebook.com/pages/Artists-Club/163211837061273
Blog: http://www.artistsclub.com/cfBlog/

 Knitters informed each other and forced a confession out of Knit Picks, but customers from the other companies appear to be left behind.

I already had a very low opinion of Knit Picks/Crafts Americana, and now they've just lowered the bar.

Knit Picks Responds to The Security Breach

Knit Picks' Hack Confirms Sensitive Customer Information Exposed

See what I did there?

On February 17th the following message was posted to the Knit Picks blog confirming that customers' credit card informatin has been compromised.

Click to View Full Size

On the one hand, I am happy Knit Picks has finally made a public statement. Isn't it strange that admitting to it doesn't change the details, and doesn't really provide us with any new information, but for some reason it is important to hear it from them.

Now on the other hand, for me, there are a couple problems with their announcement. The biggest problem is that it is too little, too late. I can find no excuse why it has taken this long to contact their customers, and it seems this is only happening after the story blew up on social media. I fully expect things like this to happen. I have shopped at other retailers who have been hacked into and I was promptly notified so I could take action to protect myself.

It looks like Knit Picks didn't take action until after they were hung by the court of public opinion. For me, I have lost too much trust in the company and have no intention of shopping there again.

Knit Picks claims they mailed out letters to affected customers on February 8th. It is currently February 17th in Wisconsin. I have not received a letter from Knit Picks, nor has anyone else that I have heard of yet.

It's good that they posted to their blog, linked it to their Facebook Page and Twitter account, but I would like to have seen this come in to my email's inbox first. I still haven't received this via email, so customers who are not active in social media may still not be hearing about this. The blog post is not linked from the front page on KnitPicks.com. You have to go looking for it to find it.

Facebook Reacts

Not sure if trolling, or just really stupid

Reading some of the comments on Knit Picks' Facebook page is interesting. Most commenters are angry customers who say they should have been informed earlier.

One poster actually had the nerve to blame the victim.

He asked why people actually believe they can just go around shopping with credit cards and stuff. Why aren't you using a paper check like in the old days? Because you know, in the old days no one has ever stolen checking account information!

Many people are saying they will not do business with Knit Picks again.

Canadians are asking why only U.S. customers are allegedly receiving snail mail alerts, why no notice being sent to international customers?

Someone posting from the Knit Picks Twitter account said there has been an addendum added to the blog post:

I have refreshed the page multiple times but I can not find the addendum.

The Twitosphere is not amused.

 They're really not handling this well at all, are they?

How to Deal With a Security Breach

What you should do as a consumer if your personal information has been compromised in a security breach

Since Knit Picks' poorly managed security leak, we now have to look at what to do if your information was part of those exposed. This information comes to us from PrivacyRights.org  Please surf over and read the entire page. There is a lot of good info there.

I would especially like to highlight the information about potential identity theft. Since Knit Picks exposed our names, addresses, phone numbers and credit card information not only do we have to watch for fraudulent charges, we also have to be wary of someone opening new accounts under our name.

From Privacy Rights:

4. Reducing Your Risk of New Account Fraud Immediately call the fraud department of one of the three credit reporting agencies -- Experian, Equifax, or TransUnion. When you request a fraud alert from one bureau, it will notify the other two for you. Your credit file will be flagged with a statement that says you may be a victim of fraud and that creditors should take additional steps to verify your identity before extending credit.

Equifax fraud department: (888) 766-0008
Web: https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp

Experian fraud department: (888) EXPERIAN (888-397-3742)
Web: www.experian.com/fraud

Trans Union fraud department: (800) 680-7289
Web: www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/fraudAlert.page

The federal Fair Credit Reporting Act (FCRA) enables you to place an initial fraud alert for 90 days. You may cancel the fraud alerts at any time.

Good luck!

Knit Picks Demonstrates How to Decimate Your Customer Base in 3 Easy Steps

How To Create a Public Relations Nightmare

1. Leave a file containing sensitive, unencrypted customer information, including names, credit card info, addresses and phone numbers exposed to anyone on the internet for at least one full month.  Ensure that the data exposed includes customers shopping during the Cyber Monday and Christmas shopping seasons, promising the maximum number of customers affected.

2. Notice problem; quietly delete file. Send out mass email of latest yarn sale.

3. Weeks later when large customer base learns of breach and complains loudly online, ignore them completely. Bonus points for attempting hyperdeletion of comments on your Facebook page.

Congratulations, Knit Picks. What could have been simply a stupid, embarrassing and common mistake has now cost you untold numbers of both past and future customers.

I'm just learning this information tonight so there is still a lot that isn't known. What best I can figure out from what has been posted on Ravelry and Facebook is that on December 21st a 'breach' occurred allowing an unencrypted file to be publically viewed on the internet.

From Privacy Rights Clearinghouse

Customers who had credit card numbers on file after using them at Knitpicks.com, ArtistsClub.com, or ConnectingThreads.com may have had their information exposed.  A file on the Crafts Americana Group, Inc. servers was accessible for a period of time before being removed on January 25, 2013.  The file contained names, credit card numbers, addresses, and phone numbers.

The file contained names, addresses, credit card info and phone numbers of Knit Picks, Artists Club and Connecting Threads customers. No word on how far back the records go but people are reporting stolen credit cards they used as far back as one year ago.

The "breach" was discovered on December 21. The offending file was deleted on Jan 25.

On February 11 the information was made public. Not made public to the customers affected, mind you. Made public to the Attorney General of California when Crafts Americana filed paperwork. And this is how knitters eventually caught wind of the issue.

As of today, February 16th there has been no communication from Knit Picks informing customers that their sensitive information has been compromised. No email alert, although I did get the email of their new yarn today. No mention on their website. Nothing has been written on their Facebook page. Nobody tweeted from their Twitter account.  And no staff have posted to the fan group on Ravelry.

Knit Picks hasn't said a word. I learned about it from a post on Ravelry tonight. Most knitters are hearing the news from Ravelry, Facebook or Twitter.

This is turning into a social media nightmare for Crafts Americana, and frankly, at this point, they deserve it. They have been dealing with this problem for weeks now; they should have had a statement prepared.

Click for larger view.

I was one of the people who had fraudulent charges on the credit card I used at Knit Picks. I understand companies get hacked and things happen, but when it does it is important to address it immediately and take action.

At this time it doesn't appear that Knit Picks was actually hacked. It looks like the file was left exposed on their server, not stolen by an outside source.

Furthermore, on Knit Picks site when you get to the check out they claim they don't save your credit card information, and yet thousands of customers just had their credit card information stolen.

Coincidentally, I was on my way over to KnitPicks.com to place an order but stopped by Ravelry first. That is when I learned of the security breach and in the next couple hours I have seriously reconsidered ever ordering from them again. The way they are handling this is inexcusable.

Adding insult to injury, Knit Picks is sending out a reply to some people who had emailed them stating:

Thank you for letting us know. We continue to monitor our systems and take security seriously. Any information we are given is immediately relayed to our IT Department. We have 2 companies monitor our websites, Norton Secured by VeriSign and Trustwave. We appreciate our customers letting us know of their experiences. A letter has been sent out to people who may be affected by this.

They have two different security companies watching the site and still no one noticed that a file was exposed to the internet for at least one month? That's incredible.

Click to view larger size

The Norton Secured guarantees that our credit card information is encrypted using SSL during data transmission.

Too bad it doesn't also guarantee that Crafts Americana will also encrypt that data when they store in on their servers.

How do you NOT encrypt credit card numbers?

Click to view larger size

Trustwave is an interesting one. First it says, "Your credit card and identity information are secure."

And then the disclaimer:

"Disclaimer: Trustwave Holdings, Inc. makes no representation or warranty as to whether Crafts Americana Group, Inc. systems are secure from either an internal or external attack or whether cardholder data is at risk of being compromised. Trustwave Holdings, Inc. makes no representations or warranties regarding this company's business activities or operations. Please contact the company displaying the seal if you have questions about their products, services or customer support. "

How can they claim that your information is safe and then put a disclaimer saying they have no way of knowing if your information is really safe? Don't those two cancel each other out?

I'd like to leave you with a screen cap from the Artists Club Facebook page:

"Safe from your husband and the Pentagon"

Your credit card information is safe from your husband and the Pentagon. Assuming neither party has broadband access.



PrivacyRights.org
https://www.privacyrights.org/node/55899

State of California Department of Justice Office of the Attorney General
http://oag.ca.gov/ecrime/databreach/reports/sb24-38867

Submitted Breach Notification Sample Letter being mailed out to affected customers http://oag.ca.gov/system/files/Multi-state%20notification%20letter%20-%20Crafts%20Americana%20-%20letterhead_0.PDF?