The Falcon's View

User Friendly has been running a series of comics about people creating blogs, getting that first entry out there, and then being completely brain-dead. Ironically, it seems to be happening to me, too. It strikes me that part of the problem is the realization that publishing thoughts to this blog means saying things out loud, in a public forum. That can be daunting and scary. For one thing, what about privacy?

Well, anyway, here's another post. My next post will likely deal with figuring out how to get MT plugins like StyleCatcher to work through "system-wide configuration." I also need to figure out why the contextual help files are inaccessible.

I did not watch the State of the Disillusioned Union last night. It's too painful. I mean, come on, seriously. Since when did eloquent speaking get thrown out, only to be replaced by mindless, mind-numbing applause after every 1-3 sentences? Nauseating.

So, here's what I'm wondering, having read the highlights...

In Scott Adams' original "Dilbert Principle" he mentions that we all have idiot moments. I can certainly recollect dozens of my own. But then there are those Darwinian moments where you stop and realize "wow, some people just aren't all that bright." Take this story on CNN.com for example. Researchers found that microwaving a WET sponge for 2 minutes kills most bad things lurking about. So, what did people do? They tossed DRY sponges into their microwaves, and then had the hilarious nerve to complain to the reporting news agencies that it was their fault. If only people could read - and comprehend!

The irony of No Child Left Behind: the parents of the children are already long lost. :)

I've always been a fan of George Carlin (comedian) because of his witty analysis of the English language. This amusement has often caused me to evaluate words and phrases and the intended versus literal meaning. Today's example is the common question to men too lazy to shave (like I've been for a few days): "Are you trying to grow a beard?"

The answer is 'no' I'm not "trying" to grow a beard. There's absolutely no conscious effort involved in making the beard grow. In fact, it seems to grow quite well despite any attempts I might make to stunt it.

The correct question is "Have you decided to let a beard grow out?" Such a question would more accurately speak to the actions I am or am not taking; namely, shaving. If whiskers grow on their own, and a beard is the result of not shaving those whiskers over a certain period of time (days for me, weeks for others), then this question best addresses my intended (in)actions.

And, in case you're wondering, I have no "plans" for a beard. I'm just feeling lazy and thought I'd give my face a break from the daily scrape. :)

I keep asking myself "Is it Friday yet?" I don't know what it is about this week - maybe the colder temps (actual winter weather for a change) - but I'm just having a tough time this week. Getting up in the morning has been a chore and require a major act of willpower. Going to work out has been challenging. It's just kind of a general malaise. I'm sure I'll get back to posting something more interesting soon. Until then, sorry to disappoint the one reader I have (yeah, that'd be me).

Rest of the week looks like this:
Thursday - climb @ SportRock
Friday - flag football @ Dulles Sportsplex (allegedly)
--> backup plan: running (maybe 4.5 to make up for my abysmal run tonight)
Saturday - lift legs, maybe run PM
Sunday - SUPER BOWL!!! Oh, and tennis in the morning...

I could go on and on... droning... :)

First a short letter...

Dear Advocates of Political Correctness,

You represent a parody of America that is so absurd today that it should be shunned. What a pity that the media takes you seriously, since it means we all have to listen to the endless drivel. Please make it stop.

Sincerely,

Americans sick of your lunacy

The triggers for my rant today? I'm fed up with all the endless coverage of the endless stupidity. Specifically, yesterday's Boston bomb scare and Senator Biden bombing in his attempt to compliment Senator Obama.

The Star Tribune has a nice piece on the official re-launch of Storyhill - my old favorite acoustic duo, first encountered in college. These are, hands-down, two of the nicest guys you'll find, with their niceness only exceeded by their talent. They counter-balance each other extremely well and have produced some of my all-around favorite pieces. Check out the show listings on their site to find info on their Valentine's Day release party and other upcoming performances. Preview their new self-titled release up on Amazon.com today!

Well, I'm back in the swing of things. Energy levels have been mostly normal since Wednesday, but I'm still unable to eat much. It's like my stomach shrank significantly while I was sick. All told, I think I lost about 12 real pounds in 3 days (excluding any related dehydration losses). I hit a low yesterday morning of 189 and was back up to 192 this morning. Jogged a couple miles tonight at a slack pace to try things out. Was remarkably limber while stretching, but the joints were all crackly (unsurprising). Will try for a full run tomorrow, I think.

The big news around the area is the weather. It looks like on Tuesday we received about a quarter inch of ice, then about 3 inches of heavy, wet snow, then another good half inch of ice on top of it. This made scraping the car a chore on Wednesday. Would have been worse today, though! And then there's the fun of watching southerners trying to handle the conditions...

Nothing too exciting to tell, so today let's have another grab bag of random thoughts, shall we? Let's see what topics I can think of... ok, here we go! Topics covered today:
- annual review
- sore joints
- random bruising
- going home to Moorhead
- anxiety and panic attacks
- redefining my role
- where is my MS confirmation?
- ah, it's coming soon!
- possible upcoming research efforts
- migraine treatment

Not a whole lot to relate today... will be posting later this week about some new research begun on Friday. Until then...

Big news! I finally received on Saturday my official "Congratulations. I am pleased to inform you that you have satisfactorily completed the academic requirements for the Master of Science degree..." letter! w00t! I'm now just needing the official diploma. Nonetheless, I have taken the bold step of adding MS behind my name.

In other, completely non-related news, we had lovely weather today. Actually, I like true snowy days - especially after the first couple inches are down, but it's still snowing. It's so peaceful and lovely. All told, our "wintry mix" forecast amounted to somewhere around 3-4" of heavy, wet snow. Plows have, thankfully, been running most of the afternoon. A marked difference from the storm a couple weeks ago. It's unclear if schools will be delayed or closed tomorrow, though it's increasingly looking like they'll be on time. Hard to believe that we keep getting actual winter weather here. It's so out of place.

Nothing much to tell, just had a very productive day, for once in a long while. Was up at 6am for tennis with the wife at 7am. Didn't hit very well, can't move freely with the hamstring and hip bugging me (Monday makes it a week since I pulled it). Doc says it'll be fine, just give it time. Anyway...

This sounded so much funnier in my head today:

My brain uses a hash function to compress memories. This is great for speedy comparisons, but makes recovery of the original memory impossible. And don't even get me started on birthday attacks and collisions...

Like I said... seemed... so... much... funnier... *sigh*

For something funnier, check out XKCD.

I had a rough morning today. "Why?" you may ask. Well, I locked my keys in a running car at my parents house. Dumb, eh? But here's my tirade and how it relates...

Locking the keys in one's car is not an uncommon occurrence. However, since buying a Honda Civic, I have not had to worry about this problem. This is because Japanese designers think about the smallest of details when designing new cars and they consider that people might accidentally do something that could result in a "bad event" such as locking keys in the car. Here are some distinguishing features between my Civic and the Jeep Liberty that I have as a rental car:

It's Monday and I'm back to work after my brief trip to Minnesota. Visited my parents, spoke to 3 groups of students at Concordia, had an excellent conversation with Dad's psychology prof colleague M about research I'm working on, hung out with my friend B for a while, and went for breakfast and a brisk walk with my (new-found?) friend R. Overall, aside from locking my keys in the rental car on Saturday while it was running, it was a pretty darned good trip.

Outline of thoughts...
* Speaking to audit class - tough!
* Speaking to comp sci majors class - fun! mythbusting!
* Speaking to comp sci 101 class - also fun!
* Good to see the 'rents
* Great chat with M about psychology and security
* Changing perspectives on driving times/distance
* Changing perspectives on my career

I'm feeling hyper tonight, no idea why, just completely buzzed. No, I did not consume caffeine, thank you very much. I'm in a very random mood, though, and really have no idea why that may be. So, before I post my serious entry, I (*pause: switch to iTunes, queue music*) need to get some of this energy out, set a better mood, and just generally shake out all this hyperness. No, that's not a word, I made it up. Pretty common, actually. Just let it go. :)

Let's see, what else do I know? Oh, not much, so that's it. Junk post is out of the way, am feeling more betterer, can now get on with "other stuff."

*puts on serious, focused, concentrating face*
*walks away to do other things for a while*

:D

Thaaaaaank goodness it is indeed Friday. It's been a very busy week, and I'm just glad it's over. Ran a few times (mostly poorly). Lifted on Tuesday (very well). But, the theme, by-in-large, has been work, work, work!

Overall, it's been a good week. A good couple weeks, in fact. And this coming week, we're heading to Colorado for a little skiing/boarding and, more importantly, R&R. I do, however, have to confess to being a bit annoyed this evening...

It's been about 24 hours since the terrible shooting incidents began at Virginia Tech. Let the second-guessing begin! Frankly, the second-guessing game began within hours of the incident, with headlines like "why weren't students notified sooner?" and the sort (of which CNN.com still has on their site).

As we've come to expect, journalists believe erroneously these days that they are subject-matter experts in all topics. Case in point, we watch ABC News in the morning. Today the Good Morning America (GMA) staff is in Blacksburg, VA, to cover the VT shootings in person. All good and fine, I suppose, since it should give them easier access for human interest stories. But, my, how arrogant and disrespectful they're being to the local authorities! Consider, for example, the literal interrogation that Diana Sawyer gave to the university President.

It's a couple days after the VT tragedy, and now the second-guessing is amping up a level. It seems this psychotic fellow may have provided indications that he was anything but mentally sound. Multiple people filed reports, and yet the response was "there's no explicit threat, there's nothing we can do." The blame game is, of course, swirling quickly. Allow me to take a few minutes to discuss my take on placing blame against a few key targets...

Regarding the VT massacre last week (noted here, here, and here), the killer is the primary person to blame. Time magazine had an interesting essay this weekend titled "It's All About Him" stressing that this act is purely about narcissism and his strong desire to put himself ahead of all others, to promote himself, and to make others know and revere him. I have another word for his actions, too: cowardice.

For those keeping score at home, common sense is losing, and badly. I ran across a couple articles today that should make you wonder "how out of touch are people with reality?". The first target is organized religion in the United States and their apparent lack of cluefulness when it comes to keeping out of politics. The second pertains to Disney -- the owner of the non-expiring, lobby-dominated copyright for that quirky mouse -- making a deal with a cable provider to disable fast forwarding through embedded commercials in on-demand shows!

Here is a somewhat sparse article from the BBC that talks about the "first international forum for indigenous peoples in the Congo basin". It's actually an interesting read, though a bit short on details. What I found most interesting was the closing thought that there are things we can learn from them.

In the last 24 hours I've had both workouts interrupted by jerks. I have to say, it's getting rather wearing. Last night, before doing my upper body workout, I did my "Power to the People" workout of 2 sets deadlifts, 2 sets side press. After my first set of deadlifts (5 reps), I took a break, walked around, etc., for about 5 minutes, as the routine prescribes. On my way back to the squat rack, some guy says "hey you better keep it down." I had my headphones on, so turned around and took them off and said "what?" and he said "you better put some pads under that weight, otherwise someone back here is gonna kill you for making that much noise." I was like "whatever, dude, it was 1 set of 5 reps at heavy weight." Clearly the guy had no clue how you do a full deadlift properly. No, I wasn't dropping the weight, but I certainly wasn't letting it down slow and easy, either. Do that and you hurt yourself! I did a proper form deadlift. Anyway...

Tonight I blog on a few different topics. Tomorrow morning I hope to post my thoughts on the Harry Potter books and movies, including a summary of thoughts on HP7: The Deathly Hallows (which will be heavily labelled "spoiler alert"!!). I also hope to get my Europe travel photos processed and posted on my photos site by the end of the weekend, along with a lengthy post about the trip. Lots to do! First and foremost, I just to start doing a brain dump...

So, first up, my favorite workout implement: kettlebells! I mentioned a couple weeks ago that Hanna was interested in trying them out. So, as promised, I ordered an 8kg bell for her yesterday, along with a pair of 24kg bells for myself. I highly recommend this workout system to everybody, young or old! Start light if you need to, there's no shame in that. The shame is in not doing anything. These wonderful tools provide a full body workout with only a few simple exercises. To quote Pavel:

When we say "strength," we mean "kettlebell." When we say "kettlebell," we mean "strength."

We've all probably guessed that the next major global armed conflict will revolve around access to natural resources, much as the last regional conflicts in the Middle East have been. But, did you ever stop to think that such a conflict (possibly even WW III) might be spurred on by the receding polar ice cap and global climate change? I've noticed several articles in the past few weeks, including this one from the BBC, that show Russia, Canada, and the US (among others) beginning to enter a somewhat tetchy standoff over who has rights to the resources under the Artic.

Call me paranoid, but if I were to guess at the cause of WWIII, this would be it. Especially given the strong posturing Russia has been doing lately, such as over the proposed American anti-missle defense system in Europe, I'm strongly reminded of the Cold War era. Add in economic instability globally, as we have today, with the significant economic influence of the Asian Tigers, and you have the ingredients for quite the mess.

Food for thought...

I've found myself wondering at length lately about what it means to be a leader and what good leadership is. I certainly don't think that I'm a very good leader these days because my attitude, frankly, sucks. It's certainly not an easy thing to be a leader, though there are certain behaviors that I think are endemic to leadership that should be taken as serious factors.

First off, I think it's instructive to explore where I think that I've succeeded and failed as a leader myself. In terms of failure, as already mentioned, my current attitude is not productive or useful, though it may be understandable, and even excusable, to a degree. To be quite honest, I'm a little burned out these days, not just from work load, but also from what seems like a lack of good, quality leadership around me. Let me come back to that.

Where I think that I've succeeded as a leader is in not accepting first answers as a given, in being a good example for performance (attitude aside), and in becoming moderate in emotion (most of the time), while maintaining passion and direction. I try very hard to ask thought-provoking questions, and I simply do not accept "that's the way it's always been" or "that's how we do things here" as valid explanations. If you weren't present for the decision to do something, and you don't understand why the decision was made, then you should be asking questions, not defending it. I digress...

If only we could all have lives like Zits... honestly, I wonder how many people had/have dreams like this? What's keeping us from living these dreams? Some sort of false obligation to the working world? Food for thought...

It's been a busy couple weeks, with the hallmark chaos trailing in the wake of time. As far as I can tell, this really extends back to the end of vacation in August. We got back from Europe and - shock of shocks - we were exhausted! Hanna, fortunately, had a couple weeks to recover while between grad classes and before the public school year began. I was not so fortunate, and really suffered the toll ever since (well, until now, anyway). This leads to what I consider to be the opposing concept from the movie title "Eternal Sunshine of the Spotless Mind" (see movie info here). Allow me to attempt to articulate without rambling endlessly for hours on end (oops, too late!).

We've had an interesting, though sadly disparaging, thread on the cisspforum this week. I can't post any direct quotes for you, since that would be a violation of the forum guidelines, but I can talk about the issues in a generalized sense. I wish to do this because I find it indicative of some larger problems within the security industry, and in fact within American society at large.

The core point of contention in this thread was whether or not so-called "off-topic" posts were appropriate. The forum guidelines clearly prohibit content that is not related to security. A couple people argued quite vehemently that anything that diverged from that rule should be strictly omitted. This stance seems reasonable, perhaps, at first glance, but it begged a larger question: given the extremely broad subject that is security, how does one gauge whether or not a post is relevant? Moreover, who's opinion holds more weight in answering that question.

The major airlines represent a relic of the past that have been artificially sustained by the government for far too long. There have been two such bailouts since 9/11, and I think I recall another in the 80s, too (though I can't be certain). The problems are myriad, but I wanted to rant about something that has irked me very recently...

Frequent flier programs... I hate them (as they are)! Case in point, due to my international gallivanting this past year, I've accrued over 50k miles on my United Mileage Plus account. Wishing to use them for a short holiday over Presidents' Day weekend, I attempted to find a use. Unfortunately, they're not interested in letting me use my miles - at least not for 25k miles per ticket. When a flight is available, it's only available for 50k miles ("standard" vs "saver" award), which would require me to purchase the second ticket, at a cost of more than $600. Seriously?!?

The problem is this: if I've flown so much as to accrue enough miles for a free ticket, then give me the stupid ticket. What's with limiting the number of award seats per flight? The limitation only serves to piss me off, and generates ill will against the airline. And it's not like the majors have much good will these days going for them that they can afford to blatantly piss off their customers. It's just patently ridiculous and, worse, it demonstrates an arrogant short-sightedness. They'd rather pass up filling 2 seats than to keep a customer happy, build loyalty, and take slightly lower realization off that flight.

Of course, herein lies the problem. The airlines are commercial, and often publicly traded. They're trying to maximize their realization based on old principles. There could be better ways to generate revenue (as other startups have demonstrated), but because of the prop-ups by the government, they're disincentivized to use them.

Here we come 2008! It's hard to believe that 2007 (or 2006, 2005, 2004, etc.) has already come to pass. We were able to get back to our traveling ways this past year, but do not foresee being able to continue these ways as we shift our plans to starting a family. It will, however, be anything but a dull year, as we buckle down financially, finally getting some old debt paid off, and beginning to put money into savings and investments. The predictions of a recession in 2008 actually play very well to our hand in this regard, providing an opportunity to reduce some of our interest load, while also reducing investment costs to below what may be their actual value.

If you're anything like me, you're probably exhausted here on the first day of the year. For me, there are a few reasons. The first reason was work-related. While AOL was very good to me, it was also extremely stressful. Since returning from vacation in August 2006, when I had a huge case dropped in my lap, things just went berserk from there, with a major restructuring, major layoffs, a complete change in executive management, and so on. That stress has been relieved by changing jobs, and I fully expect to recover.

We could potentially subtitle this as "Serbia takes on the world of tennis" in the grand scheme of things. For those who don't follow tennis, let me sum things up for you in a quick nutshell. The Australian Open is currently going on in Melbourne. It's the first of the Grand Slam tournaments of the year given their southern latitudes. This weekend will be the final matches.

Going into the tournament, Justine Henin and Roger Federer have completely dominated singles play, both easily establishing and maintaining their position at #1 in the world in their respective leagues (WTA for Henin, ATP for Federer). Both were expected to do well in the tournament, as were two American sisters, Venus Williams and Serena Williams. In the end, none of them made the finals, and Serbian players are the reason.

I've been diligently working on a few articles, plus fighting a cold, over the last few days, so you'll have to excuse the decreased blog output (or not - feel free to hold a grudge for a while, if it makes you feel better:). Anyway, I ran across a few articles today that were interesting enough to make me want to talk about them. So, here's a hodge-podge of topics, ranging from politics to infosec to cool new technology, including a brief review of the latest book I've read, The End of America: Letter of Warning to a Young Patriot by Naomi Wolf.

I went to Target to buy face wipes tonight... with tax, the total came to $6.66. My immediate compulsion was to buy gum or mints to get around that omen, but I resisted. Instead, I said "that's kind of creepy." The cashier looked up and said "yeah, those wipes are kind of expensive, aren't they?" It was very difficult to stifle a smile at her failure to recognize my attempt to be clever. I guess humor is in the ear of the beholder...

Is it worse to let go unchallenged a fool making known factually incorrect statements in a professional forum (like a mailing list), or to challenge the fool and potentially have the thread devolve into flames?

From a risk perspective, I view the trade-off analysis as being setup thusly:

1) Let the fool go unchallenged. The cost (impact) is that less experienced and/or impressionable participants in the forum may take the fool's comments as accurate, giving them a life of their own. Overall, this has the effect of reducing the quality of professionals in the industry, leaving some worse off than when they entered the forum.

2) Challenge the fool. The cost (impact) is that the thread may devolve into flames, causing people to disengage, possibly permanently. Overall, this has the effect of decreasing learning opportunities for these professionals, but hopefully does not leave them worse off than if they had not joined at all (though outcome #1 above is still a possibility).

Which risk is greater? It's unclear to me, and strikes me as a lose-lose situation. Perhaps there's a third option that someone could point out.

I know, I know... peanut butter and bananas are the classic snack (add raisins and you have "bumps on a log," right?). Well, I'm here to tell you that Banana Cream Muscle Milk is not a banana, and it therefore does not taste good with peanut butter. I know, because I just tried it, and am now somewhat grossed out (the stomach and tastebuds are not pleased). In case you were curious. :)

As mentioned yesterday, Google's image is starting to tarnish thanks to reports from the interview process. Now comes this article from IT World about how (courtesy Slashdot), some day, we'll likely view Apple and Google less favorably, much as has happened to Microsoft. It's an amusing read about the fickleness of consumers.

This concept seems to generalize fairly easily, too. The US is a good example, in that we were the golden child for a long time, helping out in WWI and WWII. Then, as our prevalence and dominance expanded, we became targets of our own allies, until today, as our economy stumbles (possibly taking down others with us), we're looked at as the horse's rear. Environmental policy is a good example, in that the US opposed the absurd Kyoto protocol, refusing to sign (unlike the hypocrites who have signed it, but concluded that it's too expensive to implement) on the basis of its being inadequate, ineffective, too costly, and unfair.

I find it interesting. It's so easy to hate the big leader. It's so much harder to create constructive criticism and actually initiate meaningful change.

Being sick the past few days, I've had plenty of time to lay around pondering life, the universe, and everything (42!). Well, sort of. At any rate, in my musings, I've been trying to think of a good blog topic, and the idea that has kept coming back to me is that of why I blog. I suppose that there are really only a handful of reasons why people write one of these posts on a reasonably regular basis, but I thought it might be interesting to explore my own thoughts on the matter, since writing has seemed quite natural to me.

Well, it's that time of year again: Earth Day. This will be my 2nd annual Earth Day post (last year's post is here). For this year, I thought I'd just list a bunch of random stuff that I think may be useful. Mainly, the focus, in my mind, should be in a few key areas: reduce, sustain, prepare. Let me explain what I mean.

I have a couple fun new big oil conspiracies. The first conspiracy relates to the self-fulfilling prophecy of $4/gal (and maybe $5/gal) gas prices. Sure, it's much less than they pay in Europe, but we're also not paying nearly the same amount on tax as they are. Anyway, my theory on these prices is that big oil is trying to soak us consumers for every last cent possible before Bush leaves office. What do you think? :)

Now for the fun one... Are tax rebates really designed to benefit the big oil companies? Check out the chart below. In it, I have plugged in some relatively average numbers for miles driven per week (miles/wk), average miles per gallon consumer by the average American vehicle (mpg), the gain in prices over a year ago (price delta), the tax rebate for a single person (tax rebate), the calculated additional fuel cost per month based on the price delta (extra fuel cost), and then the number of months that the tax rebate covers that just the additional cost (# mos covered).

Several friends and family suggested that we go to a consignment sale to look for baby stuff (we're expecting, if you hadn't heard). So, we got up earlier than normal this morning to hit the big annual Dani's Duds consignment sale. We had to pay $10 ($5/pp) to get in, because it was supposed to be such a big, good deal. Hanna had very high aspirations, hoping that we could find most or all of what we needed in big items (car seat / transport system, crib, changing table, rocking/gliding chair, high chair). for a couple hundred dollar or so. Or not.

There are many reasons, ranging from issues like moving to a new location in the same area counts as a "transfer" not "new service" and thus costs you big bucks for installs, or the fact that the apartment complex where I live is constantly oversubscribed (though the L1 techs love to say that DOCSIS eliminates this problem - which of course has nothing to do with the back-haul line, but anyway). What really gets me, though, are the stupid little things. Like right now, for example. My ISP blocks port 25 to everywhere but their mail relay(s). Ok, fine, I understand, they're fighting spam. But, it gets better. I just went to send an email, and low and behold, I can't send. I receive a "mail relay not allowed" error message. Hmmm. So, I call the L1 techs and ask if there is service underway. Sure enough, there is. Shocking. What is shocking is that they would either take all mail relays down at once, or in fact only have a single mail relay server. In either case, for an ISP to not have a redundant relay that all customers are forced to use is patently ridiculous, as is taking them all offline to do maintenance, rather than servicing them one at a time, thus not affecting the customer (me, in this case). I mean, seriously, build 2 boxes, take 1 down to service, return it to service, take the other one down, then bring it back up, and we're all good, right? Sheesh... it's like 1995 all over again or something...

...you think you need to launch a SYN flood against 25/TCP of a small server hanging off a home DSL line... Yes, this appears to be the cause of our email problems this week. Apparently, one of the world's biggest losers think s/he is 1337 and is thus running a SYN flood attack against SMTP. No, I don't know why, but I'd be very curious to find out. I wondered if it was retaliation for all the bounce-back spam I saw over the weekend. Of course, all the headers were forged on all the bounces that I received (which means I should not have received the bounces at all -- man do I hate improperly configured MTAs). Anyway... loser loser loser... that's what I think of the lame schmuck DoS'ing our server.

We have a baby on the way, and so it's time to get rid of my 2-door Civic. Back in April, we decided on the Ford Escape Hybrid, but found out that they were few and far between. The 2009 models became available for ordering, so we went ahead and put in an order with the local dealer (Ted Britt, Fairfax). Ours was their first order of the '09 models, and everything seemed Jim Dandy.

Fast-forward 7 weeks to today. Our vehicle is still pending pickup in the queue for assembly. No VIN has been assigned. However, 3 vehicles ordered after ours have had VINs assigned, and are theoretically being assembled. The dealer is given no more status than this. Oh, and as if this isn't bad enough, they're being told that they'll only be allocated 9 Escape Hybrids, not the 11 originally indicated, which means that our order could be arbitrarily cancelled by Ford. This makes me wonder a couple things:
1) WTF?!?!?!?!?!!?!?
2) Why would Ford not process first in, first out, as I'm told all their other plants do?
3) Do they not realize how hard they're making it to buy an American car? Especially an American hybrid with superior technology?
4) Do they not realize that this is the last year for their tax credit, meaning there's literally no incentive for reduced/controlled production?
5) Have they not noticed that Toyota is owning the market, definitively and with force, all the while charging a heck of a lot more (fully-loaded Highlander Hybrid lists around $47k to the $35-36k for a fully-loaded Escape Hybrid)?
6) Does Ford honestly think that I can be sympathetic to the plight of the American auto industry in light of the my present experience?

Clearly, I'm a little annoyed. Let this be a warning to everyone: if the car isn't already built, don't bank on it ever getting into your hands. BTW, if anybody knows anybody at Ford Corporate, I'd love to hear an explanation of why they can't figure out how to lock in and build mine. :)

Just a quick note... last week Tim Russert died suddenly... this weekend it was George Carlin... who will be next? It's an old urban legend, I know, but it makes one wonder. Both were heart-related problems, too. Interesting this thing we call living, isn't it?

Pardon my bragging, but I felt pretty good about myself as an engineer Saturday. Not only did I successfully assemble our "travel system" (baby seat and associated stroller) a few days prior, but on Saturday I assembled the crib, installed the car seat base in the car, AND... I replaced a light switch that was starting to crackle (indicating a short forming - seen that before). All told, the travel system (stroller portion) was the hardest to assemble as the instructions were essentially just pictures and there were lots of buttons and latches to locate and use properly. :)

So, as a proud father-to-be (any week now!), I feel that I'm finally contributing in a meaningful manner. w00t! :)

Here's an interesting article from the LA Times talking about the much-improved performance of the Chinese in this Summer Games. They've already bested their gold medal count from 2004, and they are far ahead of the US in the same category. The US has a 1 medal lead in the overall count, which is fine, but isn't the old saying that 2nd place is 1st loser? :) Just kidding! Don't flame me for disparaging silver and bronze medals - I think our athletes have done amazing things that we should be very proud of.

Here are my quick thoughts on the Olympics:
* Hanna has made an excellent point about China. Of course they should be performing well. What other country in the world seizes children as young as 3 and carts them off to Olympics training in a specific sport, allowing them to see their parents only once per year? How does a free country compete with that?

* China has performed surprisingly well in some unexpected areas. For instance, who would have thunk that they would beat the US #2 womens' beach volleyball team? Yao Ming aside, you don't typically think of the Chinese as being tall or jumpers.

* The US has had some disappointing performances (100m dash, womens' swimming, diving, etc.). How strange is it that the US swept the individual medals in womens' saber and then didn't get a medal in womens' team saber?

* How do we balance disappointment in key areas like Track & Field vs the outstanding performance of our athletes? Moreover, how do we balance continued frustration in areas like gymnastics where the judging system, though a little less obtuse, still seems funky. I liked Howard Wasserman's comments here suggesting that the judges should be required to disclose the rationale for every deduction.

* I'm tired of hearing about doping and age controversies. The best athlete available should be allowed to compete. If the athletes want to give themselves a perceived advantage using drugs, then fine. However, that being said, I believe that all participating countries must then agree to and enforce laws that hold coaches, trainers, and doctors legally responsible should bad things happens from performing too young or from overdoing the drugs. Hold people accountable and then you can get away from this cat-n-mouse game.

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.

Surely some revelation is at hand;
Surely the Second Coming is at hand.
The Second Coming! Hardly are those words out
When a vast image out of Spiritus Mundi
Troubles my sight: somewhere in sands of the desert
A shape with lion body and the head of a man,
A gaze blank and pitiless as the sun,
Is moving its slow thighs, while all about it
Reel shadows of the indignant desert birds.
The darkness drops again; but now I know
That twenty centuries of stony sleep
Were vexed to nightmare by a rocking cradle,
And what rough beast, its hour come round at last,
Slouches towards Bethlehem to be born?

Pulled from http://www.artofeurope.com/yeats/yea11.htm. Hat tip to Bob.

A quick poll for you, if you'll indulge me. I don't have a polling widget, so responses will have to go into comments. What are your thoughts on full vs partial RSS feeds? This site uses partial feeds that display the first few lines, but then requires you to click through to read the entire post. Please let me know what you think, because if enough people say it sux0rs then I will revert back to the full feeds. Thank you!

If you've ever heard people complain about their insurance provider, either for medical or dental or vision, but never quite understood why that might be, then I'm here to provide you an explanation.

My wife recently had a crown made and installed into her mouth. We had to pay our estimated portion at the outset - a few hundred dollars. The insurance specified that it would cover 60% of the cost of the work ("major restorative" is covered at 60% while repair is 90% - the crown was to repair a tooth cracked by an old filling). We thought the price was rather absurd, but paid it because the alternative was not particularly appealing.

Last week, then, I received a bill from my dentist's office. I call today and inquired about the additional charge. The answer? Apparently there is a cheaper type of crown (gold) that could have been installed instead of the high-quality one my wife got (high-quality one will last longer, not to mention that it won't look ducky). The insurance company (MetLife) apparently has fine print in their coverage that they will only reimburse at the cheaper rate if such an alternative exists. Thus, though the crown was already order and installed, the insurance company has said after the fact "sorry, we'll only pay for the cheaper crown, you customer get to pay the difference."

The dentist's office went on to explain that they have this problem with fillings all the time, too. They use a non-toxic filling that blends with the tooth instead of a metal amalgam that may contain mercury, which is toxic and his been found to poison people with mercury gas over time. Nonetheless, because the amalgam filling is available, the insurance companies will only reimburse at that rate and the customer is, once again, left paying the difference.

This is a perfect example of what is wrong with the insurance industry today. I'm sure you have your own stories, too.

Just a quick 90-second post on this, the American Thanksgiving holiday. Take a moment, if you will, to consider all that there is to be thankful for. If you have a job, then be thankful, even if it's the worst job in the world. If you're getting a paycheck and making the rent, then things aren't probably all that bad. If you're healthy, then be thankful, because there are millions who aren't. If you're a civilian, then be thankful for our troops. No matter what your opinion is on Iraq, et al, there is no denying the thankless service these men and women provide for our country and the world. Lastly, be thankful for the resources and freedom we have. Sure, net neutrality would be nice, as would a final solution to spam and the DNS security problems. But, for the most part, we should be very thankful that we're generally dealing with electronic attackers who are costing companies time, money, resources, but not lives. We could have it much worse. Lastly, be thankful for the freedoms we have in this country. Be thankful for the EFF and ACLU helping stand watch over those civil liberties, and be thankful that we're finally nearing the finite end of an abysmal administration.

Happy Thanksgiving!

Well, good grief, where in the world has January gone? Not that too many folks are following this blog :) but I could probably have done a better job this month. It's been a busy month, filled with travel, and I've been terribly remiss in keeping track of everything here. I'll be picking things back up again soon now that I've had a break. It will likely be February before I get everything underway due to travel, but I have a lot to catch folks up on. So, bear with me and things will come back soon! :)

From the recently departed creator of Gracie Jiu-Jitsu:

"It is only with a lot of training and dedication that we can achieve something. A brave man, a real fighter is not measured by how many times he fall, but how many times he stand up. Always be ready to fight, to win and to forgive when necessary. Good luck."
Grand Master Helio Gracie (1913 - 2009)

Apparently it's freak-out time again in the mainstream media. Last time it was peanut butter with salmonella. This time? "Swine flu" imported fresh for Mexico City (or so they claim). I'm not going to link to any of the stories, since turning on your TV will be adequate enough. I will link to one site, however. Here's the CDC Human Swine Influenza Investigation site. Please look at this page. Scroll to the "TOTAL COUNT" line and read the number with me.

(I'll pause while you look)
(seriously, take a look)

Ok, back from looking now? Absolutely terrifying, isn't it? Yes, that's right. 21 cases in all of the US at this point. 21. So, you'd better go buy a mask, throw out all your pork products (I don't think Spam counts;), and start warming up your cave of despair.

But, seriously folks, there are two thoughts I want you to carry with you through all this "excitement":

1) Bruce Schneier's rule of mainstream media states that if it's being covered in the mainstream media, then you probably don't have to worry about it, because their business is overhyping low-probability events.

2) The one truism in life today is that we will all die some day. Technology has not overcome this reality, and thus we should expect death to come knocking, whether we like it or not. Put aside fear and replace it with scientific curiosity.

This example is just one more case where we see how poor humans are at performing real-world risk assessment and analysis. Part of the problem is how emotional people get over issues related to death. However, another part of the problem is how blindly accepting the general population is of any BS spewed forth by the mainstream media. It's time to change this, one person at a time. Don't be drawn into FUD-based arguments for low-probability events that will almost certainly have little-to-no impact on your life. Coldly evaluate what you're hearing, seek out the facts (metrics!), and then make a rational decision.

Thus ends my public service announcement for the day. :)

Based on Anton's recommendation, I picked up a copy of Strengths Finder 2.0 by Tom Rath. That Anton found it interesting and useful told me that I would probably also appreciate it. My assumption has been proved correct.

Knowing one's strengths and weaknesses is very important, whether it be in competition or personal life or professional life. For me, I know that one of my weaknesses is tending to be somewhat negative, cynical, and sarcastic. This trait, when combined with my tendency toward incessant questioning, can be terribly off-putting. It also, however, can make it difficult for me to see my own strengths. As a good friend of mine has pointed out on numerous equations, life is generally pretty good, if only I'd look at it that way.

Trust. It's a fundamental precept of civilized society. Whether we like it or not, we must trust people we both know and don't know. To fail to do so would result in a complete breakdown in the fabric that is humanity. You trust the engineers who designed your car, your mechanic who worked on its engine, the engineers who designed the roads you drive, and the people around you who are in the same situation as you.

Trust. It's also a fundamental tenet of online life; one that is far more easily betrayed. If it is in human nature to trust, then so it is also in human nature to be duped by those who cannot, in fact, be trusted. In real life, we're often far more perceptive to cons than we are, or can be, online. The loss of the slightest nuances of non-verbal communication can mean the difference between simple understanding and total misunderstanding.

Through various conversations and interactions it's come to my attention that I've never really properly introduced myself. By now, if you've read this blog at all, you've probably come to realize that I'm rarely challenged for words. So, forgive this indulgence while I delve into a little bit about who am I, where I've come from, what I've been doing, and so on. In so doing, I hope to give you a glimpse of who I am without providing detailed enough answers that would allow you to bypass passwords on all of my various accounts. :)

I've been (w)racking my brain for quite a long while as to why this whole infosec thing just doesn't seem to get through to people. Why are we still having the same conversations over and over and over and over again? Einstein is famously quoted for defining this practice as insanity ("Insanity: doing the same thing over and over again and expecting different results."). Namely, we're banging our heads against the brick wall that is "business" and coming up with the same stupid answers with the same stupid results.

"You keep using that word. I do not think it means what you think it means."

Enough, please, dear kind souls. And the same for the rest of you lot. Let us all please stop using "cyber" as a prefix to anything and everything computer-related. Mmmmm-kay? Seriously...

Whoever decided that "cyber" meant computers and networks is apparently not very bright. I don't know who to blame, but blame definitely needs to be placed. According to Dictionary.com, cyber is "a combining form meaning “computer,” “computer network,” or “virtual reality,” used in the formation of compound words (cybertalk; cyberart; cyberspace) and by extension meaning “very modern” (cyberfashion)."

Continuing my line of thinking from my previous post, "Do You Need a Security Department?", I wanted to speak to this notion of having responsibility without authority. It seems to be a problem common to many security people in their respective organizations, and it perplexes me greatly.

"Just as energy is the basis of life itself, and ideas the source of innovation, so is innovation the vital spark of all human change, improvement and progress." -Ted Levitt

On the 40th anniversary of the Apollo mission landing on the moon there has been much discussion about the future of space exploration. This question goes right to the heart of a larger question about research and development, innovation, and evolution. Most of the discussion I saw today (and some over the weekend in anticipation of the event today) had a common conclusion: we could not do today what we accomplished 40 years ago. Not because the technology doesn't exist, but because we seem to have lost the competence and drive for major scientific achievement.

Quotes of Ralph Waldo Emerson courtesy Project Gutenberg, from his collected writings on Friendship. I liked the following quotes:

3. Our intellectual and active powers increase with our affection. (...)

4. What is so pleasant as these jets of affection which relume a young world for me again? What is so delicious as a just and firm encounter of two, in a thought, in a feeling? How beautiful, on their approach to this beating heart, the steps and forms of the gifted and the true! The moment we indulge our affections, the earth is metamorphosed; there is no winter, and no night; all tragedies, all ennuis vanish; all duties even; nothing fills the proceeding eternity but the forms all radiant of beloved persons. Let the soul be assured that somewhere in the universe it should rejoin its friend, and it would be content and cheerful alone for a thousand years.

5. I awoke this morning with devout thanksgiving for my friends, the old and the new. Shall I not call God, the Beautiful, who daily showeth himself so to me in his gifts? I chide society, I embrace solitude, and yet I am not so ungrateful as not to see the wise, the lovely, and the noble-minded, as from time to time they pass my gate. Who hears me, who understands me, becomes mine, - a possession for all time. Nor is nature so poor, but she gives me this joy several times, and thus we weave social threads of our own, a new web of relations; and, as many thoughts in succession substantiate themselves, we shall by-and-by stand in a new world of our own creation, and no longer strangers and pilgrims is a traditionary globe. My friends have come to me unsought. The great God gave them to me. By oldest right, by the divine affinity of virtue with itself, I find them, or rather, not I, but the Deity in me and in them, both deride and cancel the thick walls of individual character, relation, age, sex and circumstance, at which he usually connives, and now makes many one. High thanks I owe you, excellent lovers, who carry out the world for me to new and noble depths, and enlarge the meaning of all my thoughts. These are new poetry of the first Bard - poetry without stop - hymn, ode and epic, poetry still flowing, Apollo and the Muses chanting still. Will these two separate themselves from me again, or some of them? I know not, but I fear it not; for my relation to them is so pure, that we hold by simple affinity, and the Genius of my life being thus social, the same affinity will exert its energy on whomsoever is as noble as these men and women, wherever I may be.

I'm extremely ticked off tonight, partly at myself, partly at my school, and just overall in general. I've been training in Gracie Jiu-Jitsu (Brazilian JJ, generically) since October 2008 - so, less than a year, not a whole long time. I'm a white belt. Some day I would like to earn a belt of color, but for now I'm the level I should be.

So why am I upset? Well, a few reasons. First, I got hurt tonight, doing a move the wrong way, but because I didn't know any better. Second, I'm tired of guys from other martial arts coming in and not training or playing "nicely." Third, I don't feel like I'm progressing at all after a night like tonight, which makes me question why I bother. And, fourth, as per usual, I just can't keep my mouth shut sometimes and it just embarrasses the heck out of me.

We just spent a bit over 24 hours in the hospital, the kiddo having come down with a bad case of the croup (complete with stridor). The last time I was overnight in the hospital was also for this kiddo, though for slightly more joyous reasons (aka "birth"), but I digress. When one spends a night in the hospital - particularly one for which you've not planned - it puts you in a position to rely on the hospital staff and facility much more to ensure that your needs are adequately met. Here are some random thoughts from the fray of this latest experience...

btw, the care we received was very good, and so this shouldn't be seen as negative or griping, just observations of various things... the contrast between quality of care and quality of environment were, perhaps, what I found so interesting here...

I really hate dealing with tech support and customer service reps, especially on technical issues. It doesn't matter if I'm calling or sending email, inevitably someone says or does something so incredibly stupid that the entire process gets set back minutes if not hours. It can be something as simple as rigidly sticking to a troubleshooting flow chart, or as egregious as being rude and sloppy.

Recently I had two negative experiences with tech support. In the first case, I tried to tunnel a Linux-based client over SSH to an X console on my workstation as a workaround until firewall rules could be implemented, but kept getting a segmentation fault (often a sign of bad programming, not generally indicative of something with the X session itself). In the second case, a vendor tech support rep was sloppy in reading the submitted ticket, replying with troubleshooting details that didn't apply to the appliance we had, despite the pertinent information being in the very first sentence (of a 4-5 sentence email).

Help me out, folks, cuz I'm at a loss here... I think there's something seriously wrong with DIRECTV's billing system... or maybe it's billing systems? The past couple months I received summary statements by email that said I owed $0.00. This was great - free TV, who wouldn't like that? So, just to be sure, I go online, and sure enough, the online statements say that I owe $0.00.

Then I get my credit card bill (yeah yeah misconfigured payment method sue me - actually, check that, it wasn't my fault, but anyway)... I have charges for the months of Nov and Dec - the very same months where the statements said I owed $0.00. ?!?!?!?!?! So, I start digging further and I find that, yes, the statements do in fact reflect a payment made in conjunction with the billing cycle. As a matter of fact, it turns out that the reason my bills said I owed $0.00 was because they were charging me on the same day that the statements were generated, which meant that my summary would zero out even though I'd just made a payment.

In case you haven't noticed, my blogging has trailed off the last few weeks, roughly corresponding with starting a new contract. There could be any number of reasons why this has happened, but it's nothing you couldn't probably guess at. New gig, longer days, lots of work, too few hours, not enough resources, yada yada yada. You know, it's called security. ;)

Perhaps the most frustrating part for me has been trying to find time and energy to write. I keep having quick ideas, but when I finally sit down to write about them, well, things just fizzle and fall flat. Not being one to publish something that I think is complete garbage, I've simply not. I even tried to write a couple article submissions last week, but those were not particularly good. If they end up running one, fine, though I will not be sad by any means if they don't.

I recently contributed to a curriculum development project for a for-profit tech school. Having previously taught a course for the school, I had a reasonable idea about some of the challenges this type of environment contained. In many ways I think of them as the fast-food equivalent of a tech school, focused on training more than education, and really only doing the minimum necessary (despite assertions to the contrary).

One of the key skill deficiencies I noticed while teaching was in the quality of writing skills. Quite simply, these students did not generally write much of anything, and when they did write, it was usually all short-hand, lacking structure and clarity. For someone working in the industry these students hoped to join, I found this issue a bit concerning. It's not that I expect everyone to be able to write the next great American novel, but I do think it's reasonable to expect distinct clarity in professional writing and communication.

There's been a great thread (a couple actually) going this week on the security metrics list that highlights a really key concept that many people do not understand (including US President #43): the difference between education, training, and awareness. Many people and organizations seem to think that education, training, and awareness are synonymous, though nothing could be further from the truth.

There's been some chatter lately about the blog posts tailing off across the industry, possibly due to an increase in Twitter use. The decreased blogging rate is definitely evident as my daily RSS reading has dropped from about a hundred posts to 2-3 dozen. Some have questioned this effect in terms akin to pondering the collapse of learned society (which, honestly, is already upon us;). Suffice to say, I've been meaning to blog for a while, but have simply not had the time, energy, or impetus to so. That's about to change, though.

I have to admit that I don't have any background in SCADA or Smart Grid, nor have I done any research into the topic. That being said, I'd have to be blind to not notice all the references in infosec these past few years to these systems. Shoot, just in the past couple weeks Siemens SCADA network was having issues with a new 0-day of malware (related to LNK files).

Why are SCADA systems connected to the Internet? I just don't see the upside. At all. It seems like these systems were designed to be closed, and that there's not really any good reason for that status to have been changed. So, what am I missing? 10 years ago the hubris-drenched response from energy companies was that we needn't worry as their systems weren't Internet-connected. Now, it seems, we're at the other extreme, with what seems to be no appreciable improvements to infrastructure security.

As I'm sitting here in FAIR training this week in Cincinnati, I've been starting to apply rational thought to some of the staid and true "best practices" that have become cornerstones of our industry. To me, password complexity has always been somewhat ridiculous, since given enough time any captured password can be broken. This leads me to wonder, what are the common threats passwords, and how does password complexity help protect against those threats?

Sitting here thinking about it, I think there are three common scenarios against which we're developing controls:
1) Brute-forcing an authentication interface.
2) Brute-forcing a captured password hash.
3) Guessing passwords (not using automated controls).