December 31, 2010

Sniper Ghost Warrior

I bought Sniper: Ghost Warrior from Steam and have been playing it for the past two days. This game is, hands down, the most fun I have had with a PC game since Duke Nukem. There are a few things I don't like about it (unclear map boundaries/movement restriction and lack of freedom in the Story mode, and the red dots that give away EVERY player's position in online Deathmatch play, even if they haven't fired their weapon). Otherwise, I give the game a solid 8 out of 10. With some improvement, I would have no need for another FPS game ever. I don't think the game is still on sale at Steam, I picked it up for $7.50 - but even at $15, if you enjoy sniper/shooters and stealth games, you will definitely enjoy this. I'm going to need to massage these knots out of my neck now.

November 17, 2010

Chip-Resistant Corelle-ware

Ladies/Gentlemen:

I am writing you today as I nurse a wound on my right hand. You see, last night, I made the mistake of having one of your Correlle dinner plates slip from my grasp and fall 6 inches into my stainless steel sink, whereupon it shattered into what, by my count, seems to be a million pieces. Many of the pieces were quite visible, but it seems that many of them were not, and could only be detected when rubbing up against human skin and embedding itself in the epidermis, searching for (and finding) the nearest capillary to open.

Your plates are sold as 'break-resistant' and 'chip-proof'. They are quite visually attractive, and I have several sets. However, in the past year, this is the third occurrence upon which I have had the misfortune of cleaning up a shattered dinner plate.

I have, in the past, dropped a plate onto the kitchen floor (approximately 3"), which is surfaced with a double-thick linoleum with extra padding. I have dropped knives and glasses at this same height, and neither the surface nor the drink-ware suffered the same fate as my Corelle dinnerware.

It seems that in making your plates chip-proof, you have increased the likelihood that instead of merely chipping (providing an easy cleanup process of a few chips and a large plate), your product seeks to ensure there is little to no evidence, by exploding upon impact. While in the past, a few sweeps of a broom and a vacuum have been able to clean up the mess, it was all the more interesting last night, since I did not drop the plate onto the kitchen floor.

I dropped it (again, about 6-8 inches) into my stainless steel sink....with the garbage disposal.

Now, I don't know what you know about garbage disposals, but I will tell you that they are not made for rapid or simple disassembly. No, they are made for chopping and grinding and staying in place. And if you get something stuck in a disposal, it can be QUITE a chore to remove it as you shove your hand down the hole meant for water and waste and attempt to fish out what you've dropped. It's that, or call a rather expensive plumber.

So I was quite upset when, rather than having to fish out 2 or 3 chips from a cracked plate, I found myself fishing out slivers of Corelle dinner plate, sized anywhere between a vein-slicing 1/2" x 4" curved-blade piece to curse-inducing micrometer sized ceramic slivers.

Despite all the care in the world, I came away with wounds I didn't realize I had until they began bleeding.

Thankfully, I did not slice anything vital, and with the help of a very trustworthy Dyson I was able to clear out the disposal adequately once I had removed the larger slices.

However, I am not sure if you've changed the formula of your plates in the past year and a half, but this most recent batch seems VERY MUCH LESS 'break-resistant' than I was led to believe or have experienced in the past.

Although, I gotta hand it to you - they really are chip-resistant....they NEVER chip....ever...I wonder if you could also maybe make them 'EXPLOSION'-resistant?

October 05, 2010

How Amazon killed music

Some time ago, Amazon purchased a controlling interest in a website known as AmieStreet. I'm not providing a link to Amie Street because Amazon shut down the service last month. In doing so, they killed off the only place on the Internet that many artists had their music available to the public. Several artists, such as Pink Stilletos and Tim McQueen no longer have a place for their music to be published and played.

While Amazon certainly has a profit motive for shutting down the website (which was probably losing money), it helps the music industry continue their power on deciding what music we listen to. Through Amie Street, I had found several bands worth listening to, and thankfully have had the opportunity to download their music. Unfortunately, others won't be able to discover these same artists and share their music with me. The Internet is supposed to be a great equalizer, but it seems that it is still part of the same game that stifles independents. Those with money and power continue to decide what is worth listening to and who will get display time on your screen. Independents without the savvy to use the Internet or the money to invest to get their voice heard have just lost a major opportunity to be discovered.

And that just sucks.

September 01, 2010

The Effects of Doing

The human mind is an amazing computer. It has adapted to learn things through a myriad of inputs. You can read something and learn about it, you can hear someone talk about something and learn important facts and aspects of it, you can watch someone do something and learn the machinations of how to perform. But if you want to get good at something, you just have to DO it.

I read. In fact, I read A LOT. When I was growing up, I used to read fiction. But as my interests matured, I have switched mostly to technical references and news sources. I read about a lot of new technology, and I like to think that I have learned about these things that I have read about. I have a cursory knowledge in a very wide swath of subjects, both technical and non-technical. I like to think of myself as an intellect, although my capacity leaves me somewhere in the area of the second standard deviation. I've never been able to pull off the Mensa scores, but I've gotten close enough to taste it (I took the ACT when I was older just to try to earn my way in - imagine taking the SAT/ACT by choice - I'm a lunatic), and I enjoy hanging out with people smarter than me.

So you think I would have learned a great deal through all of this reading. Yes....and no. I've certainly picked up a lot of knowledge through all of it. I've picked up others opinions and enough facts to try to make a decision as to where I stand on some issues. I've picked up some 'architectural' knowledge of how things fit together (constructing world view). But of all the things I tell people I've learned in the past few years, each one was something I didn't so much read about as something I learned by doing.

I asked myself this question: What have you learned (over some period of time)? Well, I've learned to juggle. Yes, at first I read a booklet (Thank you Klutz(c)). But I learned to juggle by doing it over and over and over. Through hundreds of failures I found success. I've learned to play the piano. With all of the missed notes, and the inordinate patience of my family that has listened to me practice for hours, I can passably play the piano. I've learned Pi to the 133rd digit (what has kind of spurred this post). I've learned to play chess well enough to beat just about any non-chess-player. I've learned some technical things as well, but that's my job, after all. All of those things I feel I've learned have not been through reading and understanding - all of them have really been learned by practicing, repetition, embedding these things into my muscle memory...like riding a bike.

I think this gets back to the question: What is meant to know something? When you KNOW something, you can just do it. Your mind gets out of the way of your ability to perform, and you enter a new level of constant change (and improvement) that is done subconsciously.

Not sure why any of this matters - just a random thought that crossed my mind and I felt like writing it down. So my new motto is 'Just Do It' - thanks, Nike.

August 12, 2010




#1  
Questions Answered
Articles Written
Overall Points



July 20, 2010

Restrictive Password Rules Are Bad, mmmmk?

There are all kinds of things that a discussion of password security could go into, for example:

  • Why passwords need to be stored properly on the data system
  • How does a mixture of password implementation policies protect the system from account hacks?
  • The risks of rainbow tables and cloud computing
None of those topics are the topic of this discussion, but they are all integral to the security of your password authentication system.  Never mind that secondary authentication via tokens or biometrics are really the way to go if you want system security.  Lots of enterprises and most Internet services are still stuck in the userid/password authentication age.  In order to understand the topic that I'd like to discuss, it is important that all of the above

  • Why restricting your users to seemingly arbitrary or complex rules actually lessens the strength of your password system.
The prevailing argument is that users will not create complex passwords unless they are forced to do so.  Because of this, users must be forced to create passwords that will not fall prey to 'dictionary' attacks against the account.  And this argument has some merit.  After all, even with the proper policies in place, if the user selects a password of 'password', their account will fall prey to someone trying to break in.

However, some have taken the step of implementing password rules to a level that it is actually damaging to their password system, and they may not realize it.  After all, the password 'password' may no longer be the first most used password on their system because it isn't allowed, but the password "1234qwer!@#$QWER" is probably at the top of any good hackers list, and is allowed by even the most restrictive of password rule systems.  Just because this second data string doesn't make sense to us doesn't give it any magical properties of being more secure than the 'password' password.  Nay, for a computer, the second password has more patterns in it that the first ever did.

Recognizing a bad password is not something that is easily understood (although it's not an impossible task for an AI engine), but what the system administrator needs to know is that their password rules need to be in  place that will make it as unlikely as possible that the user would create such an easily guessed monstrosity, and that the password the user creates will be both secure and easy to remember.  This means both having restrictions (to ensure that single words and '123456789' are not used as passwords), and having reasonable and easy to meet restrictions that the user will be able to come up with a good password when asked.  Once the restrictions get too tight, the user is going to logically process the rules into a pattern because they cannot easily come up with something that meets the restrictions.

Another problem is restricting the size of a password field is something that should never be done.  Limiting a user to only 8, 10, 12, 14 characters is entirely arbitrary, and speaks to improperly implemented password storage systems.  If you have a maximum limitation on your password, it screams to the world that you are storing the password either in clear-text in a data system, or something that any hobbyist cryptographer could crack open (rot13?  XOR data field?).  If you properly implement password storage as one-way salted hashes in your system then it won't matter how long the user password entry is.  You should give them more than enough room to enter any reasonable string - arbitrarily, say 256 characters, so you can size the field and protect from buffer overflows, but you get the idea.

What about complexity requirements?  They need to be simple to understand, and should be free of 'systemic' requirements.  You should not forbid the use of any valid entry character.  This may mean even allowing the entry of such no-no's as ',@ and " - if you don't accept these characters, you're again telling the world that you're doing something with the password you shouldn't be doing, like storing them in a database.  Complexity should be simple to follow and easy to come up with something useful...perhaps a restriction to use at least one character from each of the sets:   UPPERCASE-LETTERS, LOWERCASE-LETTERS, SPECIAL-CHARACTERS, NUMBERS.  This is easy enough to follow just by using natural passwords like I*Hate%Passwords.

The more restrictive your rules, the more likely your users are to rebel by using something systematic (QWERTY12345qwerty!@#$%).  If you frustrate your users, they'll just be looking for a way to get around your 'stupid rules' rather than be a partner in protecting their information.  You'd much rather get someone to be inventive (like: Rosemary'sBaby1997).  This password may seem simple to you and me, but it's because our minds are tuned to pick up and categorize the symbols in the password.  For someone who doesn't know the password, it's going to take a LOT of guessing to get that password from the system.

And if you're properly hashing, salting and securing your password (shadow) file - a dictionary attack is going to have a hard time guessing that password at 3 allowable guesses per hour (between lockout).

Less focus should be spent on protecting yourself from system administrator staff who may have access to the secure password hashes and salt.  If they want to get into your system, they have much more direct ways to impersonate users than pulling down that data and running computations against it.  Instead, the focus on password security needs to be:

  • Implement proper password storage and validation
  • Partner with the user - don't piss them off
  • Implement password and account policies that don't enable hackers to use your own CPU power to attack your accounts. (Account locking after so many guesses, only allow single sessions when feasible - session timeouts, disable session re-use, etc...)
  • Log and monitor logs for suspicious activity
  • Warn users when their accounts have been used (and ask them to validate the usage)

July 08, 2010

Dropping Data into the Cloud

Yesterday I signed up for DropBox, a personal cloud storage folder that stores and synchronizes a folder across any machine that I install the software and login to my account with on the web. It's sort of like a flash drive that I don't have to carry with me, and they start you off with 2.25GB of storage. You can earn up to 8GB of free storage (if you tell other people about the service and they sign up through your referral link).

A short word on a security standpoint. DropBox makes a claim to encrypt your data, but the software that you would use to encrypt your data is theirs, so trusting it to actually secure your data would need to be earned. Their encryption claim states that your password is the only way to decrypt your data. You'll be storing your password in the client you use to access the information, though, so if someone steals one of your devices with a client, you're going to lose the security of the account until you change it. Using cloud storage for your information is entrusting your data to complete strangers. If you decide to use the dropbox service, you need to understand that it is completely likely and eventually probable that at some point in time, your information (that you've placed in your dropbox) will be made available to someone else. It could be an internal break-in from a DropBox employee, but even more likely it will be a weakness in the DropBox system that exposes your data.

So, what good is cloud storage? It's good for storing semi-public information. For example, I use it to store several copies of my resume that I need to be able to access just about anywhere. I've also put some pictures in the dropbox to share with a friend. If you treat the storage container as if it were a public lockbox and the lock is no more secure than a gym locker padlock, then you'll be able to keep the right frame of mind on the service. Be careful out there.

EDITED: DropBox claims to encrypt your data, with a key protected by your userid/password. Remember that the security of an encryption algorithm is only as secure as its implementation and the security of the encryption key. If your userid/password can get the decryption key, then the security of that information is how strong the encryption is. There is no mention as to how that information is protected at DropBox.Com.

May 22, 2010

I do not know these people

Back in 2008, I supported a Republican primary candidate by the name of Ron Paul. Unfortunately, Mr. Paul did not win the Republican party primary and instead, Sarah Palin and some old guy ran in his place, losing the election because the electorate realized that they were all more qualified to be vice president than the ditzy running mate they were given the choice of voting for. I imagine that the Republican party lost the election singly because of their choice of Sarah Palin for Vice President.

Now, Sarah is back, and she's touring the country speaking at rallies that use the term 'tea party'. Much of the rhetoric of this new tea party is not libertarian in nature. A lot of it is based on fear-mongering and hatred, and I just wanted to come out here today to tell you that I do not know these people. I do not wish to associate with these people.

Every time I hear a talking head on TV say the word 'teabagging', I can't help but giggle inside because I know what it means (and it has nothing to do with politics, I assure you).

The idiocracy is here, my friends. Do not embrace it. Do not merely be embarrassed and disgusted by it. Shore up your survival skills, because the world, it is going to hell in a hand-basket and it appears we cannot stop it with reason and logic.

May 02, 2010

FiOS Closed Captioning

Do you have FiOS? Do you like Closed Captioning? The default CC style on our FiOS box was annoying - black bordered - too big font, ugly font. And going into the FiOS Settings didn't help, because it doesn't allow you to set the style, like my cable box did. After some searching online, I found that there is a 'secret' menu on the FiOS box. To access it, press STB, and then get ready to press the following quickly, in order - Power, OK, Menu. With a little luck, you wait about 3-5 seconds and a black text on white background menu pops up, where you can change the CC font, background, color options. Make sure to change the CC Options to User while you're here. When you're done, just press the Menu button again.

The small font still isn't small enough for my big screen TV, but at least the annoying black background is off of the letters.

March 30, 2010

PhotoRescue Data Recovery

Ok, this is going to sound like an ad....but it's not...It's advice:

This software:PhotoRescue just saved my bacon. I was downloading images from my camera card using Picasa, and something went wrong/funny. I had 497 photos, but I only got 380 or so photos, but it erased them all from the card anyway, as if it were done downloading. The missing photos included some family vacation photos, and I was understandably pissed off. I tried several packages to recover lost files, but each one ended up recovering corrupt jpg files, and I even tried jpg restoration software, which showed me the recovered files weren't even the right ones, much less complete images.

PhotoRescue worked - and by worked, I mean, it recovered the files, the CORRECT files, and they were images - the images I expected them to be, and it worked beautifully, giving me images to select from as to what I wanted restored (so I didn't have to restore the movie files and 380 photos I already had downloaded). The software was $29, a price I was glad to pay once I saw that the software did what I needed it to do. After trying about 5 or 6 other packages, I was happy to finally have something that worked.

March 23, 2010

Trying out Windows Live Writer

I’m trying out a third-party blog post composition software called Windows Live Writer – I want to see how it does, whether it posts accurately, how the plug-ins work, like this sample photo attachment (my breakfast on a flight to Dallas).  IMG_0147

The options for word-wrapping and tilting the photo are interesting, but I want to see how they translate to the actual page.    I don’t like that they’re not using CSS to tilt, but instead recreating the image, so that it’s rectangular.  It doesn’t allow the text to tightly wrap around the image like I would expect or want.  Of course, beggars can’t be choosers, and this is a free tool. Interestingly, Windows Live Writer did not pick up the last blog post in my blog when it imported them.  Now that I’ve edited this post and re-published it, let’s see if those changes are implemented.

 

March 06, 2010

What would happen if you quit today?

This question occured to me the other day as part of a moment of self-reflection/analysis. It turns out that it's a very good question for self-criticism and thinking about yourself in terms of your career, both as far as options go and trying to understand how others see you.
To perform this exercise, imagine that you walked into your bosses office and handed him a letter of resignation. Don't even think about WHY you would do this, especially during a recession - just imagine it says "Effective immediately, I resign my position. Signed, You"

What would your bosses first reaction be? Try to be as truthful as possible with yourself. Now, if that honest answer doesn't include your boss asking what he can do to change your mind, you've got a problem..whether the problem is with you or your company's situation. See, if you're not someone he needs to try to keep, what's to stop him from getting rid of you all by himself.

If your honest evaluation is that he would try to keep you, then ask yourself why and go from there.

Each of us who are employees have a duty to bring value to the company we work for, and not just be some form of replaceable labor. Your value can come from anything, whether it be your personality, your dedication, your knowledge, your leadership, etc.... But note that it has to come from you, not the job you do. If you don't bring unique STUFF to your job, you can be replaced, and that's not a position you want to be in with your employer when times get rough.

I'd go so far to say that probably half of us are in this boat. A self-evaluation will help you think about and understand where you stand. If you were your boss, why would you keep you? If you wouldn't, what can you do to improve your position?

It's too easy to show up for work every day with the attitude that you just need to get through just one more week until Friday. Instead, you should be thinking about how you can bring new value to your company this week. If you attack your career in such a way, then success is all but guaranteed, for you and your employer (which cycles right back to you). As you improve others, you improve yourself, and others can tell the difference between those who are constantly adding value and those who just survive.

And as a last point...they won't tell you which they think of you until that moment that you resign or they have to lay you off. Don't let yourself be surprised - self-evaluate now.

February 19, 2010

What did he just say?!!! Assassination?!?!?!

Did Dr. Ron Paul just say that the government said they believe they have the right to assassinate American citizens who may be a threat to the Federal Government?

Where the hell did he get that from? Who said they believe they have that right? Where is this coming from? Why aren't more people pissed off about that?

Food for Thought (Structured approach to the purpose of governance)

Hypothesis: The power of law is the power of armed control. Through law we, as a collective, decide under penalty of armed punishment, what actions for which we will use our collective armament and power to punish individuals or other ordered and targetable collectives. My hypothesis is that this power of law should not be used to regulate morality.

Second Hypothesis: Law, when properly implemented, should not impede upon the free will (which God himself has granted man) of the individual or the democratic will of targetable collectives.

Third Hypothesis: The purpose of law is to protect individuals and collectives from the individual application of force in violation of either of the first two premises. As such, the application of collective force should only be used to deter and prevent others from using force to prevent a part of that collective from going about their own business and exercising their own free will.

To be expounded upon at such time that I actually have time to discuss.

February 06, 2010

New Host

Ok - rehosting the blog with BlogSpot underneath - this should be interesting...everything will likely be messed up - let's see how this post goes...

See you on the other side

I'm going to attempt to convert my Blog over the next 2 days - it's going to be a challenge, I have to rework how everything operates, but I'll probably end up with a nicer looking blog in the end because I have to re-do the template.

If this works, my pages will be going from .asp to .htm.

I'll have less control over the information I log, but I'll also have a redirect to my old programmed content on something like custom.richgautier.com - I haven't worked out the details yet...

So....see you on the other side....

February 03, 2010

Dear Google - Thanks A Lot For Leaving Me High and Dry

Dear Google:

I have used Blogger for 11+ years as the text content engine to my website. I used Blogger before Google owned Blogger, and the original product was so much better than what you have turned it into.

Blogger was originally designed as a content management tool, not just for vanilla blogs, but for people who needed a way to manage all kinds of published content.

I would have happily paid for such a service over the years, but you never asked for anything other than a link advertising Blogger at the bottom of my pages. At no time did you tell me that supporting a basic functionality of the Internet - FTP - was costing you more money than you made back from me.

All of my pages are indexed at Google, with .asp extensions - with a PageRank befitting my little piece of the web. Your replacement product will no longer support my website, its design and structure, or my purposes. Even if I migrate my content, all of my links will be changed, and I will no longer be able to customize my content programatically.

You've also given me less than two months to migrate to new tools, effectively freezing my content until I find a new content management tool.

Thank you so much for caring so much about your customers, especially those who have been with you since the beginning.

If you should happen to run into the fun guys who originally made Blogger, could you ask them kindly to come back and re-deploy their original product, maybe under a new umbrella? I could really use a customizable content management system right about now.

February 02, 2010

Blogger.com – No Longer Support of FTP Publishing in Blogger after March 26 – Webmove – Mashable Web Blog

Well, it's been a good 10 year run - but I'm about to have to switch my Blogging site to some new configuration. Blogger.com – No Longer Support of FTP Publishing in Blogger after March 26 – Webmove – Mashable Web Blog What really sucks is that I use a custom ASP web site that won't be supported by their option. I'm going to have to switch over from Blogger to an on-site blogging system, which means lots of development effort on my part - and I have about a month and a half to do it.

February 01, 2010

January 02, 2010

Kindle Part II - Why I'm still a luddite

This morning I was walking my dog, and in his haste to find a comfortable place to do what he does on walks, he yanked the leash to its end. This would have been all well and good on any other day, but on this day, I had decided to do some multi-tasking, reading my Kindle on the walk.
My poor Kindle 1 leaped from my grasp and tumbled two full twists before hitting the cement walkway. As I yelled profanities at the dog, I knelt down and cradled the pieces of my poor abused electronic book and slid the back onto the unit, cradling it back into the (haha!) protective leather case.

Damaged..the screen connections were damaged. My poor e-book had taken a hit to the top-left corner of the screen, and it had ripped apart the e-ink screen connectors, so there were now lines running both across and down the left and top of my display. Sadness, pure sadness, ran through my soul. This is an expensive book. I had paid a good chunk of change for this unit some time ago. Sure I had received $80 cash back from Bing, but I bought the unit right before the 2nd gen Kindle arrived, so I still ended up paying more than the current full price.

After looking on the web for suggestions, I tried the reset button (no dice), and eventually called Kindle Customer Service at Amazon. Upon calling Amazon at first I received a call center with a heavily accented customer service rep. My hopes were almost dashed at being understood, when he passed me on to 'Kindle Customer Support', which appeared to be staffed by understanding and caring English-speaking folk. They understood what had happened and at first promised to take care of me.

That is, until I got to the second representative. He identified that the unit was out of warranty, and I told him that I knew that and would be willing to pay for repairs, and THIS is where I decided to not replace my Kindle with another Kindle.

It can't be repaired. They don't repair the units. Not even the units that are in fine working order except for the screen. They only replace them. And they only replace them with newer units. WHAT!?!?!??!!?! No, no, no! The Kindle 1 has a replaceable battery and takes memory cards that allow me to separate my library, and store much more material. The Kindle 2 buttons aren't as good as the Kindle 1. Yet, the rep categorized the Kindle 2 as an upgrade. Some upgrade! And I'd be paying for a new unit that I liked less? What kind of a deal is that?

Now, back to the luddite comment. If I had dropped the book I was reading (a 19th century text on 'How to Live on 24 Hours a Day'), it wouldn't have dented and become unreadable. It may have become unbound, being more than 100 years old, but I'd have been able to see the top lines of the text when I gathered the sheets from the ground. Perhaps one page may have torn, nay two, but not each and every page of that book and every other book in my library safe at home. It is things like these that make me pine for the old ways, assuring me, over and over, that the new ways are not always better, and in some ways worse.

My poor Kindle. Someone tell Jeff Bezos that his 'upgraded' Kindle isn't getting my vote. I'll use my poor Kindle 1 until the day I can't read the screen at all (which may be soon if I drop it again), but I'll be damned if I replace it at full cost with a unit that takes more capabilities away from me. The fact that a manufacturer no longer supports equipment for repair at less than 2 years after you buy it is disappointing and goes to show just what kind of throw-away consumer society we've become. I am sorely disappointed in Amazon's inability to support their product, but they're certainly not the only ones. I'd pay extra at this point for something with a 10-year warranty (not that dropping should be a covered event). Maybe I'll go out into my garage and hug my Stanley and Craftsman tools.