Those of you who know me know that since the end of July, I have been working out, going to the gym on an almost daily basis (6 times a week most weeks) and have been burning down some serious calories. However, most of the people that I know don't see me very often, if at all. I'd like to make the change a little more real to them. I have lost 5 inches on my waist. I have lost close to 30 pounds. My body shape has turned upside down from a beer bellied old man to a triangle-shaped middle-aged guy. I was just looking in the mirror, and I am having a hard time getting over myself.
For those of you who don't know me - this is a big deal. I haven't been under 200 pounds since 17 years ago. I intend to tip the scale at under 200 this week. How did I do it? I'll tell you my secret. No, it's not acai berries. No, it's not Scardsdale, Atkins or South Beach. It was just that I DECIDED TO DO IT. I COMMITTED TO IT AND I STUCK WITH IT. You can do it too. A good buddy of mine told me that there's three ways to lose weight - eat less, move more or both. Am I eating less? Yes - but not how you'd think. I've had three slices of pumpkin pie this week. I've snacked on M&Ms. In fact, I am eating less, but only because I'm paying attention to what I'm putting in my mouth. I don't sit and idly eat a canister of cashews while I'm at work. I've replaced mindless snacking with conscious eating. When I eat, I pay attention to what I'm doing.
Am I moving more? You betcha - I joined a gym, and I track my workouts and my calories burned on the treadmill. I burn down about 20 ice-cream sundaes a month according to my logs. 30 minutes a day of cardio, and then another 30 or more of weight lifting.
If you REALLY want to lose weight - here's a free diet plan for you. EAT LESS, MOVE MORE - 3500 calories per pound - the math isn't that hard, and the first 10 pounds are easy as hell. Drink lots of water...and enjoy a new you.
November 14, 2009
November 11, 2009
More About the Crime and Punishment Museum
They had two police simulators there - one was a driving simulator where you get to pull someone over, and end up crashing your patrol cruiser into their car instead. Making turns at high speeds, it's easy to get out of control. The simulator gives you this wierd feeling of vertigo as it has three big screens, and when you brake, the screen dips with the slowing of the car, so you feel like you're moving, but your inner ear is saying 'what the hell?' the whole time.
The other simulator was more interesting. It was a simulator of a police tactical raid on a residence, where you're part of a tactical team and you need to watch out for the bad guy with the weapon trained on you, and take them out. As the raid proceeds on this wall-sized projection, your body starts to believe the simulation. The lighting is just right and the camera movement is very natural as you get into the move and clear rhythm of the tactical team. As I held the pistol out, I could physically feel my body beginning to pump out extra adrenaline. It was a very tense minute or two until the ending, when my wife and I took out the bad guy at the end. Both of us tagged the bad guy with a double-tap, but I guess I squeezed off a third round that I missed with. I honestly don't remember pulling that trigger a third time - the adrenaline was definitely messing with my perceptions.
The other simulator was more interesting. It was a simulator of a police tactical raid on a residence, where you're part of a tactical team and you need to watch out for the bad guy with the weapon trained on you, and take them out. As the raid proceeds on this wall-sized projection, your body starts to believe the simulation. The lighting is just right and the camera movement is very natural as you get into the move and clear rhythm of the tactical team. As I held the pistol out, I could physically feel my body beginning to pump out extra adrenaline. It was a very tense minute or two until the ending, when my wife and I took out the bad guy at the end. Both of us tagged the bad guy with a double-tap, but I guess I squeezed off a third round that I missed with. I honestly don't remember pulling that trigger a third time - the adrenaline was definitely messing with my perceptions.
Crime and Punishment
My wife and I went to the Crime and Punishment museum in Washington, DC today. I had seen the museum ad on the back of a bus in the city, and it's been bugging me to go there. I wanted to see the forensics exhibits at the museum and the visit turned out to be educational. They had an exhibit discussing reality vs. TV in forensics, which I thought was pretty cool because I know that Hollywood is always fucking up the computer field when they dramatize it for TV. It was nice to know that my career field isn't the only one with its mouth agape staring at the TV thinking 'What the HELL are they doing?' while watching NCIS or Law and Order.
I probably shouldn't rag on NCIS. They try to get the tech right, but it's definitely dramatized for the viewer. Other shows are much worse, and movies are just outrageous. It turns out that forensics is a very sensitive science and that evidence examination isn't quite as expedient as they would lead you to believe. DNA testing, for example, can take days just for a preliminary match and even longer to be sure.
Afterwards, we hit up the District Chophouse and Brewery which is next door to the museum. The calamari appetizer was a meal in and of itself. I had a sirloin tips salad that was probably healthier for me, but ended up eating almost half of my wife's calamari to help her with it...yum. They have the brew vats upstairs, but I didn't take the time to go check out the brewery as we had to get back home.
All in all, it was nice having a day off work to go into town. I find that we're doing more things together without the child. I hope this is a good, slow adjustment back into life together as a couple as he grows wings and leaves the nest over the next few years.
I probably shouldn't rag on NCIS. They try to get the tech right, but it's definitely dramatized for the viewer. Other shows are much worse, and movies are just outrageous. It turns out that forensics is a very sensitive science and that evidence examination isn't quite as expedient as they would lead you to believe. DNA testing, for example, can take days just for a preliminary match and even longer to be sure.
Afterwards, we hit up the District Chophouse and Brewery which is next door to the museum. The calamari appetizer was a meal in and of itself. I had a sirloin tips salad that was probably healthier for me, but ended up eating almost half of my wife's calamari to help her with it...yum. They have the brew vats upstairs, but I didn't take the time to go check out the brewery as we had to get back home.
All in all, it was nice having a day off work to go into town. I find that we're doing more things together without the child. I hope this is a good, slow adjustment back into life together as a couple as he grows wings and leaves the nest over the next few years.
November 10, 2009
Why PowerPoint sucks
Well, maybe it's not the software product itself. In fact, for presentation software it's pretty good at what it does. The problem is how people use it. I had some introductory briefings today, and there was some serious PowerPoint abuse going on. Let's go with my two favorite pet peeves for Powerpointers.
First is the guy who shows PPT slides and then proceeds to read them to the audience, word for word. The whole speech, I'm thinking to myself that it'd be a hell of a lot faster if he just flipped up the slides and said, "Here, read this", the gave us a minute. In fact, I'd have been much happier, since I appear to have better reading skills than him. As he mispronounced half of his slides, I got the impression he was giving someone else's briefing. The was no expansion of the ideas on the slides...none. Why waste my time with 30 minutes of this? I was so distracted, I can't remember what his brief was about...something about how to report sexual assault incidents.
This brings about pet peeve #2. Several of the slides in the many briefs today presented important information..phone numbers, hyperlinks, pin codes. But the slides weren't handouts. Why would you present information-rich vital data in presentation form on screen without handing the info out? For important take-aways, like the question list for bomb threats, there should be a handout - maybe a 3x5 card..not an onscreen slide. Even if I am taking notes, copying your slide is going to slow down your briefing.
PowerPoint presentations should be a tool in a presenters toolkit that helps cement concepts in the audience's mind. The briefing belongs on your notecards, not on the screen. If you have no audio-visual aids that add to or punctuate your talk, turn off the projector and engage your audience...like the last briefer in today's set...no slides, just engaging talk.
First is the guy who shows PPT slides and then proceeds to read them to the audience, word for word. The whole speech, I'm thinking to myself that it'd be a hell of a lot faster if he just flipped up the slides and said, "Here, read this", the gave us a minute. In fact, I'd have been much happier, since I appear to have better reading skills than him. As he mispronounced half of his slides, I got the impression he was giving someone else's briefing. The was no expansion of the ideas on the slides...none. Why waste my time with 30 minutes of this? I was so distracted, I can't remember what his brief was about...something about how to report sexual assault incidents.
This brings about pet peeve #2. Several of the slides in the many briefs today presented important information..phone numbers, hyperlinks, pin codes. But the slides weren't handouts. Why would you present information-rich vital data in presentation form on screen without handing the info out? For important take-aways, like the question list for bomb threats, there should be a handout - maybe a 3x5 card..not an onscreen slide. Even if I am taking notes, copying your slide is going to slow down your briefing.
PowerPoint presentations should be a tool in a presenters toolkit that helps cement concepts in the audience's mind. The briefing belongs on your notecards, not on the screen. If you have no audio-visual aids that add to or punctuate your talk, turn off the projector and engage your audience...like the last briefer in today's set...no slides, just engaging talk.
All day orientation
It's going to be a long day at work today. I have an all day Orientation briefing. With the sleep debt built up from Sunday, I'm going to have a hard time staying awake. It might take some caffeine, or even standing in the back of the room. I'm not sure of the benefits of 4 hour briefings to cover material that has already been learned though being on the job. Different people learn in different ways, and long meetings just chew up productive time to attempt to teach at a slow pace. I much prefer high-speed information delivery at a pace I can control, like CBTs. The only use for in-person training is when we have a two-way street with the instructor.
November 09, 2009
Commuting Sucks
Did I mention that commuting sucks? I leave the house and get to work an hour and a half later. Part of my commute is on the metro which, while cleaner than some other cities, is sometimes a pretty smelly endeavour. Most of the time is spent on the train, but I still 'slug' a ride into the city as an HOV extra. This has saved me a good deal of gas money, and makes the commute shorter than it could be. Still, 3 hours of my life just to get to/from work. I've had to cut down on my gym workout just to fit it into my day. And commuting isn't just time, it's boring. If it was at least just one mode of transport, I could sleep..but that's a bad idea when you could miss your stop.
Of course, I've plenty to fill the time with. This blog post is a good example, written on the third leg of today's journey, and posted to my blog via email once we get to a cell coverage metro stop. I also have my CISSP credits to catch up on. At this rate, I'll be ahead of the curve for next year.
Of course, I've plenty to fill the time with. This blog post is a good example, written on the third leg of today's journey, and posted to my blog via email once we get to a cell coverage metro stop. I also have my CISSP credits to catch up on. At this rate, I'll be ahead of the curve for next year.
November 08, 2009
Worked on Sunday
It's been a while since I did a weekend system maintenance thing - It's interesting working technical stuff again - I had prepared a script and some patches for a VMWare patch set (VMWare ESX 3.5) to run this weekend, and put them in the /tmp directory on the host. So, I logged in to run the script and 'WTF!!!', the patches and my script were gone....who would have deleted my stuff? I questioned the two suspects that I work with ("Little Red" and "Mr. Laid Back"), but neither of them were the culprit. I had to go and download the patches again and go through and make sure I installed them in the right order (only to mess up the file names while I was doing that, which Red caught for me).
Later I went online and found this post [cached from Google]. For all the things that we know, there is so much in IT that we don't, and it's the details that will get you. Not a big deal this time - just some added time but I'll be changing where I put that script in the future.
Later I went online and found this post [cached from Google]. For all the things that we know, there is so much in IT that we don't, and it's the details that will get you. Not a big deal this time - just some added time but I'll be changing where I put that script in the future.
November 07, 2009
Firing Line
Went to the range today..It was fun teaching my wife and son to shoot. We fired a rental pistol, .22 caliber - just to get familiar with the weapon and the feel of firing a pistol. I'm not bad with a rifle, and this weapon is not much different. The pistol sights were badly off. I had fairly good grouping, even out at 20 yards, but the left-right sight adjustment needed to be tuned, A LOT! Rather than adjust it, we lived with it and just aimed left, but at 20 yards, I was aiming completely off-target just to hit the center of mass.
I also shake badly. With a pistol, and firing at the range, I'm not familiar with more stable positions, so we were firing double-arms up, cross-body or straight on. The shake made it nigh impossible for me to have any kind of sight alignment. :wiggle:wiggle:wiggle:
But, we had fun. I shot off probably 150 rounds today and my wife and son about 50 and 100 each. I took them each separately to keep my sanity. It's nice that the range is so close by.
I also shake badly. With a pistol, and firing at the range, I'm not familiar with more stable positions, so we were firing double-arms up, cross-body or straight on. The shake made it nigh impossible for me to have any kind of sight alignment. :wiggle:wiggle:wiggle:
But, we had fun. I shot off probably 150 rounds today and my wife and son about 50 and 100 each. I took them each separately to keep my sanity. It's nice that the range is so close by.
September 25, 2009
4 NAND Gate design of an XOR Gate
I bought a few books lately on Amazon - one of them is The Elements of Computing Systems: Building a Modern Computer from First Principles - at the end of Chapter 1 it asks you to design all the gates you're going to use starting with primitive NAND gates (but you can use gates you've already designed). I started reading the book because I wanted to more deeply understand assembly language, which I'm trying to pick up again.
In designing the gates, I think I'm taking the wrong approaches, because my designs are not as minimalist as they could be first out of the box. When I designed my OR gate, my first design used 3 NOT gates (basically one NAND gate with the inputs tied to one pin) and an AND gate (2 NAND gates). That design, when I drew it out - it was immediately obvious that I had two redundant NOT gates (as the AND gate ends with a NOT gate), showing me that the correct design is 3 NAND gates for OR.
The doubts are starting to creep in - my first attempt at XOR design came up with a non-symmetrical drawing of 6 NAND gates (based on the logic of using one OR and one NAND and ANDing the result). Looking on the web, though, 4 NAND gates are needed, not 6, and looking at my design, I still can't SEE the redundancy. I'm hoping that something will click and I'll keep staring the problem down until I really GROK where that redundancy is...perhaps I'll go redraw my original circuit symmetrically and that will help.
In designing the gates, I think I'm taking the wrong approaches, because my designs are not as minimalist as they could be first out of the box. When I designed my OR gate, my first design used 3 NOT gates (basically one NAND gate with the inputs tied to one pin) and an AND gate (2 NAND gates). That design, when I drew it out - it was immediately obvious that I had two redundant NOT gates (as the AND gate ends with a NOT gate), showing me that the correct design is 3 NAND gates for OR.
The doubts are starting to creep in - my first attempt at XOR design came up with a non-symmetrical drawing of 6 NAND gates (based on the logic of using one OR and one NAND and ANDing the result). Looking on the web, though, 4 NAND gates are needed, not 6, and looking at my design, I still can't SEE the redundancy. I'm hoping that something will click and I'll keep staring the problem down until I really GROK where that redundancy is...perhaps I'll go redraw my original circuit symmetrically and that will help.
September 10, 2009
Stop Assuming Security
Let's all just stop pretending that our connected applications and networks are secure. I mean, it, just stop it already. I don't care if you're PCI Compliant, use SSL with AES encryption and SHA-2 hashing algorithms. You can have IDS in place, and a 24-hour monitoring system with armed guards and Predators with hellfires ready to rain down fire on anyone that dares ping your DMZ. You're not secure....and you never will be.
Instead of approaching system security from the system side, we need to look at why the security is in place and begin architecting one-way data funnels into our connected systems. Once I've processed your credit card transaction, why do I have to continue storing your card on a connected data system (or store it all - but that's a different discussion). If I need to store vital information about my customers, the data system I do this on shouldn't be connected to anything, and it certainly shouldn't be accessible to any system connected to the Internet. System architects need to take much of the blame for system vulnerabilities because of the system design itself. Data is stored too close to the Internet, and easy and cheap interfaces like ODBC connections to our internal databases are too often shortcuts taken for saving money on development of single-use one-way data connectors.
In fact, system developers need to be woken up to the need for development of low-capability software, and how this software can play a vital role in secure system design. Why don't we see write-only database connectors on the market? How about packaged systems that have limited functionality (no-database read-only web server systems)?
We need to automatically assume that whatever multi-use software we are using is insecure and start limiting our exposure to vulnerabilities by removing capabilities that we don't want from our designed systems. When (not IF!) those vulnerabilities are discovered in our systems, the exposure risk will be limited to the capabilities of the software (and maybe the hardware!?!) that we use in designing the system. If the system is incapable of writing to the disk system at all, then when it gets hacked, the vulnerability won't expose the risk of writing data. If our customer service page gets hacked, if the page has no capability for querying the database through the one-way 'deposit-only' data connector, then the exposure will just be that they can write junk to our database. If our database is incapable of running shelled commands, they won't be able to do so.
Perhaps it's time for security analysts and software security architects to get religion...Luddism
Instead of approaching system security from the system side, we need to look at why the security is in place and begin architecting one-way data funnels into our connected systems. Once I've processed your credit card transaction, why do I have to continue storing your card on a connected data system (or store it all - but that's a different discussion). If I need to store vital information about my customers, the data system I do this on shouldn't be connected to anything, and it certainly shouldn't be accessible to any system connected to the Internet. System architects need to take much of the blame for system vulnerabilities because of the system design itself. Data is stored too close to the Internet, and easy and cheap interfaces like ODBC connections to our internal databases are too often shortcuts taken for saving money on development of single-use one-way data connectors.
In fact, system developers need to be woken up to the need for development of low-capability software, and how this software can play a vital role in secure system design. Why don't we see write-only database connectors on the market? How about packaged systems that have limited functionality (no-database read-only web server systems)?
We need to automatically assume that whatever multi-use software we are using is insecure and start limiting our exposure to vulnerabilities by removing capabilities that we don't want from our designed systems. When (not IF!) those vulnerabilities are discovered in our systems, the exposure risk will be limited to the capabilities of the software (and maybe the hardware!?!) that we use in designing the system. If the system is incapable of writing to the disk system at all, then when it gets hacked, the vulnerability won't expose the risk of writing data. If our customer service page gets hacked, if the page has no capability for querying the database through the one-way 'deposit-only' data connector, then the exposure will just be that they can write junk to our database. If our database is incapable of running shelled commands, they won't be able to do so.
Perhaps it's time for security analysts and software security architects to get religion...Luddism
Subscribe to:
Posts (Atom)