Scott Schulz : Tweet: Watching Peter Pan from the Milwaukee Ballet Compa…

April 19, 2014 01:08 AM

Watching Peter Pan from the Milwaukee Ballet Company – Good end to the day

Scott Schulz : Tweet: Mowed the lawn, cleaned my portion of the house. V…

April 18, 2014 08:59 PM

Mowed the lawn, cleaned my portion of the house. Vacation days are hard work!

Mark Turner : Plane truths

April 18, 2014 04:02 PM

The Manhattan skyline appears in the windshield of a Vamoose bus.

The Manhattan skyline appears in the windshield of a Vamoose bus.

Last week I was booking a flight for my upcoming business trip to California when I discovered to my surprise that Southwest Airlines, long my airline of choice, offered fares twice as expensive as the lowest airfare. My company’s travel booking system actually wouldn’t let me book a Southwest flight because it was too expensive. I never thought I would ever get in trouble with my boss for booking Southwest, but it’s reached that point.

We’re on the road today to New York City by way of bus from DC. The bus is less than a year old, it’s quiet, clean, comfortable, and there are AC power outlets under each seat. Free WiFi, too, and we can make mobile calls anytime we want. I didn’t know what to expect when we began talking about a bus trip but I’ve been pleasantly surprised.

Putting these two ideas together, I mused to Kelly how perhaps these bus lines owe at least part of their renewed success to Southwest’s decision not to be the “bus of the skies” any more. Or perhaps travelers have simply gotten fed up with the unbelieveable hassle of air travel and have sought out more civilized means of travel.

Yes, I’d never thought I’d say it but traveling by bus may be more prefreable than travel by air. Are the high-flying days of air travel over?

Scott Schulz : Tweet: Interesting “upgrade” from @Linode :) — “vCPUs go…

April 18, 2014 12:46 PM

Interesting “upgrade” from @linode :) — “vCPUs go from 8 vCPUs → 2 vCPUs”

Warren Myers : print-at-home plans

April 18, 2014 12:18 PM

Someone needs to start a business selling print-at-home furniture/home-improvement plans that include parts lists (and, ideally, costs) from their local Lowes / Home Depot / TrueValue / Ace / etc.

Most folks who want to tackle small projects don’t want to buy books or magazines that may (or may not) include what they’re interested in – but which will definitely include loads of stuff they’re not.

Having a simple webstore that offered complete build instructions, parts lists, and approximate costs (both dollars and time) would be awesome.

I’m thinking something like an on-demand version of eMeals, but for your workshop.

Eric Christensen : 256 Bits of Security

April 17, 2014 02:25 PM

This is an incomplete discussion of SSL/TLS authentication and encryption.  This post only goes into RSA and does not discuss DHE, PFS, elliptical, or other mechanisms.

In a previous post I created an 15,360-bit RSA key and timed how long it took to create the key.  Some may have thought that was some sort of stunt to check processor speed.  I mean, who needs an RSA key of such strength?  Well, it turns out that if you actually need 256 bits of security then you’ll actually need an RSA key of this size.

According to NIST (SP 800-57, Part 1, Rev 3), to achieve 256 bits of security you need an RSA key of at least 15,360 bits to protect the symmetric 256-bit cipher that’s being used to secure the communications (SSL/TLS).  So what does the new industry-standard RSA key size of 2048 bits buy you?  According to the same document that 2048-bit key buys you 112 bits of security.  Increasing the bit strength to 3072 will bring you up to the 128 bits that most people expect to be the minimum protection.  And this is assuming that the certificate and the certificate chain are all signed using a SHA-2 algorithm (SHA-1 only gets you 80 bits of security when used for digital signatures and hashes).

So what does this mean for those websites running AES-256 or CAMELLIA-256 ciphers?  They are likely wasting processor cycles and not adding to the overall security of the circuit.  I’ll make two examples of TLS implementations in the wild.

First, we’ll look at  This website is protected using a 2048-bit RSA certificate, signed using SHA256, and using AES-128 cipher.  This represents 112 bits of security because of the limitation of the 2048-bit key.  The certificate is properly chained back to the GoDaddy CA which has a root and intermediate certificates that are all 2048 bits and signed using SHA-256.  Even though there is a reduced security when using the 2048-bit key, it’s likely more efficient to use the AES-128 cipher than any other due to chip accelerations that are typically found in computers now days.

Next we’ll look at one of my domains:  This website is protected using a 2048-bit RSA certifcate, signed using SHA-1, and using CAMELLIA-256 cipher.  This represents 80 bits of security due to the limitation of the SHA-1 signature used on the certificate and the CA and intermediate certificates from AddTrust and COMODO CA.  My hosting company uses both the RC4 cipher and the CAMELLIA-256 cipher.  In this case the CAMELLIA-256 cipher is a waste of processor since the certificates used aren’t nearly strong enough to support such encryption.  I block RC4 in my browser as RC4 is no longer recommended to protect anything.  I’m not really sure exactly how much security you’ll get from using RC4 but I suspect it’s less than SHA-1.

So what to do?  Well, if system administrators are concerned with performance then using a 128-bit cipher (like AES-128) is a good idea.  For those that are concerned with security, using a 3072-bit RSA key (at a minimum) will give you 128 bits of security.  If you feel you need more bits of security than 128 then generating a solid, large RSA key is the first step.  Deciding how many bits of security you need all depends on how long you want the information to be secure.  But that’s a post for another day.

Warren Myers : why nations fail by daron acemoglu and james a robinson

April 16, 2014 02:23 PM

I first came across Why Nations Fail at my local Half Price Books. After seeing it on the shelves a couple times, but still being unsure about whether I really wanted to read it or not, I reserved it at my local library.

Now I wish I had bought it (and likely will) – Daron Acemoglu & James A Robinson, while sometimes slipping into an academic, journalistic tone, present a fantastic historical, economic, cultural, and international view into the similarities, and differences, of “national” failures around the world over the last several centuries.

They spend a great deal of time expounding on the differences of countries that succeed and those that don’t – and offer insights into how failing nations could, potentially, turn themselves around.

Interestingly, the factors that play-into national success and failure are similar throughout history – critical junctures, inclusive/pluralistic political and economic environments vs extractive/exclusive political and economic structures, empowered citizenries, overbearing rulers, literacy, economic incentives (positive and negative), etc.

The Iron Law of Oligarchy:

the overthrow of a regime presiding over extractive institutions heralds the arrival of a new set of masters to exploit the same set of pernicious extractive institutions (p366)

My recommendation? Buy it. Read it. Share it. The background and conclusions this book presents and reaches should be required reading for anyone who wants to see their nation “do better” – politicians, businessmen, citizens, NGOs: all would benefit from applying what is demonstrated in this excellent work.

  • Quality of writing: 4/5
  • Quality of content: 4.5/5
  • Historicity: 5/5
  • Educational value 4.5/5
  • Overall: 4.5/5

Mark Turner : Exhibit B for sloppy N&O editing

April 16, 2014 01:39 PM

Well, that didn’t take long. No sooner did I complain about a glaring error in the Sunday Midtown Raleigh News that I found an big error in today’s print edition. A story about the opening of the newly-renovated Terminal 1 at RDU Airport carried a headline referencing Terminal 2. This wasn’t a long, wonky story but one maybe ten paragraphs long, so there’s no excuse for the editor not being able to quickly scan the story and see which terminal was being discussed.

Sloppy, sloppy, sloppy. Come on, N&O. Get it together!

Scott Schulz : Tweet: 1.44 inches of rain at the homestead yesterday. On…

April 16, 2014 11:19 AM

1.44 inches of rain at the homestead yesterday. On the lookout for sparkly vampires.

Mark Turner : New York City bound

April 16, 2014 11:09 AM

As I mentioned, the Turners are on the move again. And, as usual, we’re all headed in different directions, at least initially.

Hallie left for school at 4 AM for her bus trip to New York City, where she and her fellow Ligon Middle School orchestra members will play Carnegie Hall Saturday night. An hour later, Kelly took Travis to his Conn Elementary school field trip to Fort Fisher. I’m staying here for work before heading to a fundraiser for Kay Hagan this evening.

Thursday night, Kelly, Travis, and I will travel to Kelly’s parents’ home (leaving the Rottweilers to guard the home while we’re away, of course). Friday morning we’ll head to DC to hop a bus which will take us to New York. We’ll stay long enough to watch Hallie’s performance before taking the bus back home.

Oh, and the following week I travel to Sacramento for work: the first business travel I’ve taken in a while. Should be fun.

Mark Turner : Tornado, three years later

April 16, 2014 11:03 AM

Today began for me much the same way it did that Saturday morning exactly three years ago. Then, as now, it was just the dog and me at home while Kelly and the kids were on the road.

Fortunately the similarities end there. This morning’s weather is clear, breezy and very chilly at 34 degrees F with no signs of any tornadoes. In fact, one of the last … er, signs of the tornado in my neighborhood was removed recently. Up until a few weeks ago, a “No Parking” sign stood outside St. Aug’s on a steel post that was twisted almost completely around, a daily reminder of the jaw-dropping power of violent wind.

Sadly, a day before I was to take a picture of it the city replaced the post and sign. Don’t know if I should be sad I missed it or happy the public works department is so on top of things. At any rate, life in East Raleigh is back to normal now.

Mark Turner : Loving the new job

April 16, 2014 01:18 AM

Thursday marks my second week at the new job and, boy, what a difference it is from my last job! I actually have fun at work. No one micromanages me, no stupid mind games are being played. People don’t come into work seemingly to delight in making someone else’s day miserable. Night and day.

Two weeks into my job and I’ve already earned the trust of my colleagues. I’ve already jumped in and begun solving problems. I’ve even offered house-hunting advice to those new to Raleigh. It feels awesome to work someplace that appreciates my contributions.

Above is a photo I took of my team last week. Looks like a fun group, doesn’t it?

Mark Turner : Your Clever Password Tricks Aren’t Protecting You from Today’s Hackers

April 16, 2014 12:11 AM

Good password-choosing advice from Lifehacker. Bottom line: if you can remember your password it isn’t good enough.

Our passwords are much less secure than they were just a few years ago, thanks to faster hardware and new techniques used by password crackers. Ars Technica explains that inexpensive graphics processors enable password-cracking programs to try billions of password combinations in a second; what would have taken years to crack now may take only months or maybe days.

Making matters much worse is hackers know a lot more about our passwords than they used to. All the recent password leaks have helped hackers identify the patterns we use when creating passwords, so hackers can now use rules and algorithms to crack passwords more quickly than they could through simple common-word attacks.

via Your Clever Password Tricks Aren't Protecting You from Today's Hackers.

Mark Turner : N&O runs dedication story a week late

April 15, 2014 07:56 PM

In about ten minutes, a group of people will converge on the entrance to the Walnut Creek Greenway near the Worthdale Community Center. They will wait around in the rain until they become bored for a dedication ceremony that has come and gone, and sloppy editing on the part of the News and Observer is to blame.

Sunday’s Midtown Raleigh News carried a front-page story on the greenway dedication, stating the ceremony would occur Tuesday at 4 PM. The problem is that the ceremony took place last week. The story was correct when it ran a week earlier in the N&O but somehow it landed in Sunday’s Midtown edition without being updated to show the ceremony already took place.

I love the N&O’s spotlight of Raleigh’s parks. I called for more coverage in the past and still think Raleigh citizens value their parks highly enough (and they have invested enough in them ) for parks to merit media coverage. That said, inaccurate coverage might do more harm than no coverage at all.

I wish the N&O would work just a little bit harder on fact-checking its local coverage.

Eric Christensen : Time to generate a 15,360-bit RSA key

April 15, 2014 04:38 PM

$ time openssl genrsa 15360
Generating RSA private key, 15360 bit long modulus

<magic happens>

real    2m39.541s
user    2m39.236s
sys    0m0.006s

Warren Myers : 35 great questions, part 2

April 15, 2014 01:29 PM

Part 2 of 5 in my condensed reprint of Inc’s article, “35 Great Questions” from the April 2014 issue. (part 1)

  1. What counts that we are not counting? –Chip Conley
  2. In the past few months, what is the smallest change we have made that has had the biggest positive result? What was it about that small change that produced the large return? –Robert Cialdini
  3. Are we paying enough attention to the partners our company depends on to succeed? –Ron Adner
  4. What prevents me from making the changes I know will make me a more effective leader? –Marshall Goldsmith
  5. What are the implications of this decision 10 minutes, 10 months, and 10 years from now? –Suzy Welch
  6. Do I make eye contact 100 percent of the time? –Tom Peters
  7. What is the smallest subset of the problem we can usefully solve? –Paul Graham

Warren Myers : you don’t need ideas – you need questions

April 14, 2014 12:32 PM

Paul Graham asserts that startup ideas aren’t what’s important – and, in fact, think you need an “idea” is a major roadblock.

Convert your thinking from “idea” to “question”, and you have a potential curiosity to explore, tweak, develop, and deliver.

Your best work is going to come when you’ve thought about the problem but didn’t know you were thinking about it.

So stop trying to get an idea – ask questions, and chase them down.

Warren Myers : discover each man’s thumbscrew – law 33 – #48laws by robert greene

April 13, 2014 12:18 PM

Law 33

Everyone ahs a weakness, a gap in the castle wall. That weakness is usually an insecurity, and uncontrollable emotion or need; it can also be a small secret pleasure. Either way, once found, it is a thumbscrew you can turn to your advantage. –Robert Greene, The 48 Laws of Power (review)

Warren Myers : don’t blog

April 11, 2014 08:23 PM

to “compete” with others.

There are great reasons to blog – but there are also lousy ones to do it.

If you’re writing because you’re trying to ‘keep up with the Joneses’, so to speak, you’re doing it wrong.

Don’t blog because others do. Don’t blog because others do it better. Blog because you want to. Blog because you have something to say. Blog to learn.

But don’t blog to compete. It’s a game you’ll never “win”.

Warren Myers : 35 great questions, part 1

April 10, 2014 01:23 PM

Part 1 of 5 in my condensed reprint of Inc’s article, “35 Great Questions” from the April 2014 issue.

  1. How can we become the company that would put us out of business? –Danny Meyer
  2. Are we relevant? Will we be relevant five years from now? Ten? –Debra Kaye
  3. If energy were free, what would we do differently? –Tony Hsieh
  4. What is it like to work for me? –Robert Sutton
  5. If we weren’t already in business, would we enter it today? And if not, what are we going to do about it? –Peter Drucker
  6. What trophy do we want on our mantle? –Marcy Massura
  7. Do we have bad profits? –Jonathan L Byrnes

Warren Myers : what viability would a subscription-based social networking service have?

April 09, 2014 04:44 PM

You see stories like this one, and you wonder how Facebook is continuing to make it. So many people I know are either leaving, or reducing their involvement (including myself), that is seems it is destined to be the next MySpace.

Over the past couple years, I have seen companies advertise themselves by giving links like When it’s in addition to you “real” website (, that’s not a bad thing.

But when it’s the only outlet you give people to interact with you? You’re outsourcing your business to someone else, and hoping they don’t screw you over.

That doesn’t seem to smart to me.

I understand Facebook needs to make money – they are a business, and not a charity (and even if they were the latter, they still need to pay for electricity, engineers, and equipment). But I think that the pure advertising model is not as lucrative as it once was.

Which makes me wonder how successful a subscription-based social network could be: call it something nominal – maybe $10-20 a year, but give users much fuller control over their “experience”: a mashup of MySpace’s crazy customizability, Facebook’s interface, and LinkedIn’s professionalism.

It’s a thought. Anyone want to build one with me?

Mark Turner : Heartbleed Bug

April 09, 2014 11:40 AM

While many news outlets were blathering on about the end of life for Windows XP, a huge hole in OpenSSL was discovered. OpenSSL secures a huge percentage of the Internet, meaning many of the sites you use have had their security compromised.

These revelations, while painful, are very much necessary to create a more secure Internet.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging IM and some virtual private networks VPNs.The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

via Heartbleed Bug.

Bonus link: Bruce Schneier on the Heartbleed bug.

Mark Turner : Sticky switcheroo: FDA cracks down on honey labeling – Health –

April 09, 2014 01:38 AM

The Food and Drug Administration is cracking down on the fake honey claims in some foods. Looks like I got my wish!

Have you been duped by a honey poser?

Companies have been selling sugary, sticky honey blends on grocery store shelves for years, adding syrups or sweeteners not made naturally by bees, but hiding their fraud on the packaging under the label “honey.” This food fraud also applies to foods that list “honey” as an ingredient. You might not be getting the real thing.

The Food and Drug Administration issued new guidelines Tuesday that will require companies to label any honey that is not pure, or even food containing this honey, with “blend of sugar and honey” or “blend of honey and corn syrup,” depending on the ingredients. This policy change is the result of organizations like the American Beekeeping Federation and other honey associations petitioning against the common food industry practice of misrepresenting “pure honey.”

via Sticky switcheroo: FDA cracks down on honey labeling – Health –

Warren Myers : april adoption update

April 09, 2014 12:38 AM

We’ve gotten an update in our adoption process. Please go check out our [private] adoption blog.

If you would like access to it, please leave a comment or email me.

Warren Myers : the “best” industries for starting a business?

April 08, 2014 01:04 PM

I generally really like Inc magazine.

But this article is kinda ridiculous: “The Eight Best Industries for Starting a Business.”

By the time an industry has landed on a list like this, the odds that you’re really going to be able to capitalize on it are super slim. There’s nothing “wrong” with starting a business in any of those industries – but you shouldn’t pick an industry because it’s “hot”; you should start your business in the industry you know and are ready to compete in.

If you’re already running a business, perhaps expanding your market reach into some of these “hot” industries is a good idea – and perhaps not. Make sure you are solving problems and delivering solutions.

The rest is gravy.

Sidebar – if you’re relying on mass-market publications like Inc to do your business research, you’re doing it wrong.

Mark Turner : Healthcare still sucks

April 08, 2014 02:07 AM

Now that I’m in a new job, Kelly and I spent some time this evening picking out a healthcare plan. Wading through a lot of boring-as-shit details boiled it down to the plain fact that insurance companies suck even more than they used to.

What kept popping up is this whole idea of “coinsurance.” Who came up with that? Basically if you get hit by a bus and the bills top $1 million, your broken, tire-track-covered ass is on the hook for $200,000. And that’s with insurance! “With friends like these,” right?

Healthcare is still broken and the industry is still playing everyone for suckers. If there’s ever a market that is screaming for more regulation – the kind with real teeth that stands up to these kinds of horseshit shell games that are still being played – healthcare is it.

Oh, and my opinion of UnitedHealthcare hasn’t improved any, either.

David Cafaro : IPv6 and WordPress, not for the faint of hearts.

April 07, 2014 02:20 PM

Unfortunately it appears that getting WordPress going in IPv6 is a constant undertaking.  Primary causes?

WordPress domains don’t support IPv6.  And my DNS provider doesn’t fully support IPv6 at their DNS server (I can add AAAA records, but you can’t access the NS via IPv6).

So I end up having to create a few /etc/hosts entries to get plug-in updates and reference urls to work within WordPress.  Additionally, pure IPv6 hosts would never be able to reach my domain because of lack of IPv6 at my DNS provider.

So if you are going this route, be ready to handhold your site for a while.

Scott Schulz : Tweet: /me offers @leylasantiago a “there“ to replace an…

April 07, 2014 12:45 PM

/me offers @leylasantiago a “there“ to replace an errant “they’re” in the Postal fire story on the @WRAL website

Warren Myers : magazines

April 07, 2014 12:42 PM

I am the [proud] holder of subscriptions to several magazines.

As part of my attempt to vary my reading materials, I get Wired, Inc, Fast Company, Western Horseman, and several others.

However – I’ve discovered that I just don’t care about most of what is any given issue; there are times when more than half of the magazine is of interest, but usually it’s substantially closer to 10% (excluding ads – include them, and you’re probably down to 5-6%).

It’d be awesome if there was a way of getting a print analogue to an RSS aggregator – in fact, if you know of any, please let me know!

But since there’s not, I’ve adopted  fairly-stringent policy of recycling magazines that show up in my mailbox if I don’t get to them within 2 weeks: and if somehow I miss that deadline, they definitely get scrapped when the new issue arrives.

The only time I will read an out-of-date magazine is when I’m waiting in a doctor’s or dentist’s office, or at the oil change place. There’s just no reason to read “news” and “insights” that old when you can still get them digitally from the magazine websites within days of the print copy arriving in your mailbox.

Scott Schulz : Tweet: What is this purple flowered plant which is taking…

April 06, 2014 04:44 PM

What is this purple flowered plant which is taking over NC?


Scott Schulz : Tweet: First lawn mowing of the season complete. Least I…

April 06, 2014 03:37 PM

First lawn mowing of the season complete. Least I am caught up on @TalkinBirds episodes – 7300 steps

Scott Schulz : Tweet: Watching The Exam

April 06, 2014 12:12 AM

Watching The Exam

Warren Myers : vacation

April 05, 2014 07:35 PM

This CNBC story caused quite a bit of discussion on my Facebook wall this week. In short, Americans don’t take all the time off they can, and many don’t even take any.

I didn’t used to take much, either – but have since changed my view on the matter.

There seem to be a variety of issues at play in this discussion; some of the highlights of the thread:

“what if Americans enjoy their jobs more than anyone else, and so don’t want to take more breaks?” –CF

“what if Americans are more scared of losing their jobs while being on vacation, and instead work more tired, more stressed, and less effectively than their counterparts in other parts of the developed world” –me

“You don’t realize that you’re “working for something” if you don’t get to have time to enjoy that for which you’ve worked.” –MS

So what think ye?

Warren Myers : group admin in the era of facebook

April 04, 2014 12:21 PM

Along the difficulties of initially building a good group/community, comes the hassles of managing said [virtual] community – especially on the book of the face.

I am a coadmin on the Ontario & Western Railways Historical Society Inc Facebook group. My friend Peter is a coadmin of the Linux Mint group.

Something both of us have noticed is the ridiculous spam problem Facebook groups have developed over the past 1-2 years. It’s not a new problem, of course – Stack Overflow has had problems since very early on, too: they printed A Theory of Moderation to outline the issues they were seeing, and how they planned to handle it.

The real problem at the root of all the spam lies, though, not in technology, but in people.

Even with active community self-regulation, moderators occasionally need to intervene. Moderators are human exception handlers, there to deal with those (hopefully rare) exceptional conditions that should not normally happen, but when they do, they can bring your entire community to a screaming halt - if you don’t have human exception handling in place.

Spam doesn’t arise on its own – it’s all developed by people. Until the people problem of spam can be addressed, it will continue. Sadly, technology, in and of itself, cannot deal with the people problem.

So instead we have human admins and moderators whose [typically volunteer] job is to ensure that the communit[y|ies] keeps to a general standard, as defined by the community itself. By assuming technology could be made that would fix the problem, we’re asking the wrong question: human behavior needs to be addressed and improved; while technology is wonderful and can aid in the process, it is no panacea.

Encouragements for moderation teams can come in the form of gamification (the SO model), community accolade, or just the individual admin’s personal satisfaction.

The drawback is that this task can become so overwhelming at times and in places that it those tasked with caring for the community, when the community itself won’t do anything about the problem(s), give up because they adopt the view that it’s everyone’s problem, and presume that since it is everyone’s problem, it’s not “theirs”.

What are the solutions to these issues? I can think of a few – but many remain yet unanswered:

  1. the community must encourage the admins
    • if the community isn’t doing something to make their admins feel appreciated, the admins will, eventually, leave
  2. better tech
    • it’s not possible to solve all problems with technology, but there are certainly many areas that can be improved in this regard
  3. community engagement and education
    • seasoned community members and admins alike need to take the time to “mentor” new community members to make sure they stick to the guidelines of that community
    • community members need to be proactive in assisting the moderators when inappropriate items are posted, or conversation degrades below the stands of the group
  4. a willingness to say “no”
    • admins and the general community needs to be willing to tell some people they are not welcome
    • this should [almost] never be in a hateful, grudge-bearing manner, but it must be done to ensure the integrity of the community in the long-term
  5. a willingness to morph
    • the flip side of (4) is that the community needs to be willing on a regular basis:
      • review its own guidelines
      • change / modify rules
      • find new admins
      • welcome new members who aren’t yet versed in the ways of the group ( related to (3) above)

I am sure there are many many more items that can be added to this list. But this is the starting point for every successfully-maintained community I’ve ever seen.

What others would you add, or what would you change?

Mark Turner : Dr. Neil deGrasse Tyson at NCSU

April 04, 2014 02:11 AM

Hallie and Travis with Dr. Neil deGrasse Tyson

Hallie and Travis with Dr. Neil deGrasse Tyson

When I got word that Dr. Neil deGrasse Tyson was going to soon be speaking at N.C. State, I was determined to finagle some tickets. It seemed to be an impossible task, since he was speaking in the tiny Hunt library auditorium and it was mainly a College of Sciences event with few tickets available to the public. Even so, through a friend with close ties to the school I found out the time that the hundred or so general-admission tickets would be distributed online.

Learning that each registrant would be allowed just one guest, I got Kelly to join in my ticket quest. When that moment arrived – the second it arrived – Kelly and I were madly refreshing our browsers, waiting for a link to register for tickets. Somehow the stars aligned and both of us managed to put our names in the hat before the ticket window closed within three minutes!

The stars aligned again this evening for the event. Today was my first day at my new job on Centennial Campus, so I had a short walk from my office building to the Hunt Library. Kelly, however, was picking up the kids from Farmville, VA, and rolled into the library perhaps 30 seconds before the audience began to file into the auditorium.

I had attended a presentation in the auditorium a week prior, so I was familiar with the layout. Rather than follow the crowd down the right aisle, I led the family down the open left aisle, parking us on the very first row in front of the speaker podium! Another lucky break, though they say that fortune favors the prepared!

Dr. Tyson didn’t disappoint. He walked right by us on his way onstage, pausing a moment to high-five both kids! He also spent some time during his talk to interact with the kids, asking Hallie how old she was and taking a cue from Travis on another point. Kelly and I vigorously protested with Dr. Tyson told the kids that we as their parents actually don’t know everything. Hey, keep that to yourself, Neil!

The talk was lengthy and insightful, though the talk went on too long for questions to be taken from the audience. That’s a shame as I had thought for days what I might ask him and didn’t get the chance. It was disappointing but perhaps I’ll get another chance.

Being on the front row was less of an advantage for us when it came time to move to the reception upstairs. We had to wait while the rest of the auditorium exited above us. By the time we reached the auditorium, Dr. Tyson was surrounded by a crowd of fans, not giving us much of a chance for the kids to say hello to him.

Soon we saw him being gently nudged towards the door. The kids’ disappointment was mounting as they asked us “is he just going to leave?” While Kelly took things out of my hand, I directed the kids towards Dr. Tyson as he walked out into the hallway. Fortunately, he recognized his Front Row Buddies and paused for a few photos, goosing the kids comically in the last one. As my friend Guus commented on Facebook commented, it is a photo they will treasure for decades.

We all had a wonderful time this evening. I’m especially happy that our science-loving kids got a chance to meet such an influential scientist like Dr. Tyson. Perhaps this encounter will prompt them to pursue careers in science, or at least making the world a better place.

Warren Myers : lex>>fwd meeting @ west 6th tonight at 1730 edt

April 03, 2014 03:28 PM

LEX>>FWD is meeting tonight at West Sixth Brewery in Lexington at 5:30p.

The topic is scheduled to be “source control and specifically differences between distributed and centralized”.

If you’re int he Lexington area this evening, come join us.

Warren Myers : the seven stages of expertise

April 03, 2014 01:01 PM

I recently found The Seven Stages of Expertise in Software Engineering.

  • Stage 1: Innocent
    • barely knowledgeable if at all
  • Stage 2: Exposed
    • seeking knowledge
  • Stage 3: Apprentice
    • has read case studies and tries to apply those techniques
  • Stage 4: Practitioner
    • can actually apply concepts learned in one context to a not-identical context
  • Stage 5: Journeyman
    • professional understanding and application of the field; can mentor
  • Stage 6: Master
    • moved from “whats” and “hows” to “whys”; can mentor very effectively
  • Stage 7: Researcher
    • the teacher, presenter, mentor, speaker, evangelist, writer, authority

Presented firstly in the humorous guise of The Seven Stages of Expertise in Bear Hunting, Meilir Page-Jones makes a highly-compelling case for progressive advancement in [nearly] any field.

Some of the ideas seem similar to what Malcolm Gladwell brings in Outliers (review) or Robert Greene does in Mastery (review). Which seems to only lend more credence to those other works, given that this article is © 1998.

Eric Christensen : caff gpg.conf file settings

April 02, 2014 03:37 AM

After years of using caff for my PGP key-signing needs I finally come across the answer to a question I’ve had since the beginning.  I document it here so that I may keep my sanity next time I go searching for the information.

My question was “how do you make a specific certification in a signature?”.  As defined in RFC 1991, section 6.2.1, the four types of certifications are:

     <10> - public key packet and user ID packet, generic certification
          ("I think this key was created by this user, but I won't say
          how sure I am")
     <11> - public key packet and user ID packet, persona certification
          ("This key was created by someone who has told me that he is
          this user") (#)
     <12> - public key packet and user ID packet, casual certification
          ("This key was created by someone who I believe, after casual
          verification, to be this user")  (#)
     <13> - public key packet and user ID packet, positive certification
          ("This key was created by someone who I believe, after
          heavy-duty identification such as picture ID, to be this
          user")  (#)

Generally speaking, the default settings in caff only provide the first level “generic” certification. Tonight I found information specific to ~/.caff/gnupghome/gpg.conf. This file can contain, as far as I know, can contain three lines:

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-cert-level 2

I can’t find any official information on this file as the man pages are a little slim on details.  That said, if you use caff you should definitely create this file and populate it with the above at a minimum with the exception of the default-cert-level.  The default-cert-level should be whatever you feel comfortable setting this as.  My default is “2″ for key signing parties (after I’ve inspected an “official” identification card and/or passport).  The other two settings are important as they provide assurances of using a decent SHA-2 hash instead of the default

Warren Myers : reading experiment

April 01, 2014 04:24 PM

In follow-up to a recent blog post shared to me by my friend Steven, thinking about my aunt’s old practices, and comments from my wife and another friend, I’m engaging in a “consumptive”/”reactive” reading experiment wherein I am going to do something I haven’t done in a non-workbook book since my time at HVCC – I’m going to try writing in a book.

Two, actually. One is To Engineer Is Human (by Henry Petroski; my review). The second is Knowing God by JI Packer.

Wish me luck. I’ll report back when I’ve completed at least one of the books in the experiment.

“Books are made to be broken–literally or figuratively. I recently bought a 80+ year old book for $76 (a rare book called If It Had Happened Otherwise). I took special pleasure folding the pages and writing on them. It’s mine, why treat it like a delicate flower?” –Ryan Holiday

Jesse Morgan : Saul’s Gimpy Inversion

March 31, 2014 03:38 PM

Note for next time- If I ever need to invert the alpha and black on 40+ layer images, this script-fu will do the trick in gimp.

(define (get-all-real-layers image)
  (define (get-children group)
    (let loop ((children (vector->list (cadr (gimp-item-get-children group))))
               (sub-layers '()) )
      (if (null? children)
        (reverse sub-layers)
        (loop (cdr children)
              (if (zero? (car (gimp-item-is-group (car children))))
                (cons (car children) sub-layers)
                (append sub-layers (get-children (car children))) )))))
  (let loop ((top-layers (vector->list (cadr (gimp-image-get-layers image))))
             (all-layers '()) )
    (if (null? top-layers)
      (loop (cdr top-layers)
            (if (zero? (car (gimp-item-is-group (car top-layers))))
              (append all-layers (list (car top-layers)))
              (append all-layers (get-children (car top-layers)))) ))))

  (lambda (layer)
    (gimp-image-select-item image CHANNEL-OP-REPLACE layer)
    (gimp-drawable-fill layer FOREGROUND-FILL)
    (gimp-edit-clear layer) )
  (get-all-real-layers image) )

Big thanks to saul on for this snippet.

Mark Turner : Are hackers killing Yahoo email?

March 31, 2014 10:55 AM

A number of my friends who use email addresses have been frustrated by spam emails that appear to be sent through their accounts. A look at the actual email headers reveals the emails do not actually originate from Yahoo:

X-Original-To: Mark Turner
Delivered-To: Mark Turner
Received: from ( [])
by (Postfix) with ESMTP id 9E6FEC81102
for Mark Turner; Sat, 29 Mar 2014 05:13:05 -0400 (EDT)
Received: from (b-bigip1 [])
by (Postfix) with ESMTP id 9EE0D2D2A15;
Sat, 29 Mar 2014 09:13:06 +0000 (UTC)
X-Session-Marker: 536861776F6F64406265782E6E6574
X-Spam-Summary: 10,1,0,,d41d8cd98f00b204,,:::::::::::::::::::::::::::::::::::::::,RULES_HIT:41:72:355:379:539:540:541:542:543:590:962:96
X-HE-Tag: pets27_36a824eacc042
X-Filterd-Recvd-Size: 2630
Received: from (unknown [])
(Authenticated sender:
by (Postfix) with ESMTPA;
Sat, 29 Mar 2014 09:12:55 +0000 (UTC)
Message-ID: 120dcf1f0409$188b32c6$8c62fe50$
From: Yahoo User

… but the damage is done. Many of my friends who use Yahoo for mail are bailing on it.
My guess is that the hackers may have compromised Yahoo’s email systems long enough to grab the contact lists of its users. Yahoo could have tightened up its security in the meantime, but the proverbial horse is now out of the barn. Hackers can continue to masquerade as email users.

Instead of an SPF record to protect against faked emails, Yahoo uses Domain Keys (DKIM) to check signatures. This puts this kind of header in a legitimate Yahoo email:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024;
t=1396205703; bh=U70gbg8jCRRS3R/0591VaRt992y2uSHahGrbF9hZ2YM=;

I don’t have my mail server set up to parse this kind of header. Neither, apparently, does Gmail, as it still passes these bogus emails along as if they were legitimate. Yahoo could do as Gmail does and easily add an SPF record to its DNS zones to cut down on the bogus email and such an SPF record could complement its DKIM strategy. Instead, Yahoo leaves its email users vulnerable to faked emails, resulting in compromised computers and angry users (and subsequently, more Gmail customers).

It seems that Yahoo excels at taking a good idea and totally screwing it up.

Mark Turner : Snapping up talent

March 30, 2014 04:04 PM

I just heard that a certain open-source software company based in downtown Raleigh sometimes takes six months from when it gets a job applicant to actually hire that applicant. That’s crazy. How can a company think that a top job applicant has that kind of time to spend for a potential employer to get their act together? What makes a company think that an applicant is still going to be around six months later?

I spent three months between losing my job and getting a job offer and you know what? It sucked. It was three months of suck. When someone wants to make a move, they often don’t have the luxury of spending half a year for a potential employer to get going. I appreciate being thorough and making sure things are a good fit, of course, but six months is an insult to any job applicant.

I contrast this with my most recent job search, where the HR “talent acquisition team” always responded promptly to my questions and treated me as if I was important to them. That’s the way it should be done. Any company that doesn’t make a priority of hiring good people will soon find itself in trouble.

Jesse Morgan : Who is Hock?

March 28, 2014 12:26 AM

I think a lot about previous characters I’ve created. One of the older chracters that I recall is Hock, a foul anti-hero who under other circumstances, would be a villain. While the description “Carnivorous castrated albino minotaur with hygiene issues and a wrestling fetish,” is a fairly accurate depiction of him, I feel the need to flesh him out and explain his tragedy.

Hock should be dead. Not because of the countless people he has murdered over the years; nor for fighting as a gladiator for many years for sport; nor even for murdering his owner, a rich and powerful merchant with many friends.

Hock should be dead because he’s white- albino, specifically. In minotaur tradition, any deformity or variation is seen as impure; when he was born with soft pink skin, red eyes and white hair, it was a death sentence. His father, feeling a twinge of pity, left the newborn hock on the side of the road near a pasture.

Within hours, a nearby farmer heard his cries and brought him in. The farmer was not a rich man, but he knew his luck had changed. Within days, he’d arranged to sell Hock to a travelling circus, where he was raised as any other animal.

Despite his ability to speak, he was never listened to. He was bombarded by rotten food, kept in a cage, and generally neglected. After a particularly nasty guest stabbed him in the thigh through the bars, Hock shot forward and gored another patron. Hock was beaten for the incident, and repeatedly told he was just a dumb monster. The owner of the circus decided to treat him like any other overly aggressive bull- he was held down and castrated.

The castration did have an effect on Hock, but not the desired one. Resentment and hatred began to grow in his heart, and he began plotting his revenge.

He stashed a scrap of metal that had been thrown at him and fashioned a key for his cage. Once he was able to get the lock open, he waited. Finally he was alone with the owner of the circus.  Leaping from the cage and pinning the owner, Hock muffled the screams.

“So, I’m just a monster? A stupid, violent monster? You haven’t seen violence- you haven’t felt violence,” and with that Hock grabbed the owners arm with his free hand and wretched the owner’s arm loose at the shoulder. Blood stained hock’s filthy white coat.

Hock sat on the owner’s chest, staring him in the face as the life drained out through his axillary artery. When the Struggle stopped, Hock looked up. A small group had surrounded him.

“Years I’ve been tormented by him- by you,” he said, casting an incriminating finger. “You say I’m a monster? Let’s see how much of a monster I can be.”

The massacre was over quickly. No one survived beyond Hock. When the local authorities captured him, he was filthy, unkempt, and covered in blood. His trial was short, and he was sentenced to death. It was only through the intervention of a duke that Hock survived.

“They say that you murdered a circus. Is that true?” a man asked Hock as he sat in his cage, awaiting the executioner’s axe. Hock shrugged. “They say you ate them,” he asked. Hock just stared ahead, ignoring the man. ”Why did you kill them?” he asked finally.

“For fun,” Hock answered, attempting to rattle the man. Instead, the man smiled. “Want to do it again?”

From there, was taken to the Duke’s lands and trained as a gladiator, quickly rising through the ranks and gaining a reputation as a vile demon in the arena. While he favored a battle axe and heavy crossbow, it was his appetite that earned him a reputation. Rather than killing opponents, he’d bite their fingers off so they could no longer hold a weapon. His foul smell and bloodstained visage reinforced the image that he broadcast, which he furthered through his arena persona.

His reputation for “breaking the arena wall” earned his performances the attention of dignitaries. At one point, he left the arena to take a visiting prince’s personal folding chair (the prince was too good to sit on soiled commoner seating), and bludgeon his opponent with it. The prince was so amused to be part of the show, he let Hock keep the chair.

As with all good things, Hock’s reign in the arena came to an end. No one knows for sure what happened, but the Duke was left dead with Hock nowhere to be found.  He was last seen boarding a ship, trying to leave his monstrous reputation behind him…

Warren Myers : play to people’s fantasies – law 32 – #48laws by robert greene

March 27, 2014 12:18 PM

Law 32

The truth is often avoided because it is ugly and unpleasant. Never appeal to truth and reality unless you are prepared for the anger that comes from disenchantment. Life is so harsh and distressing that people who can manufacture romance or conjure up fantasy are like oases in the desert: Everyone flocks to them. There is great power in tapping into the fantasies of the masses. –Robert Greene, The 48 Laws of Power (review)

Warren Myers : never run out of dry erase markers

March 25, 2014 07:40 PM

They always go dead when you need them most – so stock up.

Especially at employee personal whiteboard, meeting rooms, and class rooms.

Mark Turner : Saffron Technology moving headquarters to Silicon Valley after raising $7 million | Technology |

March 24, 2014 09:13 PM

As if to prove my earlier point, the N&O reports local startup Saffron Technology is packing up for the West Coast – not for more favorable taxes but for the West Coast’s “wealth of talent.”

Wrong again, governor.

Saffron Technology, a homegrown big data analytics software company, plans to shift its headquarters from Cary to the Silicon Valley after raising $7 million in new funding.

Despite the move, CEO Gayle Sheppard said she expects the company’s 12-person Cary office to double in size by the end of the year. That would keep pace with the growth of the overall company, which she anticipates swelling from 20 to 40 employees in 2014 thanks to the new round of funding.

“We should not think of this as leaving Cary behind by any means,” Sheppard said. “I see that operation as an important part of our future. Terrific talent there.”

Nonetheless, Sheppard said that moving Saffron’s headquarters to Silicon Valley was designed to help it recruit the “wealth of talent” on the West Coast.

via Saffron Technology moving headquarters to Silicon Valley after raising $7 million | Technology |

Mark Turner : Physicists, Generals And CEOs Agree: Ditch The PowerPoint : All Tech Considered : NPR

March 24, 2014 08:47 PM

NPR discusses organizations which have banned PowerPoint presentations. Here’s a pro tip: if your audience is tuning out your presentation, you’re doing it wrong. (Here’s how to do it right.)

About six months ago, a group of physicists in the U.S. working on the Large Hadron Collider addressed a problem they’ve been having for a while: Whenever they had meetings, everyone stuck to the prepared slides and couldn’t really answer questions that weren’t immediately relevant to what was on the screen.The point of the forum is to start discussions, so the physicists — from then on, they could only use a board and a marker.

"The use of the PowerPoint slides was acting as a straitjacket to discussion," says Andrew Askew, an assistant professor of physics at Florida State University and one of the organizers of the forum at the Fermi National Accelerator Laboratory in Illinois.He says it was as if "we removed the PowerPoint slide, and like a big glass barrier was removed between the speaker and the audience."

The communication became a lot more two-way instead of just the speaker speaking at length for 15, 20 minutes. The audience really started to come alive, to look up from their laptop computers and actually start participating in the discussion, which is what we were really trying to foster."

via Physicists, Generals And CEOs Agree: Ditch The PowerPoint : All Tech Considered : NPR.

Mark Turner : Frank Street Sidewalk City Council Petition

March 24, 2014 05:34 PM


The Raleigh City Council needs to hear from YOU about the Frank Street Sidewalk!

Mark your calendar for Tuesday, April 1st at 7 PM and express your support for a sidewalk along Frank Street from Norris to Brookside!

Don’t know what to say? You don’t have to speak! You can support the sidewalk just by being there!

The meeting will take place in Council Chambers of the Raleigh Municipal Building, 222 W. Hargett Street, Raleigh. Parking is available in the city deck on W. Morgan Street between Dawson Street. and McDowell Street.

Questions? Contact Mark Turner at 919.741.6329

Warren Myers : integrisure – the business that never was

March 24, 2014 12:13 PM

For a long time I have been interested in real, actual, legitimate security. I am not a fan of the widespread use of security theater in our “post-9/11 world”, as Bruce Schneier calls it.

Integrisure was supposed to be a real-world pentesting of “secure” facilities, a la Sneakers. In late 2000 / early 2001, I was working on a business plan and the initial legwork to find out what licensing, certificationss, etc I would need to do security testing at locations like airports.

Integrisure never happened. You can’t google it (well, ok – you can google it now: but you’ll only find this blog post and a bunch of unrelated businesses).

The basic business plan was as follows:

  • establish contacts among management and security directors at various business and government facilities
  • establish time ranges when we can arrive onsite
  • using a team of known, documented, anonymous-looking individuals, find holes in security environments
  • using always non-destructive means, attempt to tail-gate, leave “suspicious” items in conspicuous and inconspicuous locations, gain access to authorized zones, etc
  • have plausible stories pre-built if anyone was “caught”
  • report the results of our simulated attack, including all positives as well as issues, and provide consulting to our client “target” on how they could improve their physical security

More detailed aspects of the planned business were discussed, and written down, between myself and a couple of other folks who wanted to start with me.

We had a start date planned: we would form the company in Jan 2002 (so our fiscal year would align with the calendar year). We had several initial employee/contractors identified – some current or former military members, technical folks, and others.

I had even contacted a couple local companies that did security guard services to see if this was something they would either like to offer as a service, or would help participate in coordinating with their contacts.

Life was looking good. I graduated in May 2001 with my AAS, had some solid job prospects in computer programming and IT work, and was lining-up who I expected would be a great team to start Integrisure’s activities.

Then 9/11 happened.

Airport “security” was federalized, my two front-running programming/IT jobs went on hold and/or laid people off (most of their customers were in downtown Manhattan), and suddenly private companies checking for holes in security were not going to fly. (Especially at airports! :) )

Eric Christensen : Fedora Docs’ FAD 2014

March 24, 2014 03:59 AM

It’s good to get a team together, face-to-face, that usually only meets virtually via IRC on occasion.  The Fedora Docs Project team recently had such an opportunity when they met in the Red Hat offices in Raleigh and Brno.  Linked by a video teleconference, the two groups converged to discuss new work-flows for Publican 4, hacking on some guides, discussing management issues, and working to get the new Docs website built and configured.  Here are some of the highlights of the event:

Work-flow update for Publican 4

The release of Fedora 20 also saw the release of Publican 4.  Publican 4 isn’t quite backwards compatible with the Publican 2 we were using so an update to our work-flow was necessary.  We’ve also made it to a point in our work where using the old web.git repo for publishing just isn’t working any longer.  The new way of publishing involves using Koji to build our documents in RPMs and place them safely into a repository where they can be grabbed by our backend server and be published to the world.  This change not only represents new commands but also a different mindset to publishing.  The new procedures were documented and tested so we’ll be able to start utilizing these as soon as our backend server gets fixed.

Guides hacked upon

You know those guides that seem to languish?  Yeah, I’ve got a few of those.  I did spend some time working on a few guides that will hopefully go live for Fedora 20 or 21.

Accessibility Guide

The Accessibility Guide has really taken a backseat in recent releases.  I’m not sure much has changed for many users but it’s good to keep the document current for any new users that may require a little assistance in making their computer work for them.  I was able to take a lot of stuff out of the guide, mostly GNOME packages that are no longer in Fedora and add a couple of packages I found for KDE.  I’m hoping I can do a better review of what’s available in Fedora before Fedora 21 comes around.

Amateur Radio Guide

I finally got around to adding CQRLOG to the guide.  I really love CQRLOG as a logging program so I’m happy to share some of that information with other amateur radio operators that come to Fedora looking for a FOSS solution for their radio activities.  John made a few additions as well so I suspect the next release will have some added goodness that people should find helpful.

Documentation Guide

This is where I spent most of my time working.  The style guide was moved from the wiki into the guide and other useful information was added as well.

Jargon Guide

This guide has never really seen the light of day.  This is due to the fact that translations of this guide would be nearly useless as they wouldn’t be in any particular order.  Publican 4 fixes this long-standing bug and so I, once again, have hope to publish this book.

Security Guide

Yeah, there’s always some hacking on the security guide when I’m around.  This time there was some testing of the new Yubikey Neo and getting them to do tricks inside Fedora.

New backend server

Jared worked very diligently to create a new backend server.  Unfortunately the documentation was lacking and so we weren’t able to complete the build.  Work continues on this effort.

Videos of the FAD

Because most of the event took place over our video chat you can watch the videos from the meeting: Friday, Saturday, and Sunday.