Watching Peter Pan from the Milwaukee Ballet Company – Good end to the day
[ Planet TriLUG ]
Watching Peter Pan from the Milwaukee Ballet Company – Good end to the day
Mowed the lawn, cleaned my portion of the house. Vacation days are hard work!
Last week I was booking a flight for my upcoming business trip to California when I discovered to my surprise that Southwest Airlines, long my airline of choice, offered fares twice as expensive as the lowest airfare. My company’s travel booking system actually wouldn’t let me book a Southwest flight because it was too expensive. I never thought I would ever get in trouble with my boss for booking Southwest, but it’s reached that point.
We’re on the road today to New York City by way of bus from DC. The bus is less than a year old, it’s quiet, clean, comfortable, and there are AC power outlets under each seat. Free WiFi, too, and we can make mobile calls anytime we want. I didn’t know what to expect when we began talking about a bus trip but I’ve been pleasantly surprised.
Putting these two ideas together, I mused to Kelly how perhaps these bus lines owe at least part of their renewed success to Southwest’s decision not to be the “bus of the skies” any more. Or perhaps travelers have simply gotten fed up with the unbelieveable hassle of air travel and have sought out more civilized means of travel.
Yes, I’d never thought I’d say it but traveling by bus may be more prefreable than travel by air. Are the high-flying days of air travel over?
Interesting “upgrade” from @linode — “vCPUs go from 8 vCPUs → 2 vCPUs”
Someone needs to start a business selling print-at-home furniture/home-improvement plans that include parts lists (and, ideally, costs) from their local Lowes / Home Depot / TrueValue / Ace / etc.
Most folks who want to tackle small projects don’t want to buy books or magazines that may (or may not) include what they’re interested in – but which will definitely include loads of stuff they’re not.
Having a simple webstore that offered complete build instructions, parts lists, and approximate costs (both dollars and time) would be awesome.
I’m thinking something like an on-demand version of eMeals, but for your workshop.
This is an incomplete discussion of SSL/TLS authentication and encryption. This post only goes into RSA and does not discuss DHE, PFS, elliptical, or other mechanisms.
In a previous post I created an 15,360-bit RSA key and timed how long it took to create the key. Some may have thought that was some sort of stunt to check processor speed. I mean, who needs an RSA key of such strength? Well, it turns out that if you actually need 256 bits of security then you’ll actually need an RSA key of this size.
According to NIST (SP 800-57, Part 1, Rev 3), to achieve 256 bits of security you need an RSA key of at least 15,360 bits to protect the symmetric 256-bit cipher that’s being used to secure the communications (SSL/TLS). So what does the new industry-standard RSA key size of 2048 bits buy you? According to the same document that 2048-bit key buys you 112 bits of security. Increasing the bit strength to 3072 will bring you up to the 128 bits that most people expect to be the minimum protection. And this is assuming that the certificate and the certificate chain are all signed using a SHA-2 algorithm (SHA-1 only gets you 80 bits of security when used for digital signatures and hashes).
So what does this mean for those websites running AES-256 or CAMELLIA-256 ciphers? They are likely wasting processor cycles and not adding to the overall security of the circuit. I’ll make two examples of TLS implementations in the wild.
First, we’ll look at wordpress.com. This website is protected using a 2048-bit RSA certificate, signed using SHA256, and using AES-128 cipher. This represents 112 bits of security because of the limitation of the 2048-bit key. The certificate is properly chained back to the GoDaddy CA which has a root and intermediate certificates that are all 2048 bits and signed using SHA-256. Even though there is a reduced security when using the 2048-bit key, it’s likely more efficient to use the AES-128 cipher than any other due to chip accelerations that are typically found in computers now days.
Next we’ll look at one of my domains: christensenplace.us. This website is protected using a 2048-bit RSA certifcate, signed using SHA-1, and using CAMELLIA-256 cipher. This represents 80 bits of security due to the limitation of the SHA-1 signature used on the certificate and the CA and intermediate certificates from AddTrust and COMODO CA. My hosting company uses both the RC4 cipher and the CAMELLIA-256 cipher. In this case the CAMELLIA-256 cipher is a waste of processor since the certificates used aren’t nearly strong enough to support such encryption. I block RC4 in my browser as RC4 is no longer recommended to protect anything. I’m not really sure exactly how much security you’ll get from using RC4 but I suspect it’s less than SHA-1.
So what to do? Well, if system administrators are concerned with performance then using a 128-bit cipher (like AES-128) is a good idea. For those that are concerned with security, using a 3072-bit RSA key (at a minimum) will give you 128 bits of security. If you feel you need more bits of security than 128 then generating a solid, large RSA key is the first step. Deciding how many bits of security you need all depends on how long you want the information to be secure. But that’s a post for another day.
I first came across Why Nations Fail at my local Half Price Books. After seeing it on the shelves a couple times, but still being unsure about whether I really wanted to read it or not, I reserved it at my local library.
Now I wish I had bought it (and likely will) – Daron Acemoglu & James A Robinson, while sometimes slipping into an academic, journalistic tone, present a fantastic historical, economic, cultural, and international view into the similarities, and differences, of “national” failures around the world over the last several centuries.
They spend a great deal of time expounding on the differences of countries that succeed and those that don’t – and offer insights into how failing nations could, potentially, turn themselves around.
Interestingly, the factors that play-into national success and failure are similar throughout history – critical junctures, inclusive/pluralistic political and economic environments vs extractive/exclusive political and economic structures, empowered citizenries, overbearing rulers, literacy, economic incentives (positive and negative), etc.
The Iron Law of Oligarchy:
the overthrow of a regime presiding over extractive institutions heralds the arrival of a new set of masters to exploit the same set of pernicious extractive institutions (p366)
My recommendation? Buy it. Read it. Share it. The background and conclusions this book presents and reaches should be required reading for anyone who wants to see their nation “do better” – politicians, businessmen, citizens, NGOs: all would benefit from applying what is demonstrated in this excellent work.
Well, that didn’t take long. No sooner did I complain about a glaring error in the Sunday Midtown Raleigh News that I found an big error in today’s print edition. A story about the opening of the newly-renovated Terminal 1 at RDU Airport carried a headline referencing Terminal 2. This wasn’t a long, wonky story but one maybe ten paragraphs long, so there’s no excuse for the editor not being able to quickly scan the story and see which terminal was being discussed.
Sloppy, sloppy, sloppy. Come on, N&O. Get it together!
1.44 inches of rain at the homestead yesterday. On the lookout for sparkly vampires.
As I mentioned, the Turners are on the move again. And, as usual, we’re all headed in different directions, at least initially.
Hallie left for school at 4 AM for her bus trip to New York City, where she and her fellow Ligon Middle School orchestra members will play Carnegie Hall Saturday night. An hour later, Kelly took Travis to his Conn Elementary school field trip to Fort Fisher. I’m staying here for work before heading to a fundraiser for Kay Hagan this evening.
Thursday night, Kelly, Travis, and I will travel to Kelly’s parents’ home (leaving the Rottweilers to guard the home while we’re away, of course). Friday morning we’ll head to DC to hop a bus which will take us to New York. We’ll stay long enough to watch Hallie’s performance before taking the bus back home.
Oh, and the following week I travel to Sacramento for work: the first business travel I’ve taken in a while. Should be fun.
Today began for me much the same way it did that Saturday morning exactly three years ago. Then, as now, it was just the dog and me at home while Kelly and the kids were on the road.
Fortunately the similarities end there. This morning’s weather is clear, breezy and very chilly at 34 degrees F with no signs of any tornadoes. In fact, one of the last … er, signs of the tornado in my neighborhood was removed recently. Up until a few weeks ago, a “No Parking” sign stood outside St. Aug’s on a steel post that was twisted almost completely around, a daily reminder of the jaw-dropping power of violent wind.
Sadly, a day before I was to take a picture of it the city replaced the post and sign. Don’t know if I should be sad I missed it or happy the public works department is so on top of things. At any rate, life in East Raleigh is back to normal now.
Thursday marks my second week at the new job and, boy, what a difference it is from my last job! I actually have fun at work. No one micromanages me, no stupid mind games are being played. People don’t come into work seemingly to delight in making someone else’s day miserable. Night and day.
Two weeks into my job and I’ve already earned the trust of my colleagues. I’ve already jumped in and begun solving problems. I’ve even offered house-hunting advice to those new to Raleigh. It feels awesome to work someplace that appreciates my contributions.
Above is a photo I took of my team last week. Looks like a fun group, doesn’t it?
Good password-choosing advice from Lifehacker. Bottom line: if you can remember your password it isn’t good enough.
Our passwords are much less secure than they were just a few years ago, thanks to faster hardware and new techniques used by password crackers. Ars Technica explains that inexpensive graphics processors enable password-cracking programs to try billions of password combinations in a second; what would have taken years to crack now may take only months or maybe days.
Making matters much worse is hackers know a lot more about our passwords than they used to. All the recent password leaks have helped hackers identify the patterns we use when creating passwords, so hackers can now use rules and algorithms to crack passwords more quickly than they could through simple common-word attacks.
In about ten minutes, a group of people will converge on the entrance to the Walnut Creek Greenway near the Worthdale Community Center. They will wait around in the rain until they become bored for a dedication ceremony that has come and gone, and sloppy editing on the part of the News and Observer is to blame.
Sunday’s Midtown Raleigh News carried a front-page story on the greenway dedication, stating the ceremony would occur Tuesday at 4 PM. The problem is that the ceremony took place last week. The story was correct when it ran a week earlier in the N&O but somehow it landed in Sunday’s Midtown edition without being updated to show the ceremony already took place.
I love the N&O’s spotlight of Raleigh’s parks. I called for more coverage in the past and still think Raleigh citizens value their parks highly enough (and they have invested enough in them ) for parks to merit media coverage. That said, inaccurate coverage might do more harm than no coverage at all.
I wish the N&O would work just a little bit harder on fact-checking its local coverage.
Part 2 of 5 in my condensed reprint of Inc’s article, “35 Great Questions” from the April 2014 issue. (part 1)
Paul Graham asserts that startup ideas aren’t what’s important – and, in fact, think you need an “idea” is a major roadblock.
Convert your thinking from “idea” to “question”, and you have a potential curiosity to explore, tweak, develop, and deliver.
Your best work is going to come when you’ve thought about the problem but didn’t know you were thinking about it.
to “compete” with others.
There are great reasons to blog – but there are also lousy ones to do it.
If you’re writing because you’re trying to ‘keep up with the Joneses’, so to speak, you’re doing it wrong.
Don’t blog because others do. Don’t blog because others do it better. Blog because you want to. Blog because you have something to say. Blog to learn.
But don’t blog to compete. It’s a game you’ll never “win”.
Part 1 of 5 in my condensed reprint of Inc’s article, “35 Great Questions” from the April 2014 issue.
You see stories like this one, and you wonder how Facebook is continuing to make it. So many people I know are either leaving, or reducing their involvement (including myself), that is seems it is destined to be the next MySpace.
Over the past couple years, I have seen companies advertise themselves by giving links like facebook.com/MyCompany. When it’s in addition to you “real” website (MyCompany.com), that’s not a bad thing.
But when it’s the only outlet you give people to interact with you? You’re outsourcing your business to someone else, and hoping they don’t screw you over.
That doesn’t seem to smart to me.
I understand Facebook needs to make money – they are a business, and not a charity (and even if they were the latter, they still need to pay for electricity, engineers, and equipment). But I think that the pure advertising model is not as lucrative as it once was.
Which makes me wonder how successful a subscription-based social network could be: call it something nominal – maybe $10-20 a year, but give users much fuller control over their “experience”: a mashup of MySpace’s crazy customizability, Facebook’s interface, and LinkedIn’s professionalism.
It’s a thought. Anyone want to build one with me?
While many news outlets were blathering on about the end of life for Windows XP, a huge hole in OpenSSL was discovered. OpenSSL secures a huge percentage of the Internet, meaning many of the sites you use have had their security compromised.
These revelations, while painful, are very much necessary to create a more secure Internet.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging IM and some virtual private networks VPNs.The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
via Heartbleed Bug.
Bonus link: Bruce Schneier on the Heartbleed bug.
The Food and Drug Administration is cracking down on the fake honey claims in some foods. Looks like I got my wish!
Have you been duped by a honey poser?
Companies have been selling sugary, sticky honey blends on grocery store shelves for years, adding syrups or sweeteners not made naturally by bees, but hiding their fraud on the packaging under the label “honey.” This food fraud also applies to foods that list “honey” as an ingredient. You might not be getting the real thing.
The Food and Drug Administration issued new guidelines Tuesday that will require companies to label any honey that is not pure, or even food containing this honey, with “blend of sugar and honey” or “blend of honey and corn syrup,” depending on the ingredients. This policy change is the result of organizations like the American Beekeeping Federation and other honey associations petitioning against the common food industry practice of misrepresenting “pure honey.”
But this article is kinda ridiculous: “The Eight Best Industries for Starting a Business.”
By the time an industry has landed on a list like this, the odds that you’re really going to be able to capitalize on it are super slim. There’s nothing “wrong” with starting a business in any of those industries – but you shouldn’t pick an industry because it’s “hot”; you should start your business in the industry you know and are ready to compete in.
If you’re already running a business, perhaps expanding your market reach into some of these “hot” industries is a good idea – and perhaps not. Make sure you are solving problems and delivering solutions.
The rest is gravy.
Sidebar – if you’re relying on mass-market publications like Inc to do your business research, you’re doing it wrong.
Now that I’m in a new job, Kelly and I spent some time this evening picking out a healthcare plan. Wading through a lot of boring-as-shit details boiled it down to the plain fact that insurance companies suck even more than they used to.
What kept popping up is this whole idea of “coinsurance.” Who came up with that? Basically if you get hit by a bus and the bills top $1 million, your broken, tire-track-covered ass is on the hook for $200,000. And that’s with insurance! “With friends like these,” right?
Healthcare is still broken and the industry is still playing everyone for suckers. If there’s ever a market that is screaming for more regulation – the kind with real teeth that stands up to these kinds of horseshit shell games that are still being played – healthcare is it.
Oh, and my opinion of UnitedHealthcare hasn’t improved any, either.
Unfortunately it appears that getting WordPress going in IPv6 is a constant undertaking. Primary causes?
WordPress domains don’t support IPv6. And my DNS provider doesn’t fully support IPv6 at their DNS server (I can add AAAA records, but you can’t access the NS via IPv6).
So I end up having to create a few /etc/hosts entries to get plug-in updates and reference urls to work within WordPress. Additionally, pure IPv6 hosts would never be able to reach my domain because of lack of IPv6 at my DNS provider.
So if you are going this route, be ready to handhold your site for a while.
I am the [proud] holder of subscriptions to several magazines.
However – I’ve discovered that I just don’t care about most of what is any given issue; there are times when more than half of the magazine is of interest, but usually it’s substantially closer to 10% (excluding ads – include them, and you’re probably down to 5-6%).
It’d be awesome if there was a way of getting a print analogue to an RSS aggregator – in fact, if you know of any, please let me know!
But since there’s not, I’ve adopted fairly-stringent policy of recycling magazines that show up in my mailbox if I don’t get to them within 2 weeks: and if somehow I miss that deadline, they definitely get scrapped when the new issue arrives.
The only time I will read an out-of-date magazine is when I’m waiting in a doctor’s or dentist’s office, or at the oil change place. There’s just no reason to read “news” and “insights” that old when you can still get them digitally from the magazine websites within days of the print copy arriving in your mailbox.
What is this purple flowered plant which is taking over NC? http://t.co/zAxxnDvCRP
First lawn mowing of the season complete. Least I am caught up on @TalkinBirds episodes – 7300 steps
This CNBC story caused quite a bit of discussion on my Facebook wall this week. In short, Americans don’t take all the time off they can, and many don’t even take any.
There seem to be a variety of issues at play in this discussion; some of the highlights of the thread:
“what if Americans enjoy their jobs more than anyone else, and so don’t want to take more breaks?” –CF
“what if Americans are more scared of losing their jobs while being on vacation, and instead work more tired, more stressed, and less effectively than their counterparts in other parts of the developed world” –me
“You don’t realize that you’re “working for something” if you don’t get to have time to enjoy that for which you’ve worked.” –MS
So what think ye?
Along the difficulties of initially building a good group/community, comes the hassles of managing said [virtual] community – especially on the book of the face.
Something both of us have noticed is the ridiculous spam problem Facebook groups have developed over the past 1-2 years. It’s not a new problem, of course – Stack Overflow has had problems since very early on, too: they printed A Theory of Moderation to outline the issues they were seeing, and how they planned to handle it.
The real problem at the root of all the spam lies, though, not in technology, but in people.
Even with active community self-regulation, moderators occasionally need to intervene. Moderators are human exception handlers, there to deal with those (hopefully rare) exceptional conditions that should not normally happen, but when they do, they can bring your entire community to a screaming halt - if you don’t have human exception handling in place.
Spam doesn’t arise on its own – it’s all developed by people. Until the people problem of spam can be addressed, it will continue. Sadly, technology, in and of itself, cannot deal with the people problem.
So instead we have human admins and moderators whose [typically volunteer] job is to ensure that the communit[y|ies] keeps to a general standard, as defined by the community itself. By assuming technology could be made that would fix the problem, we’re asking the wrong question: human behavior needs to be addressed and improved; while technology is wonderful and can aid in the process, it is no panacea.
Encouragements for moderation teams can come in the form of gamification (the SO model), community accolade, or just the individual admin’s personal satisfaction.
The drawback is that this task can become so overwhelming at times and in places that it those tasked with caring for the community, when the community itself won’t do anything about the problem(s), give up because they adopt the view that it’s everyone’s problem, and presume that since it is everyone’s problem, it’s not “theirs”.
What are the solutions to these issues? I can think of a few – but many remain yet unanswered:
I am sure there are many many more items that can be added to this list. But this is the starting point for every successfully-maintained community I’ve ever seen.
What others would you add, or what would you change?
Learning that each registrant would be allowed just one guest, I got Kelly to join in my ticket quest. When that moment arrived – the second it arrived – Kelly and I were madly refreshing our browsers, waiting for a link to register for tickets. Somehow the stars aligned and both of us managed to put our names in the hat before the ticket window closed within three minutes!
The stars aligned again this evening for the event. Today was my first day at my new job on Centennial Campus, so I had a short walk from my office building to the Hunt Library. Kelly, however, was picking up the kids from Farmville, VA, and rolled into the library perhaps 30 seconds before the audience began to file into the auditorium.
I had attended a presentation in the auditorium a week prior, so I was familiar with the layout. Rather than follow the crowd down the right aisle, I led the family down the open left aisle, parking us on the very first row in front of the speaker podium! Another lucky break, though they say that fortune favors the prepared!
Dr. Tyson didn’t disappoint. He walked right by us on his way onstage, pausing a moment to high-five both kids! He also spent some time during his talk to interact with the kids, asking Hallie how old she was and taking a cue from Travis on another point. Kelly and I vigorously protested with Dr. Tyson told the kids that we as their parents actually don’t know everything. Hey, keep that to yourself, Neil!
The talk was lengthy and insightful, though the talk went on too long for questions to be taken from the audience. That’s a shame as I had thought for days what I might ask him and didn’t get the chance. It was disappointing but perhaps I’ll get another chance.
Being on the front row was less of an advantage for us when it came time to move to the reception upstairs. We had to wait while the rest of the auditorium exited above us. By the time we reached the auditorium, Dr. Tyson was surrounded by a crowd of fans, not giving us much of a chance for the kids to say hello to him.
Soon we saw him being gently nudged towards the door. The kids’ disappointment was mounting as they asked us “is he just going to leave?” While Kelly took things out of my hand, I directed the kids towards Dr. Tyson as he walked out into the hallway. Fortunately, he recognized his Front Row Buddies and paused for a few photos, goosing the kids comically in the last one. As my friend Guus commented on Facebook commented, it is a photo they will treasure for decades.
We all had a wonderful time this evening. I’m especially happy that our science-loving kids got a chance to meet such an influential scientist like Dr. Tyson. Perhaps this encounter will prompt them to pursue careers in science, or at least making the world a better place.
LEX>>FWD is meeting tonight at West Sixth Brewery in Lexington at 5:30p.
The topic is scheduled to be “source control and specifically differences between distributed and centralized”.
If you’re int he Lexington area this evening, come join us.
I recently found The Seven Stages of Expertise in Software Engineering.
- Stage 1: Innocent
- barely knowledgeable if at all
- Stage 2: Exposed
- seeking knowledge
- Stage 3: Apprentice
- has read case studies and tries to apply those techniques
- Stage 4: Practitioner
- can actually apply concepts learned in one context to a not-identical context
- Stage 5: Journeyman
- professional understanding and application of the field; can mentor
- Stage 6: Master
- moved from “whats” and “hows” to “whys”; can mentor very effectively
- Stage 7: Researcher
- the teacher, presenter, mentor, speaker, evangelist, writer, authority
Presented firstly in the humorous guise of The Seven Stages of Expertise in Bear Hunting, Meilir Page-Jones makes a highly-compelling case for progressive advancement in [nearly] any field.
Some of the ideas seem similar to what Malcolm Gladwell brings in Outliers (review) or Robert Greene does in Mastery (review). Which seems to only lend more credence to those other works, given that this article is © 1998.
After years of using caff for my PGP key-signing needs I finally come across the answer to a question I’ve had since the beginning. I document it here so that I may keep my sanity next time I go searching for the information.
My question was “how do you make a specific certification in a signature?”. As defined in RFC 1991, section 6.2.1, the four types of certifications are:
<10> - public key packet and user ID packet, generic certification ("I think this key was created by this user, but I won't say how sure I am") <11> - public key packet and user ID packet, persona certification ("This key was created by someone who has told me that he is this user") (#) <12> - public key packet and user ID packet, casual certification ("This key was created by someone who I believe, after casual verification, to be this user") (#) <13> - public key packet and user ID packet, positive certification ("This key was created by someone who I believe, after heavy-duty identification such as picture ID, to be this user") (#)
Generally speaking, the default settings in caff only provide the first level “generic” certification. Tonight I found information specific to ~/.caff/gnupghome/gpg.conf. This file can contain, as far as I know, can contain three lines:
I can’t find any official information on this file as the man pages are a little slim on details. That said, if you use caff you should definitely create this file and populate it with the above at a minimum with the exception of the default-cert-level. The default-cert-level should be whatever you feel comfortable setting this as. My default is “2″ for key signing parties (after I’ve inspected an “official” identification card and/or passport). The other two settings are important as they provide assurances of using a decent SHA-2 hash instead of the default
In follow-up to a recent blog post shared to me by my friend Steven, thinking about my aunt’s old practices, and comments from my wife and another friend, I’m engaging in a “consumptive”/”reactive” reading experiment wherein I am going to do something I haven’t done in a non-workbook book since my time at HVCC – I’m going to try writing in a book.
Wish me luck. I’ll report back when I’ve completed at least one of the books in the experiment.
“Books are made to be broken–literally or figuratively. I recently bought a 80+ year old book for $76 (a rare book called If It Had Happened Otherwise). I took special pleasure folding the pages and writing on them. It’s mine, why treat it like a delicate flower?” –Ryan Holiday
Note for next time- If I ever need to invert the alpha and black on 40+ layer images, this script-fu will do the trick in gimp.
(define (get-all-real-layers image) (define (get-children group) (let loop ((children (vector->list (cadr (gimp-item-get-children group)))) (sub-layers '()) ) (if (null? children) (reverse sub-layers) (loop (cdr children) (if (zero? (car (gimp-item-is-group (car children)))) (cons (car children) sub-layers) (append sub-layers (get-children (car children))) ))))) (let loop ((top-layers (vector->list (cadr (gimp-image-get-layers image)))) (all-layers '()) ) (if (null? top-layers) all-layers (loop (cdr top-layers) (if (zero? (car (gimp-item-is-group (car top-layers)))) (append all-layers (list (car top-layers))) (append all-layers (get-children (car top-layers)))) )))) (map (lambda (layer) (gimp-image-select-item image CHANNEL-OP-REPLACE layer) (gimp-drawable-fill layer FOREGROUND-FILL) (gimp-edit-clear layer) ) (get-all-real-layers image) )
Big thanks to saul on irc.gimp.net for this snippet.
A number of my friends who use Yahoo.com email addresses have been frustrated by spam emails that appear to be sent through their accounts. A look at the actual email headers reveals the emails do not actually originate from Yahoo:
X-Original-To: Mark Turner
Delivered-To: Mark Turner
Received: from smtprelay.b.hostedemail.com (smtprelay0206.b.hostedemail.com [184.108.40.206])
by maestro.markturner.net (Postfix) with ESMTP id 9E6FEC81102
for Mark Turner; Sat, 29 Mar 2014 05:13:05 -0400 (EDT)
Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254])
by smtprelay01.b.hostedemail.com (Postfix) with ESMTP id 9EE0D2D2A15;
Sat, 29 Mar 2014 09:13:06 +0000 (UTC)
Received: from bex.net (unknown [220.127.116.11])
(Authenticated sender: Shawood@bex.net)
by omf06.b.hostedemail.com (Postfix) with ESMTPA;
Sat, 29 Mar 2014 09:12:55 +0000 (UTC)
From: Yahoo User firstname.lastname@example.org
… but the damage is done. Many of my friends who use Yahoo for mail are bailing on it.
My guess is that the hackers may have compromised Yahoo’s email systems long enough to grab the contact lists of its users. Yahoo could have tightened up its security in the meantime, but the proverbial horse is now out of the barn. Hackers can continue to masquerade as Yahoo.com email users.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
I don’t have my mail server set up to parse this kind of header. Neither, apparently, does Gmail, as it still passes these bogus emails along as if they were legitimate. Yahoo could do as Gmail does and easily add an SPF record to its DNS zones to cut down on the bogus email and such an SPF record could complement its DKIM strategy. Instead, Yahoo leaves its email users vulnerable to faked emails, resulting in compromised computers and angry users (and subsequently, more Gmail customers).
It seems that Yahoo excels at taking a good idea and totally screwing it up.
I just heard that a certain open-source software company based in downtown Raleigh sometimes takes six months from when it gets a job applicant to actually hire that applicant. That’s crazy. How can a company think that a top job applicant has that kind of time to spend for a potential employer to get their act together? What makes a company think that an applicant is still going to be around six months later?
I spent three months between losing my job and getting a job offer and you know what? It sucked. It was three months of suck. When someone wants to make a move, they often don’t have the luxury of spending half a year for a potential employer to get going. I appreciate being thorough and making sure things are a good fit, of course, but six months is an insult to any job applicant.
I contrast this with my most recent job search, where the HR “talent acquisition team” always responded promptly to my questions and treated me as if I was important to them. That’s the way it should be done. Any company that doesn’t make a priority of hiring good people will soon find itself in trouble.
I think a lot about previous characters I’ve created. One of the older chracters that I recall is Hock, a foul anti-hero who under other circumstances, would be a villain. While the description “Carnivorous castrated albino minotaur with hygiene issues and a wrestling fetish,” is a fairly accurate depiction of him, I feel the need to flesh him out and explain his tragedy.
Hock should be dead. Not because of the countless people he has murdered over the years; nor for fighting as a gladiator for many years for sport; nor even for murdering his owner, a rich and powerful merchant with many friends.
Hock should be dead because he’s white- albino, specifically. In minotaur tradition, any deformity or variation is seen as impure; when he was born with soft pink skin, red eyes and white hair, it was a death sentence. His father, feeling a twinge of pity, left the newborn hock on the side of the road near a pasture.
Within hours, a nearby farmer heard his cries and brought him in. The farmer was not a rich man, but he knew his luck had changed. Within days, he’d arranged to sell Hock to a travelling circus, where he was raised as any other animal.
Despite his ability to speak, he was never listened to. He was bombarded by rotten food, kept in a cage, and generally neglected. After a particularly nasty guest stabbed him in the thigh through the bars, Hock shot forward and gored another patron. Hock was beaten for the incident, and repeatedly told he was just a dumb monster. The owner of the circus decided to treat him like any other overly aggressive bull- he was held down and castrated.
The castration did have an effect on Hock, but not the desired one. Resentment and hatred began to grow in his heart, and he began plotting his revenge.
He stashed a scrap of metal that had been thrown at him and fashioned a key for his cage. Once he was able to get the lock open, he waited. Finally he was alone with the owner of the circus. Leaping from the cage and pinning the owner, Hock muffled the screams.
“So, I’m just a monster? A stupid, violent monster? You haven’t seen violence- you haven’t felt violence,” and with that Hock grabbed the owners arm with his free hand and wretched the owner’s arm loose at the shoulder. Blood stained hock’s filthy white coat.
Hock sat on the owner’s chest, staring him in the face as the life drained out through his axillary artery. When the Struggle stopped, Hock looked up. A small group had surrounded him.
“Years I’ve been tormented by him- by you,” he said, casting an incriminating finger. “You say I’m a monster? Let’s see how much of a monster I can be.”
The massacre was over quickly. No one survived beyond Hock. When the local authorities captured him, he was filthy, unkempt, and covered in blood. His trial was short, and he was sentenced to death. It was only through the intervention of a duke that Hock survived.
“They say that you murdered a circus. Is that true?” a man asked Hock as he sat in his cage, awaiting the executioner’s axe. Hock shrugged. “They say you ate them,” he asked. Hock just stared ahead, ignoring the man. ”Why did you kill them?” he asked finally.
“For fun,” Hock answered, attempting to rattle the man. Instead, the man smiled. “Want to do it again?”
From there, was taken to the Duke’s lands and trained as a gladiator, quickly rising through the ranks and gaining a reputation as a vile demon in the arena. While he favored a battle axe and heavy crossbow, it was his appetite that earned him a reputation. Rather than killing opponents, he’d bite their fingers off so they could no longer hold a weapon. His foul smell and bloodstained visage reinforced the image that he broadcast, which he furthered through his arena persona.
His reputation for “breaking the arena wall” earned his performances the attention of dignitaries. At one point, he left the arena to take a visiting prince’s personal folding chair (the prince was too good to sit on soiled commoner seating), and bludgeon his opponent with it. The prince was so amused to be part of the show, he let Hock keep the chair.
As with all good things, Hock’s reign in the arena came to an end. No one knows for sure what happened, but the Duke was left dead with Hock nowhere to be found. He was last seen boarding a ship, trying to leave his monstrous reputation behind him…
The truth is often avoided because it is ugly and unpleasant. Never appeal to truth and reality unless you are prepared for the anger that comes from disenchantment. Life is so harsh and distressing that people who can manufacture romance or conjure up fantasy are like oases in the desert: Everyone flocks to them. There is great power in tapping into the fantasies of the masses. –Robert Greene, The 48 Laws of Power (review)
They always go dead when you need them most – so stock up.
Especially at employee personal whiteboard, meeting rooms, and class rooms.
Wrong again, governor.
Saffron Technology, a homegrown big data analytics software company, plans to shift its headquarters from Cary to the Silicon Valley after raising $7 million in new funding.
Despite the move, CEO Gayle Sheppard said she expects the company’s 12-person Cary office to double in size by the end of the year. That would keep pace with the growth of the overall company, which she anticipates swelling from 20 to 40 employees in 2014 thanks to the new round of funding.
“We should not think of this as leaving Cary behind by any means,” Sheppard said. “I see that operation as an important part of our future. Terrific talent there.”
Nonetheless, Sheppard said that moving Saffron’s headquarters to Silicon Valley was designed to help it recruit the “wealth of talent” on the West Coast.
NPR discusses organizations which have banned PowerPoint presentations. Here’s a pro tip: if your audience is tuning out your presentation, you’re doing it wrong. (Here’s how to do it right.)
About six months ago, a group of physicists in the U.S. working on the Large Hadron Collider addressed a problem they’ve been having for a while: Whenever they had meetings, everyone stuck to the prepared slides and couldn’t really answer questions that weren’t immediately relevant to what was on the screen.The point of the forum is to start discussions, so the physicists — from then on, they could only use a board and a marker.
"The use of the PowerPoint slides was acting as a straitjacket to discussion," says Andrew Askew, an assistant professor of physics at Florida State University and one of the organizers of the forum at the Fermi National Accelerator Laboratory in Illinois.He says it was as if "we removed the PowerPoint slide, and like a big glass barrier was removed between the speaker and the audience."
The communication became a lot more two-way instead of just the speaker speaking at length for 15, 20 minutes. The audience really started to come alive, to look up from their laptop computers and actually start participating in the discussion, which is what we were really trying to foster."
FRANK ST. SIDEWALK SAVE THE DATE!
The Raleigh City Council needs to hear from YOU about the Frank Street Sidewalk!
Mark your calendar for Tuesday, April 1st at 7 PM and express your support for a sidewalk along Frank Street from Norris to Brookside!
Don’t know what to say? You don’t have to speak! You can support the sidewalk just by being there!
The meeting will take place in Council Chambers of the Raleigh Municipal Building, 222 W. Hargett Street, Raleigh. Parking is available in the city deck on W. Morgan Street between Dawson Street. and McDowell Street.
Questions? Contact Mark Turner at 919.741.6329
Integrisure was supposed to be a real-world pentesting of “secure” facilities, a la Sneakers. In late 2000 / early 2001, I was working on a business plan and the initial legwork to find out what licensing, certificationss, etc I would need to do security testing at locations like airports.
Integrisure never happened. You can’t google it (well, ok – you can google it now: but you’ll only find this blog post and a bunch of unrelated businesses).
The basic business plan was as follows:
More detailed aspects of the planned business were discussed, and written down, between myself and a couple of other folks who wanted to start with me.
We had a start date planned: we would form the company in Jan 2002 (so our fiscal year would align with the calendar year). We had several initial employee/contractors identified – some current or former military members, technical folks, and others.
I had even contacted a couple local companies that did security guard services to see if this was something they would either like to offer as a service, or would help participate in coordinating with their contacts.
Life was looking good. I graduated in May 2001 with my AAS, had some solid job prospects in computer programming and IT work, and was lining-up who I expected would be a great team to start Integrisure’s activities.
Then 9/11 happened.
Airport “security” was federalized, my two front-running programming/IT jobs went on hold and/or laid people off (most of their customers were in downtown Manhattan), and suddenly private companies checking for holes in security were not going to fly. (Especially at airports! )
It’s good to get a team together, face-to-face, that usually only meets virtually via IRC on occasion. The Fedora Docs Project team recently had such an opportunity when they met in the Red Hat offices in Raleigh and Brno. Linked by a video teleconference, the two groups converged to discuss new work-flows for Publican 4, hacking on some guides, discussing management issues, and working to get the new Docs website built and configured. Here are some of the highlights of the event:
The release of Fedora 20 also saw the release of Publican 4. Publican 4 isn’t quite backwards compatible with the Publican 2 we were using so an update to our work-flow was necessary. We’ve also made it to a point in our work where using the old web.git repo for publishing just isn’t working any longer. The new way of publishing involves using Koji to build our documents in RPMs and place them safely into a repository where they can be grabbed by our backend server and be published to the world. This change not only represents new commands but also a different mindset to publishing. The new procedures were documented and tested so we’ll be able to start utilizing these as soon as our backend server gets fixed.
You know those guides that seem to languish? Yeah, I’ve got a few of those. I did spend some time working on a few guides that will hopefully go live for Fedora 20 or 21.
The Accessibility Guide has really taken a backseat in recent releases. I’m not sure much has changed for many users but it’s good to keep the document current for any new users that may require a little assistance in making their computer work for them. I was able to take a lot of stuff out of the guide, mostly GNOME packages that are no longer in Fedora and add a couple of packages I found for KDE. I’m hoping I can do a better review of what’s available in Fedora before Fedora 21 comes around.
I finally got around to adding CQRLOG to the guide. I really love CQRLOG as a logging program so I’m happy to share some of that information with other amateur radio operators that come to Fedora looking for a FOSS solution for their radio activities. John made a few additions as well so I suspect the next release will have some added goodness that people should find helpful.
This is where I spent most of my time working. The style guide was moved from the wiki into the guide and other useful information was added as well.
This guide has never really seen the light of day. This is due to the fact that translations of this guide would be nearly useless as they wouldn’t be in any particular order. Publican 4 fixes this long-standing bug and so I, once again, have hope to publish this book.
Yeah, there’s always some hacking on the security guide when I’m around. This time there was some testing of the new Yubikey Neo and getting them to do tricks inside Fedora.