June 2006 Archives

I got my first pair of glasses when I was six. I vividly remember walking back into my second-grade classroom after going to the eye doctor to pick them up. TheChild, being much more advanced than her old man, has picked up her first set at the ripe old age of not-quite-four.

TheChild gets glassesTheChild gets glasses
TheChild gets glassesTheChild gets glasses

(I really need to work on my “digital darkroom” workflow. Any pointers for color-ignorant n00bs, O’ Great LazyWeb?)

We’ve mostly missed the effects of the monsoon that’s been wrecking havoc around these parts lately — trying to drive anywhere has been an exercise in patience-building, a tree in the neighborhood exploded due to a lightening strike, and there are currently two Greens trying to get our front yard classified as a protected wetland area, but other that that it’s been life as usual, only slightly damper.

Unfortunately, that run of good luck ended this morning, thanks to a near-bursting earth dam a few miles upstream of TheChild’s day care — the neighborhood it is in has been evacuated, and TheChild and I are going enjoy a day at home instead of a day at work.

It’s bright and sunny outside at the moment, however, so maybe things will get a chance to drain off and dry out and return to what passes for normal in these parts…

(Added later: Meant to mention that I caught that WTOP link from Medley’s furlstream.)

I picked up Perl Hacks at the book store the other day. I’m not going to do an in-depth review, mainly for lack of time — all I will say is that if you’re a reasonably serious Perl programmer (i.e., if at some point somebody has given you money because you knew some Perl) and you’re interested in learning more about it, this is a good use of your thirty bucks. You will get at least that much value back out of it.

For me, the book had paid for itself by the end of the first chapter, by introducing me to Pod::Webserver. This handy little dingus provides a local high-port web server for all the Perl documentation that’s stored on your computer. So, doing some coding on your laptop in a wireless-free zone and want an HTML view into perldoc? Fire this baby up and it’s all clickity-click action. Completely worth thirty smackers, that tip, at least IMO.

Stuff that I think is cool but can’t be bothered to give a whole post for:

*I don’t really wish she was older, of course. She seems to be growing up at just about the right breakneck pace all by herself.

… Mark Pilgrim’s great, snark-filled Essentials 2006, listing his critical pieces of software after switching from Mac OS X to Linux. My faves:

  1. digiKam + Kipi plugins. It’s just like iPhoto except it calls albums “tags”, exports to Flickr for free, exports to HTML that validates, stores my important metadata in a SQLite database, can be operated entirely with a keyboard, and doesn’t suck
  2. amaroK. It’s just like iTunes except it automatically fetches lyrics from Argentina, automatically looks up bands on Wikipedia, automatically identifies songs with MusicBrainz, and its developers are actively working on features that don’t involve pushing DRM-infected crap down my throat.

The M-x yow command (aka Zippy the Pinhead mode) is being removed from Emacs.

(Via a comment on and a small aubergine…, on a post outlining a way to use M-x yow to provide more interesting template boilerplate than the traditional Lorem Ipsum.)

TaskAnyone looks like it could be potentially useful, but $5/month seems steep for something that puts a pretty face on cron and a pile of Template Toolkit.

I’m probably pretty outside the target demo, though.

…to my good buddy Mike, whose job just got significantly more challenging (and interesting!), it sounds like.

As I mentioned earlier, we’re getting our basement finished. One of the end results of that is that my office space will be moving from the second floor to the basement — which should be much nicer for the servers, which currently get a bit warm in the summer months. Of course, this means I need to think about what to put in the new office — my current office furniture is pretty sad, and I’m going to have quite a bit more space in the new office than I do currently.

I saw Tom point to Puzzle Floor — which is really cool, but far, far too expensive.

I also found a link to Can-Am media storage cabinets somewhere — those are also in the “cool, but daaaamn pricey” category, unfortunately.

Does the Lazyweb have any suggestions as far as office decoration ideas or pointers to cool and functional office furniture?

First, if you’re in any way responsible for security or data integrity for any sort of sizable operation, you should really review your policies and procedures for locking down accounts and accesses when IT staff resign or get fired. Nightmare on Wall Street details some of the things that can happen if you don’t handle things the right way:

Federal prosecutors charge that Duronio, a former systems administrator at UBS PaineWebber, planted malicious code — what they’re calling a logic bomb — on the company’s network. … The government contends Duronio built and planted the malicious code months ahead of time and then bought stock options — using money that he got cashing out his and his wife’s $20,000 IRA — that would only pay out if the company’s stock took a dive within 11 days. By laying out a short expiration date — 11 days instead of maybe a year or two — the gain from any payout would be much greater. O’Malley said Duronio planned on making sure that that’s exactly what would happen, by crippling the company’s network. “He knew something everyone else didn’t know,” O’Malley told the jury. “As he was escorted out the door [on the day he quit], there was working in the UBS system a time bomb. Within an hour or so, he was in a broker’s office making bets that UBS would take a dive.”

Second, if you’re looking to penetrate a network or installation, it turns out that the best way might not involve brute force or clever detection of holes to crawl in though — the best way probably involves exploiting people’s natural greed and curiosity:

After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management. Of all the social engineering efforts we have performed over the years, I always had to worry about being caught, getting detained by the police, or not getting anything of value. The USB route is really the way to go. With the exception of possibly getting caught when seeding the facility, my chances of having a problem are reduced significantly. You’ve probably seen the experiments where users can be conned into giving up their passwords for a chocolate bar or a $1 bill. But this little giveaway took those a step further, working off humans’ innate curiosity. Emailed virus writers exploit this same vulnerability, as do phishers and their clever faux Websites. Our credit union client wasn’t unique or special. All the technology and filtering and scanning in the world won’t address human nature. But it remains the single biggest open door to any company’s secrets.

Finally, speaking of USB drives, David Pogue reviewed some new software that lets you carry a WinXP “ecosystem” around on a flash drive. My initial thought: this is pretty cool. My second thought: this totally makes hash of policies about what software can be installed on the “enterprise” desktop. You might have your users locked down to the point where they can’t install anything, but if there’s a free USB port, they can now easily route around you.

We’re cleaning out the basement to prepare for some renovation work which will (hopefully) we starting here in a couple of weeks. As part of that, I’m going to be giving a couple of old bike frames to a co-worker — largely because he’ll do something with them, and I seem highly unlikely to get around to it anytime soon. He was talking about turning one (a Raleigh Technium road frame) into a fixed gear, so he might be interested in reading Quest for a Fixed Gear, which I saw in the Post this morning.

Dell has released tools that let you do firmware upgrades under Linux (and there was much rejoicing…)

They also officially released some new servers; $ORK’s eval of a 2950 was fairly impressive.

QotD

| No Comments | No TrackBacks

From <87lks6jvij.fsf@toddler.lart.ca> (and that should be enough Clue for you to recognize the newsgroup if you’re going to…):

“Will I get it all figured out eventually? Yes. Will I be sorely tempted to carry a gigantic python book around at all times, so the next time someone talks about perl being executable line noise I can hurl the book at said pythoner? Yes, yes I will be so tempted.” — Luke Kanies, hates-software.com

Update: I note that hates-software.com sports a weblog. Noted for the time, Real Soon Now, when the feed reader software is up and working…

We had a picnic yesterday with Medley, NowThis, and GitM, down at Haines Point. The weather was lovely, and everybody seemed to have a good time. Apropos some meta-weblogery discussion that occurred, I’m going to toss a bit of personal update info in here…

My work life has been extremely busy — and the continuing lack of any sort of regular update cycle around here continues to confirm the “life is inversely proportional to webloging” hypothesis. We did get out and do some fun stuff in May; I just haven’t had time to upload the photos yet. Here are a few sneak peeks:

20060515.036.2000

We saw the Imagination Movers on Mothers Day. TheChild had a great time, and TheWife and I enjoyed ourselves too.

20060515.036.2000

Then, a couple of weeks later, we went for a day hike in the northern/Gaithersburg-y part of Rock Creek Park. The weather was beautiful, and aside from the part near the end where we ended up hiking back to the car on the nearly-nonexistant shoulder of Avery Road, the hiking was great too.

I’m still on feed reader haitus, getting my weblog fix the old-fashioned way — by visiting sites and seeing if they’ve updated. However, I think that’s getting closer to ending — thanks to jury duty this past Friday, I got a pretty good chunk of work done on converting FeastOnFeeds into a Catalyst-based application. There’s still quite a bit to do to get it into a releasable form, but it’s not that far from the “Yummy! My very own dog food!” stage, assuming I can get an hour or two a few nights this week to continue hacking on it.

A second major project around here — and the one that has me nursing some sore shoulders this morning — is getting our basement renovated (and some ancillary major appliance purchases). The sore shoulders are from moving all the boxes out of the basement into the garage. We got a bit behind on this project, and the builder is going to be ready to start any day now — so plans to carefully go through things as we moved them have been mostly scrapped, in favor of a “move it all now, and we’ll sort and purge when we move it back down after the construction work is done” approach.

And last — but certainly not least — a third major undertaking: we’re knocked up. About 12 weeks along; due date in the later part of December. Initial OB appointments say there’s only one blob in there, and it seems like a happy healthy very active blob indeed. Once we get an ultrasound picture that looks like more than a contrasty blob, I’ll scan-and-post.

And now, if you’ll excuse me, it’s time to roust TheChild out of bed and get her headed towards pre-school — and get myself headed towards work…

Via a co-worker, National Day of Slayer. (Warning: makes copious noise. Potentially office-unfriendly.)

Official Statement on Participation

  • Listen to Slayer at full blast in your car.
  • Listen to Slayer at full blast in your home.
  • Listen to Slayer at full blast at your place of employment.
  • Listen to Slayer at full blast in any public place you prefer.

DO NOT use headphones! The objective of this day is for everyone within earshot to understand that it is the National Day of Slayer. National holidays in America aren’t just about celebrating; they’re about forcing it upon non-participants.

(Emphasis mine.)