You Are Not Scary |
 Everyone loves you. Isn’t that sweet? |
Author Archives: Morgan
Tada!!
Well after much running around and dealing with strange people, I have a new car!
(yay) The ironic thing is that we were really looking for a good deal, and thought that the best chance for a good deal was from a private party. Well, we were wrong. On a whim, we went to the dealer where I bought my current car, after driving everywhere from Salem to Longview to look at private owner cars. The last guy was really strange – he would drone on and on and on when I spoke with him over the phone, and it wasn’t much better in person. It just so happened that he was just down the street a couple miles from this particular car dealer, so after that somewhat untasteful experience we said what the heck. I ended up getting just as good a deal or better from the car dealer, and I was able to trade in my Honda for close to what I was hoping to get, and I didn’t have to worry about the logistics of title/money transfers.
Share this post:
Image Destruction
Somewhere along the road, I seem to recall being told that while I did spend the first part of my childhood living in Queens, I was born in a hospital in Brooklyn called Boulevard Hospital which was no longer in business. Apparently this is a complete falsehood! Imagine my chagrin when I found out that I was not born in Brooklyn, but in Queens where my parents already lived! (Really that does make more sense when you think about it, but I never did.) A tiny, probably somewhat unimportant misconception, but I based a full half of my entire subtitle of this blog on that fact! Somehow, “born in Queens, living in the ‘Couv” doesn’t roll of the tongue quite as nicely. And now I can no longer say “That’s where I’m from!” when someone gets a strike on the “wrong” or “Brooklyn” side anymore! (for those of you that don’t know, that’s a bowling term. Yes, I bowl. Don’t hate me for my 136 average… /duck)
/sigh
So you can see how a tiny portion of my self-image has been shattered. However will I go on??
Somehow I think I may be able to put this behind me. I bet a trip to Coldstone would do the trick…
And this, dear readers, is where you come in. Now don’t disappoint me! I need some suggestions on a new subtitle for my blog. Let the ideas flow…
Share this post:
Jack in the Box
Wednesday was really nice. It had rained all morning, but now the sun was shining. I had finished up with my last meeting of the day kinda early, so I decided to go home for a bit. I was meeting some friends for our usual Wednesday after-work drinks, but I had about an hour to kill, so I cruise home, sunroof open, enjoying the day. I pull into the driveway, and waiting as usual is Jack.
So I hop outta my car, toss him on the hood and give him a good petting. He’s purring like a semi truck as usual. I leave him and go inside to poke around the house and check my email. The hour goes by quick, and before I know it I gotta jet out to meet up with my friends. I run downstairs, hop in my car, back out the driveway and up the street.
Next thing I know, I hear this god-awful sound coming from the back seat! It sounded sort of like “Meeeyaaaaaaooooooooowwwwowooowwooooowwww!” I look in the rear mirror and there’s Jack, sitting up by the rear window with a look of sheer terror in his face. I bust out laughing while he continues yowling for his life. I briefly entertain the idea that I’ll just take him with me for a ride, but he obviously wouldn’t enjoy that as much as I would, and I wouldn’t enjoy cleaning up my car after him. So I turn around, pull into my driveway, open the door, and toss the cat out. I imagine it was pretty damn funny lookin since the neighbor across the street starting busting out laughing too. That darn cat!
Category: Stories_
Share this post:
Thoughts for the day
I’m trying to buy a car.
So I found this awesome little deal. It was perfect; right options, right price, right miles, even the right colors. I drive an hour away to meet the guy (I asked him to meet me halfway, but it turned out to be more like 4/5ths of the way for me). The test drive goes really well, until we start talking about the title. Turns out is has a ‘Branded’ title, whatever that means. So, still hopeful, I go home and call him with the fax number for my credit union, who I’m getting a loan from. I ask him for the VIN number so I can run a carfax on it, and wouldn’t you know it – it has a junk title. Apparently it was in a bad wreck back in April – only 6 months ago. WTF???????
Could’ve saved me a lot of time and effort if I just asked about it beforehand. >< I think it should be mandatory to state if a car has a questionable title in any advertisement listing. Otherwise, you end up wasting your entire night for nothing. Phooey.
Share this post:
Folding
Who came lurking in the nighttime to wake up grumbling don’t look at me? Folding scolding it came building folding up inside of me. I wake up bleary body weary slowly cruising sunless streets. Broken, tired uninspired folding up inside of me. Aching shoulders holding demons angels nowhere to be seen. Whispers nearer, closer dearer folding up inside of me.
Share this post:
Web Application Security
Category: Tech_
The workshop was actually really good, and I’m pleased to have attended. Normally when you go to one of these Microsoft-sponsored events, especially during launch time, the ‘training’ turns out to be 90% spiel on the newest release and why you should get it, and 10% actually useful information. This one, however, was quite the opposite.
The first presenter was Dennis Hurst, Senior Consulting Engineer from SPI Dynamics. This part was primarily focused on going over the primary vulnerabilities of the major layers in Web technology; application, network and protocol. Then he went on to list the primary ways to secure those vulnerabilities. The most startling part of this section was when he used a proxy program to intercept and alter any part of the HTTP request, thereby exposing various server holes. Then, using another utility which is freely available to hackers, he demonstrated how, using SQL injection (both blind and regular), he could essentially steal the data from an entire database in seconds. That really made me sit up and take notice. As a web developer, you often hear about SQL injection, cross site scripting and request interception, but to see it and how easy it is is pretty scary. However, now I have a really solid understanding of how to protect my apps from these attacks. The simplest of these is to just use SQL stored procedures for all CRUD (create read update delete) functions, and use custom errors. Although it’s not foolproof, it makes things that much more difficult, and if you’re difficult enough, maybe they’ll move on to an easier target.
The next presenter was Talhah Mir, Security Technologist for Microsoft. His presentation concerned web application threat analysis. Most of the threat and risk assessments are a function of intuition and experience. Mr. Mir demonstrated how you could break down the objects, roles and functions within an application, and create a very systematic threat matrix, and furthermore map each threat to a business impact. This is really important, because your business-focused clients or team members do not have to have technical security knowledge in order to clearly understand the impact of not dealing with potential threats.
The last presenter was Jeffrey Richter from Wintellect. His presentation seemed to be primarily focused on his product line, so that’s when I ducked out. It was the last half hour of the 4 hour session, so all in all I think it was a worthwhile topic. I’ve already started evangelizing at my work about the necessity of implementing security in web applications throughout the entire development cycle, not just an afterthought as it is now. I only hope that it’s not falling on deaf ears. It was ironic that not four days later, I was pulled into a meeting between my group and the data design group. One of our developers on a project was resistant to implementing stored procedures in the application despite the standards that the data group are trying to implement. I expect that I was pulled in to back my group’s side, but that certainly backfired. On the up side, I know have the undying respect and gratitude of the data group, so it’s not all bad.
Share this post:
Security@microsoft
Category: Tech_
So I’m sitting in Building 33 on the Microsoft campus in Redmond, WA. Coming from a government facility obsessed with homeland security, I find the somewhat laid back situation here quite refreshing, considering this is, well, the Big Brother of the IT world. I drove in, parked, and walked into the building without stopping to show any ID whatsoever. Wheeeeee! How ironic, then, that the reason I’m here is for a training session about web application security. Stay tuned for one of my rare technology related posts….
Share this post:
A War Without End?
Category: Thoughts_, Randoms_
I was over at my friend Beau’s blog yesterday, and he was talking about a post from a guy named Bob Parks, who has a blog called Black and Right. The blog post was called “War Without End“, and in essence it exposes the differences between the ‘liberal’ and the ‘conservative’ points of view on the war on terror:
I do know that it’s true that if you wanted to reduce terrorism, you could — if that were your sole purpose, abort every Muslim extremist in this world, and your terrorism rate would go down. That would be an impossible, ridiculous, and morally reprehensible thing to do, but your terror rate would go down. So these far-out, far-reaching, extensive extrapolations are, I think, tricky.
Couldn’t resist….
Obviously, to the sheer denial of the left, sitting down and talking with them won’t work. We’ve all witnessed “the word” of terrorists in Israel. Every time the Israelis came to some kind of truce, cease fire, “peace”, the Palestinians would send in another suicide bomber, set off another car bomb, or launch a few mortars into the most densely populated areas possible. So as much as there liberals who think a nice chit chat would smooth things out, are there any volunteers?
Read the article. And then answer me this: If the military was ‘unencumbered’ by the media, and therefore allowed to ‘do what needs to be done’ without any (American) cameras watching, will that really win this war? I don’t think so. Our military will not have to be burdened with the conscience of the country when they kill, mutilate and torture terrorists. I don’t want to win a war that way. I don’t even care to ‘win’ this war at all. All I want is for the terrorists to no longer have the reasons or the ability to do what they do. Does that mean that if someone shoots as us, we try to kill them? Is that our only solution? Surely we, as a human race, can think of a better way to deal with fringe elements than gradual, partial, extermination until they (whoever they are) give up (which will never happen). We cannot march into their country and take over – they have no borders. We cannot kill their leaders – another will always take their place. So the only solution left to a military armed with guns and WMDs is to use them. This is an enemy that will not back down, will not surrender, will not go away unless you exterminate them. Are we prepared as a country – as a world – to live with that?
Category: Thoughts
Share this post:
Picture of the Week!
Image
Sometimes you just get really lucky, and get to feed a chipmunk out of your hand.
