greg hughes - dot net

Take one old Ruger 10-22 rifle, some electronics gear, a long can antenna, and some time to spare, and you too can be The Bluetooth Sniper...

Apparently, these guys built a Bluetooth rifle and managed to stand on top of buildings in downtown Los Angeles without getting corralled by the police. In the process, they were able to connect to Bluetooth devices nearly a mile away:

"As more Bluetooth devices started appearing, John said, "This building is full of Bluetooth! Look we got some Blackberries!" He also explained that, with multiple guns, it would be possible to track a single Bluetooth device as the person walked around. In less than a few minutes, twenty devices were detected—all at distances over a half mile away! We decided to quickly conclude the scan, given police activity in the area earlier in the day from a bomb scare."

Tom's Networking has the full story, with step-by-step descriptions of the creation and use of the long gun radio:

• How To: Building a BlueSniper Rifle – Part 1

One of the popular topics of conversation lately (I won't use the fancy-dancy blogger terms, sorry...) has been the reawakening of the browser wars. I don't think it's quite like it was back in the day, but certainly it's gotten a bit more interesting of late...

Out of curiosity, I went to take gander at the stats to see if there was anything about the browsers being used by viewers of my weblog (web browser stats only below - no RSS numbers taken into account).

No big surprises, but I think the percentage of people who view my site using Firefox might be slightly higher than the web-wide average? Current traffic on March 22nd, accumulated since March 1st:

	Browser name	Page views	% of traffic
	MS Internet Explorer	552668	68.7 %
	Firefox	128130	15.9 %
	Unknown	65443	8.1 %
	Netscape	20808	2.5 %
	Safari	11990	1.4 %
	Mozilla	11602	1.4 %
	Opera	8137	1 %
	NetNewsWire	2648	0.3 %
	Konqueror	771	0 %
	Camino	262	0 %
	Others	1083	0.1 %

If you think about it, people interested in Windows Media Center Edition (MCE) should be the perfect audience for podcasts, so it makes perfect sense that Ian Dixon should fire up The Windows Media Center Show. He also has a weblog where he covers lots of Media Center stuff.

There's already two episodes online as of the time of this writing, and more to come:

• Show Two
• Show One

Nice start, Ian - keep it up!

Media Center Customizer 2005 is a cool app that lets you customize (wait for it) your Media Center Edition PC the way you want it set up.

If you want to tweak your MCE 2005 settings and experience, you might want to give it a try. Read the full list of changes and get the download here. Cool stuff.

Jeremy Wright and Mike Hillyer have just launched a new weblog called "The Wealthy Blogger," with the tagline "Money Management Blogging from two Decidedly Un-Wealthy Bloggers."

It looks like a great new site where conversations can take place about the pains of credit, debt and money management. It's a topic many people should be interested in, whether they actually are or not.

Anyhow, after reading a pre-release entry on the subject of credit card companies and the draining of today's college student population, I had some thoughts, which I posted there as a comment and am cross-posting here (slightly edited, but I have had more time to think about it since I originally posted my comments - see below).

But that's not really the point - go check out the site - I think it will be well worth our collective time as the site grows. I've subscribed.

Anyhow, here is me quoting myself (weird eh?) talking about my view of the reality of "borrowing" money... (edited and enhanced)

To get you started, please remember one very important thing. Behind the spin and sales lines, there are only two types of people in the world:

• People who buy money (often mistakenly called "borrowers")
• People who sell money (often mistakenly called "lenders")

That said, here are my comments:

Looking even beyond just the credit card companies, *no* company that "lends" you money is doing you a favor. That's like saying the car salesman is doing you a favor by letting you buy a car.

The fact of the matter is that when you get a home loan, a credit card, a personal loan, or charge to an installment account, *you* are the customer.

People need to realize that: When you take out this kind of loan, you are buying money. You are the customer and the lender is the one who is selling you the money in order to make a profit. No lender does anyone a favor, even if it feels like that's what's happening. Just like with the car salesman, the idea is to make it *feel* like it's a favor. But in reality, the profits are theirs. They do those things necessary to maximize their profits and minimize their losses, just like any other business.

Would you pay $100 in cash for $20 worth of groceries? If you put it on a card, that's possibly what you're doing, unless you pay your full balances within one or two months.

It used to be that credit cards were held and used for emergencies. Now people use them like they're free money, without thinking. That's too bad, because unless you happen to have a very astute credit mind and the ability to pay off everything you charge within the grace period, you're borrowing from sharks.

I know two young guys, about 20 to 22 years old, both of whom got credit cards and immediately ran them up buying fancy new computer equipment. One of them talked to me about it before he did it, and I advised him against it, but he did it anyhow. The other acted on his own without advice. Now they're both listening, after realizing how big a deal it is. I explained to both that it would take 30 years (or more with the high rates their cards had) to pay off a computer that would be outdated in one or two years if they made minimum payments. I told them about the virtues of saving and having cash on hand.

Credit cards are evil for most things, but they can be a blessing for a few things: Purchase protection for big-ticket items is nice to have, and rental car coverage is a good benefit if you travel. But some of the check cards with a logo of the major companies on it will give you similar benefits.

Which brings me to my final point: If you like using credit cards just because they are convenient and because you can use them to buy things online, you're probably using the wrong kind of card. Shop around for a ATM/Debit/Check/Visa-or-MasterCard type of card, and make sure you get one from a bank that offers the features you want.

Finally - a reminder: Whether it's a credit-card loan or another kind, the APR of the loan is what determines how much you are paying on an annual basis (compounded - which means you pay interest on the accumulated interest, too, and not just the dollar amount you originally borrowed) for the money you are buying from the lender. Yes - I said *you are buying* money from a lender, and how much you'll pay depends on how long it takes you to pay it off. It's as simple as that. Credit cards are a big-money business for lenders and are a big-loss pig of a deal for borrowers.

If you have to borrow, like for a car or home purchase, you should always shop for money the same way (or more diligently than) you shop for gas, cars, clothes, airline tickets, electronics, homes and whatnot. No lender is ever doing you a favor - they are selling you money, and they are doing so at a profit. Don't ever forget that.

See that? I did learn something, after all.

Speaking of audioblog.com, Eric pointed out to me that he and the others over there have been busy:

[9:59:12 PM] Eric Rice says: added some crazy mad new features to audioblog
[9:59:18 PM] Eric Rice says: podcasting without needing a blog
[9:59:18 PM] Greg Hughes says: yeah?
[9:59:25 PM] Eric Rice says: and recording to MP3 right over the web

Come to think of it, I read that on Friday, but I have not had a chance to check it out yet.

Eric made a QT movie that shows how to make podcast RSS feeds with audioblog.com, and how to record your podcasts straight to MP3 online, with nothing but your web browser pointed to your audioblog.com account.

Upload an audio file, record it online with the browser, or call it in... All three ways will let you create your podcasts anyplace, anytime. You don't even need a text weblog to do this, just audioblog.com and it's enclosure feeds - cool stuff!

By the way, there's video enclosures on the system, too... Videoblogging feeds - hmmm!

A friend of mine from the online world (and big shot from audioblog.com), Eric Rice, has taken over the Engadget "airwaves" and is now hosting the Engadget podcast.

Eric's a cool guy, and it's great to have an Engadget podcast back online. It's a tough room to play to, but Eric will do well with it.

Check it out here. The Podcast feed is here.

A different kind of game...

My friend Broc works at his family business. They have this great big lot and facility in an industrial area of Portland, with a few warehouses and huge shop buildings. Two of the buildings are vacant, and the lot lends itself to hiding, sneaking around and - well, a different kind of organized (and safety-conscious) fun.

I didn't take the pics, I just lent my camera to another person who ran around trying not to get shot at, while I took an MP5 and defended the base.

By the way - and before anyone freaks out: While this looks hard-core, realistic and (if it was real) dangerous, it's actually a game/sport called Airsoft, and the people who play are quite safety-conscious and wear proper protective gear. The guns shoot lightweight, tiny plastic balls the size of a BB. Yes, they can hurt if shot too close, but a red welt is about the worst one can expect when wearing the proper protective gear - namely good eye protection. Safety is important, and it's what makes the game fun. You'll hear people calling "safety kill!" if they are too close to shoot safely, for example. Obviously, point-blank shots with plastic BB's will hurt, so everyone's quite careful and adheres to certain rules. Never play games like this without the proper safety gear - anyone who doesn't practice safe play is an idiot, and you should not include them. Trust me, having fun is good, but being cool and safe with others is much more important.

Ok, anyhow - here's some pictures of what we did last night:

Don't have any train cars available in your local industrial complex, a la Counter-Strike? That's okay, semi trucks are a good stand-in, and besides they have real horns and lights and other things that can throw people off. Plus, the trains are just over on the other side of the fence, so the crashing train sounds are there, even if the cars are not.

Flash photography makes these guys a little more visible than they actually are when you're playing. Imagine nighttime alley lighting and shop lights indoors being turned on and off by whoever happens to have control of the light switches at the time. You never really know when it will be dark or light.

Hard Core Dave. Camper, heh. 'Nuf said.

Cory checks the warehouse floor from behind cover. See the light switches? Cory's the master of lighting tactics.

The attacking team posed for a photo. All us defenders should have done the same. Doh! There was 12 or more of them and 8 of us on the defending team.

Three posers of us from the defending team: Dave, me and Cory. Dave and Cory were a little more effective than me - I got safety-killed around a doorway corner right at the beginning of the first game, and got one "kill" in the second game before I got exposed when the lights came on and I was in the clear. Dave got several, and Cory got a couple too.

That was fun. I discovered I definitely need to go and buy glasses (or contacts maybe) again (I broke my last pair and have not had them replaced because I am lazy that way). Gun sights just aren't as easy to see as they used to be!

It's windy and a bit chilly today. But the flowers are cool. Spring's sprung.

Microsoft has published their Security Development Lifecycle whitepaper, where they describe the process that Microsoft has adopted for the development of software that needs to withstand malicious attack.

It's a good read for people responsible for writing software, as well as those responsible for ensuring software development processes properly addresses security as a requirement.

The basic principles of the Security Development Lifecycle are described in the paper:

• Secure by Design: the software should be architected, designed, and implemented so as to protect itself and the information it processes, and to resist attacks.
• Secure by Default: in the real world, software will not achieve perfect security, so designers should assume that security flaws would be present. To minimize the harm that occurs when attackers target these remaining flaws, software's default state should promote security. For example, software should run with the least necessary privilege, and services and features that are not widely needed should be disabled by default or accessible only to a small population of users.
• Secure in Deployment: Tools and guidance should accompany software to help end users and/or administrators use it securely. Additionally, updates should be easy to deploy.
• Communications: software developers should be prepared for the discovery of product vulnerabilities and should communicate openly and responsibly with end users and/or administrators to help them take protective action (such as patching or deploying workarounds).

Also discussed are the phases of the lifecycle in application, and Microsoft's experience in putting the DSL into use at that company, as well as the results of the initiative. If the small amount of information quoted above is of interest, take the time to read the paper.

Dana Epp comments and has insights into the changes that have happened at Microsoft over the past few years. It is pretty darned amazing to have watched (and participated in, as part of my roles as partner and customer) the changes Microsoft has made with regard to security. I can say from my own experience that security is at the front of MSFT developers' minds every day, and while it's not perfect (and never will be, regardless of the software or authors), it definitely shows.

(via Dana Epp's weblog)

Out of the toilet and into the conference room, the video saga of Rory and Scott's lead-up to TechEd continues.

Rory and Scott - Two really high speed programmers...

Thank God for WS-PPT

Enjoy.

I clicked through a few blog posts and comment author links (since their comments were interesting to me) and ended up on Dave McClure's weblog (again). There at the top, I saw his latest entry - that SimplyHired.com has just been launched.

So, I clicked on over. It's fast, easy, nifty and cool. Within a few seconds I did a search for keywords in my area and found current job listings from Monster, America's Job Bank, Career Center, USA Jobs, HotJobs and more.

Search for a phrase by putting it in quotes. You can see the age of the listing under each item, as well as where it's from. When you click on a link, you go to the original listing.

Fast, simple and it works. Not bad. They even have a blog.

And I like the "no results" response:

"Dang. We didn't find anything for you.

"You're probably a good speller, but check the description or location terms you entered. You can also try using some other keywords, or enter fewer words to expand your search

"It's also possible we made an error somewhere. Sometimes computers are human too. Sorry."

Chris has just announced that Gnomedex 5.0 registration has opened up. There are 300 spaces open, so sign up soon! If you've been to a previous Gnomedex, there's no need to explain the why's an how's, but for those who have not, here's a little info:

• It's in downtown Seattle, Washington at the Bell Harbor International Conference Center  - a GREAT city and with easy access via air, car, train, or whatever.
• It Begins Thursday June 23rd at 5:00 pm and ends Saturday June 25th at 6:00 pm.
• Gnomedex is a great place to actually meet and talk to a variety of high-profile techies, geeks and other smart people. It's also a great place to form relationships and get cool ideas.
• The Gnomedex blog is right here (clicky-clicky).
• I met a good number of people face-to-face at Gnomedex last year that I am in regular contact with ever since.
• Register here.

I'm already registered, now I just have to rework my crazy schedule!

Jeffrey McManus puts it so well, I won't even try this time. I've commented on sales calls before.

For me the past two weeks have been a complete mess of cold calls and "followups" from salespeople that seem to think their products will save my life or something. I can't get anything done. It's been awfully tempting to just kill my outside extension...

McManus: "So many sales droids keep making the same mistakes, I thought I'd put together a handy primer on how not to sell crap to me."

Jeffrey's right on. Make your calls worth our while. Please. Read it here.

(found via Scoble's link blog)

There's a excerpt from a yet-to-be released book by Jesper Johansson and Steve Riley available to read online. The article, entitled "Security Myths," it takes a look at some of the security shortcomings typical to use of security guides and reliance upon following a predefined set of steps without looking at the whole picture. It's a great lesson in how to look at things, rather than how to follow prescriptive

Warning
This section is somewhat (OK, very) cynical. Take it with a grain of salt and laugh at some of the examples we give. Do not lose sight, however, of the message we are trying to get across: These are myths. If you are careful to avoid falling into the trap of believing them, you will be able to focus your efforts on the things that make a real difference instead of being lured like so many others into staring at a single tree and failing to see the security forest.

So what are the myths? Well, for the details go read the article, but at a high level...

• Myth 1: Security Guides Make Your System Secure
• Myth 2: If We Hide It the Bad Guys Won’t Find It
• Myth 3: The More Tweaks the Better
• Myth 4: Tweaks Are Necessary