Thank goodness for The Crew. Having plenty of people around to help makes all the difference in the world. This year I can actually man a shovel (before my back surgery I was mostly just giving directions, which always feels stupid). We've run througfh some initial safety talks and talked about how the whole process works. After we ge everything installed and ready we'll do some training. But much to do before then.

Setting up is a lot of work, but hey it's worth it when you hear the crowd cheer at the end of the show. Besides, where alse can you blow up several thousand dollars worth of high explosives legally in someone's neighborhood and have everyone love you for it?

A mortar is a tube that basically acts as a cannon - the sheel is loaded into the bottom of the tube and the lift charge sends it out of the tube into the sky. It's, well, pretty exciting when it happens.

But before you can shoot them off you have to install the mortars, in our case in the ground. That means people, shovels and hopefully a good breeze. We're lucky today - not hot and a breeze to make it bearable. Last year was sweltering hot.

Everyone installs mortars - 4 and 5 inchers:

Back-filling the trench (which was dug by a back-hoe):

Lots and lots of tubes - hundreds of 'em:

More to come later...

One again, I'm out setting up and preparing to fire off a fireworks show with a bunch of friends and helpers. I'll post a few updates here and hopefully be able to impart a little bit of what goes into setting up and executing a public display. EVDO rocks, by the way. A bit slow out in this neck of the woods, but still it's the only way to be able to write this from a field.

First of all, there's a significant amount of hurry-up-and-wait involved. I arrived early this morning (before 9am) to meet the truck that delivered the explosive shells. All 1.3G commercial fireworks have to be delivered by someone with a commercial driver's license and a HAZMAT endorsement, and I have been too lazy to get mine. I really need to do that. I've read the book and just need to get my butt in gear.

Anyhow, so since I had to get the shells at the early drop off, that means a bunch of time before the crew shows up to help set up the show. Luckilly, Dave (at left) showed up early, too. He got here at the same time as the delivery truck. Talk about a glutton for punishment. Heh. Nice to have someone else around in the intervening hours.

And it suddenly got cold out. Turns out there's a 30% chace of rain mid-day, but by late afternoon it should warm up and the chance of rain drops off to pretty much zero. That's always nice when you have to shoot fireworks. Wet is bad, dry is good. And as I type this, it starts to rain. Go figure.

The picture set is at Flickr.com so look there for everything. Here's a few to start. I will add more later:

We start with an empty trench. Into this trench we will install about 400 mortars (you'll see those later).

Dave showed up really early. So he gets trench inspection duty.

A truck full of mortars and boxes of shells. Nothing exciting really, and it doesn't look like much until it's out of the truck. But we do that part a bit later, after the crew shows up. Right now they're all stuck on the other end of town calling me on my cell phone while the massive three hour parade goes on. For a realtively small town they sure have a huge parade! Heh.

More later.

The headline reads: "Credit card security rules to get update."

I see that and I think to myself, "Hey, cool."

Then I read the story.

What it should have said: "Credit card security rules that make perfect sense and protect your identity are about to be flushed right down the toilet because companies say it's too hard."

Now, that's not so cool.

Why is that? Industry requirements that were put in place not too long ago that required companies to encrypt sensitive information are going to be removed. Yes, you read that right - Removing the already established requirement to encrypt the data that is most sensitive and valuable. I'm not one who typically leans in the direction of government mandated standards, but in the absence of private self-regulation and in this particular case...

From CNET's News.com:

While security stands to benefit from a broader, another proposed change to the security rules may hurt security of consumer data, critics said. The new version of PCI will offer merchants more alternatives to encryption as a way to secure consumer data.

"Today, the requirement is to make all information unreadable wherever it is stored," Maxwell said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. "There will be more-acceptable compensating and mitigating controls," he said.

The Payment Card Industry (PCI) security standard was developed to improve the security of applications processing credit card transactions. In the best-practices world of layered security, we deploy security in multiple locations and in different parts of the lifecycle. We even get redundant, especially in areas that matter the most.

To think that more firewalls can protect data in a way that makes it unnecessary to encrypt is ridiculous. Encryption protects data from theft when other layers are compromised. It keeps data safe even from internal theft (and trust me, that's at least as common as external theft, often even more so). It means - if done correctly - that even is a server is stolen from a datacenter,  the bad guys still cannot get at the information that's stored in a secured form on the machine. Keeping people out is important, but encryption is about the bad guys that already got in. So let's can the firewall arguments, although perimeter security is still a critical thing to deploy.

Scanning software to make sure you cover the threats and reduce the chance of successful attack is a good thing - but having people analyze it with eyeballs is significantly better. Scanning software only finds the low hanging fruit that is exposed on the outside layers and only finds the things we already know about. It provides no mechanism for creative scrutiny and under-layer analysis. It doesn't account for finding the new threats and vulnerabilities. Those things take active brains and connected eyeballs. It's what I don't know how to detect that will kill me in this case. It's the holes I can't see today, but which will be all too obvious tomorrow. So let's drop the "build secure software" argument as an alternative to encryption, although it's still an important thing to do.

Ultimately, cutting out the data encryption requirements will make it easier for companies that do transactions - by trading off the security of sensitive, personal information. It comes at our expense. It's a bad idea. And you should do something about it.

It's not easy to do 99% of what makes up my job, and it's not always fun. Security is hard. It's not really supposed to be easy. But I do it because it's necessary and right. The identity of users is the proverbial gold and crown jewels of this real-life game. It's not about protecting institutional assets - it's all about protecting individual people's identities.

To be concise: Removing the encryption requirement is a fundamentally bad idea that will hurt real people in the real world. Especially in this day and age of identity theft and with the endless news stories covering data loss and theft where the data is vulnerable specifically because it's not encrypted, I'm rather shocked by the decision. It's another example of where doing what's right falls victim to doing what costs less and reduces complaints.

It's time to stand up for what's right for security. First of all, as a business you should not be storing any personal information that's not absolutely necessary and that I have not specifically told you I want you to store for me.  Protection of the personal information you do store is your responsibility, but I own it. Encryption of my sensitive information in your systems should be a requirement, not a nice-to-have or a convenience-based suggestion.

Period.

Winners are not determined by who gets the last word or who attacks whom.

Or as one common user just said: "What I see here is ego overcoming ego." Could not be better said. The ego in this room is suffocating. The thought leadership is suffering as a result.

Typical of me, I didn't realize the first day of Gnomedex that the guy sitting on the floor behind me was oh, one of the co-founders of Firefox.  I figured that out pretty quickly when I did the "okay so that name sounds familiar, ummm, uhhhhh.... Oh!"

Yeah. So I'm getting old. Hey, at least I figured it out.

At any rate, I enjoyed the few quick chats over the past couple days while sitting with Blake Ross, who as it turns out is a nice guy and and is obviously wicked smart. He also cares about what he builds and the people who use it, and it shows.

Unfortunately, what I will call "the predictable regulars" here at the conference apparently seem to think they have a monopoly on caring. Unless you agree with these people, you lose. They scream and bitch and moan if they can't finish a sentence, and they complain about one person controlling the conversation, yet they cut others off when they try to participate in the conversation or when they - God forbid - try to defend themselves.

At any rate, Blake stepped on the stage today to talk about how Firefox went from zero market share to millions of downloads without a marketing budget and almost exclusively through community driven effort. It's a success effort worthy of review and notice. But the conversation - predictably - was dragged off by the predictable few into a pattern of argument and conflict. Blake tried to steer the conversation back to the topic at hand (which is what discussion leaders were supposed to do, let's be clear on that point) and was attacked for doing that, too.

What it specifically wasn't intended to be: A talk about features, bugs, roadmap or the future of Firefox.

And as Jeremy Zawodny said at the start of his presentation, which followed Blake's, the participants in this room sure do like to bitch. And so it goes.

So let me say this to Blake: Thanks for a great browser, and keep it up. Winners are not determined by who gets the last word or who attacks whom or how loud our little tiny echo chamber is. We all know that when it comes down to it.

And next year, maybe we should suggest they rename this conference if this is the way its going to be. BitchCon maybe. Or give each person two comment tickets at the door, and when you've used 'em up you can listen but not bloviate. I dunno - I love GnomeDex but I also long for the days of the enthusiasts and the practical, even while enjoying the debate that Gnomedex has brought us this year. But the change has been fundamental, core and pervasive. It's a whole different show. Not a bad thing necessarily, just very different.

A Gnomedex discussion took place earlier in the conference about sharing intimately personal things on weblogs and in public forums. There was a lot of other stuff in the conversation, too - but what I took away from it was the "what do you write about, why, and is it a good idea?" theme.

Some people are a truly and completely open book (crime, sex and all) on the Internet, while others who used to be quite open in their blogging have since changed and have pulled all the personal stuff back in, only writing about things that are not descriptive of real life. Kids these days (that's my old dude comment for the week) seem to post all kinds of things that some find both shocking and concerning.

For my part, I write both. I would never write about certain things that are definitley best kept private, and there are a number of specific things that happen in my life which I choose not to post here. But people do sometimes comment about things I write that are quite personal. It really doesn't take courage (people often say "I wish I had the courage to..."), just some common sense and a desire to think things through sometimes, which I find works out well by writing.

I often write (both the personal and the tech stuff) to clear my plugged up brain so I can sleep better. So I guess whatever comes out just comes out. With a filter. Like it or not. Good or bad.

Chris Pirillo just mentioned onstage (at Gnomedex) that he wrote: TechMeme Hacked!!

Also - noted the launch of blaugh.com. Cool. The un-official comic of the blogosphere.

Time sure flies when you're having fun (or when you're working like crazy). I can't believe it's already here: Gnomedex starts Thursday evening, and I'll be heading to Seattle Thursday afternoon to check into the hotel and disconnect from the rest of the world and plug into the ultimate geek fest. It looks to be a very interesting and exciting time. I am sure Chris and Ponzi will once again outdo the past shows.

If you'll be there, let me know. My mobile number is over on the right side of this blog, as is my email address. Or just comment here.

Now, this is a great idea. Heard about it today on Startup Nation (which is a great radio show and podcast, by the way):

VocationVacations allows people to test-drive their dream job completely risk-free.  A VocationVacation isn’t job-shadowing, and it isn’t a fantasy camp. Instead, “Vocationers” work one-on-one with a credentialed mentor to see what their dream job is really like.  Currently, the company offers more than 200 packages in 31 states – and is growing each month including: TV producer, brew master, dog trainer, B&B owner, professional photographer, comedy club owner, race team pit crew member, baseball team general manager, chocolatier, sports announcer, white water rafting outfitter, animal shelter director, costume designer, talent agent, horse trainer, wine maker, baker, private investigator, film events producer, cheese maker, wine retailer, fishing outfitter, wedding coordinator and many more.

See what might fit your desires with their Dream Job Finder.

Looks very interesting. I'll have to dig into this and maybe try something out.

I called my dad this evening to wish him happy Fathers Day and we talked for a while, which was cool. We don't get to do that as often as we'd like sometimes, and I always enjoy chatting with him about whatever's going on. Right now they're busy completely renovating a house they bought - like as in gutting the whole thing and redesigning and rebuilding. Quite the project.

Anyhow, it's Father's Day, and it's a complicated day for me. When I called my dad passed along my wishes to him, he reflected them back to me. I think he knows how important that is to me, or at least I hope he does. Most people don't know about me being a dad, and the whole story behind that. I don't often get a chance to talk about Brian, my foster son whom I adopted several years back. He died about six years ago. Some people would say he died of depression. Suicide's a hard word to say out loud in context. It's been a journey, both before and since he died.

The one things that's kept me going in the years since is the group of guys Brian knew before he died, people whose lives he touched enough for them to stick around and hang out with me from time to time, even these many years later. They're all older now, adults out on their own in one way or another. One's on an aircraft carrier on the Pacific today. Another is driving a big rig to southern California right now. Others are here in town going to college and working, still others have moved on, and so it goes. In their own ways, they each stay in touch. I am proud to call them my friends.

A co-worker sent me a quick email on Friday, and it has to be one of the most thoughtful, nicest things anyone's said to me in quite a while. And she didn't send it because she works in HR and has to do these things. She sent it because she really cares. She remembered and went out of her way to say something. You can't put a value on that...

"Just want to reach out to you with a few words given that Father’s Day is Sunday.  I hope that you celebrate knowing that you’ll forever be a Dad.  And not only did you touch your son’s life, but you continue to touch the lives of those boys with whom you interact today, and this blessing should be celebrated. May the times you spent with your son fill your heart always."

I am grateful today for friends that care, for Brian's friends that have stuck around over the years, and for the time I had the opportunity to spend with him, however short and however difficult. I hope he's in a better place. I am sure he is.

To all the dads out there, hug your kids, no matter how old or young. And to those of you with dads, if you haven't made that phone call yet or dropped by to say hi, you still have a few minutes and it doesn't have to happen just one Sunday a year. Make the call. Pay the visit. Today or tomorrow, it all counts for the same.

Happy Father's Day.

Note: The game described in this article is no longer available.

Come Monday/Tuesday time-frame we should see the new Windows Live Messenger IM client move out of beta and into general "gold" release (it's the new name for what was previously called the MSN Messenger client).

Also starting up at apparently the same time is a cool movie-centric promotional method tying the film and the new software together. Using your Windows Live Messenger IM client, chat and play interactively with Billy Bones and Jack Sparrow, and then recruit someone else to help you continue to uncover secrets. Dead Man's Chest is the name of the second Pirates of the Caribbean movie, which is set to show in theaters starting on July 7th. Dead Man's Tale is an online pirate IM adventure.

As of Sunday afternoon, the "Billy Bones" IM persona was not actually online, but something tells me it will be very soon.

Arrrrrr!! This could be fun.

Meanwhile...

• go download the Live Messenger theme pack
• and check out the Dead Man's Tale online game promo trailer here for a sneak peek
• or the official movie site here

(found via LiveSide.net)

I first discovered and wrote about Pandora some time back, in December or so. Well, since then the Pandora crew has been hard at work and there's more new features that make the great thing they'd developed even better.

To re-cap, Pandora lets you enter the name of a musical artist, and it creates a "station" of similar, complimentary music based on the original selection. That music streams and plays in the web-based player like a radio station. And it's complete songs that play, not just clips. You can also rate the tracks and there are links to do things like buy from iTunes or Amazon. You can also take discovered songs you especially like and create new stations from those.

In a nutshell, use Pandora and you'll find lots of music you'll like that you'd never find otherwise.

But anyhow, about the new stuff...

On the Pandora blog just yesterday they announced some new features, one of which is called Backstage. It's a back-end into much of the information that drives Pandora. Here is how they describe it:

We created Backstage as your door to the music universe that lies behind Pandora. Search for an artist or song to start your exploration.

... whenever you hear a song you love, just click the song, album, or artist name to learn more. That click will take you "backstage" where you can browse an entire universe that tells the story of more than twenty thousand artists and their collected works.

Sample entire CD's, read about the history of your favorite bands, look at artist photos, build your musical profile, buy albums and tracks from iTunes or Amazon, and get all kinds of great recommendations for songs, albums, and artists you might enjoy.

Find something you like? You can create a new station with just a single click. Have some time on your hands? Just want to browse? Want to settle a bet about how many albums The Cure released in the 80's? Hop over to http://www.pandora.com/backstage and search for your favorite artist or song to get started.

Very cool stuff.

There are some other feature tweaks to the main Pandora interface, too. You can now rate a song with a single mouse click. Just mouse over the song you want to rate, and click the thumb (up or down) graphic that pops up. They've also added the ability to create a new station from any artist you encounter while listening. Just click the song menu and select "New Station: from artist" and Pandora will instantly create a new station for you.

And if you're wondering how the Pandora team does all that music comparison and correlation so you can find music you like, well guess what? It's a people-driven process, not automated. No wonder it works! Learn more about the people that manage the musical cataloging here.

What podcasts do you listen to? Which ones actually keep you coming back?

Honestly, there are so few podcasts out there that I can stand to listen to anymore. I deleted a whole slew of podcast subscriptions the other day because I felt like I was wasting massive amounts of time on those occasions when I did listen, and because many of them have simply turned me off completely and therefore got skipped over and never listened to (and honestly that's most of them).

What are my pet peeves? Okay, here's my harsh list for what will cause me to kill the audio before the podcaster even gets started.

• Any podcast that opens with anything even remotely like "your speakers are about to blow up" or "warning, "the sound you're about to hear may cause damage." Give me a break. Everyone says that, and the only potential damage is me pushing a pencil through my ear to drown out the un-original intro.
• Don't say "welcome to the world of (anything)." That's as lame as the movie trailers that start with "In a world..." People laugh and cringe at the same time. And it's sad when cringing is accompanied by uncomfortable laughter.
• Open your show with "blahblah podcast" plus the date and then never use the word podcast ever again. Use of the word "podcast" more than once in any single sentence, or in more than one sentence in a row should be a felony. Agh. I know it's a freakin' podcast, it's not like it magically found its way onto my computer - I had to do all kinds of work to find it and access it. Tell me something I don't know and (here comes the 'o' word again) original.
• As much as it might mean to you, chances are nobody else especially wants you to pontificate about how you and your girlfriend celebrated her 31st birthday this past weekend. In fact, your girlfriend probably doesn't want you saying it either...
• Podcasts about podcasting. Uh, yeah.
• Crappy indie music. Note that I have nothing against independent music if it's good. But any music that's bad (indie or otherwise) is bound to drive away listeners. The operative word is 'crappy.' If you played "We Built This City" on your podcast opener, I'd probably click the 'Close' button, too.
• Repetition
• Repetition
• Repetition
• Seriously, you don't need a blog entry with the same copy/paste text on the page for every episode. I'm reading to see what's different, not what's the same. I already unsubscribed from the podcast, don't tempt me to do the same with the blog.
• Snot noises (sniffling, etc). Seriously, blow your nose or take a decongestant or something.
• "So I thought I would talk about something like that and so ummm yeah so uh I am going to talk about that now..." GAH!

They can't all be that bad...

Anyhow, my new goal is to find 10 awesome podcasts that attract, deserve and retain my attention. Let me know if you have suggestions.

Not exactly my typical blog topic, but I found this to be very interesting, and somehow I think people like Bill and Melinda Gates might think so, too.

It certainly might be worth putting some serious thought and effort into. Is this possibly the changing face of education?

The Fairhaven School in Upper Marlboro, MD is not your typical school. Instead of the standard educational model, this private school takes a radically different approach - Kid-powered learning, if you will. 73 students and a few teachers have turned the traditional model on its proverbial head. Done right, this could be a powerful form and method of education. It sure looks like the kids are well-educated, smart and (perhaps most importantly) involved in their world.

There's a DVD that a film maker made about the school and its students, and you can view the trailer here:

Love it. The bathroom: It's not just for laptops anymore.

Introducing iCarta (click to view larger size). Thank goodness there are people out there inventing these things and making a zillion dollars as a result. Is it really that simple? Who the hell funds these things, anyhow?

Specs:

• 4 Integrated high performance moisture-free speakers deliver exceptional
  clarity and high quality sound
• Charges your iPod while playing music
• Audio selector allows you to play iPod shuffle or other Audio device
• Integrated Bath tissue holder that can be easily folded as a stereo dock
• Requires AC Power (AC Adapter included)
• Easy to remove from Wall Mount

Okay, so the video of the Bellagio style fountain show with Diet Coke mixed with a bunch of Mentos was cool. But what happens when you mix them up in your body? Makes for some serious gas, I guess.

Wonder no more. Here's yet another video where the subject performs another Mentos experiment that succinctly proves the theory (click to view the video):

Thanks, Sean.