greg hughes - dot net

My job is all about catching bad guys, building great software to help do that, protecting information, and a variety of similar things. the company I work for builds software than somewhere around a third of the country uses in some manner to conduct financial transaction on the Internet, so the topic of security is important to me.

I'm regularly participating these days in interviews with members of the media, and recently one resulting story was published that I thought did a nice job of covering the bases regarding security in financial services and the human elements. What has to be recognized in order to succeed in this fight is that the user is not predictable, accountable or reliable. It's the truth, it's important to know, and it's a fact we have to plan for and design into our security models.

Read the story here: Finance on Windows - "For Your Eyes Only"

From the "Department of You've Got To Be Kidding Me" comes word that BlackBerry users are blaming others for their problems:

"CrackBerry addicts: Why the workers who can't switch off are suing their employers"

... now these discreet handheld gadgets, which provide workaholics with constant email updates, are being blamed for chronic insomnia, relationship break-up, premature burn-out, and even car crashes.

British employers are being warned they could face multi-million-pound legal actions from BlackBerry-addicted staff on a similar scale as class law-suits taken against tobacco companies. Research by the University of Northampton has revealed that one-third of BlackBerry users showed signs of addictive behaviour similar to an alcoholic being unable to pass a pub without a drink.

The report found that some BlackBerry users displayed textbook addictive symptoms - denial, withdrawal and antisocial behaviour - and that time with their families was being taken up with BlackBerry-checking, even at the dinner table.

That's awesome. So what this means, basically, is that I am set for life. I have a guaranteed lawsuit at this rate, I mean you should see me with this thing - I blame the world for my addiction! Who can I sue next?

What ever happened to plain-old, self-assigned-responsibility? Jeez.

And, for your related viewing pleasure (note the video contains some video-blurred nakedness):

As I mentioned before. I recently acquired a Nikon D200 camera (new) and along with it a used but immaculate lens - the Nikkor 80-200mm f/2.8 ED AF-S model. Both the body and the glass are exceptional pieces of equipment. I can't say enough about them. I also added the MB-D200 batter pack and extension to the body, which allows more battery time as well as vertical shooting trigger and wheels (mandatory in my book - I spent too many years with F3's and F4's not to have that capability).

I shot a few pictures out in the yard this afternoon to post here, since people have been asking me to do so. What I didn't realize until I uploaded them was that I had the ISO set to 800, which is ridiculously high for daylight, heh. So the image noise is a bit higher than it should be. But anyhow, they still look pretty good. The pictures below are clickable and will take you to my flickr feed, where you can see them in their full-size glory if you want to.

I highly recommend the D200 - I have not found a single thing I don't like about it yet (well okay it eats batteries for lunch, but hey - what can ya do?)

So, this is a pretty cool find. I recently acquired a Nikon D200 (which, by the way, is super-sweet and I still need to write about it and the lens and stuff I picked up), which has (or will soon have) a cable that can plus into a GPS device to record your position on the face of the earth in the image EXIF data. I may just make my own cable -we'll see.

Meanwhile, Jelbert has this nifty new thing called GeoTagger:

"The Jelbert GeoTagger connects to a Garmin Geko 301 GPS device and fits into a DSLR's flash shoe. Every time you take a photo the camera triggers the geotagger, which records the precise position and heading of a camera using the GPS device."

So let's say, not quite so hypothetically, that I was going to be in Vienna, Austria for a week in the late-October and early-November timeframe (for work-related stuff). Let's also say that I happened to have an extra week of vacation time available, so I went ahead and got the plane tickets on the cheap(er) and I am arriving in Austria a week before I have to start the work effort. Meaning I have an extra week to see an area of the world I have never visited.

Since that means eight days to do pretty much whatever I want (and to travel wherever seems best) before spending five or six days in Vienna proper, I wonder what people think would make for a good plan? I don't have to stay in Vienna for the extra week, mind you - and I think I'd prefer to get away for that week and see some other places in the region.

I was thinking that maybe a Eurail pass that lets you cross into a couple other countries might be good? So - Where to go and what to do? A friend of mine will also be with me, so we were thinking the "saver" pass for the train system is a good idea.

I've done a bunch of Internet searches to see what others have done, and I have found some interesting and helpful information. But I figured maybe someone who reads this has been there before and will have some ideas. Plus, the bulk of the Internet information I have found is commercial search-optimized generic content meant to drive click revenue, and I am looking for some real-world advice and experience here.

Anyone? :)

On10.net has a video demonstrating the forthcoming Zune media players (the guys there got a couple pre-release models to mess around with). The video demo shows sharing pics and music between devices wirelessly.

I think I'm-a-gonna get me one of those... Looks like it will be a even better option than my iPod for video on airplanes maybe.

Watch the video here.

the Zune is scheduled to be available November 14th for $249.99. It includes a whole host of cool features:

WMA, MP3, AAC, JPEG,WMV, MPEG-4, H.264 media playback
Wi-Fi (802.11 b/g) connectivity
30 GB Hard Drive
3 inch video LCD 320x240
White, Black, and Brown Colors
FM Radio
TV output connectivity 640x480
Dedicated song download site (Zune Marketplace)
DJ Mode
Podcast playback
Updateable Firmware
Estimated 12 hr battery life for audio, 3.5 hr video
3 day playback of Wi-Fi transfered songs from friends (hmmm...) 
XBOX streaming
XBOX (Microsoft) points compatability
Preloaded music videos
Over a dozen accessories at launch
5.6 ounces in weight, 4.4 x 2.4 x 0.58 inches size
Metric: 158 g, 112 x 61 x 14.7 mm size
Custom background images
WiFi transfer of photographs
Tag based storage system (Will not appear as drive)
PC Compatability (no Mac client at launch)
Zune tag enabled
Horizontal and vertical video orientation

Technorati tags: Zune

I've had some personal experience in the past couple of years - mostly all good - what some call "agile" programming styles. One thing I don't like much, however, is the sometimes "religious" slant that can invade agile development teams. If you think about it, an agile methodology that doesn't allow itself to be flexible is just about as non-agile as possible. In other words, agile zealots can at times defeat the benefits of the methodology.

The one thing I have found is truly necessary for any agile-ish method to work is 100% participation and buy-in on the part of all involved, from the workers all the way up through every layer of lead and management. Without that, it will fail eventually.

Steve Yegge lives up there in Washington and has written an excellent (and beautifully opinionated) piece about what he calls Good Agile and Bad Agile. If you're a developer or a manager of developers you'll either agree or disagree with Steve, probably strongly in whichever direction you lean. Regardless of your position, it's worth your time to read what he has to say.

I mean hey, he's so colorful, even if you don't have a clue what agile development is you can enjoy the writing. Heh. Forgive the language quoted (like I need to say that). Here's an excerpt:

... Up until maybe a year ago, I had a pretty one-dimensional view of so-called "Agile" programming, namely that it's an idiotic fad-diet of a marketing scam making the rounds as yet another technological virus implanting itself in naive programmers who've never read "No Silver Bullet", the kinds of programmers who buy extended warranties and self-help books and believe their bosses genuinely care about them as people, the kinds of programmers who attend conferences to make friends and who don't know how to avoid eye contact with leaflet-waving fanatics in airports and who believe writing shit on index cards will suddenly make software development easier.
You know. Chumps. That's the word I'm looking for. My bad-cholesterol view was that Agile Methodologies are for chumps.

But I've had a lot of opportunity to observe various flavors of Agile-ism in action lately, and I now think I was only about 90% right. It turns out there's a good kind of Agile, although it's taken me a long time to be able to see it clearly amidst all the hype and kowtowing and moaning feverishly about scrums and whatnot. I have a pretty clear picture of it now.

And you can attend my seminar on it for the low, low price of $499.95! Hahaha, chump!
No, just kidding. You'll only find seminars about the Bad kind of Agile. And if in the future you ever find me touring around as an Agile Consultant, charging audiences to hear my deep wisdom and insight about Agile Development, you have my permission to cut my balls off. If I say I was just kidding, say I told you I'd say that. If I then say I'm Tyler Durden and I order you not to cut my balls off, say I definitely said I was going to say that, and then you cut 'em right off.

I'll just go right ahead and tell you about the Good Kind, free of charge.

It's kinda hard to talk about Good Agile and Bad Agile in isolation, so I might talk about them together. But I'll be sure to label the Good kind with a happy rat, and the Bad kind with a sad dead rat, so you'll always know the difference.

How can you not read what this guy has to say? That's just a start - read it all on Steve's blog.

Nice to live here, dontcha know. The sunrise view from my front porch this morning as I left for work:

Saw this coming a mile away. It's always fascinating when people - or companies - show their true colors.

Apple Computer is sending cease and desist letters, apparently, so a number of companies and organizations that are using the term "pod" in their positioning or names, claiming it causes confusion in the marketplace. Podcast Ready is the latest victim among several.

Give me a break.

The deal is this: It's said Apple has recently applied for coverage from the USPTO to get protection via trademark for the word "pod" in addition to the already protected term "iPod." They've not been granted protection, and I would hope they won't get it. "Podcast" is probably next on their list, at this rate. I see several others have already applied for the term and several variants.

But , after all, it doesn't take a solid legal footing to be a bully, it just takes - well - a bully mentality.

And now, it appears the fight is being taken to the podcasting playground. Despite the fact that Apple didn't invent the term "podcasting," and despite the fact that they adopted - even embraced - the term (and created a whole section and special logo for iTunes, etc.), Apple apparently believes they can Monday-morning-QB this one into the courts - and they must think they can win. One would hope that's not the case, but in California, who knows.

Don't get me wrong - Apple's a company that makes cool stuff and I own a Mac in addition to my PCs. But hey - no one likes a bully, especially when there's really nothing to gain, and a lot of people who could be negatively affected as a result of this move. The idea that the terms "Podcast Ready" and "myPodder" could be confusing in a way that hurts Apple is a stretch. "Podcast" is practically a household term now, and the fact is that Apple didn't jump in until well after it became the defacto standard name and term (despite some heated debates early on around the terminology).

Apple really needs to go find someone or something else to pick on, lest all the other kids on the playground get tired of the black eyes and bruises. Or send some of the lawyers out for a vacation or something. Their judgement is getting clouded.

In a few hours I'm heading for San Francisco (again) to speak tomorrow at (yet another) conference. I'm starting to realize that my little world has certainly changed over the past few years. These days I find myself constantly on the road, speaking in front of groups of people who need to know more about that which I know. I'm on the phone or face-to-face a few times a week with reporters and industry analysts, talking about Internet security, anti-fraud efforts and identity protection.

And somehow I thought I was going to be a photographer. Heh.

Sure, the flying can be tiring (drink lots of water on-board, that's the ticket, except you can't carry it on anymore), and I think I could probably count on my fingers and toes how many times I've slept in my own bed in the past six months. But the experience is a great one, and I am learning and growing more and more every day.

Tomorrow afternoon's topic of conversation (which incidentally is how I try to do my presentations - interactively) is "Solving the challenges of multi-factor authentication." I plan to discuss strong authentication in general (which includes multi-factor among other methods), the many wonders of passive and active behavior biometrics, Cardspace/Infocard and related projects, why we need stronger authentication in the first place, the difficulties of deciding what to implement and how to make it happen, what the impact of requiring strong authentication is on consumers and businesses, and some creative ways to meet the needs of everyone involved. So, nothing big. If you're an identity and access-management geek, or someone who has to implement this stuff, it's probably interesting. If you're anyone else, you're probably bored already, heh. ;)

Best part, though, is that I will get to see my dad, whose birthday I missed last month due to a fit of travel and business overextension on my part. I think I was in Minneapolis or something. I am very much looking forward to spending some time with him.

There's no point in droning on and on about this one - Scott Hanselman is 100% correct when he proclaims:

"I say this: IE7 and Office 2007 not supporting Basic or Digest Authentication out of the box for accessing secure feeds will negatively affect adoption of RSS more than any other failing of the spec since its inception. It will slow adoption down at every level; it will make it harder for Financial Institutions to justify it and it will flummox internal Enterprises who don't have completely NTLM/AD infrastructure."

He discusses this in the context of using RSS to securely retrieve feeds for banking data, for example. Sure, there are many points to ponder regarding the retrieval and storage of likely sensitive information, but in the end this is something that will be needed, and would be useful now for many uses.

Do you think this functionality is important? Scott does and so do I. Read his post, Accessing Private and Authenticated Feeds - Why it's important, and say something - in the comments here on this blog, on Scott's blog, on the IE Blog, on your blog.

Microsoft today announced and released (in an apparently closed beta) Soapbox, their new service aimed at the YouTube crowd. Word is it will allow you to upload your videos, up to 100MB, for sharing with others. Works with Windows Media player or Flash embedded in the web page. You can get on the waiting list for a beta account via a link on the Soapbox site.

This should be interesting to watch. From the site:

"Soon you’ll be able to upload your own videos, watch those made by other contributors, post comments on what you’ve seen, and much more."

I sure hope I can subscribe to feeds there. That would be a terrible boat to miss. We'll see soon enough.

Update: I was able to get the refresh installed - see below...

I've been running the various betas of Office 2007 for many months now, and the other day Microsoft released their Office 2007 Beta Two Technical Refresh. I ran across installation failures when I tried to install it, and the error that comes up when the installation fails was slightly less than helpful:

So I started looking around for any bright ideas. I found the below KB article (which is apparently the one that is supposed to be referenced in the above dialog box, according to the release notes - oh and by the way, don't even try to view it in Firefox Beta 2, use IE if you want to be able to read all of it, sheez):

http://support.microsoft.com/kb/923718/en-us

I tried all the suggestions in there, to no avail. And now my Office programs have some horribly broken ribbon and menu bars. Uh oh.

Any ideas? I am going to try a reboot and maybe one more installation try, and then it's off to the newsgroups I go...

-------

Update:

I ended up having to uninstall the entire Office 2007 suite, reinstall it, and then run the Beta 2 TR updater. Once I did that all was fine. Now I am up and running on the latest and greatest. Performance in Outlook is improved, and some menu items and buttons have been moved around in ways that make good sense. All the Office programs seem snappier and cleaner. PowerPoint is so much better performing in this version it's back to being usable again (the last version was a freakin' dog).

Corillian - the company I work for - is hiring. We have a number of positions open across the country, in a variety of locations.

Right now I have one opening in the Security Solutions business (for an experienced software QA engineer), plus all around the company there are a variety of interesting positions and opportunities. As of the time of this post, positions are available in offices located in Portland, Oregon as well as Omaha, New York City and Reston, Virginia. Current jobs include positions in software development, test, product management, support, customer management, database administration and systems administration.

You can check out all the current openings at the Corillian web site job search page. If you find something you like, let me know and I will be glad to discuss the position in my section, or to tell you more about the company. My email and mobile phone numbers are on this blog's web page, over at the right. Don't be shy - I'll be glad to hear from you.

I drove home from work this evening and it dawned on me that the entire day I was somewhat disconnected, and by the end of the day I was feeling impatient, randomly angry and very, very tired. Earlier in the day, as I drove in to the office, I listened to the radio and felt again that sick, angry, desperate feeling I remember feeling on and after September 11, 2001.

This evening I found and read a set of powerful blog entries from someone named Andy, who was there - a couple blocks away at work that morning - when the first airplane hit the World trade Center. He describes what happened in detail, from the time the first tower was hit to several days later.

"I've got to admit that as I wandered uptown I was dazed - I just wandered in between cars, in the middle of the street, staring into car windows as they stared back at us - the witnesses - stream by them. I wondered if they could see in my eyes what I had been seeing."

Reading Andy's posts brings me back to what happened that day. It's important to remember what happened, who it hurt, and how it continues to affect us and others today. If you don't read anything else, brace yourself and read his posts and remember...

"I hope that when this is all over New Yorkers can remember the way that they came together and united in the face of tragedy. The people I have met on the street, in the stores, everywhere, have risen to a level of compassion and decency that no-one would expect from a New Yorker. People have been demonstrating their better sides, putting their personal concerns on the backburner in order to reach out to those in need. And its possibly the only glimmer of hope in this horrible situation.

"And I would never have thought I would say this sort of thing, but God bless all the rescue workers, firefighters, policemen and everyone else. Prayers and thoughts to the victims and survivors."

Many New York City bloggers have written about their September 11th thoughts and experiences over time. You can read some of their accounts at the NYC Bloggers site.