Bruce Schneier on security

Bruce Schneier’s blog “Schneier on Security” covers everything from cryptography to terrorism and in this day and age I would call it a “must read” for every American. Period.

He’s pretty level headed and many of his posts talk about how the government uses “movie-plot threats” to keep people afraid and to appear as if they are doing something useful.

Anyway, he has a new article on CNN that I would consider required reading, so read it. :D Here’s one of the many money quotes:

“But even as we do all of this we cannot neglect the feeling of security, because it's how we collectively overcome the psychological damage that terrorism causes. It's not security theater we need, it's direct appeals to our feelings. The best way to help people feel secure is by acting secure around them. Instead of reacting to terrorism with fear, we -- and our leaders -- need to react with indomitability, the kind of strength shown by President Franklin D. Roosevelt and Prime Minister Winston Churchill during World War II.

By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant "bring 'em on" rhetoric. There's a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats.

We should treat terrorists like common criminals and give them all the benefits of true and open justice -- not merely because it demonstrates our indomitability, but because it makes us all safer.

Once a society starts circumventing its own laws, the risks to its future stability are much greater than terrorism.”

Peanut Butter

Ok, you know that I loves me some peanut butter, but I really hate hydrogenated oils (well, hydrogenated anything really), so I have been buying natural peanut butter lately; saltless, sugarless abomination. Its actually pretty unpalatable and makes me want to punch a baby. BUT, if you lay down some honey on your toast, THEN the natural peanut butter, its all good.

The problem with natural peanut butter is that the oil separates and you have to stir it in, no big deal I guess. See, the thing is that by the time I get to the bottom, its all dry, prolly because I failed to properly mix in the oil. :(

Well I found a solution to my peanut butter problem! (thanks Wired How to Wiki) When you get home from the store, put your natural peanut butter in the cupboard upside down, then flip it every day. Well, I am too antsy, so I flip it twice a day, but you get my point. After a couple of days when you open your jar of peanut butter its all mixed up! I still give it a quick mix “just to be sure”, but there is no dry part at the bottom anymore.

Related articles by Zemanta

• A Natural Benefit to Peanut Butter (finarelli.com)

YAPR #2

Or “Why is your site so dam slow?”

I can not believe how many sites take more than 10 seconds to load, its absolutely astounding. Pay attention and note how many times you have to wait for a page to load, its unacceptable.

I get that there may be some congestion in the pipes and that will slow down the interwebs, but that is rarely the problem, its almost always bad site design. When I go to a page and I see a “Loading…” I immediately close the browser and skip that site. If you have a message that means that you DESIGNED your site to be slow.

I get that some sites need to run an application and will therefore be slow, for example almost any game site (kongregate for example), but when I go to a blog or other information site there is just no reason for it. For example, I went to the Mary Lou Retton site (don’t ask) and it throws up a “Loading” message for about 15 seconds. Really? REALLY?! And this site isn’t TOO bad, at least it shows the main content and its only loading a small portion (Achievements), but why would you rub my nose in the fact that your site sucks? Why not just load in the background and NOT point out to me how bad you suck? And while I am picking on Mary Lou’s site, note that when you navigate on her page the entire page flashes and reloads, but only the center content changes, so why not just change the center div?

Its unacceptable, I have a 16mbps internet connection and all you are trying to do is show some text and a few 50k images and I have to WAIT?

 

YAPCA

So Andy and I have had several discussions lately, and as you would probably predict, we end up using the same argument to make the same point in multiple discussions. So we started naming them. Hey, it made sense at the time, and in fact, its a handy shortcut. For example in our discussions regarding the Verizon early termination fee, I used both the Dvorak Keyboard argument as well as the Star Trek argument.

So here is the first “Yet Another PaulC Argument”, the first one that I will document is the “dvorak keyboard” argument, and it goes like this:
Two years ago I switched to the Dvorak keyboard, I no longer use a QWERTY keyboard layout. There are many stories out on the interwebs about how the QWERTY keyboard came to be, but the fact is that its inefficient, regardless of how it came to be. For example, with your fingers in the home position on a QWERTY keyboard you can type 300 words, on a Dvorak keyboard you can type an astounding 5,000 words without moving your fingers off of the home keys. Turns out that its pretty easy to switch your keyboard layout, so I switched. Dvorak is superior in every way, and since I switched my hands no longer hurt from typing and I can type even faster. OK, here’s the punch line: I already know how to type QWERTY at about 80 words per minute, so why switch to Dvorak? Because the QWERTY layout is so inefficient and stupid that it offends me.

So the Dvorak Argument is basically that inferior technology is offensive to point that it may actually need to be shunned. But of course it can also be applied to non tech issues.

For example, Andy and I were discussing cell phones (get ready for it Jim) and I applied the Dvorak Argument to the iPhone. Is the iPhone a great phone? Almost certainly. Will I ever buy one? No. Its a closed system, it can’t multitask, the screen resolution is low, etc. So while its an acceptable phone, these technical issues (which many people just don’t care about) are enough to make me not want to use it. So rather than go through the entire justification, I just called the Dvorak Argument shortcut. 

An example of a non technical discussion was the Smart Car. The U.S. version of the smart car is a tiny, slow, expensive car that gets 43 mpg, the EU version gets 69 mpg. Yes, the EU version gets 26 more miles per gallon. Why? Because its a turbo diesel. The Volkswagon TDI gets 50 mpg and its a real, full sized car that costs the same as a “Smart Car”. So, I won’t buy a smart car; Dvorak Argument.

Cookbook errata

Everyone go  get your Malecha Valek Family Cookbook, I’ll wait here.

Got it?

Good, turn to page 346 (note that page 347 is “Chocolate Revel Bars” so I KNOW that you have it bookmarked) make the following changes to the recipe “Chocolate Chip Oatmeal Cookies”:
It should be 12 oz chocolate chips, not 6
recipe is missing 1 tsp salt (kosher is best, no iodine taste.)

That is all.
Carry on.

p.s. If you are reading this wondering why you don’t have a cookbook, please contact your local Malecha Union Rep and they will get you one. I myself have 6 that I am more than willing to distribute to the  faithful.

StoneKettle Station

Every week or two I cruise through my list of “Recommended sources” in Google reader. Sometimes I get lucky and find a good blog, but I rarely find a GREAT new blog, and I FREQUENTLY find really bad blogs. Part of the problem is that I tend to fall on both sides of almost any issue. :(

Guns. Love ‘em. Gimme. Want. BUT, I don’t want to carry it around and I don’t want YOU to either.  They are just such great gadgets aren’t they? 40,000 psi? 2,700 feet per second? 6,700 joules? And they come in lever action? And advanced optics?! All that and they are LOUD! I mean COME ON!

Abortion. Yeah, don’t do that please. Its REALLY hard on a person’s brain, really, please think LONG and HARD before you do it, but really, its your choice and I’ll support it. But again, please get help from a mental health professional if you decide to do it, its a brain buster and pretty depressing. :(

War? Hate it. Never, ever do it, especially when its unjust and you lied about the reasons. And if you THINK you have a good reason? You don’t. But if you’re going to do it, then lets. Get. It. On. Don’t dick around, don’t lie, don’t blame the military, just man up and do it. And when its done, support the men and woman that you sent off to die. Every dam day you get your ass out of bed and say a silent prayer to those who answered the call. And when it comes time to pay their benefits that you promised, you better pay up.

I could go on. But here’s the problem: Google has me pegged as a Right Wing, homophobic, toothless, gun carrying, woman hating, bible thumping, drunk. Ok, I do like to drink, but who doesn’t? So when Google reader recommends blogs to me, they are very likely to be technically what I like “ohh! shiney gun!” or “ohh! new algorithm for calculating similarity between two seemingly unrelated text sources!” or “ohh! how to use your Arduino to control your thermometer” But almost always politically batshit, well, in the case of technical blogs they are almost always neutral, but gun blogs have to be read with the greatest of care, you might step into a big steaming pile of fascism. :(

So this week Google recommends the blog StoneKettle Station written by Jim Wright Chief Warrant Officer, USN RET, lives in Alaska, his personal motto is “Don’t be a dick” (which as of right now I am co-opting, T-shirts need to be printed). He seriously thinks that he can become Ultimate Emperor of the Universe, CLEARLY batshit as I will beat him to it and never give up the post.  Tool. MUST be a raging homophobic giant douche bag that… Well, wait  his profile lists “SciFi”, “Space Exploration” and “Military” under “interests”, ok, well that's all in the good column. Pfft, I’ll bet his favorite movie was “Twilight”, lemme check… hmm “Serenity” and “McClintock”, “McClintock” is my favorite movie of all time, yes Andy, ALL TIME.  Probably a troglodyte that can’t read, his favorite book is probably “Mein Kampf”, oh, I see that ALL of his favorite books are sitting on the shelf next to me and many are on my kindle. Huh, “Dune” is first on the list and I see a few Heinlein in there too…

Hmm, I guess I better read his blog…

After spending the better part of three hours reading his blog (dude can write) I have decided that this is the rare gem that Google has thrown my way. Its not one of those “yeah, I’ll add it to reader and read it I guess” its a “I need a new category to put this in so that I don’t miss an article.” He is not a PaulC kind of blogger, he’s more of a “I have something to say and will take as many dam pages as it takes” kind of blogger. Its refreshing, and frankly very odd; that genre of blog usually makes me think “I feel like I should read this, but its sssoo BORING”, whereas Jim’s blog makes me think “HEY! Where the hell is the next article?!” Well, that and “No more cats dammit!”

Just cruise through his blog and see for yourself, very entertaining and informative. There is one problem though: dude likes cats, and I don’t mean in a “honey fire up the bbq” way either, I mean in an Andy way. :( Weirdo.

New Workflow

On December 11th Twitterfeed stopped feeding my blog posts to Facebook, but the Twitter feed was still fine. The only answer that I could find was “its a free service, what do you expect?” 

Wow. Well, fair enough, it is a free service. I really like twitterfeed’s UI and the bit.ly integration, but being down for a week and a half just wasn't worth it to me, so I switched (back) to  friendfeed. I have had a friendfeed account for a couple of years and haven’t used it in awhile but I knew my password so no problems there.

I am SO happy that I went back to friendfeed, yes the twitterfeed UI is much slicker with its AJAX sliding divs and fading text, but friendfeed just works and I never have to worry about it. So now I have friendfeed setup as the nexus of my online metadata. Everything that I do online is gathered by friendfeed and then published on my friendfeed RSS feed, available here. I have further setup friendfeed to push those updates to my twitter feed as well as my facebook wall. In practice this means that if I share an RSS item, share a video on Qik, favorite a YouTube video, set my status on Google Talk, etc, it will automatically get distributed correctly.  This also means that I only need to set my status on a single service, and it will propagate to the other services automatically. The only thing that is lacking in my new workflow is bit.ly integration.

Bit.ly is a URL shortening service that also tracks clicks. For example with twitterfeed if I shared an RSS item I could tell how many people clicked through to the underlying article and where they got the link from. It was interesting to note how many clicks I got from twitter vs. facebook for example. Bit.ly doesn’t know who clicked, just that someone clicked. I may be able to integrate bit.ly into friendfeed, but I haven’t figured it out yet.

FriendFeed has other groovy social features as well, for example I can “follow” other users and get their updates as an RSS feed and even emailed to me either live or as a daily digest. It also has a nice commenting system to discuss shared items.

If you have a blog or are using Google reader to share RSS items, get yourself a friendfeed account so that I can keep up with you in a single location. :D

Engrish

You know how sometimes we make random sounds that SOUND like a specific foreign language, but aren’t? Think Eric Cartman in “The China Problem”, or the Swedish Chef, or anytime that PaulC cooks French food. See here’s the thing, English is “foreign” to a LARGE majority of the worlds population, so what does English sound like to non English speakers?

Thankfully in 1972 some Italians recorded a music video that answers this exact question. They are NOT singing English in this video, they are making sounds that they interpret as sounding English. Wild. Just, wild.

Sooo, its gibberish, yet the video seems to fit the “song” perfectly. I feel like if they WERE singing actual words that it would be about cars, I have no idea why.

via boingboing

I AM a great dancer…

I think that Dr. Peter Lovatt is my new hero, nay, I will go so far as to say my new SUPER HERO.  First of all, his area of specialty is “Psychology of dance”; too funny. Sure you COULD call him a “cognitive psychologist”, but really, why would you? Does he have an advanced degree in the “Psychology of dance” and work at IBM? No, he actually runs The University Dance Lab at Hertfordshire, and he really takes his research seriously (as well he should.) For example, in this entertaining and educational video we learn what makes a dancing female attractive (or not).

And of course the reciprocal, what makes a male dancer attractive (or not). This was filmed  on my favorite show “The Graham Norton Show”, he is SO funny. Watch the entire video, the Dr. Jones homage at the end is typical for Graham.

BUT, by far the most interesting study that Dr. Lovatt has done is:

University of Hertfordshire (2009, December 16). Men think their dance moves improve with age. 

Where he determined that as a man ages, he THINKS that he is a better dancer, he may or may not actually BE a better dancer, but he thinks he is. Of course in my case, I am actually a better dancer. :D

I mean, right?

Hybrid Hysteria

Ok, really, this hybrid shit has GOT to stop. Yes, I get that you can make an all electric car that hauls ass and takes names for a mere $125,000. And strictly from a “wow, that is SO cool” perspective, I have to say, wow, that is so cool. But come on, can we PLEASE get real? And I don’t mean “real” as in a Toyota Prius. Are you kidding me? The NEXT generation, that will be out in TWO YEARS does 12.5 miles per charge?

Here, I have an idea, why don’t you take the Smartcar, and actually MAKE it smart, rip out that crappy little (but still overpowered) gasser and put in a nice electric motor and… oh, someone did that? AHHH, that’s the stuff. Seats two, 71 mile range, top speed 62 mph, 0-60mph is not published, but I heard that 0-30mph is ~6 seconds.

It  will never sell, at least not in the U.S. Americans love their gas guzzling rockets; a two seater that can’t do 0-60mph in under 10 seconds (hell, under 7) is doomed. Me personally? I don’t see it as a chick drawing, testosterone generator, I see it as a way to get from point A to point B efficiently, and thus cheaply. I can’t recall the last time that I travelled at speeds in excess of 40mph in a car. Almost all of my driving is around town, and when I go to see Melanie and Rick (120 miles) I jump on the motorcycle and take the scenic route. And if I need to go when there is ice on the roads, I can rent a compact car cheaply for a day or two.

My only concern is trivial, and that's GPS and cell phone charging. :D When I am in the truck and I need to charge something, I just plug it in. But in an all electric I would be thinking “How much distance does charging this device cost me?” Yes, its so negligible that it defies measurement, but that's how my brain works.

Anyway, its a frakkin souped up golf cart, and you know, for <$20,000 I’ll take one.

Passwords and Synchronizing

So as you undoubtedly know, Andy, Sam, Hanson and I got new Droids a few weeks ago, and the shinyness STILL hasn’t worn off yet. They are great little phones and every day I find something that makes me go “oh, yeah!” Then I spend a day or two playing with the new feature/software, and it either gets rolled into the PaulC SOP or discarded. Well this week I have TWO new applications that have made it past the first cut and they kind of go “hand in hand” so I will just do a single post.

First we have Keepass. Keepass is an excellent password keeper. You enter all of your usernames and passwords for all of the sites/applications that you use and Keepass encrypts them with your passphrase and organizes them for you. It’s important to note that its not “password protecting” your passwords, rather its encrypting them. That means that no brute force attack is going to work to hack your data, it would require that the hacker knows your passphrase, so pick a good long one. For example my passphrase is several mixed case words and is dozens of characters long.

When you open a page that requires your password, you just hit "<CNTRL> <ALT> A” and it auto fills the username and password. Its a very complete application and has  many organizing features. For example you can create folders to organize your records, and even have folders inside of folders and you can also assign icons to folders and records. Records are not just username/password pairs, you can also add notes; so for example I keep my bank info in Keepass in the note for my banks record. It will even auto generate long, secure passwords for you. All in all, very cool, and very secure.

So when I am on my desktop PC I go to Google reader and hit “<CNTRL> <ALT> A” and it autofills my username and password and logs me in. But what about my laptop? And Keepass has an Android client that I run on my Droid so that I have my secured sensitive information with me at all time. So how do I get the data to my Droid and my laptop?

SugarSync. SugarSync is an excellent application that synchronizes your data across multiple computers, and of course they have an Android client. I run the SugarSync client on my desktop, my laptop, and my Droid and they all have access to my Keepass data. If ANY of my computers (including my Droid) edits the data, they ALL see the update. SugarSync has many plans including a free 2 gig plan. So for free, you get 2 gigabytes of storage and unlimited access for up to three computers; for $49/year you can up that to 30 gig and they have other larger plans as you can see here:

I use the free version now as I have modest data storage needs, but as my needs grow its good to know that upgrading wont cost me an arm and a leg. And my needs will almost certainly grow as SugarSync can do so much more than just share a single file between your computers.

For example Andy and I have been sharing ringtones, so we setup a folder on SugarSync that we both have read/write access to, so now when one of us adds a ringtone, the other can see it immediately, across all of our computers and cell phones.

The Droid SugarSync application has a great feature where it automatically synchronizes my camera phone photos, so no more downloading photos from my phone, I just take the photo with my camera phone and when I get home it’s sitting on my desktop computer and my laptop. And if I want to share any photos I can easily copy them to a shared folder or just click a button to share it on Facebook. Wery nice.

So all in all, Keepass and SugarSync are a perfect match. They both have Android (and probably iPhone) clients and they both work exceptionally well.

If you are thinking of signing up for SugarSync, PLEASE use this link, if you do I get the referral and free storage. :D

Country Captain

Melanie asked me to post this recipe, its a good and easy chicken dish.

Turn the oven to 400F.
Throw your biggest frying pan on the stove and crank it to high.
Get a 6 pack of bone in, skin on, chicken thighs. That is, by far, the best part of the chicken; tender, juicy, and with the bone in the flavor is outstanding. Rinse them off with cool water, then run them through some flour mixed with 2 tablespoons of curry powder and some salt. For me “some flour” is usually about 3/4 cup.

Pour some olive oil into the hot pan, place the floured chicken thighs into the pan skin side down. If they don’t sizzle, then you didn’t heat the pan enough, fry them up until they are nice and crispy, then flip and crisp up the other side. Put them on a cooling rack. At this point the chicken is not cooked all the way through, its just nice and browned. I usually do 3 at a time.

Now you have a hot pan with olive oil, rendered chicken fat, curry and flour, the possibilities are endless. :D Deglaze the pan with chicken stock; basically put 2 cups of chicken stock into the pan and whisk it. Now you have the start of a nice gravy. Add 2 tablespoons of good curry paste, mix it all up real good. Throw in 2-4 cups of cut frozen veggies, I use the corn, peas, carrots, green beans combo. Add 1-2 cups of frozen pearl onions and 2 cups of fresh button mushrooms. Mix it all up and cook it up for about 5 minutes. Toss in the left over flour that you dredged the chicken with and mix it all up, this will help thicken the gravy and add some flavor.

Put the browned chicken thighs on top of the veggies skin side up. Put the top on the pan and put it in the 400 degree oven for 30 minutes. Then remove the top and cook for another fifteen minutes. Remove the pan  from the oven and let it sit for about 10 minutes.

I like to eat this dish over rice.
Heat your pan, add 2 tablespoons butter, add 1 cup of rice. Brown the rice, but don't burn it! Add 2 cups of chicken stock, cover and bring to a boil, reduce to a simmer. Simmer covered for ~20 minutes or until done. Best. Rice. Ever.

Keep in mind that all of my measurements are approximate, you need to look at what you are cooking and make command decisions. I rarely measure anything when I am cooking, I add what looks right and I taste as I go.

Qik see what happens

Zowers.

So Qik just updated their Android client to fix a few bugs and add Chinese language support; this caused it to to bubble to the top if the TeamPaulC information pile. Its basically a service that allows you to upload streaming video files and share them on the Qik site as well as Facebook, Twitter, YouTube, etc. They even have a live url that shows what the user is currently streaming (mine is here).

My initial reaction was “who cares” but having played with it a bit, its starting to grow on me. You can live stream and people can watch it live, and then you can save it for future viewing. The video can be private, or private and shared with your friends, or public. And of course you can post the video to all of the popular services.

This is my live channel embedded, if I am not streaming now, it will be blank. :D

[UPDATE] Actually, the below embedded video shows my most recent video, which MIGHT be live, but if I am not streaming right now, then its my most recent canned video.

My tests so far have been with my Droid, but they support quite a few phones. PaulC gives it two thumbs up.

Zemanta

I was talking to Andy about fixing his blog layout and I suggested that he try Zemanta, he did both, and wow.

Now I can ALMOST read his blog, there are still a few minor issues like the comments are black text on dark grey which is very difficult to read. But now I can see that he has photos on his blog! yay!

Zemanta has a plugin for Microsoft Live Writer or you can use it as a web app via a Chrome or Firefox plugin. It suggests pics that you might want to put into your blog, as well as links for keyword, its pretty cool so far, but I haven’t fully dug into it yet.

Related articles by Zemanta

• Zemanta extension for Google Chrome (zemanta.com)

YAPR #3

ZOMG!
LOOKOUT! ITS ANOTHER PAULC RANT! RRRRRUUUUUNNNNNNN!!!!!

Seriously, duck AND cover.

Uncle Pat and Andy were kind enough to open the Climategate discussion in a private email thread. Andy is 27 years old and Pat is my older brother, so I felt like I could let loose on them, so I did. In fact, Andy may still be crying in a corner, if you see him, give the little guy a hug. :| This has nothing to do with YAPR #6, but it may explain why I am so militant about it. :) Andy and Pat got me all worked up.

I can not stress this enough, but I will try again. You really need to be more careful on Facebook, recall my earlier article regarding online surveys. They are not doing these surveys for altruistic reasons, they are doing it to make money. MAYBE they are making money honestly, like by placing ads on your screen that are highly targeted. YAY! BUT, maybe they are trying to steal your private info.

Sophos did a study where they tried to friend Facebook users and get their personal data and the results were alarming.  You can read the results if you like. Yes, I get that these were friend requests, and YAPR #3 is all about online surveys and games, but the data is similar. If you blindly play games (accept friends) on Facebook you are compromising your online security.

“But PaulC” you ask “why do I care if the bad guys know my email address, date of birth and mothers maiden name?” Because they can then call your bank and say “Hey, this is Suzi, my date of birth is <blah> and my mothers maiden name is McGuillicutty, please give me access to my bank account.”

“Wow, good point, ok, no more surveys for me!” Good, but not good enough. You know those cute little games that you play on Facebook? “oohh! look a <kitty, farm, cow>” yeah, when you give them permission to access your data so that you can play, you are giving them full access. And again, I suggest that you consider quid pro quo; do you really think that these companies are saying “Hey, lets create a game for free and not worry about revenue!” prolly not. They want something in return, and they are getting it, trust me.

Look, I get that you get bored and are looking for a distraction online. So go to http://www.google.com/reader and keep up on what ever interests you; cats, farm animals, electronics, trucks, politics, whatever. And if you want to play free online games (and really, who doesn't?) then go to kongregate or one of the other flash game sites and play their great games. You don’t have to register, but if you choose to, you don't have to give them any private information.  So how does kongregate make money? Off of the ads that they show.