Current read/review stack

Posted on by

I like old books with paper pages.

~ Thai & Lam, .NET Framework Essentials (3rd Ed.) (2003)

~ Vitter, Designing Visual Basic .NET Applications (2001)

~ Liberty, Learning Visual Basic .NET (2003)

~ Morrison & Rischert, Oracle SQL Interactive Workbook (2000)

~ Keesee, Elementary Abstract Algebra (1965)

~ Bransford & Stein, The IDEAL Problem Solver: A Guide For Improving Thinking, Learning, and Creativity (1984)

~ Mano, Digital Design (3rd Ed.) (2002)

~ Hingley (Intro.) Great Short Works of Fyodor Dostoevsky (1968)

This one is literally falling apart. I carry it in a clear plastic bag. A photo of Dostoevsky has been glued behind the cover, by my friend Turk LeClair. The facing page bears Turk’s signature “Radio Free Dada” rubber stamp impression.

What have I been doing?

Posted on by

Call me lazy – it’s been a while since I’ve maintained this site, nor arguably even formed thoughts fit for placement on screen with WordPress. Almost as if the effort involved in so doing should vary in some way inversely with my motivation. Not, yet … In fleshly life I haven’t been fully dormant.

Summer 2013 wafted me along in a warm breeze. During the excitement of preparations for the 3rd National Heirloom Expo, I received an offer I couldn’t refuse: learning some .NET web application and T-SQL backend programming, and helping out with a data migration effort. That project lasted 8 months in the company of some truly fine people. The work itself was as fun and interesting as any I’ve found; the abstract art on the walls there is, I trust, still fantabulous. I continued to contribute a bit with the Expo as well, editing content up through opening day in early September.

I kept up occasional work for existing clients, into Summer 2014. That’s when health concerns arose in crescendo. Wrapped boxes were adorned with bows; those unwrapped or not filled were passed along to other hands. I took it easy at home, doing nearly nothing for several weeks. I began feeling better slowly, seeking some light-duty occupation that could profit without leaving me worn and winded.

Ever a techno-dilettante perceiving the internet as hinting some salutary premise of eventual growing-up-to-be, I perused tutorials on topics I’d earlier found interesting but resembling unpaid work in their deeper consideration. Dimly aware that watershed moments may bear cruel significance – doers and dreamers struck by Determination’s parting might – I geared up my desktop for … well, doing something.

Unfinished course materials of A+ and CCNA tracks were among the many boxes of books I’d hoarded for years. Somewhat newer and unopened was a complete set of Cisco network security training manuals. I ignored those, along with dozens of awesome, expensive, mostly half-read books I’d collected while attending school. I browsed. I dabbled in data science, some web technology stacks and frameworks, topics relating to cryptography and information security. I was wary of cryptography. I hadn’t taken number theory in college, due to scheduling conflicts. I’d suffered gruesome humiliation in upper division linear algebra. As a math major, I was a Chihuahua attempting to mate with a Great Dane. The torment of this for me was compounded by the thrilling, haunting, siren beauty of abstract algebra, real analysis, topology …

I decided to apply myself to a sequence of structured tutorials organized by University of Maryland Cybersecurity Center. Not only was I attracted by the format and syllabus, but there were some coincidental associations from my earlier life. As an at-risk youth and aspiring high-school dropout contemptuous of all ambition, I lived with my family in Glen Burnie for a time. My father dragged me along to explore the campus at College Park. That day I added ivy to my contempt-list.

Not many years later, I was serving as a recon Marine stationed at a remote beach on the western coast of Okinawa. I found that I had some time to take a college course that met at a base some 20 kilometers south – University of Maryland, Far East Division. The course was “Introduction to Philosophy”. That experience has not ended. It slowly – during and afterward – transformed and shaped my view of the world, perhaps in a direction of increasing stability and confidence. Upon reflection, I now feel it’s remarkable that such an institution, to whose distinction I’d never have aspired, would reach so far to offer someone like me, at that moment in my life, something so valuable.

I began the Cybersecurity sequence in September, with its introductory module on Usable Security. Technology users may feel that security is an enemy of “user-friendly” operation. When security is not a feature added on, but is a fundamental concern of user-involved design, the usability and security characteristics of a product or service become unified with its functionality. In many real-world instances, security and usability are implemented as precisely the same characteristics or features.

Software Security introduced me to common attack surfaces and countermeasures; principles like Favor Simplicity, Trust With Reluctance, Defense In Depth; practices of secure design, coding, and verification. This was an amazing experience that included valuable hands-on work with virtual machine setups, “real” exploits, static analysis, penetration testing, and more. Too much paranoia, it turns out, is rarely enough.

Hardware Security focuses on vulnerabilities and countermeasures in digital VLSI design, fabrication, and testing. The “Made In USA” paradigm of the late 20th century is history. In its place, a complex yet surprisingly manageable system of in-house design and testing couples with outsourcing of mostly everything else involved. Even design tools can be untrusted but used to good effect, if certain sound practices are in place. “Spy vs. Spy” is not just coming to your living room – it’s been there. At this moment, I’m working on the 6th of 6 units in this module.

The Cryptography module can be started before or after Hardware Security. I saved it for last. It’s Math. As with Hardware Security, the instructional designer literally wrote the book in this academic field.

After the regular modules are completed, there is another module called Capstone Project. From what I gather, it’s a massively cooperative “cradle to landfill” paradigm for product design, development and manufacture, with all aspects of security baked in early. Looking forward to that!

This brings me up to today. I’ve moved about 5 blocks from where I lived for over a decade. That was a one-bedroom apartment; this is a large house shared with friends. We’re starting an organic garden. I’m excited about that and more!

Windows 7 Professional or Ultimate?

Posted on by

I recently looked into this for a friend.

I was vaguely aware of BitLocker and knew that, contrary to some popular belief, a Trusted Platform Management (TPM) hardware chip is not required to operate BitLocker. TPM merely generates a hardened encryption key to use with BitLocker. There are other ways of generating a usable key.

In any case, unless you are working for the NSA, or keeping sensitive business or personal data on a computer you want to carry around in public – or unless you’re uncertain about physical security where the laptop is kept – then BitLocker could be more of an annoyance than an asset, if used. It’s possible to envision a scenario wherein careless use of BitLocker, or malevolent physical intervention, could render your laptop unusable.

Anyway, you get BitLocker with Ultimate, but not with Professional.

Here’s a summary of what I learned. Firstly, if you’re planning to pay Microsoft for a fully-officially boxed version of the product, then you can stop deciding. Choose Ultimate, which costs $20 more. $20 is only 10% of the retail price of Professional. Ultimate is $20 worth of cooler-sounding.

Looking into the OEM and other-discount software world, the situation changes. With a requirement of 64-bit OEM Service Pack 1 (no Branded and no Promotional versions allowed), I found a difference of nearly $50 between Professional and Ultimate.

I consulted a very complete feature comparison table, to identify each specific feature provided by Ultimate but not by Professional. I used a search engine to find out a little about each such feature.

The short version of what I learned: Ultimate is a “bridge” version between Professional and Enterprise. (Of course that is visually suggested by looking at the relative positions of the columns in the table.) The feature set of Ultimate seems designed to provide a less expensive way (than Windows 7 Enterprise) to set up a client PC to access certain features catered by an enterprise server. In some cases this server needs to be Windows Server 2008 or better (surprise).

Additionally, Ultimate has a couple of features thrown in that could be useful to geeky types outside an enterprise context, and a couple more that support multiple languages in the user interface. And there’s BitLocker.

Features you get with Ultimate that you don’t get with Professional

  • Security/encryption – BitLocker
  • Language support
    • Display Language selection
    • Language packs for free
  • Geeky stuff
    • Boot from Virtual Hard Disk file
    • Federated Search (search from within Windows Explorer)
    • UNIX native environment
  • Enterprise client support
    • Branch Cache (bandwidth conservation by local cache)
    • Direct Access (VPN on steroids)
    • Enterprise Search Scopes
    • Federated Search
    • Multimedia redirection
    • Terminal Services enhancements (audio, multi-display)
    • UNIX native environment
    • VDI (Virtual Desktop Interface) enhancements

Worth $50? You decide. If I were deciding for myself, I would think things like:

  • I don’t think I want to use BitLocker, but in the future a client of mine might be relying on me to protect their data.
  • It might be useful at some point to see the Windows interface switching between English, Spanish, Chinese, etc … not sure to what degree that can propagate to text content. Worth looking into.
  • For myself, I probably wouldn’t use Federated Search.
  • Alternate boot scenarios or UNIX scripting – possible, no immediate need.
  • Enterprise client features – some opportunity that would require me to access an enterprise network in one or more of these ways? This would be a high-impact, low-probability (HILP) scenario.

On balance, the HILP thing plus some latent geeky tendencies, would probably motivate me to spend the $50. And Ultimate does sound cooler.

Choosing a midrange laptop computer for small business use

Posted on by

I recently helped someone choose a decent laptop from a confusing array of possible buys.

The starting criteria were:

  • under $650 for the basic laptop plus carrying case and any hardware accessories
  • Windows 7 64-bit
  • 15″ display
  • minimum 4GB RAM, 500 GB disk
  • Intel CPU better than Pentium
  • wireless b/g/n (all 3)

Desirable options were stated as:

  • Enhanced service agreement
  • Windows 7 Professional or better
  • more RAM or disk space
  • fast CPU
  • matte-style display
  • both VGA and HDMI ports
  • USB 3.0
  • Gigabit LAN
  • ability to encrypt the entire hard disk

There was no requirement for high-demand gaming or high-end graphics, but the person wanted decent performance for web and office applications, streaming video, etc. The person expressed interest in a solid-state drive but wasn’t attracted to the pricing we found.

We started with a visit to a local Best Buy store. We got an overview of what’s available in consumer grade laptops, and made a list of the Manufacturer and Model Number of those units that met the starting criteria and were subjectively appealing. I then did some web searching for detailed info, specs, and reviews. I invested some time comparing specs and reviews.

I looked for opportunities for better pricing or other terms from online sources, etc. – bearing in mind also what we’d been told by a rep at Best Buy: “We will match any price you show us.” Not being a huge fan of Best Buy, I did try, but did not succeed in finding a better deal.

Another concern that came to the foreground during my search was the fact that all the major laptop manufacturers seem to have earned a common, abysmally pathetic reputation for customer service related to technical/warranty support. (See, for example, Customer Service Scoreboard.) Prior experience with Best Buy has taught me the value of paying the outrageous protection money for their extended service agreement – which absolves the consumer from headaches and nightmares in dealing with the manufacturer for warranty service.

A related consideration was that of looking for a quality used or “pre-owned” laptop. I’m a big fan of reuse and recycling; however when things go bad in laptop-land, they can get really bad, really fast, and can get worse. Except under extreme circumstances such as an outright gift, I would not consider acquiring a used laptop computer, and I could not in good conscience suggest it to a friend or business partner.

Regarding disk encryption, there’s a feature called BitLocker that comes with Windows 7 Ultimate. Using this is made easier by hardware support on the laptop motherboard from a feature called TPM (Trusted Platform Module) version 1.2. I found that none of the laptops we were interested in listed TPM 1.2 support in their specifications listed online. The Windows Device Manager will show the presence of the module if it’s been activated, though. If the module is present but not activated, that can supposedly be found and activated from the boot setup menu.

Another optional feature was Windows Professional. PC’s including laptops generally come installed by the manufacturer with Windows Home Premium Edition, plus an assortment of what may kindly be termed “bloatware” – various utilities and trial-version software packages. I assume that all these can be lived without, and I’ve found it convenient to buy the product with Windows Home Premium installed, then to install a clean copy of Windows Professional, blasting all the bloatware and allowing the correct drivers for the hardware to be loaded by Windows during the fresh install. This practice may bite me or haunt me some day, but so far it’s been effective at bringing up the desired operating system without any bloatware. The practice is also, obviously more expensive than accepting the pre-installed operating system and deactivating the unwanted software using msconfig. It may or may not be more expensive or time-consuming than purchasing a new system with Windows Professional installed, then deactivating the bloatware.

From the search and comparison process I narrowed choices down to three models and made a comparison array:

Laptop Decision Matrix

The columns made it easy to compare pricing at Best Buy (in $), CPU type, memory and disk size (in GB), index of video performance by the on-board graphics adapter (which I later found was tied to CPU type), speed and number of USB ports, maximum LAN rate supported (in Mbps), canvas size (in megapixels) of the built-in webcam, and a few subjective “plus” and “minus” factors I had noted in my review searches.

Regarding the webcam, I almost said “resolution” rather than “canvas size” … but I felt a little funny about this, so I did another web search. This turned up an article on megapixels and resolution that I thought I’d share with you.

We then returned to Best Buy to kick the tires some more, feeling that the Lenovo choice represented a sweet-spot among the 3 choices, based on the list of desired options and on the general feeling from the online reviews. That is in fact what the buyer settled on.

With the carrying-case and a one-year full service plan, the price with tax was around $800. The person will soon decide which way to go in terms of a new purchase and clean install of Windows Pro, versus keeping Windows Home and removing as much of the bloatware as possible using msconfig. (There’s another option that I’d rather not go into here.) We will also revisit the TPM 1.2 issue, determining whether the motherboard has one and whether the user wants to invest in Windows Ultimate, which is more expensive than Windows Pro, in order to gain the BitLocker capability.

Sears.com

Posted on by

A few weeks ago I searched online for a replacement battery for a older Toshiba laptop and ended up on the Sears.com website. I thought to myself, “wtf, I don’t need a washing machine, hand tools or some cheap blue-jeans …” then I realized that Sears is not dot-com is not Sears-dot-com, so it’s worth a try.

The web listing was clear and direct. I had a question on something, so I used their Web Chat tool. Within a minute (mid-morning, mid-week) Chat was happening. It was friendly, effective, efficient. The part arrived 2 days earlier than promised, and it works fine. The cost including shipping was about 60% of the Toshiba replacement part base price.

Healus Center

Posted on by

Yesterday I visited the new location of Healus Center in Mill Valley during their Open House. I met Jocelyn “in person” for the first time, saw Karin (my co-conspirator in upgrading Jocelyn’s web sites and blog), and also saw another person I had met before, by an unexpected and pleasant coincidence.

I arrived pretty late in the day, and the event was hopping. Several visitors were receiving free massage or NeuroMuscularReprogramming sessions from experienced practitioners. Lots of interesting conversation with nice folks; fresh fruits, teas, and finger-food to die for … and … I received a NeuroMuscular Reprogamming session from Bob, with a few other folks observing.

This was very interesting – my first experience with NeuroMuscular Reprogramming. The session focused on some chronic distress I’ve been having in my lumbar-sacral spinal area. Bob examined my posture and gait, asked questions and offered suggestions while performing tests of muscle function in various areas associated with hip movement, examining the structure and mobility of the region, and working with my breathing. He applied pressure, movement, and percussion to certain areas. He discussed what he was doing and noticing with me and with the observers in the room. I was impressed by the fact that of this was based solidly in biomechanics and kinesiology. I recognized most of the musculoskeletal terminology he was using, from my own training in human anatomy.

After the session, I felt slightly light-headed for a minute or so, but walked about the room with no trouble. I felt pretty limber and free of symptoms. Sometime later, after driving north for about 15 minutes on the freeway, I parked and exited my car to get some espresso. At this point I became aware of feeling quite free of stiffness and binding in my lumbar-sacral region. Normally, after sitting for any length of time, I expect to have stiffness in that area, which generally motivates me to do certain stretching and movement exercises to gain some relief. On this occasion there was nothing other than the feeling of being a slightly aging guy who’s tried to stay in decent shape, and who wants a strong jolt of caffeine!

Again, today I’ve had relatively little in the way of trouble from that region. The feeling of more normality and less symptom in that region is a little unusual for me these days, and is similar to that of recently having had a chiropractic adjustment. My current understanding of how my body works, suggests that I may need to follow up with some more NeuroMuscular Reprogramming work, if I wish to maintain and extend the improvement – not in the same sense as with chiropractic or standard massage, which require repeat visits in order to regain a baseline of relief – but, hopefully, to achieve some lasting improvement.

Back to yesterday’s visit – it was a joy to meet and hang out with folks at the Center, and I did also especially appreciate Jocelyn taking some time from this busy event to sit and talk with me for a while. I enjoyed the “healing energy” or feng-shui of the place with its tasteful design and fabulous lookout on Shelter Bay.

View from a Healus Center window

Though resistant at first, this former bodywork pro and massage enthusiast got drawn into the pleasant, locally prevalent social convention of kindly grabbing the nearest shoulder, neck, or arm and applying some unconditional TLC.

National Heirloom Expo 2012

Posted on by

http://www.theheirloomexpo.com/

Thanks to recommendations from a couple of friends – thank you Bill and Jocelyn! – I’m assisting with prepping their site for this year’s event. Mostly finished with updating all the Speaker Bios, and I’ve added some Sponsor info as well.

Regarding the Speakers, I’m awed by the range and depth of experience represented by not only the Keynote Speakers (whose bios I haven’t yet touched), but also by the many Presentation Speakers. It’s been fun and exciting to have been given a relatively free hand with editing this already impressive material.

Joomla!

Posted on by

Looking into using Joomla! to convert a non-profit static-page website into one with deeper functionality for the volunteer workers and for the community being served.

So far I’ve read through some introductory screens, read up on site security and some other topics of interest, and installed XAMPP and Joomla 2.5 on my localhost server. I loaded their demo content and looked through all of that and the explanatory material.

I think this might be the way to go for us.

Next step: Back up the non-profit site, and load up a non-public branch with Joomla, do some testing, convert some pages, see how things go.