Ken's journal

A lasting legacy to be proud of

ken@vanwyk.org — 2008-10-02T07:58:38-04:00

Today I announced the 1st annual FIRST team competition. It’s an idea I’ve been contemplating for some time, and I am ecstatic that we’re really going to make it happen.

Inspired by the Summer of Code initiative that my friends over at OWASP have done for the last couple of years, I pushed for a project competition among the member teams that make up FIRST. It’s a non-profit community of security teams that I’ve supported for many years.

The competition is among team pairs, who will propose interesting projects that will then be owned by FIRST, but available to all in an open source sense. I designed it so that it encourages cross-sector team collaboration, especially among academic and commercial teams. The winning team gets some project funding to do what their proposal says, as well as assistance in attending our annual conference -- the next one will be held in Kyoto, Japan in June 2009.

It’ll take a few months for everything to happen, but I really hope it can turn into an annual thing, much like OWASP’s Summer of Code.

Cheers,

Ken

Turns out there IS a Silver Bullet

ken@vanwyk.org — 2008-09-27T06:19:35-04:00

Last week while I was in London, I was a guest on Gary McGraw’s Silver Bullet podcast. The podcast is available for download here. Drop me a line and let me know what you think of it!

Cheers,

Ken

Twitter me this

ken@vanwyk.org — 2008-09-25T04:48:39-04:00

So, just for fun and grins, I decided to play with Twitter a bit.

Twitter is a simple social networking site where people can post short 1-line messages, called “tweets”, explaining to friends what’s going on their lives. Once you register (for free), you can post updates as well as follow updates posted by your own friends.

Not sure if it’s going to be something I’ll stick with, but what the heck, I thought I’d try it out. I do enjoy posting longer updates here, and have no plans of stopping that. But Twitter is different. You can post from mobile phones, PDAs, etc. You can even post to your Twitter account by SMS, which makes it really simple to post short bursts.

That said, my Twitter page can be seen here. Feel free to register to “follow” it -- and send me your own Twitter page so I can follow that.

Cheers,

Ken

Looking for definitions

ken@vanwyk.org — 2008-09-05T07:26:09-04:00

Someone asked me recently to define something that has become a tradition in my house: “Bistro Friday”. That’s a tall order, but let me give it a whirl.

I presume you all know what “Friday” is, so that should come as no surprise. “Bistro” is defined in the dictionary quite simply as “a small restaurant”. But “a small restaurant on Friday” is not the sum of these two simple parts, I’m afraid.

So, a little historical perspective first, to put things into context. A few years back, we started inviting some friends to join us for Friday evening chow. It seemed especially fitting in the summer months when Friday evenings in the DC metro area are often packed with tail lights, exhaust fumes, and angry motorists. And, since a few of our friends live quite some distance outside of the area, and we’re just outside of the famed “DC Beltway”, it seemed downright humane to open our doors for some friendly food, wine, and camaraderie.

That simple notion is the origin of the tradition, but it’s grown and transmogrified over the years. To a point, in fact, where I can no longer cite one simple definition. I can, however, talk about some of the guiding principles, so let’s explore those.

Fun. First and foremost, Bistro Friday is intended to be a fun time when friends can get together and enjoy each others’ company. Laugh and talk. And laugh. The door (and table) is always open to friends who want to stop in. Invitations are rarely sent. The only thing we ask is that you let us know you’re coming, so we can be sure to have enough food for all. (I’m confident we won’t run out of wine.)
Simple or fancy. There’s no single recipe for what to make. Sometimes it’s simple fare -- like tonight’s barbecued buffalo burgers. Other times it’s a little fancier -- like my Low Country Chicken and Grits. Sometimes it’s comfort food we’ve all had a thousand times -- like my pulled pork.
Experimentation. Bistro Friday isn’t meant to be formal, even if the recipe(s) is on the “fancy” side of things. We’re always free to experiment with recipes and try new things. Sometimes they work; sometimes not so much. But we always learn from them, succeed or fail miserably.
Made by hand. One of my kitchen mantras is “no shortcuts”. That’s not entirely true -- we don’t raise our own cattle, for example, for beef. We don’t grow everything. But I always strive to swim upstream up the supply chain as much as I can. For example, I make my own bread, almost always. I rarely accept something like a sauce from a jar or can, preferring to make my own whenever feasible. Tonight’s buffalo burgers will be served on home made buns. I grow several herbs out on our deck during the growing months. Those are spotlighted whenever they’re fresh and plentiful.
Celebrate the season. From April until October, we go to our local Farmers’ Market pretty much every Friday at 1600 hrs, to get fresh local produce, cheese, and ice cream for the evening (and weekend). Like the Italians, we do our best to get and to celebrate whatever is in season at the moment. I generally seek to avoid food that has been shipped thousands of miles (though I’ll violate this rule for convenience sometimes).

Those are some of the things that are important to me about our Bistro Friday tradition. To be sure, it has enriched our lives over the years, and it’s something I’d encourage anyone and everyone to try. Open up your home and heart, and reap the many rewards.

Cheers,

Ken

Roadie encounter follow-up

ken@vanwyk.org — 2008-08-29T11:35:15-04:00

Just a brief follow-up to my last posting here...

On my last ride of the (short) week, I encountered “roadie-boy” again, but this time we were traveling in opposite directions. He nodded to me, however, and I returned the friendly gesture. I’m no doubt reading too much into it, but I interpreted it as a nod of respect. :-) Either way, it was a befitting end to a fun week of riding and beaching.

Cheers,

Ken

Fun with roadies: at least he wasn't wearing yellow

ken@vanwyk.org — 2008-08-24T12:40:03-04:00

We’re back once again in the Outer Banks (OBX) of North Carolina, enjoying a few days of fun in the sun with Caren’s sister and family. It’s always a fun trip. We get a nice big house up at the northern end of the area, just north of Corolla Light House. It’s a bit crazy with 5 couples and about 8 or 10 toddlers running around -- generally screaming or sleeping, and the kids are even worse.

Anyway, one of my favorite activities here is to hop on my bike and go for a nice longish ride. My daily ride at home is quite hilly (about 27 km, with 500 metres of aggregated ascent). Here, things are pretty flat. So, I put a pair of “skinnies” on my bike -- slim tires for the flat road conditions here. Also by comparison, I generally average about 17-18 km/h on my daily ride, but here I’m finding 25 km/h is quite feasible to maintain, even on my “fully” -- full suspension mountain bike.

So, today I headed out for a ride after we took the hounds on the beach for a romp and made a breakfast that couldn’t be beat. At just 44 km, I didn’t go insane, but I did enjoy the ride very much. Then the fun began...

On my ride north, I’d just come out of one of the subdivisions around Pine Island when I encountered a “roadie” -- a road bike. The rider was sporting full roadie gear, including elbow rests and aerodynamic head gear. I wasn’t trying to show him up or anything, but I pretty quickly caught up with him. I drafted him for a km or so, but then he slowed down to rest his legs a bit and I all but catapulted past him. It’s a pretty safe but general rule that roadies do NOT like being passed by mountain bikes, and being passed by a “fully” is about as full an affront as one could find.

Sure enough, within a couple km, he wanted to show me that he wasn’t going to be beaten by a fully. Zoom, he passed. He certainly had every advantage, and I was just there for a fun ride, so no problem. But then, by Tim Buck II, I had caught up to him again. He seemed a bit surprised, but no big deal. Then, he swerved a bit to avoid a car coming out of a coffee shop and zoom, I launched past him again. He was NOT pleased.

To avoid a nuclear showdown, I pulled into the next beach community and rode for about 5 km parallel to the highway. Figuring I’d averted a full fledged war, I left the subdivision and got back on the highway. There he was again... This was too good to let go.

I quickly caught up with him by Corolla Light, when he slowed down to turn into his own (presumably) subdivision. I had to brake a bit to avoid him, and he quickly looked back at me when he heard the noise. The look on his face was completely priceless. He was a beaten man. But, I am after all a gent-ul-mun, so I refrained from passing him outright. I was out for a leisurely vacation ride, after all.

It was about as much fun as I could have on two wheels -- at least with my pants on. Another GREAT day in the OBX!

Anyway, here’s a Google Earth image of my 44 km ride below for your amusement -- click on the image to download the Google Earth KML file and view it in your own Google Earth browser. (I use a Garmin Edge 205 GPS on my bike to track my rides. Together with a wonderful software package called Ascent, I can quickly export Google Earth XML files to visualize my rides. It’s lots of fun.)

Cheers,

Ken

Snooping a co-worker's email can get you arrested

ken@vanwyk.org — 2008-08-03T16:22:50-04:00

FYI, I was heavily quoted in a Computer World article on email privacy in the workplace recently. The article, by Sharon Gaudin, was prompted by a recent arrest in Philadelphia when a TV news anchor snooped on a co-anchor’s email messages. Serves him right!

Cheers,

Ken

Airline lounge does good

ken@vanwyk.org — 2008-08-01T01:11:05-04:00

Perhaps it wasn't THE best shower ever, but it certainly seemed like it was.

I have a bunch of hours to spend here in Tokyo's "NRT" airport. I've been here in the United lounge many times -- I LOVE the beer machines! -- but never with this much time on my hands. So I explored a bit. I've seen the shower suites in the past, but you have to sign up for them, and I always figured they'd be snooty with my upgraded busines class seat and not a full-fare "C" seat.

But my upgrade came through with time to spare; I got a business class boarding pass; I figured I'd give it a go. Worst they can do is say no and make me feel like a second class miserable, pathetic excuse for a human being.

I’m happy to report there was not a hint of snooty. Just a "would you care for a shower today, sir?" and "here is a complimentary amenity kit". Went to my shower suite, put the sign up, and locked the door. The suites aren't spacious, but they're not small either. Kind of the size of a normal American bathroom. A sink, a commode, and a BIG shower stall. The shower stall is walk-in. Heck, you could drive a small car into it.

And it's not cheap and nasty either. All the fixtures are top notch Gröhe equipment. I set my shower temperature and turned the pressure knob to 11 and... and... it was rapture.

After the 7 hour night flight from Kuala Lumpur -- at the end of a particularly long business day, I should add -- and knowing I have another 15 hours of flight time ahead of me, this was EXACTLY what I needed.

The amenity kit included shampoo, conditioner, shower gel, razor, shaving cream, toothbrush, toothpaste, comb, and some eau de toilette (always sounds better than "toilet water"). Nothing fancy, but nothing cheap either.

Just two minor complaints. The bath towel was neither large nor absorbent. Perhaps adequate for drying a hairless chihuahua after he’s run around a bit, but NOT so for drying an American male. Fortunately, the paper towels were more than absorbent to augment.

Second, the disposable razor. Note to self: Dispose it first and THEN shave (with the razor in your dop kit) and there will be substantially less bloodshed.

Other than that, it was utterly delightful. I plan on stopping through NRT more often on these southeast Asia trips in the future, that's for sure!

Cheers,

Ken

What would I serve if they were in the big football game?

ken@vanwyk.org — 2008-07-28T19:20:42-04:00

If Kuala Lumpur, Malaysia were to somehow have a (US) football team go to the super duper big game in January, what would I serve?

Huh? “Has he gone insane?!,” you must be asking. A fair question, but let me explain.

I’m sitting here in Kuala Lumpur on a business trip. With a 12-hour time zone shift, my body’s circadian clock has been understandably askew, but I’m dealing with it. (It’s not my first time...) So, I was clicking through the TV stations in my hotel room. What caught my eye was a chef in a kitchen preparing a positively drool-worthy meal. I watched...

It turned out to be a story about some chefs in Jerusalem who periodically got together with their peers and prepared meals for them. The catch: the chefs were Palestinian as well as Jewish. They prepared meals and then described each dish’s history for their peers. The crux of the story was that they were fostering peace through culinary and historical understanding of each other’s foods. The message was 100% one of peaceful coexistence. I was captivated and completely ate up the story, if not the dishes.

What TV station do you suppose carried this story? Al Jazeera. That’s right, Al Jazeera. The English version of Al Jazeera is broadcast around the world from right here in Kuala Lumpur. I was shocked. This can’t be the station that my countrymen have warned me about. They were carrying a message not of extremism and violence, but of peace and coexistence. (I wish I could say the same for my own country’s news outlets.) Wow.

So, that got me thinking back to here, Kuala Lumpur. Each year for the big football game, we throw a party where we serve food from each team’s city. I always try to select meals that speak to the city. Things they’re known for. Pittsburgh-style sandwiches with french fries AND cole slaw right on the sandwich, just like they serve in da ‘Burgh, for example.

What would I serve for KL? (Of course, the fact that they don’t have a team is not even relevant.)

Last night, my host took me to dinner and asked me what I wanted to eat. I said that I’d like to try something that is uniquely Malaysian and -- even better -- uniquely Kuala Lumpur(ian). A challenge...

We went to a Malaysian restaurant and had a couple local dishes. Main course was a coconut rice dish that was fabulous. The rice is cooked with coconut milk and has a fabulous savory flavor to it. Alongside they had a curry sauce smothered chicken and beef dish. Also fabulous. The spices are fresh and vibrant, which I’d expect in this part of the world. I also had a bean dish that they said few westerners would eat. The beans were crisp and fresh, and about the size of fava beans. They were in a red sauce that was intensely flavorful and clearly spiced to kill small children and tourists. Wow.

The food was fantastic. I tried to find out a bit of the “history” of each dish, but was not successful, other than that each dish is traditional and uniquely Malaysian...or perhaps Indonesian, depending on whom you ask. Great. ;-\

But it’s a great question to ask. I heartily suggest you try it whenever you travel. Find the dish(es) that the region/city is known for. Ask the locals what dish a visitor MUST try before leaving. And be prepared for an adventure.

Understanding, knowledge, peace, coexistence, spice, flavor, mmmmmm....

Cheers,

Ken

It's the software

ken@vanwyk.org — 2008-06-28T13:20:15-04:00

I have managed to not succumb to iPhone fever for a year. I still have, but I did recently get an iPod Touch with a new Mac (as part of Apple’s “Back to School”) special program. It’s NOT an iPhone, but the user interface is nearly identical.

After using it for just a few days, I can say this: the iPhone/Touch user interface is downright revolutionary. Awesome in every way. Why? After all, on paper, there are many other products that are as good or better than both. My answer is simple: it’s the software. Pure and simple. Apple “gets it” when it comes to software.

In my year of resisting temptation to buy an iPhone -- and I should point out that my only real reason has been that I’m a T-Mobile USA user, not an AT&T Wireless user, and I simply didn’t want the hassle of change -- I’ve been using a Blackberry 8800. On paper, the specs of this and several other Blackberry devices are substantively similar to the iPhone’s. But that’s positively where any comparison would stop dead in its tracks.

The user interface of the Blackberry is simply neanderthal compared to the iPhone. The ease of using the iPhone is staggering when you compare it with the Blackberry. The browser is based on Safari, and it works. It’s not perfect, but it really does do a great job. The Blackberry browser, by comparison, is an embarassment. Even when I dropped in the third party (but free) Opera Mini 4.1 browser, the browsing experience on the Blackberry is horrid in comparison.

I’m not sure if Blackberry and other smart phone manufacturers are aware of just how far forward Apple has leaped ahead of them in terms of usability, but if they’re not aware, then they’re fools. It is a quantum leap forward, without a doubt.

And again, it is the software that makes the difference. All you iPhone competitors out there take note. With the 3G iPhone rolling out, I predict they are going to not just rule this market, but they are going to shatter the competition. Between the 3G networking speed, the enterprise friendly features (like Exchange connectivity), and the new price point, the only non-iPhone people are going to be people who have never tried an iPhone.

You’re on notice.

Why are IT Security folks so bad?

ken@vanwyk.org — 2008-06-03T09:50:52-04:00

I’ve been doing information security stuff for over 20 years now. My consulting/training company just turned 5 years old. One thing I’ve seen repeatedly is how often we (security folk) make the same mistakes.

In my eSecurityPlanet/Datamation column this month, I address that problem and provide a couple of pointers to help us learn from history a bit. Hope you find it useful.

Cheers,

Ken

The Honeysuckle is IN!

ken@vanwyk.org — 2008-05-23T12:51:10-04:00

Perhaps my very favorite thing about living in Virginia is the May/June honeysuckle season. I've often had the itch to move somewhere else--Savannah, Tuscany, Rhone valley, Kaua'i, you name it--but even if I did, I'd have to be back here for a couple weeks every year to experience this miracle of nature.

The air is warming up. The leaves are fully green. The grass is green. And then out comes the honeysuckle to play. It is an almost cloyingly sweet smell in the air, and once you've experienced it, it stays with you for the rest of your life.

It is a flowering vine that thrives in the US Southeast. The flowers look like this (from Wikipedia):

Today is a prime example of honeysuckle at its peak. I just went for a mountain bike ride on this 18C (that's about 65 degrees in neanderthal units), 43% humidity, and essentially cloudless sky day. The smell of the honeysuckle hit me immediately as I walked my bike past the honeysuckle vine behind my house -- we planted the vine there when we moved here in 1995, so that I could enjoy days just like this. And then throughout my ride, each time I rode near a vine, boom there it was. Utterly fabulous.

Even my beloved Kaua`i, for all its tropical splendor and glory, doesn't have anything that can touch Virginia honeysuckle. The sad part is that it's only in full bloom for a couple weeks. When the heat cranks up here by mid-June, the flowers die quickly. I still get whiffs of it from time to time when I take my bike out just after sunrise, which is about the only bearably not-hot part of the day by July, but it's nothing as strong as it is now.

The vine itself is pretty, but most people wouldn't even give it a second look. It's all about the smell in the air.

Viva la honeysuckle!

Cheers,

Ken

Bistro Friday on the other side of the planet

ken@vanwyk.org — 2008-05-09T18:52:20-04:00

This week wasn't any ordinary Bistro Friday. Nope, I spent my BF in beautiful, tropical, stinkin hot, Singapore.

I've been here since Sunday doing work for a customer. Earlier in the week, we went out to dinner for some excellent local cuisine, served at an absolutely amazing multi-cultural buffet at the nearby Grand Hyatt hotel. Everything was completely top notch, as I'd expect from a Grand Hyatt.

During the dinner, we were talking about the different foods of the world, and I--perhaps somewhat foolishly--said how culinarily adventurous I am. I like to try just about anything. Well, I do draw the line now and then, but for the most part, if it doesn't involve things that I just can't ethically accept, then I'll try things.

She asked me if I'd ever tried Durian. I hadn't, but I had heard of it on an episode of Anthony Bourdain's "No Reservations". (I really like that show. Among other reasons, it's the only travel/food show I know of with a parental warning at the beginning. Apart from that, I largely agree with the culinary adventures Bourdain goes on, and seek them out whenever I'm in the regions he covers -- case in point, durian.)

Then she said, "we'll go get some durian on Friday after work, then." Had I gone too far? Had I spoken more than I'm willing to do? After all, some of the write-ups I've read about durian are pretty extreme (and funny). Plus, durian is literally illegal in public places here in Singapore. There are signs outside the subway stations saying "No Durians" with a little silhouette of the poor fruit. Oh no... This is no bluff, I thought.

But Bistro Friday came, and I hopped into the taxi to go to one of the local fruit mongers where durian is sold. The fruit monger is on a side street in the red light district where I'm quite sure not many tourists go. But, as soon as we got out of the taxi, I knew we were in the right place.

It's an open air--mercifully--fruit market with stacks and stacks and stacks of the beloved durian fruit, which is only in season during April and May. Each fruit is roughly the size of a cantaloupe.

They are spiny on the outside, which is actually where the name comes from. (From the Malaysian word for thorn, which is quite similar to the Afrikaans word for thorn, I might add.)

Other than the spiny outside, they look harmless enough, but don't let looks deceive. The smell is really powerful.

The fruit monger selected a ripe durian for us and kindly opened it for us to eat. The smell only gets more intense when the fruit is opened up, by the way.

I somewhat reluctantly went ahead and took my first bite--WOW! I immediately forgot that I was eating something that smelled like rotten, stewing, sewage and recognized why they call this the king of fruits. I'm a durian believer, instantly.

The flavor is kind of like vanilla pudding, flavored with almonds. It is soft, succulent, and unlike any flavor you'd expect to find in a fruit pod. Simply amazing.

So, when you find your way to Singapore, you absolutely MUST seek out this much-maligned fruit. It is so very worth the effort!

Cheers from Singapore,

Ken

We must be in HEAVEN, man!

ken@vanwyk.org — 2008-05-01T23:15:15-04:00

I'm sitting here in San Diego's Lindbergh Field airport, waiting for my red-eye flight home. (Then I have a short weekend at home before heading back on the road to Singapore...)

I had a magnificent meal tonight at one of my favorite San Diego restaurants, Parallel 33. Absolutely highly recommended! If you're in the area and are looking for a cuisine that will excite you to the core, you've got to go here!

But that's not why I'm writing this journal entry tonight.

I'm writing this because of my experience here in the United "red carpet" lounge. After my P33 meal, I rolled down the hill to Lindbergh Field, dropped off my car, changed into more casual clothes, and came here to the lounge to relax for a bit before braving the all-night flight home. Big deal.

Well, that's what I *thought*, anyway. Big deal. When I presented my card to the receptionist, she asked me, "do you drink beer". My first thought, after "will you marry me," was "um...occasionally...w-h-y?" She explained that she needed to decide which beers to stock here in the lounge and was looking for some customer opinions. Now my antennae went on full alert. "Of course, I'd be *happy* to 'take one for the team' and act as your guinea pig."

Alas, that's not what she was looking for. But, it wasn't all bad either. She had a list of about 500 beers to choose from and was hoping to narrow it down to 3 or 4. She asked me things like, "what's the difference between an ale and a pilsner?" AND SHE WAS GENUINELY INTERESTED IN THE ANSWERS!

Now, I was convinced that something I'd eaten at P33 was somehow hallucinogenic, but I braved on. I suggested a line-up of a couple heavier beers (Pete's Wicked Ale and Newcastle Brown) and a couple lighter beers (Heineken and Sapporo). I explained it would be a good line-up of several nationalities and styles. She seemed happy with the choices, filled out the order form, and said "done".

My only remaining dilemma is that it'll be another 4 months before I'm back in town. I'll have to stock up on RCC drink vouchers between now and then so I can enjoy a couple when I'm back -- to wash down another magnificent meal at P33, of course!

Seriously, P33 is one of the very few restaurants I've experienced where I'm NEVER bored and ALWAYS enjoy their offerings. The menu is never the same twice. I savor meandering through the menu -- READING it, that is. If only I could down 10 (or so) appetizers and 10 main courses...

Tonight I started with an ahi (tuna) poke, washed back with a Ken Forrester chenin blanc from Cape Town. That, followed by a seared scallop main course with lentils, caramelized pearl onions, squash, and chanterelle mushrooms, washed back with a glass of temperanillo from Spain's Ribero del Duero region. All that, followed by a Turkish coffee. Absolutely magnificent!

Cheers,

Ken

Serious rest and relaxation

ken@vanwyk.org — 2008-04-22T13:22:08-04:00

I'm here on the gorgeous island of Kaua'i. It's the oldest of the Hawai'ian islands and is about as close to perfect as any place on earth I've ever experienced. Check out my photo gallery if you're interested, but to further illustrate, here are a couple of my highlights from yesterday:

Played 18 holes of golf yesterday at Po'ipu Bay. A fabulous course that's about a mile from where we stay. It hosted the PGA Grand Slam event for about 8 years or so. Perfect sunny day.
Went to my favorite sunset spot, at Po'ipu Beach. Saw a monk seal sleeping on the beach. We stood about 10 feet from him/her and watched this "aquatic basset hound" snooze away.
While watching the sunset, a small wedding party walked onto the beach and got married right in front of us, just as the sun was setting. When the ceremony ended, the entire beach crowd applauded wildly.
Came back to the condo for some wonderful barbecued chicken, washed back by a Chilean cabernet sauvignon.

So, perhaps these aren't things that interest you much, but they all add up to R&R perfection in my book. And all the more reason why I so thoroughly soak up my two weeks here in paradise every couple years. Not nearly long or frequent enough, but any time here is time well spent.

Aloha,

Ken

CLEAR traveler program, first experiences

ken@vanwyk.org — 2008-04-05T11:37:05-04:00

Anyone who ever reads this journal knows I spend quite a lot of time traveling. I know many many airlines, airports, and airport lounges far too well.

So, I'm always looking for ways to optimize my travel experiences. Some of the things that I value when I travel are comfort, customer service, and low stress situations. Expediency is good as well, but I'd much rather spend a few extra minutes if it means traveling in relaxed comfort. Running through airports, scrambling to make connecting flights, and such are NOT on my short list of fun things to do. They're not even on my VERY LONG list of fun things to do.

So, along came CLEAR, also known as the TSA's "registered traveler program". Now, although I don't mind spending a few extra minutes in the name of comfort, standing in long airport security queues is definitely NOT what I meant. So, when I first heard that CLEAR was coming to my home airports (Dulles and Reagan National), I was all over it. I gladly forked over the US$28 registration fee and the US$100 annual fee to give this new program a fair shake.

I've now used CLEAR three times, as I sit here in San Francisco airport bound for Osaka, Japan. Although 3 falls far short of a sufficient sample population, my 3 experiences have been in 3 different airports. So, I figured I'd drop a few short notes here about my preliminary experiences. I'll post something more substantive once I've been using the program for 6 months or so, so the program itself has a fair amount of time to go through its own startup pains and such. (Note, too, that I'll also describe the exhaustive registration process later.)

My first CLEAR experience was in Reagan National, flying up to New York City for a couple days' business. The main security line was quite short that day, but I thought I'd give it a shot in any case. I was greeted by a CLEAR agent who verified my ID, CLEAR card, and boarding pass. She walked me to the CLEAR terminal where I inserted my CLEAR card and provided a fingerprint scan to validate my identity. Once passed, I was greeted by another CLEAR agent who again validated my ID, CLEAR card, and boarding pass. She walked me through the x-ray and metal detector security screening process, "helping" me remove my laptop and such. Overall score: slower than regular security line and far less convenient.
This time, I was flying here to San Francisco from Dulles. The mid-afternoon security line at Dulles was already relatively long, but they do have a "premium passengers" line that is usually a bit shorter than the one the unwashed masses take. I went to the premium line, but did not see any mention of CLEAR, so I asked the clerk. He directed me to the CLEAR line downstairs. Odd...but what the heck, I went downstairs and there was the line--only, it was shared with flight crew, airport employees, and CLEAR travelers. (It was the "service entrance" by any other name.) The flight crews seemed to visibly take a dim view of us in the CLEAR line, who got to jump to the front of the queue. But I got through it. The ID checking was similar to the one at Reagan, but I only had to present my ID once.
Third time's the charm, right? Here in the San Francisco international terminal, I tried it again. Here, the security queue was quite significant already. There is a CLEAR lane to the side of the regular lanes. I was the only person in the CLEAR "line". Same ID checking; same fingerprint scanning. Then the CLEAR agent took me to a separate table where I removed my laptop, jacket, and shoes. She then put my bags and bins in the x-ray queue ahead of the rest of the passengers and directed me to a metal detector ahead of the rest of the passengers. I clearly (no pun intended...) got through the airport security in record time, and it was a far less hectic process than the one we're all used to.

Even us "elite" CLEAR folks still have to go through metal detectors and run our stuff through x-ray scanners. That's just fine in my book. But, if SFO's process is any indicator, the process is getting pretty smooth. I hope that Dulles and National follow suit in the convenience factor I experienced here.

Now, I have to say that I had an uneasy feeling "jumping" the queue in front of the flight crews yesterday and all the other passengers today. But, I suppose I do that all the time when I use the United 1K check-ins and such.

So, while I will stop short of calling the program an unmitigated success, I see some promise in it, at least from my perspective. Things that simplify my life, reduce my stress levels, and/or save me time are a good thing. CLEAR seems like it might achieve all three, but I'll withhold final judgment until the system has had time to get into a steady state of operations.

Cheers,

Ken

They really do appreciate my business, I like that

ken@vanwyk.org — 2008-03-12T12:16:16-04:00

Most anyone who knows me also knows I spend a lot of time traveling. Ever since starting my consulting practice, I've stuck with the strategy that keeping my travel business on one set of vendors is the best approach. This doesn't always work, but most of the time it does.

In particular, as a result of my "customer loyalty," I'm a United Airlines "1K," a Marriott Gold, a Hyatt Gold, and a Hertz 5-Star Gold customer.

I really believe that this is the best approach--though not necessarily these vendors--for anyone who spends a fair amount of time on the road. Here's why.

Coming home from a business trip to Belgium on Sunday, I had booked an economy class seat on United. In fact, I was boarded and settled into my "economy plus" seat, all ready to go. (I save my gratis upgrades for really long and/or overnight flights, whenever I can.) As passengers were entering the cabin, one of the gate agents approached me and gave me a new boarding pass, in business class, and said, "thanks for all your business!". Naturally, I gratefully accepted and changed seats.

This upgrade was unsolicited and unexpected. No doubt, United did it for space management, but the point is they didn't have to do it. I truly had the feeling that they do appreciate my business. That's what it takes. (I should add that the exact same thing happened on my return from Amsterdam nearly a year ago, after my cycling tour of Holland with my dad.)

Similarly, with the other vendors I frequent, I often get unsolicited upgrades and such. Marriott also guarantees me a room. If none is available, they put me up elsewhere at their expense.

It's the little things like this that keep me coming back, and they know it.

On the other hand, I know that these vendors all have their blemishes. Sometimes I get furious at them for one reason or another. But even when things go wrong, they tend to fix them in my favor. Coming home from Mexico last July, a weather delay forced me to miss my connecting flight--the last of the day--out of Chicago. United put me in the airport Hilton, which is walking distance away, at their expense and apologized for my inconvenience.

If you must spend as much time on the road as I do, I'm convinced this is the best way to do it.

Cheers,

Ken

Wow, some folks DO want security, not JUST dancing pigs

ken@vanwyk.org — 2008-03-06T05:58:06-05:00

If you read my writings here from time to time, you've probably heard me talk about my recent experiments with email security, as well as my laments about users who would choose to select the proverbial dancing pigs instead of security.

Well, that was not the case here in Belgium this week at the OWASP regional chapter meeting. As I said here, I've been over here in Leuven, Belgium this week for SecAppDev. Well, at Tuesday's regional OWASP chapter meeting, I volunteered to assure any attendees' CAcert.org or Thawte.com x.509 security certificates, fully expecting a "turn-out" of just one or two folks. Instead, I ended up with a line of people during the session break. I ended up with some 12 identities to verify on the CAcert.org site.

I was utterly amazed and, frankly, encouraged by the experience. Admittedly, these folks were already security-minded technologists, or they wouldn't be attending a meeting of the Open Web Application Security Project, but even still, it's nice to see that there really are people who want to improve the state of email security.

Very nice, thanks guys!

Cheers,

Ken

Inserting humor in otherwise humorless situations

ken@vanwyk.org — 2008-02-27T17:22:47-05:00

Laughter really is the best medicine. Throughout my life, I've always done my best to find ways to laugh at things, situations, and life in general, even when others don't. Perhaps it stems from growing up watching Wile E. Coyote, Foghorn Leghorn, and that bunch every Saturday morning, darn near without exception.

Two recent situations really brought this to the forefront for me. I was on a business trip in Boston a few days ago. When I got to the Hertz facility, my car wasn't ready and they couldn't find my reservation. Fortunately, I had a couple cars to choose from, however. The clerk asked me which I'd prefer of [4 or 5 generic cars whose names I don't recall]. I replied, "whichever one has the highest top speed." Turns out that was NOT the answer she was looking for, and she was pretty thoroughly humorless about the situation.

The other situation was actually earlier in the day. I was applying for the TSA's new CLEAR traveler program. I'd already finished the on-line registration, and then I had to appear at one of the registration facilities in person. I did this at my local airport, Reagan National. They scanned my fingerprints, both irises, facial pattern, etc. I came this (see my hand) close to saying something like, "what, no rectal scan?!". Well, perhaps it was a good thing I hesitated...

What does this have to do with...well, anything? Pretty much nothing. It's just an attitude thing. I feel humor is an essential element of life, like air, food, and absinthe. Perhaps that's something we should all try to do a bit more of--the humor, not necessarily the absinthe.

Cheers,

Ken

Heading to Belgium for SecAppDev and OWASP

ken@vanwyk.org — 2008-02-19T10:04:53-05:00

During the SecAppDev class next month in Leuven, Belgium, there's also going to be a regional OWASP meeting on 4 March 2008. I've been asked to join in and present a short session comparing various secure development methodologies (Microsoft's SDL, Cigital's "Touchpoints", and OWASP's own CLASP, mainly). If you're in the area, I hope you'll join us. Local details are available on OWASP's Belgium chapter site.

And, if any of you are in the Leuven area and care to chat, let me know. I'd be happy to meet you for a beer at one of the local pubs. My favorite is Domus, but I'll even "slum" it and go to one of the myriad of pubs serving Stella or some such for a worthy cause.

While I'm there, I'll also be doing a CAcert / Thawte x.509 "signing". So, if you're using either of these free x.509 certificate services, and are still trying to get the 50 assurance points necessary to have your real name on your certificates, stop by with two forms of government-issued ID (and photocopies, if using Thawte -- not necessary for CAcert). I'll be happy to help out with either/both 10 Thawte points or 35 CAcert points. No charge, of course.

Cheers,

Ken

Do you want security or dancing pigs?

ken@vanwyk.org — 2008-02-11T11:28:21-05:00

There's an old saying in the information security community: give the users the choice between security and dancing pigs, and they'll go with dancing pigs every single time. Perhaps it's a bit of an exaggeration, but it does make a good point.

Now, translate that to the "phishing age," and you have some insight into why phishing is so darned effective, at least from the attackers' perspectives. They are raking in the cash, and with little chance of being brought to justice. Great.

Then, a few days ago on a business trip to Prague, a friend of mine showed me the graphic image below that made me laugh hysterically. It really illustrates why phishing is so effective.

How many people do you know who might actually enter the data? What if this info came up in (say) a google search result list? What if it was delivered via email into your inbox, seemingly from your bank? How many people would fall for it? (Note: it's not a real attack. It's just an image to illustrate a point.)

Just goes to show you, old PT Barnum couldn't possibly have imagined how optimistic he was, when you factor in Internet and the unwashed masses. There's way more than just one sucker born every minute!

Cheers,

Ken

GPS makes some bad drivers worse!

ken@vanwyk.org — 2008-01-14T11:09:15-05:00

I'm a huge fan of GPS. I've used one in my car for 8 years now; I have one on my mountain bike (principally to track my workouts, not to navigate). They're awesome. What a magnificent product for consumers, and it came from the U.S. military. However, while today's consumer products can help many drivers, I've seen them make some drivers worse. WAY worse. Here's how...

I often use a sedan service to get to/from airports when I'm traveling. I've noticed in the last year that my service provider has outfitted all of their cars with dashboard GPS devices, like the ones from Garmin, Tom Tom, and Magellan. Great stuff, and they're finally at a price/usability point for many average consumers.

The problem comes in when the driver follows the directions given by the GPS too closely, and fails to exercise common sense -- like reading the traffic signs. There's one BIG intersection, in particular, near my house that drives me insane when I get one of "these" drivers. It's the highway intersection of I-95, I-395, and the DC Beltway, I-495. This intersection, also known as the "Springfield Mixing Bowl," has recently gone through an EIGHT-year redesign.

You guessed it, most GPS devices still know the OLD "mixing bowl," not the new one.

TWICE now, my driver has followed the GPS directions precisely only to take us on a significant and unplanned tour. Today's drive to Dulles airport included a drive in DOWNTOWN DC, past the Lincoln memorial. This detour added close to 30 minutes to my drive. If I hadn't planned for a long airport wait time, I could well have gotten into serious timing problems.

But more to the point, in each case, the highway signs clearly (to me) indicated where the driver should have gone, but the driver listened instead to the GPS. THIS is the problem.

GPS is great, but they work best for drivers who already have a fair "feel" for the vicinity and know more-or-less where they're going. When you blindly follow the GPS directions, you're bound to go places you hadn't intended, and perhaps didn't want.

So yes, it still helps to be a good human navigator if you want to use a computer to help. The GPS software is improving rapidly, so perhaps some of this will improve with time, but for now, pay attention to the street signs FIRST and THEN to the GPS.

Cheers,

Ken

UPDATED: Getting even more serious about email security!

ken@vanwyk.org — 2008-01-11T13:38:04-05:00

A couple months ago, I wrote here about email security and how I'd become a "notary" for the free email certificate service provided by Thawte. Well, that's unchanged, but thanks to a colleague who alerted me to another free certificate service provided by CAcert (also see their Wikipedia page here), I was able to become recognized as a CAcert identity assurer using my Thawte credentials.

More of the same, you say? Well, only to some extent. CAcert differs from Thawte in many ways. For one thing, they're a completely free and open certificate provider, which I have to salute. Using their service, I can also generate server keys, which is handy. (That's right, completely free SSL certificates for my web sites!) Additionally, they will sign existing PGP/GPG keys for their users, which is a nice addition to my GPG key signatures.

Is there a downside? Well, not much, but if one is to be found, it's that CAcert's root certificates aren't yet in everyone's browser and email certificate repositories, as shipped by their operating system or browser vendors. That's changing, but for now, CAcert users will from time to time find people who cannot verify their identities. That's disappointing, but as I said, it's changing.

Why bother? Well, if email security is important to you, the answer should be self-evident. If it's not, consider the SSL certificate argument. When you connect to (say) your bank, your browser uses SSL to encrypt your session with the bank, in all likelihood. Your browser is also validating their authenticity by looking at the bank's X.509 server certificate and ensuring that you are indeed talking to your bank, and not some rogue site run by some phishing miscreants aimed at stealing your money. With an email certificate, you can provide that same time of identity assurance to people you send emails to. It also enables sharing of encrypted emails if both parties have a certificate, but just the identity validation alone is worth the price of admission, in my opinion.

Oh, and that "price of admission," in the cases of Thawte or CAcert, is US$0. They are free services.

The question you should be asking is why NOT bother? Seriously. Some people find signed email and "dealing with certificates" to be difficult, confusing, not worth it, etc. You may be one of those people. It's my opinion that those attitudes are not well founded with the reality of how bad the state of email security is these days. Imagine if all your friends and colleagues used validated email identities, and you were able to tell your emailer to delete all non-signed emails. Voilá, no more spam. That's something that we security folk refer to as "white listing".

Enough blather for now. I urge anyone and everyone who reads this to go out and get a free certificate from Thawte and/or CAcert. Then spend the time to get your identity validated by a couple Thawte "notaries" and/or CAcert assurers. It's well worth the effort.

Cheers,

Ken

Corks are evil

ken@vanwyk.org — 2008-01-05T11:47:10-05:00

For my birthday, I got a really neat book about the wine cork industry from my brother-in-law. Great stuff. And wow, were the points made in the book brought home for me last night?!

We went out to dinner at a local Italian restaurant. Nothing fancy, but pleasant. In fact, we were largely there to root for a band that featured a co-worker/friend of one of our friends. I was in charge of making the wine selection. I found two interesting wines on the list, by one of my favorite Tuscan producers, Cennatoio. (We visited the winery when we were in Tuscany in September, 2003.) I ordered a simple sangiovese, their "All'omo il Vino," a nice 100% sangiovese IGT.

Out came the wine... The waiter poured me a small amount to taste and...you guessed it, it was corked. I explained this to the waiter and he seemed dumfounded, so he called over the manager. To my shock and horror, the manager insisted on tasting it also. He (seemingly reluctantly) agreed that it was "off," but said it was their last All'omo, so I'd have to select a different one. (I was preparing for him to say it was fine, but that would have resulted in a situation neither of us would have enjoyed.) He pointed me to what he called a comparable "sangiovese" on the wine list, but it wasn't a sangiovese at all. So I pored through the list myself and decided on the All'omo's big brother, Cennatoio's Chianti Classico Riserva from 2001. A bit more expensive, but I didn't mind if we got a good wine.

Same process, same taste test, same results... I said to the manager, "you're going to hate me for this, but this wine is equally corked". By now, I could tell the manager was not a happy guy, and he again insisted on tasting it for himself. Again, he reluctantly agreed.

Two corked wines in a row. Two wines from a superb winery that were undrinkable because of an industry that has a roughly 4-5% failure rate. I've had both wines numerous times, and I know I love both. But in their wet cardboard TCA-tainted state, they were horrid.

I don't blame the restaurant for anything except the manager's bizarre performance of second-guessing his customer. And I obviously don't blame Cennatoio.

Corks are evil. The sooner we all realize that, the better off we'll all be. TCA, the chemical responsible for most "tainted" wines, is a blight on this otherwise wonderful industry that cannot and must not be tolerated. Corks are almost always to blame. We MUST demand better.

Some wineries and even countries have been leading the charge to move from cork to other stoppers. Try finding a New Zealand wine that's not sealed with a "Stelvin enclosure" (that's fancy wine-speak for "screw cap"). Although those not in the know may scoff at screw caps, you're FAR less likely to have a TCA-tainted wine from one. (It can still happen, if the TCA is introduced during the wine making or aging process, but the likelihood starts to approach zero now.)

So, next time you look at a wine that's sealed with a screw cap or a synthetic cork, please join me in saluting the winery's courage and support them in their efforts to rid the planet of corks. Corks are evil.

Cheers,

Ken

Trails are for followers

ken@vanwyk.org — 2007-11-21T20:47:32-05:00

So, it's a beautiful day-before-Thanksgiving here in Virginia, and I desperately needed to get out on my mountain bike, "Hank"*, for some pre-turkey exercise. The autumn foliage is just a bit past its prime, but it's still spectacularly beautiful. And on top of that, it was sunny all day and the temperature got up to about 24C (that's about 74F) -- just fabulous. Nice enough for riding in short pants and t-shirt, even. Perhaps global warming doesn't suck too bad (so far).

As luck would have it, our friend Lisa was here to help with some Thanksgiving prep and she wanted to borrow my camera to capture a bit of our autumnal beauty outside. She offered to get an action shot of me and "Hank", so I quickly took her up on the offer. (I don't think I have any shots of me on my bike.) Here's a couple shots from a sequence she took on one of my favorite nearby hills.

Trails are for those who follow them

It's far more gratifying to blaze your own trail

Sure, it's not exactly the Alpe d'Huez, and Lance's 7 Tour victories are still quite safe and sound, but it is a fun hill to ride. I often hit it after a 23-25km ride on really nice days. I didn't go that far today, but the weather sure was beckoning me to ride on.

* You might wonder why I call my bike "Hank". Well, it's a Canondale Jekyll 1000 that I bought off of eBay a couple years back (and then did a few modifications). I have a silly habit of naming things, so I figured Jekyll... Well, Doctor Jekyll's first name, according to the book, is Henry. So, Hank just seemed like the right name. (Aren't you glad you read this footnote now?)

Cheers,

Ken

Ken's Mac must-haves

ken@vanwyk.org — 2007-11-04T09:21:26-05:00

Some of you may remember my "Pigs can fly!" posting here where I explained why I've finally gone and gotten myself a Macintosh (Macbook Pro 15"). Well, it's been well over a year now of Mac bliss. I remain absolutely convinced that Macs are the right choice for me, and in fact are right for a whole heck of a lot of people. I'm certain that Apple's growth is representative of a renaissance in computing -- a new age of enlightenment. Strong words, but they're not without meaning.

In my 1.25 years of Mac-dom, I've found several pieces of software that I consider to be essential to me. Things that I really wouldn't want to be without. I thought I'd share those here, for what they're worth. Mind you, I've installed quite a bit of software on my Mac, but the list below will focus on the things that I use daily and that (by and large) are in my system dock.

My list of essential Mac software (other than the basics that come with the system), in no particular order:

Firefox with no-script. Let me first say that I really like Apple's Safari browser. I'd be using it now except for one little thing -- control over JavaScript. In my opinion, JavaScript, is responsible for the vast majority of web-related security bad things. I need to have control over what sites I want running JavaScript on my computer. Mozilla's Firefox, combined with the No-Script plug-in give me exactly that. No-Script starts off disallowing all JavaScript, but you can add sites one at a time into a "whitelist" of sorts. That way, you can turn on JS for the sites that you want running it, and all the rest can't run scripting at all. Not perfect, but it's a LOT more control than I had under Safari.
Newsfire. I read a lot of news sites on a daily basis, from tech news to Mac stuff, wireless stuff, and even world events. Oh, and news from the wine/culinary world as well. My only hope of keeping up with all this information is RSS. I was introduced a while back to Newsfire, which is an absolutely splendid RSS reader. Now, I should note that I'm currently experimenting with Apple's own Mail program's RSS reading capabilities -- which is a new feature of Leopard. But I still have my Newsfire and may well go back to it if/when Mail fails me. It's commercial, but not particularly expensive.
Parallels. I was a VMWare user way back in the day, and I loved it. When I moved to the Mac, I needed a way to occasionally run another OS. So, a few months ago, I added Parallels to my list of apps. I now run a Windows XP box in a virtual machine. It's great for the training I do. I can load up XP, install stuff on it, hurt it, make it beg for mercy, cry like a baby, or whatever -- and then go back to the pristine XP configuration at the click of a mouse. And it's quite fast, too. Absolutely fantastic for my needs. It's commercial, but isn't very expensive -- look for it on Amazon for a discount.
Callwave SMS widget. I do a lot of text messaging. Although my phone plan includes a huge bucket of messages for U.S. numbers, international SMSs are still quite expensive (in the quantities I send). This little SMS widget provides me with free messages. There's a daily limit, but I rarely hit it. Great stuff, and it's really easy to use. Oh, and it's free.
Rapid Weaver. This one is my newest addition to my must-have list. But I've come to really like Rapid Weaver. What a great tool for building and maintaining web sites like this one! It is commercial, but not very expensive, and there are some coupon codes floating around the net that can get you a few dollars off the retail price.
MacGourmet. Another inexpensive and highly worthwhile commercial tool, I've come to really like MacGourmet for organizing my favorite recipes. (I'll be putting at least several of my recipes on this site in MacGourmet format shortly, by the way.)
Missing Sync for Blackberry. I used a Blackberry years ago, and now I'm back. I love the email comms, and my provider (T-Mobile USA) has a great all-you-can-eat data plan and an all-you-can-eat international roaming data plan that are fabulous. This essential (and commercial, but cheap) app enables me to sync my Blackberry data over to my Mac. For various reasons, the iPhone isn't yet ready for me, but the Blackberry serves my needs very well. Without Missing Sync, I'd be sunk.
Spanning Sync. As a small business owner, I don't have a calendaring/groupware server for my company. I have an email and file server hosted externally, but not a calendar server (yet). Google Calendar came along and helped me with that enormously. Spanning Sync takes Google Calendar to the next level -- it syncs bi-directionally with my Apple Calendar data. Awesome add-on! It's sold on an annual service subscription basis, but is way cheaper than a calendar server. Finally, Caren and I can share a calendar.
Chicken of the VNC. I use Virtual Network Computer a lot for administering the computers on my internal net. Chicken of the VNC is a great and free VNC client for the Mac.
Macports. One of the things I like so much about Apple's OS X operating system is its UNIX underbelly. I've been a UNIX guy for over 2 decades, and I'm just more comfortable there than I ever was on MS-DOS (or its derivatives). Macports is a collection of (mostly) BSD-UNIX derived applications that have been ported to the Mac. All open source, free, and excellent!
TiVo Desktop. I love my TiVo. I love my Mac. A few months back, we upgraded our old Series-1 TiVo to a Series-2, thanks to TiVo's offer of transferring our lifetime service subscription over. Now, my TiVo is finally on my data network, and I can move things back and forth between the computers and the TiVo. TiVo Desktop is the piece that enables me to share movies, shows, etc., from my Mac over and play them on the TiVo. Absolutely essential, and it's free from the wonderful folks at TiVo.
TiVo Download Manager. I still love my TiVo. This enormously useful piece of free software allows me to download files from my TiVo onto my Mac -- and convert them into MPEG-2 format at the same time. It's actually a front-end to curl and TiVo Decoder, but it puts everything in one easy-to-use bundle. I can now grab anything from my TiVo and put it on a big honkin hard drive on my Mac, and then watch it whenever I choose to, without taking up valuable space on the TiVo itself. Great stuff.
iWork '08. As you might expect, I require the ability to read/write MS-Word, Powerpoint, and Excel formatted files quite frequently in my work. I've been a fan of Apple's iWork for some time now. When '08 came out a few months ago, I grabbed a "family pack" (with 5 legal installations available) for about $100 on Amazon. That's $20 per seat, and it's some of the best money I've spent. I still keep MS-Office around, but I find myself using iWork more and more instead of Office. Keynote (the Powerpoint equivalent) alone is worth the price of admission. I build presentations with it that look worlds better than any I've ever seen in Powerpoint.

There they are. Great stuff, each and every one. I run all of these (as noted) on Leopard, which I'm absolutely thrilled with. Nothing I ever experienced in PC- or Linux-land ever came close for me. I'm a believer.

It is the age of enlightenment.

Cheers,

Ken

Email security - put my money where my mouth is

ken@vanwyk.org — 2007-10-31T15:16:12-04:00

The first "Internet" application I ever used was email, circa 1983. Seeing computers used to communicate (and not just solve scientific equations) was an epiphany to me. But, I was shattered to later learn that email isn't secure. In fact, it is about as far from secure as anything we know in the electronic world.

So, for about the past 2 years, I've been slowly -- but increasingly loudly -- advocating secure email. I've been a PGP user since it was introduced to the public in 1992, and more recently, I've been an S/MIME user. I started digitally signing all of my outgoing emails as of about 2 years back. It was an experiment, and one that hasn't entirely succeeded, I should add.

Then, about a year or so ago, I learned about Thawte's free email certificate program. They use a certificate signing mechanism not entirely unlike PGP's web of trust. When you get a free (!) Thawte email certificate, you start by only being able to include your email address in the certificate. Then, you get your identity verified by Thawte notaries, who are community volunteers who help the effort. Once you've gotten sufficient (50) points, you can include your real name in your (still free) email certificates.

This seemed like an interesting and novel approach to me, so I went ahead and took the plunge. In the last couple months, I've gotten not just the 50 points I needed to have my real name in my certificate, but the 100 points needed to become a Thawte notary. I decided to put my money where my mouth is and be part of a solution and not just whine about all the problems.

In order to notarize a Thawte certificate, the notary must meet the certificate holder in person and verify her identity via two forms of national identification (e.g., passport and driver's license).

I am now a Thawte notary. If any of you are interested in this free (!) and useful service, start by going out to the Thawte web site and getting yourself a freemail certificate. Most modern emailers and browsers can handle X.509 certificates just fine. Follow Thawte's instructions (admittedly, their web site isn't entirely intuitive) and start using your certificate. Then, go out and find a couple notaries in your area, again via the Thawte web site. It only takes a few notarizations and then you'll be up and running with a free X.509 certificate.

I'm happy to notarize any of you who want to make use of this -- after following the proper procedure, of course.

Big deal, eh? Well, the big deal is that now you can send email that your recipients can validate with a high degree of confidence came from you. Believe it or not, that is a big deal. If you want to be able to trust the email you receive, then this little bit of infrastructure is essential.

Cheers,

Ken

The shirt on the front page

ken@vanwyk.org — 2007-10-30T16:18:47-04:00

Ok, I just know this is going to come up, so I'm going to try to pre-empt it...

Did I match the new site theme to the shirt I'm wearing on my main page? Of course not! I'm an engineer. I'd be more likely to be able to cite the spark plug firing sequence on a V-12 Ferrari than to do something like that. Seriously.

Call it dumb luck. Call it serendipity. But please oh please do not call it coordinated. To do so would be to insult millions of engineers.

Cheers,

Ken

The new site is up

ken@vanwyk.org — 2007-10-30T15:52:42-04:00

Ok, so I've finally made the leap and picked up a copy of a really nice web editor called Rapid Weaver. Apart from being really easy to use (on a Mac, of course), it has enabled me to do some neat things with my personal and my business web sites. Although I'd like to see a little more functionality, I'm real happy with it overall. Perhaps the functionality I seek is there, but I just haven't figured it out yet. Give it time...

In any case, I'm still moving some stuff over from my old site, but most of the important things are over here already. Still to come: culinary adventures (does anyone read these?), cool links, etc.

Ideas and suggestions are always appreciated.

Oh yeah, here in the journal (NOT blog!), you can navigate to archived postings by date or category over on the right hand side of the page.

Cheers,

Ken

Experiences in VoIP

ken@vanwyk.org — 2005-04-09T14:19:34-04:00

Well, I've been living the VoIP experience now for a couple of months (see below). Oddly, I've settled in on a hybrid approach that includes the wildly popular Skype along with SunRocket and even newcomer Stanaphone. Why all the confusion, you ask? Well, my SunRocket service has become my primary business phone when I'm in my SOHO office; Skype is great for making calls when I'm on the road; Stanaphone allows (free) incoming faxes, which then get delivered as .JPG files to your email address. I forward my 2nd SunRocket phone number to my Stanaphone number, which enables me to receive faxes anywhere via email. (I'm trying to phase out my eFax service, as it costs me almost as much as I'm paying for SunRocket.) So, there's a reason for each of the services.

The verdict? For me, I'm really happy with SunRocket. If/when they come out with a "soft phone" service, I'll phase out Skype. Likewise, if they offer a fax service, I'll phase out Stanaphone. If you're looking for good VoIP, check out SunRocket before making your decision, IMHO.

My only service-related issue on SunRocket is that the voice quality sounds choppy if I'm really moving a bunch of data through the cable modem while I'm on a phone call. Even though the SunRocket "gizmo" does QoS, there's still some chop in the audio quality. Note that I do have my gizmo connected inside my new MIMO (802.11(pre)n) router, but the router supports QoS; and, in any case, I had the same problem with the gizmo outside of the firewall.

Speaking of MIMO, my new Belkin MIMO router that I bought at Buy.com is fabulous! (Buy.com's price was better than anyone else that I could find--I'm a fan.) Anyway, with a compatible MIMO card, I get 108 Mbps wireless speed anywhere in my house. Even on a standard 802.11g card, I get 40-56 Mbps anywhere in the house. Just don't do the AES encryption--it's horrendously slow.

It's been a while since I wrote anything here--which is fine--and today I have a serious rant to share.

ken@vanwyk.org — 2006-01-31T14:17:20-05:00

Back around January 2000, I bought my first BMW, a brand new, fully loaded 528i. It's been a superb car from day one. Always a pleasure to drive, and truly "the ultimate driving machine". It has, however, been quite expensive to maintain, which I fully expected when I bought it. My rant isn't with that, but with the BMW shop where I bought it and where it's gone for service throughout its life--BMW of Fairfax (http://home.bmwoffairfax.com/).

I've never been overly impressed with their service, but I've been willing to accept that we live near a large metropolitan center (DC) and that it's just busy. Today's experience pushed me over the edge, however, and I'll certainly never go back.

For starters, their phone system is beyond archaic. My car went in for its oil maintence service early yesterday. Around noon, my service advisor left me a voice mail requesting my authorization to do an "inspection 1" on my car--for some $500. I called him back about a dozen times during the afternoon, leaving numerous messages on his voicemail and with the receptionist. No callbacks, no car. Today, I tried again to call him back, and eventually the receptionist found him. Come pick up the car in an hour.

So, on my way to pick up my car, I got a call from someone at BMW of Fairfax who told me that she was calling regarding the car that I dropped off. It seems that it was blocking a service lane and needed to be moved. I told her to talk to the mechanic that fixed it. She explained that she had already done so and that no one in Service had the key. I lost my cool, said something very unpolite that drew into question her intelligence, and hung up.

After I'd paid for the service, I went over to where the car was sitting and looked inside. A mechanic quickly walked up to me and asked if was my car. I said yes, and that I wanted to pick it up. He explained that it had just been dropped off for service and that the service wasn't done yet.

My receipt and I prevailed and eventually got my car out, but it wasn't without another hassle. Talk about "left hand doesn't know what the right hand is doing" syndrome. I've experienced nothing but this kind of awful service at BMW of Fairfax since day one, and I wouldn't recommend them to my worst enemy. They strike me as the most horribly mis-managed "service" organization that I've encountered in many years.

I still love my 528, but am much more likely to look at a different car next time. Perhaps an Audi A6 or some such, but most certainly nothing from BMW of Fairfax. It's my opinion that they're nothing more than oxygen thieves.

Pigs can fly!

ken@vanwyk.org — 2006-06-30T14:15:14-04:00

Quite a few years ago, I became a "Mac hater". Long story, but the short of it is that a Mac net used by our publications department (at a company where I was working) let me down at a critical time. It caused me a lot of grief. Then, when Apple killed off the Newton, I swore eternal hatred.

Before I go on, I should note that I still use my Newton 2100 every day. It still has the best "to do" list handler I've ever used. Despite the jokes about its handwriting recognition -- which were ALL about its first generation of software -- it still recognizes my handwriting better than I do. It remains the best PDA software ever written, as far as I'm concerned.

And then, slowly, several other things happened:
1) Apple put BSD UNIX under the hood in OS X.
2) OS X has matured through a few major releases and is now a superb OS.
3) Apple put Intel CPUs into the Macbook Pro line. "Boot Camp" added the ability to boot/install NATIVE Windows XP. So, I have that as a fall-back if I simply can't get something running under OS X. (I haven't needed to use it.)
4) I get a nice educational discount via CMU, along with a fabulous rebate on an iPod -- which I gave to my wife.
5) I've been listening to numerous people's opinions that I value who all say that it's time to try Mac. You know who you are...

So, I switched a week ago. Now, I'm hopelessly, unapologetically, completely a Mac guy. It has unified my computing needs/desires in a way that nothing else has been able to. UNIX where it matters and the world's best user interface in front. It talks with my Linux servers and my windows desktops/laptops just fine.

Plus, the Macbook Pro, with a 2 Ghz dual-core Intel CPU, DDR2 memory, SATA hard disk, etc., is the fastest computer in my gaggle. This thing absolutely ROCKS! People complain about Macs costing more than their PC counterparts, but you really do get more for the money. I'm fine with that. I've never minded paying a bit more and getting a bit more.

As a result, my laptop is no longer a traveling copy of my data. My Linux servers now carry a non-traveling backup of my work. As it should be.

The Mac talks wifi, bluetooth, usb, firewire, infrared, VPN -- you name it. I can connect up to _something_ nearly anywhere on the planet and securely connect to the net.

And, one of my favorite things about Apple, from the first day that I used my first (of 3) Newtons, is the cross-application data integration. My Macbook hasn't let me down. My IM package (iChat) gets its real names from my rolodex (Address Book). My email program (Mail) shows me a green icon next to any of my contacts (from Address Book) who is logged into IM at the moment. THAT is cross-app data integration. I haven't felt that feeling since I first learned to love my Newton. No Windows or Linux set of apps has ever provided that feeling to me. Apple GETS IT. Their software guys and gals know software like no one else. Kudos!

I now think of "PC people" as those that haven't tried a Mac. Once you try, you will never accept anything less. Redmond should be quaking in their shoes (but they're not).

HIGH speed cable modem at last!

ken@vanwyk.org — 2006-09-24T14:14:09-04:00

I'm a cable modem user (on Cox Communications) in Fairfax County, Virginia for several years now. Recently, Cox offered a higher speed option (15 mpbs by 2 mbps), so I jumped right on it.

The upgrade went smoothly, but I was only measuring speeds of around 10x2. After a bit of searching, I found out that I ought to upgrade to a DOCSIS 2.0 modem, so I did that. Now, I'm regularly measuring speeds of 16-19mbps down and 2-2.5mbps up. I've tested at various times of the day and those numbers have been quite consistent.

I should add that the modem swap was painless and that Cox support was entirely effective. In one phone call, I gave them my new MAC address and fired up the modem. I did experience a couple of network problems, but it turned out to be a router problem at my end, so I can't fault Cox for that.

I also noticed that the voice quality of my VoIP service (Sunrocket) immediately improved as well.

So, put me in the "highly satisfied customer" group. Kudos to Cox for offering this service!

US Airways enters KRvW's "Never Again Club", with honors!

ken@vanwyk.org — 2007-03-25T14:02:53-04:00

As anyone who actually reads this web site knows, I travel quite a bit, both on business as well as for pleasure (whenever possible). What's more, for various reasons (primarily convenience), I tend to fly mostly on one airline -- United.

Now, United isn't the best airline -- or the worst -- without a doubt. They have more than their share of warts. But, as an "elite" (1K) flyer on them, when something goes wrong, I tend to get it resolved pretty quickly and easily. Usually.

But I just got back from a trip to Rome yesterday. (See this link for some pix.) My customer tried to pinch a few pennies and I ended up on US Airways instead of United. Mistake #1.

I left Washington Reagan airport on the day after a northeastern US snow and ice storm. Not surprisingly, things were delayed. I'm completely understanding of the situation at this point.

But US Airways had, I'm told and have verified via news reports, recently upgraded one of its main computer systems. Not sure what went wrong behind the scenes, but at the front counter, it was pandemonium. The check-in line at DCA was hundreds of yards long. No kidding.

After a couple hours in line and nearly giving up, a couple US Air employees came through and grabbed those of us who might still make today's flight. I was among the lucky. Got to Philly just fine, but ended up missing the Rome flight.

Then -- and I have to give due credit here -- a couple of wonderful US Airways employees in the US Air Club helped me re-route my trip via Munich. Looks like I made it. But more delays...

I ended up in Rome without my bags and had to go to my customer site in smelly, dirty jeans/rugby without a change of clothes. Bags finally arrived late Monday.

But that still wouldn't get them into my Never Again Club (NAC).

On my return from Rome yesterday, I picked up my bags in Philly. Everything was on time. Two hours in Philly to catch my connection to DCA. No problem. Get to DCA and, you guessed it, no bags.

In fact, not only were my bags lost, but about 2/3 of the people on my flight were stranded without their bags as well. We waited pathetically at the baggage carousel only to have about 10 bags come out from our flight and then the carousel shut down. No more bags.

I just can't believe this. How could an airline be so blatantly mis-managed to make this kind of mistake over and over? It just boggles my mind and forces me to spotlight them here, for all that's worth ;-\, in my Never Again Club, with honors.

Oh, and I'm typing this the morning after I arrived home. No bags yet, and I'm waiting for my ride back to the airport to leave on yet another business trip (on United!). I've had to pull together a replacement dop kit and such, but I'll make it. And I'm confident that United will live up to my expectations, but who knows.

Update re SunRocket Voice over IP "service"

ken@vanwyk.org — 2007-07-26T14:00:15-04:00

So, way back on 9 May 2005, I posted an entry here saying that I'd gotten and was very happy with SunRocket's Voice over IP (VoIP) service. Last week, while I was traveling on business in Mexico, I saw a headline saing that SunRocket was going out of business. I immediately signed up with one of their competitors (Vonage) and, as of today, my account is active and my old number has been transferred over.

Here's the thing. Well, maybe more than one thing... As a very (!) small business owner, I have grown to rely on VoIP for my business phone line. They're relatively cheap, easy to work with, and overall very good. My opinion on that has not swayed, despite this bad experience with SunRocket. I wouldn't advise many/most people to get VoIP as their ONLY phone service at home, however. But, as a second number, they're fabulous.

Well, they're as good as your broadband is. I'm fortunate to be in an area where my cable modem speed is superb -- I regularly measure 20 Mbps download and 2 Mbps upload. VoIP has NO problems with that.

And I can sympathize with SunRocket's circumstances. They were heavily VC-backed, and their VC investors were unwilling to put any more money into the company. I've been there, done that. But wow, they sure handled the situation in a horrific manner. The fact that I learned of their demise from a magazine headline is inexcusable. The fact that I had to turn to another provider and make arrangements myself to transfer my service is inexcusable. I really wish I hadn't given them any of my business, but that's water under the bridge.

I do hope that their actions haven't tainted the entire VoIP community, though, but I think the damage has been done.

Beware the most dangerous thing on the road or trail!

ken@vanwyk.org — 2007-08-01T13:53:27-04:00

I've found the most significant danger on the road or trail.

I'm a mountain biker. I try to ride pretty much every day when I'm not traveling, and generally end up going between 20-25 kilometers over some pretty hilly roads and trails here in the Alexandria, Virginia area.

Living just a couple miles outside the DC beltway, things tend to be pretty crowded on the roads as well as the trails. There are cars everywhere, joggers, other bicycles, and parents walking kids, just to name a few.

I've always been really careful around the cars, as they seem to be the most serious threat to the cyclist, but lately I've come to realize there's something even worse. Pedestrians with music players (generally iPods and other MP3 players).

That's right, these people are far more dangerous to the cyclist (and to themselves) than anything else I've found.

Cars generally stick to some semblance of traffic rules. I keep a safe distance from them and we all get along fine. Pedestrians with iPods, however, are another matter.

I try my best to be respectful and courteous to pedestrians. I always say hello. I always give them the right-of-way -- often going well into the grass to give them safe passage. When approaching them from behind, I always call out "passing" from a safe distance. All the things that you'd hope for from a cyclist sharing the road with pedestrians.

And there in lies the rub. I come up behind pedestrians and look for earphones now because I know they're more than likely to not hear my "passing" notice. Worse yet, they're apt to change "lanes" without notice. They're apt to panic when they eventually see me, often getting into more danger than they would have been otherwise.

I haven't hit one (yet), but I know it's a matter of time. For now, when I see earphones, I slow down and go *way* out of my way to avoid them. They're deadly.