The Daily Parker

Politics, Weather, Photography, and the Dog

Net neutrality threatened; Mike McCurry on wrong side

The New York Times editorial page today reminded everyone who values the Internet to call their representatives in Congress and demand continued net neutrality:

One of the Internet's great strengths is that a single blogger or a small political group can inexpensively create a Web page that is just as accessible to the world as Microsoft's home page. But this democratic Internet would be in danger if the companies that deliver Internet service changed the rules so that Web sites that pay them money would be easily accessible, while little-guy sites would be harder to access, and slower to navigate. Providers could also block access to sites they do not like.

And over on Huffington, Adam Green has some things to say about Mike McCurry's activities helping the big telcos:

Mike McCurry knows that the free and open Internet most Americans think is the "status quo" is actually GONE in 3 months. So it's more than a little bit deceptive when McCurry asks, "What service is being degraded? What is not right with the Internet that you are trying to cure?" McCurry is implying the exact opposite of what he knows to be true.That's a lie, and it's a genuinely sad sight for those who once admired him.

It's possible that, in three months, not only will Iraq be shattered, but also the Internet. Then Iran? Maybe India? Anyone for Indiana? Why does the Administration (993 days, 21 hours) hate things that start with "I?"

Air travel through Borowitz

Andy Borowitz reports on a new revenue model for airlines:

Struggling with rising fuel costs and sagging profits, several leading airlines announced today that they would attempt to boost their revenues by stowing passengers in their aircrafts’ overhead bins.
After Airbus announced earlier this week that it was toying with the idea of introducing standing room areas for passengers in the rear of their planes, the airlines decided that the time was right to pitch the idea of stowing passengers in a part of the plane that has customarily been reserved for carry-on luggage.

Jokes aside, I figured out why overhead space is so dear on airplanes (remember I deal with this every week). Simply, the airlines encourage carry-on baggage because it frees up space in the hold. Even with a full passenger load, transport-category airplanes have lots of capacity for cargo, which earns significantly more revenue per kilo than passengers do.

So I'll keep running on the elite-status hamster wheel to ensure that, when I fly, I can at least find a spot for my tiny carry-on bags.

Cool toy from ThinkGeek

I had to stop myself from snapping up this USB GPS device:

This small GPS gadget can easily be placed in a car, boat, land speeder, or just about any moving object and will record its own time, date, location, speed, direction and altitude. The recorded information can then be downloaded to your computer through the USB port and optionally integrated with Google Earth or Mapquest. This feature allows you to "playback" the location points of the TrackStick and see a visual mapped history of its travels.
Containing 1MB of memory it can store up to 4000 records allowing for months of travel. When the TrackStick is not moving, memory is not used. The record interval is adjustable to anything between 1 and 15 minutes (this is used to save memory and will not extend the battery life). It’s so small you can hide it for covert applications. There are no special software applications to buy and the raw data can be exported in RTF, XLS, HTML, or Google Earth KML formats.

It's $250 from ThinkGeek. Maybe I'll get it for myself as a bonus if I beat my revenue projection this month.

Update, 6 June 2006 5:36p CT (22:36 UTC): Bruce Schneier has picked up on the security ramifications of this device.

Joel Spolsky's 12 rules to better software

My project manager sent around this link to Joel Spolsky's rules for software management:

I've come up with my own, highly irresponsible, sloppy test to rate the quality of a software team. The great part about it is that it takes about 3 minutes. The neat thing about The Joel Test is that it's easy to get a quick yes or no to each question. You don't have to figure out lines-of-code-per-day or average-bugs-per-inflection-point.

I totally agree with Spolsky's list. I have never been on a project that scored better than 7 until now (which scores 9, IMO, but we're moving toward 11), and only one, ever, has answered "yes" to #8 (quiet working conditions).

Window vs. Aisle

I promised earlier to discuss the joys and sorrows of traveling for business. I had some time this morning in the airplane to do so.

Every week, I fly back and forth between Boston and Chicago. This morning I caught the bleary-eyed special leaving Chicago before 7, and I still missed my 11:30 Scrum. Between that, having to get out of bed slightly before 5am, and a general feeling of lethargy that no amount of coffee can cure, not to mention the lost billable hours, I'm going to start returning to Boston on Sunday nights.

Neither Anne nor I is thrilled with the arrangement. But then, we're not ecstatic about the 100% travel to begin with. The compromise is for me to be home no less than 48 hours a week, and for her to come out to Boston every so often.

A funny thing happened to Anne recently. She used to be an Aisle Person. She's becoming a Window Person, possibly because I have been one for the 30 years I've been flying.

Aisle People don't really like to fly. It's a means to an end. I'm here, I need to go there, this requires sitting in an aluminum tube for several hours; best to sit in the asile to minimize the aluminum-tube time.

I, on the other hand, always take a window seat. The very first time I got in an airplane, before I could even spell my name, I think my nose was pressed against the window for four hours. I've never gotten over how cool it is to look down 10 km (6 mi) and see...everything.

As I write this, we're over Lake St. Clair, just passing into Ontario. I can see that Lake St. Clair has two distinct currents, one direct from Lake Huron, which is dark green, and the other from the marshes on the Canadian side, which is muddy brown. The two flow in parallel down the Detroit River almost to the Renaissance Center, where turbulence from Belle Isle finally mingles them in swirling eddies of what I can only assume are heavily-polluted mud.

Ten minutes more and we're over the great swirling sandbar jutting out into Lake Erie right in the middle of the Canadian shore. I can actually see the sand flowing past it, lengthening it, creating a huge sandy beach upstream and a hazard to navigation downstream. Just a few minutes past that and we're over Buffalo, N.Y. There's Niagara Falls, identifiable from the cloud of mist hanging over it, and Toronto, barely discernable through the morning haze. Next, over Western New York and the Finger Lakes, deep valleys scooped out only a few thousand years ago by the southern edges of the massive ice sheets that dug out the Great Lakes. Finally, depending on our approach, I'll either get a terrific view of Nashua, N.H., from about 2,000 m (6,000 ft), or we'll get up close and personal with downtown Boston.

This is why I always get the window seat. And Anne, who finds herself flying a lot more than before we met, has started to agree.

Photo: Cape Ann, Mass., on downwind to Logan on today's flight.

Predictable software

We spent two hours yesterday debugging some code that kept firing early. It wasn't clear to anyone, including the people who wrote it, why this happened. We patched it with the C# equivalent of duck tape, but really, it still doesn't work right.

This incident shows how important it is to know what your code is supposed to do, and not to accept the code if it doesn't. Many tools exist to help—most notably, unit-testing tools like NUnit—but they have trouble with the specific problem that we encountered: events fired from black-box controls.

I will have more to say about this later.

The Midnight Special

Before nodding off to bed tonight, on a whim I searched Google for a funny story I remembered hearing on WFMT-Chicago's Midnight Special many years ago.

The New Year's Eve Midnight Special always ran long, and always played a bit called "Moose Turd Pie." Thanks to Google, I finally found out where it came from: U. Utah Phillips, who even has a link to the bit on his site.

This is what the Internet is all about.

Corporate insecurity

Anne brought to my attention the security practices at a medium-sized company in Chicago that make security nearly impossible: the company's IT department assigns Windows domain passwords to the users. In a recent communication, IT said this practice made the domain more secure.

It actually made me mad to hear about this practice. They're not only wrong, they're wrong in a particularly ignorant and incompetent manner, and someday they're going to have a significant security incident.

Secure log-ins serve two distinct purposes: authentication and authorization. Authentication means that the log-in procedure should guarantee that the person providing the log-in credentials is who she claims to be. Authorization means that the successfully logged-in person has access to the data he needs access to, and no more.

Most people only equate log-in screens with the latter. In many organizations I've worked with, people share passwords all the time, thinking that the password controls what they can do. It's often then impossible to figure out who did what with which data. Within a company that has Sarbanes-Oxley reporting requirements, this kind of sloppiness may actually violate criminal law in some cases.

Your bank knows about authentication. It's why you have a PIN (personal information number) for your cash card. It's also why sites like the IRS Website ask for hard-to-know information, like your previous year's adjusted gross income, before they let you do anything. Some people at your bank and at the IRS are authorized to see your information, too, but when they look at it, there's a record that they are looking.

IT administrators never actually need your password, because their authorization far exceeds yours. Plus, it's usually important for IT departments to know who did what to each computer. When you have the keys to the kingdom, you come under greater scrutiny.

For these reasons, the only person who should know a log-in password is the person who chose it. Any password that the person did not, herself, choose, is no better than a password that a "malicious user" has cracked or stolen.

Now look at what the company Anne mentioned is doing. The IT department has a list of passwords, which can be stolen. Also, the IT department can log in to any employee's workstation as that employee (which is, I think their goal). Once in, they can send email under the employee's identity, rummage through confidential information (for example on a law partner's computer, where the lawyer has a legal obligation to keep the information private, even from other people in her firm), etc.

No doubt the IT department would claim they need this kind of access to ensure employees aren't using computers for personal work, or storing copyrighted materials on work computers. But since the password list exists, even if compromising material were found on the employee's machine—which, by the way, the IT people have the ability to find under their own login credentials—now there is a legitimate claim that the employee had no knowledge of the problem, because there is no way to show conclusively that only the employee could have put it there. (Had IT put it there under their own credentials, this would be easily determined by checking the security information on the computer.)

This isn't the only idiocy perpetrated by this particular IT department, but it's the one most contributing to their lack of security. If there were a professional organization of computer people, these guys would be thrown out.