Tuesday, November 20, 2007

Anticipating Travel Hell

From the Seattle Times:

The three busiest air-travel days are expected to be next Wednesday, and the Sunday and Monday after Thanksgiving, when the number of daily passengers is expected to exceed 2.5 million.

Guess when I'm flying down to visit my folks. Yup: Wednesday, and flying back on Monday. Ugh. I'd better bring a book or two, eh? :(

Update, 5:21 PM: Apologies to my feed-reeder friends who may have seen this post several times. I've been playing with the blockquote styling, so the post is seen as "updated."

0 comments:

Thursday, November 8, 2007

What If Your Financial Accounts Were Public?

What's the worst-case scenario if your financial data were publicly available? I don't mean your login credentials or other personal information necessary to access your financial accounts; obviously that's inviting identify theft and stolen money. I just mean your accounts, balances, and transactions.

Is there any security risk associated with that data? I suppose if you're worth a lot of money, maybe the worry is that you could become a target for having your money stolen. But I wonder how much is perceived risk, versus actual risk.

The other concerns I can think of all seem to be social: Embarrassment at purchases made or amounts spent. Awkwardness at having more money than friends, or having less, or being better or worse at managing what you do have. Indignance — the "what business is it of yours?" response.

I ask because I'm considering the security risks of downloading all my financial data from Yodlee into my own database, so I can run whatever analysis I want on it. I want to imagine the worst-case scenario: that my machine is not secure, and some hackers are able to read all my financial data. What mischief could they do with it? Brainstorming in comments and by email welcome!

4 comments:

Monday, November 5, 2007

Vinocide: Me, in the Kitchen, with the Wooden Spoon

Vinocide in the Kitchen

All I wanted was some wine. I didn't have a corkscrew, so I went out and bought one. But when I tried to pull the cork out, it was stuck. Really stuck. Dismayed after a minute of trying to brute-force, finesse, and cuss the cork out of the bottle, I gave up and pushed the cork in with a spoon handle.

Alas, the internal pressure in the bottle cause red wine to erupt everywhere, including on yours truly. I washed my eyes in the sink — I closed them immediately on the hissing of the bottle, so I was fine — and threw my shirt in the sink to rinse out the drops of red wine. Red red wine, stain my clothes so fine... :(

After the immediate aftermath was taken care of, I realized that the red wine sprayed around looked sorta like a crime scene out of CSI. So I documented it. :)

2 comments:

Sunday, November 4, 2007

A Fresh Dev Env Should Be a Good Thing

In Happy Land, a fresh development environment isn't a scary thing. You install whatever programs are required (which are documented in some central location, of course), then check out and run the latest code from trunk. I mean, it's compiling happily, since no one is breaking the build, right? (They would have to bring in donuts, or suffer The Cow of Shame, or something, if they had broken the build. That's how things are in Happy Land.)

Of course, many folks don't get hired by Happy Land, Inc. For a painful, demoralizing example of this fact, check out this set of emails. (I found this via the blog post The F5 Key is Not a Build Process on Coding Horror.)

0 comments:

Saturday, November 3, 2007

New Camera: Canon PowerShot SD1000

Fall Leaves Next to Virgina Mason

This photo here is the view from my apartment window. The fall colors up here in Seattle really do seem more vibrant and varied than in California.

This summer, I went on a camping and backpacking trip at Lake Tahoe. Alaska Airlines messed up my checked baggage, shipping my stuff up to Alaska for several days. When my bags finally got to me, my camera — which I bought in 2002 and had been very happy with — no longer worked. :(

So I finally bought a new camera: a Canon PowerShot SD1000, to replace my dead Canon*. PowerShot S230. I definitely recommend the Digital Elph cameras to anyone who just wants a good point-and-shoot camera.

* Every time I typo Canon as Cannon, it makes me think of Gannon, which Wikipedia will tell you is "misspelling of Ganon, a villain from The Legend of Zelda series of video games by Nintendo." But then in the article, it says it really was spelled Gannon in the first video game — which is precisely the one I think of when I remember Gannon and his cold, heartless laugh when you died.

0 comments:

Friday, November 2, 2007

Client-Side Protections Can't Save You From Firebug

I keep a long list of inactive holds for library books. When I eventually do want to check out some popular book, I've moved up in the queue considerably. For many of my inactive holds, I'll be first in line as soon as I activate the hold.

So I wanted to active one of these holds today. I logged in to the Seattle Public Library website and went to select today's date from the "change status" drop-down menu. Ack! The 30th was the only available date for November, which is a bug so far as I can tell.

But then I remember the power of Firebug! I opened up the extension's console, added a new <option value="2">2</option> to the date selection menu, and submitted the change. And voilà! I now have an active hold on this book.

If this is indeed just a bug in the options displayed, then Firebug let me work around their problem. On the other hand, perhaps they've changed their policy about activating holds. Or something. In that case, their server-side code is obviously not enforcing the same rules that are evident on the client's side of things.

Moral of the story: Server-side code must enforce all your business rules and validations. Server-side code is your most important line of defense; client-side protections fall prey to modifications by tools like Firebug. This doesn't mean abandon all client-side validations; they have their place. But that place is not to ensure the integrity of the data in your database.

Secondary moral: Keep Firebug handy to have your way with troublesome websites. :)

0 comments: