The Summer Pain of Snow Days

Today is June 22, 2011, and it is the last day of school for my kids. Their cousins in Utah have been out since late May. Up until today, every time they chat with each other online via Skype, XBox Live, etc, the Utah cousins say something to the effect of, "You're still in school? That's totally lame."

I am inclined to agree. Running the school year out 2/3 of the way through June and one day past the official start of summer borders on torturous.

What causes this summer pain? Snow days. We typically have 2-3 snow days every year. In a good year we have 0 and in a bad year we have 6. This year was 3.5 (yes, they did a half day back in November). This March the Lake Washington School District (LWSD) sent out a news release and letter to parents announcing the revised schedule.

An excerpt from the article: "The district is required by state law to provide 180 days of school.... One of the November snow days was a scheduled half day and the last day of school was scheduled as a half day. If both half days were combined into one full day, the district would only be offering 179 days of school. This unusual schedule, with two half days at the end of the school year, keeps the district in compliance with state law."

Yes, there are a state-mandated number of days and hours that students must be in class. This makes a difficult position for the principals/superintendent. They have to balance the safety of transporting students to school during winter weather with the state-mandated time spent with "butts in the seats," to use a travel industry term.

In the Seattle area we don't get enough snow to have an army of plows at the ready every time it snows like they do in mid-west and other northern states that have severe winter for months at a time. The low amount of snow we get every year (average 12" TOTAL for a year) and it typically melts off within 24-72 hours anyway. Some people call it "inclement weather" but it's only "inclement" if it doesn't happen every year, which it almost always does.

To make up for the missed snow days some districts have to build in a certain number of "snow day make-up days" through the year. In the LWSD they do not have this policy. They do have 10 school days off for winter break, 3 days off for "mid-winter break" (some call it "ski weekend", I call it Presidents Day Weekend), 5 days off for "spring break," and 3 other days spread throughout the year for "teacher training" (LEAP days). These days off are written into teacher contracts and "not negotiable". In other words, if there is a snow day they tack it onto the end of the year instead of cancelling mid-winter break, shortening Spring Break, or cancelling a LEAP day. Gotta love those teacher's unions.

So what do our students do during these make-up days? In LWSD final grades for the year are due on June 15. That was 5 school days ago. What have they been doing for the past 5 days? Let me put it this way...

The next time there's a day that is "almost" a snow day, I'm going to call the principle and ask him what movie my kids will be watching during their class party. ...because all they do on snow make-up days is have parties and watch @#$%! movies!!! No, I'm not kidding. I'll post an update later with the list of movies that my kids watched in their STATE MANDATED snow make-up days.

Here's an issue my wife brought up: "Last Monday (2 school days ago) our oldest son's class cleaned the classroom and stacked the desks. Um...They have two more days. Just what are they going to do? Oh right, copyrighted movies distributed for home use. See the mandatory warning at the beginning of the DVD you ...can't skip? Thank you LWSD for teaching my kids how to ignore the law. I asked one of the teachers and they brushed it off. Why can't they turn it into a learning experience? Yes they watched a few movies based on books they read during the year, how was it different from the book? Can they write about the locations seen in the movie? Would you like to lived there? etc.  ARGGGGG."

OK, I'm done venting. It feels good to finally put this out in the public sphere. Maybe someday I'll tone down my remarks a bit and send them off to Randy Dorn, the Washington State Superintendent of Public Instruction. If they are going to extend the school year, TEACH my children, don't entertain them. If I want them entertained I'll keep them home and give them my own supervised entertainment like I do every Family Night.

Sony PSN and Data Security

This got lost in my "Drafts" folder...

I work at a large company doing data systems engineering and architecture. One of the major components of my job is data security so when I hear of a security breach at a major online service my ears perk up.

The news doesn't look good. What Sony initially acknowledged only as a service interruption has escalated into an "external intrusion." In other words, they were hacked. PWN3D. People are already complaining about fraud and the lawsuits are lining up even before the dust settles. What did the hackers get? The investigation is ongoing but this is the list so far-

• Your personal profile information: Name, email, birthday


• Your PSN login information (username/password and answers to security questions)

What might have been taken-

• Your purchase history on PSN


• Your billing information: home address

Was credit card data access? Yes, but it was encrypted. Were the hackers able to read the encrypted data? Sony is still investigating.

Even though Sony has a major black eye right now, here is where Sony is shining:

• They are doing a complete service rebuild from the ground up. This is Security 101: when you are compromised in a major way instead of trying to ferret out every intrusion point, malware, and hacked admin account, just rebuild the entire thing. They are maintaining evidence where necessary to investigate and cooperate with law enforcement but they also have a service to run. The only way to know that your service is not compromised is to go back to a known good state. Which means re-imaging every server in your datacenter from a known-good copy and start fresh.


• They are being open and honest about what happened and the possible consequences to the point of advising everyone to watch their credit reports and credit card accounts for unusual activity.

It took weeks to recover and bring the site back up only to be taken town again... and again... and again.

What does this mean to the information security world?

1. Encrypt or at least hash your passwords BEFORE you store them in the DB.


2. Teach your IT guys appropriate security practices


3. AUDIT, AUDIT, AUDIT. And when you are done, AUDIT SOME MORE.


4. Teach your users to TRUST NO ONE. When you receive an attachment from someone call them up and ask them: did you mean to send me this document (in Excel format with an embedded malicious flash component)? (that's how RSA was hacked)

Will the Sony debacle blow over? Of course. Will people every forgive them for screwing up and come back to the PSN? Of course they will. People want to play games and Sony has a popular (albeit #2) game console. The public forgets all the time. They will eventually forget with the next ultra-cool, can't-miss games comes out as a PS3 exclusive.

But will the industry ever be the same? People are already calling 2011 the "Golden Age of Hacking." Exploits are no longer being bragged about by hackers to show who is the best: they are hiding them close to the vest and selling them off to the highest bidder or embedding them in malware that is then sold on the web to spammers and would-be botnet controllers.

Wake up people, tighten your belts and gird your loins. The advanced persistent threat is here to stay. Only good development practices, sound security policies, and self-analysis will win the day.

Pains of Geekdom

Sometimes being a geek has it's issues. Today's issue involves airline travel and smartphone apps and what happens when the two collide in an uncomfortable way. I am flying home tonight on an American Airlines flight. Out of curiosity I pulled out my smartphone to try out a new app called "Tail Tracker". It's quite simple: you enter the tail number of a plane (N566AA in this case) and it pulls up the owner information and airplane info as well as any pictures or history available in public databases.

This particular plane is a McDonnell-Douglas MD-83 manufactured 15.53 years ago with 172 seats and 2 Pratt & Whitney jet engines. The current owner is Wilmington Trust Company out of Delaware leased to American Airlines.

Why is this uncomfortable? I'm about to get on a plane for a 2.5 hour trip. Said plane is over 15 years old. Maybe I'm paranoid but that makes it older than my car, which I may replace in the next year or so. My car is pretty reliable but it hasn't logged hundreds of thousands, perhaps millions of miles flying 170+ people for the last 15 years.

Am I paranoid? Would I have even thought about this had it not been for my geeky curiosity?

}B^)

Update #1 - It's never a good thing when an airport fire truck comes running up to your plane rolling code 3 (lights+sirens). They just sat behind the plane for a few minutes then drove off without getting out. I hope that's a good thing but I'm delayed an hour which means I miss my connecting flight to SeaTac. Ugg. This doesn't help my earlier issue with the plane information. Nervous factor: 5 out of 10.

Update #2 - Made my connecting flight because all flights in/out of DFW were delayed due to a huge thunderstorm. Made it home by 4 am which makes it a 25 hour day. No, I don't sleep in terminals or planes.

(Old) Geek Links of the Week - 29APR2011

News Roundup for January 2011, something I have also put off for too long.  I found a bunch of bookmarks that I forgot about until recently...

Star Wars is coming to Blu-Ray

You would think that, as a self-respecting Star Wars fan, that I would be super excited to run out and buy the Blu-Ray edition of the best movie series ever (yes, that includes Eps. 1-3). My reaction? YAWN. During the HD-DVD vs. Blu-ray debate many people asked "what will be the next disc format?" The answer was clear: nothing. Blu-ray sales have not been beaten DVD players. Am I excited to see Star Wars in HD? Sure but I'll wait until I can download it rather than pay $140 for the set. The only reason I have a Blu-ray player (I have 2) is that it came with my computer.

New Cars Vulnerable to Wireless Theft

Now seriously, who didn't see this one coming? Keyless entry systems rely on rolling numeric keys to unlock your car, roll down the windows, open the sunroof, and even start the engine. GM first added keyless entry systems to their luxury car lines in 1989. Now, 22 years later, even new cars with the latest technology are being hacked in new and creative ways. Now someone can do things like lock/unlock doors, start the engine (i.e. drive off), or even kill the engine while you are driving. Fun stuff. They can even do it using your car's antenna.



Android Phone Gets Driver Out of Ticket

This one caught my attention since it blends technology and the law, specifically that someone got out of a ticket using their smartphone's GPS (or any GPS for that matter). A guy supposedly used the GPS data from his smartphone to get a speeding ticket dismissed because his GPS said he wasn't doing 40 in a 25 zone but was actually doing no more than 26 MPH (highest speed recorded by the GPS software). And then I investigated further and actually went to the source...

The judge took a moment and declared that I was not guilty, but he had an unusual statement that followed. To avoid any misinterpretations about his ruling, he chose to clarify his decision by citing the lack of evidence on the officer’s part. He mentioned that he was not familiar enough with GPS technology to make a decision based on my evidence, but I can’t help but imagine that it was an important factor.

So the Droid didn’t clear his name: lack of appropriate evidence on the part of the officer was the reason the case was dismissed. The questions he asked are standard questions that should be asked by any ticket defendant if you go to court to contest a ticket. THIS IS A NON-STORY. The fact that he tried to use his GPS data to prove innocence is interesting but not relevant. GPS devices are not accurate enough to provide convincing data for contesting a traffic ticket in a court of law. A radar gun (properly used, calibrated, etc) provides an instantaneous data point that is very accurate. Unless you have a corresponding data point at or very near the same timestamp then you probably don’t have enough data to provide a defense. He would have had better luck with his car’s telemetry data, assuming it is equipped with this feature (lots of luxury and sports cars already have this feature although you need a mechanic who can download the data for you or hardware/knowledge to do it yourself). The jury is still out on this topic, so to speak. Someday there will be legal precedent but this isn't it.

Microsoft Puts a Datacenter in a Barn.

As an IT geek this immediately caught my eye. Most "modern" datacenters are engineering marvels with a lot of fixed costs: virtually sealed buildings with hardened walls, raised floors, and forced air cooling. Microsoft designers used a wholly different strategy to build the new DC that utilizes outside air (virtually unfiltered, at least at the micron level) and much less structural integrity. The GM of DC R&D at MSFT recently referred the "disappearing datacenter." I have to say I like it. The DCs of even 5 years ago were patterned after the old-school building methods that started with mainframe datacenters where you had to have constant temperatures, usually in the 62-65F range, with very low tolerances for dust and humidity. Not anymore. They even ran a test where the servers were literally in the parking lot of the datacenter covered by only a tent for 8 months. Seriously. It's a brave new world in the datacenters these days.

}B^)

2010 News Roundup

OK, so I'm a bit late (like 4 months late). These are articles I found near the end of 2010 or the beginning of 2011 on Wired.com.

Vaporware 2010: The Great White Duke

Like a broken record, Duke Nukem once again makes the 2010 Vaporware awards. The big news? It's not #1. That spot is taken by the white iPhone.

Wired's top 10 space/science stories of 2010

Some very cool stories this year: water on Mars, giant iceburg collisions, Hubble is 20 years old, and giant spiders from the Middle East. Wow, what a year. The spiders can creep you out but they are totally cool.

Wired's top science images of 2010

To go along with the top science images, here are the top science images. I'm a sucker for cool pics and this one doesn't dissapoint. From crazy fractal patterns and smoke to worms and cute ZooBorns.

Cars we lost in 2010

Will you miss these cars that were discontinued in 2010? Will you even notice? I have driven several of the models (PT Cruiser, Grand Marquis, and Kia Borego) and I actually owned a Volvo V70 a few years back.

}B^)

St. Patrick's Day

First off, my favorite version of Danny Boy...



I'm not sure I can say, "Happy St. Patrick's Day" because it is actually the commemoration of the death of St. Patrick. Around our house we sometimes just say, "Happy Patrick's Day!" for Patrick, my son, who is indeed named after the patron saint of Ireland. With a name like "Donnahoo" it seemed only fitting to name my first son with a traditional Irish name. Do we have any real Irish blood in our family? I'm not sure yet: the genealogical jury is still out on that one. My Dad and Aunt Penny are still working on it. One of these days we'll find out when the O'Donaghue family crossed over and became Donnahoo. We are back as far as the early 1800s in the southeast US but no hint of immigration in that family line.

I'm sure you have read a lot about Saint Patrick. Did he really run the snakes out of Ireland? Probably not. But he did help bring Christianity to Ireland in the 5th century. And he did it through faith and love, not by force, as many countries were converted around that time.

So I wore green to work but I raised a glass of sparkling water in his honor. What did you expect from a Mormon? }B^)

Donnahoo.com is transferred...

After some quick economic calculations the decision was made to transfer the donnahoo.com website. I'll be posting family updates, links to new photo sets on flickr, posts on my companion blog Normalguytri.com, and lots of other sundry thoughts and commentary.

Now, back to your regularly scheduled madness/neuroses.

A word on economics: the old price to host my website was $15/month for a service I haven't updated in years due to poor technology integration (i.e. it was hard to post updates). With Wordpress it's only $12/year. No, I didn't have to think about that decision for more than about 10 seconds, but it did take me almost a year to get off my duff and do something about it.