Stop Sending Passwords in Emails!

As you may have noticed from my About Me, I build software, and much of that software requires serious security. Whether it be health data or educational, data security is king. What I can't understand is why companies that claim a good privacy policy send me my password in an email. Whether it's temporary or not, it's still bad. Even worse is when a company sends me my password long after I signed up. Right away, I know they don't use a one-way hash to store their passwords. There's no way you should be able to decrypt my password.

Security 101: No one other than me should know my password. Ever! If you must send a password, make it temporary and force me to change it. Always store it as a one-way hash seeded with a really long, random string.

It's simple. If you send me my password in an email, I will not do business with you.

Have a nice day.

Video: Behind the Scenes at Giant Keck Telescopes

Keck in Motion from Andrew Cooper on Vimeo.

OK, I've said before that I worked on the Keck Telescope (see this post). I love seeing what is still a favorite project of my professional life. Those 36 (now 72) mirrors were the result of a ton of great engineering and a lot of painstaking work. I'm proud to have been part of it.

Keep an eye out for all the maintenance required to keep the telescope operating at its peak. Also, remember that even though Keck is located at arguably the best place on the planet for an optical telescope, it still only operates at its absolute best for one day a year. The conditions have to be just right.

Enjoy!

Software Lifespan

How long should our software last? I'm sure that there are software packages out there that were built decades ago, but I'm talking about packages still being actively updated and sold. Personally, I figure if I get 5-7 years out of system before a major refactor of some part of it, then I'm doing great. Even if you continuously refactor, you will eventually get to the point where the cost of new features in legacy code become prohibitive. Shortcuts are taken or information is lost, and the result is code that is tough to maintain and update. How long do you think code lasts before it's too expensive to update?

The recent Mars Lander story made me think about this. Talk about a huge pat on the back to those NASA engineers. They built a system meant to last 90 days that ended up lasting almost 2000 days. Who knows? If it can survive the Martian winter, it may be able to keep going. The Devil's Advocate in me might say that they grossly over-engineered it, but mostly I'm supremely impressed the a group of engineers built a machine that survived in a very hostile environment for 5+ years.

From http://xkcd.com/:

Mars Lander Chronicles

Government honours veterans of Bletchley Park at last

Government honours veterans of Bletchley Park at last - V3.co.uk - formerly vnunet.com The surviving staff from Bletchley Park will finally(!!) be recognized, nearly 70 years later. Their work was thought to have shortened the war by 2 years and saved millions of lives, but until the 1970's they weren't even allowed to reveal what they did.

“After many years of having to keep their critical wartime work top secret, it is tremendous that this contribution has finally achieved recognition.”

All I can say is that it is about time the people that helped develop computing get some recognition.

June 6, 2009 - 65th Anniversary of The Great Crusade

OK, I know I'm a little off my usual topics again, but today is an anniversary. In the early morning hours on a Tuesday morning 65 years ago today, D-Day paratroopers began jumping into the French countryside. At first light, six divisions of soldiers from the United States, Britain, and Canada began landing on the beaches of Normandy.  The beaches all had code names Omaha, Utah, Gold, Juno, and Sword. The United States landed on Omaha and Utah. The British took care of Gold and Sword, and the Canadiens landed on Juno.

Just prior to the invasion, General Eisenhower read what is now an historic passage:

"You are about to embark upon the great crusade, toward which we have striven these many months."

Obviously, you can read about the Normandy invasions everywhere, so I'm not going to describe all the events again here. I will, however, talk a little bit about my experiences touring the area as well as introduce you to Charles Durning.

Who is Charles Durning? You probably know him by his movies. His film career began in 1965. Some credits include "The Sting", "Dog Day Afternnon", "North Dallas Forty", "The Best Little Whorehouse in Texas", "O Brother, Where Art Thou?", and dozens of others. What you may not know about Charles Durning is that he survived two most horrific periods in WWII. You wouldn't know because like many veterans of that era, he rarely spoke about it until years later when asked.

Durning was awarded the Silver Star and three Purple Hearts. He was among the first wave of troops that landed on Omaha Beach. Suffice to say, the nickname of "Bloody Omaha" is descriptive because of the more than 2,200 casualties suffered on 6 JUN 1944.

By 17 JUN 1944, Durning was back in England recovering from  shrapnel wounds in the left and right thighs, the right hand, the frontal region of the head, and the anterior left chest wall. He was pronounced fit again on 6 DEC 1944, just in time for the Battle of the Bulge and his second historical experience.

In 2008, Durning received France's National Order of the Legion of Honor (each year France honors 100 veterans that served with distinction in France). At the ceremony, he described his experiences during the Battle of the Bulge. Early in the battle, Durning was stabbed 8(!) times during a hand-to-hand fight with a young German soldier. The fight did not end until Durning was able to reach for a rock and bludgeon the German soldier to death. He said when it was over he wept with the dead German soldier in his arms.

Soon after, Durning was taken prisoner and would have been shot on the spot were if not for an english speaking German officer that accepted his surrender and had his wounds tended to (the 8 stab wounds - one to the chest). As a prisoner now, Durning was led to a small town called Malmedy. It is here that the infamous Malmedy massacre took place. At Malmedy, some 150 prisoners were rounded up and dozens were executed. Durning and two others of his group managed to escape the carnage. There were many incidents in an around Malmedy, resulting in 72 bodies being discovered.

Durning was on the TV show "Rescue Me" this year. It was here that I was reminded of his service and felt the urge to talk about it. I'm thankful for men like Charles Durning and thousands of other's like him. Like most veterans, I agree that the true heros are the ones that didn't make it back.

I was lucky enough to pay a short visit to Normandy many years ago. The visit was far too short, but I was able to stand on Omaha and Utah beaches and see what men like Durning faced. Think about 2-3 football fields of open beach to cross with an amphitheater of cliffs all around. Unlike what you see in the movies, it's not the machine guns right in front of you that are the most dangerous. It's those to the side. This is one of the reasons some units saw casualty rates of over 50% in the first few minutes of the landings. Powerful stuff.

In this time of robots and smart bombs, we will thankfully never again see mass invasions and infantry action. I only hope it isn't replaced with something far worse. So today, while you are enjoying a wonderful Saturday, send a "Thank You" to those men and women that started the Great Crusade to clear Europe of Nazi tyranny 65 years ago today.

Patent Decisions Since 2000 Invalid?

Anyone see the NY Times article In One Flaw, Questions on Validity of 46 Judges? Basically, a law professor discovered a constitutional flaw in the appointment process for judges who decide patent appeals and disputes.  This goes back to 2000. That means thousands of patent cases and billions of dollars in licenses. The really interesting part is that no one, including the patent office, is saying he is wrong. Imagine all those startups thinking they are secure with a patent to cover their IP. This is one crazy cloud over so that thought. Granted, a bunch of recent patents are completely bogus, but now the patent trolls could have a field day. Definitely need to keep an eye on this one.

I wonder if that means the patent I just received last month is not valid anymore...

Follow up to high stakes salvage

A Crushing Issue: How to Destroy Brand-New Cars Last month, I pointed out an article about salvaging a ship in trouble. The salvage crew successfully saved the ship and its cargo of 4,703 Mazda vehicles (loosing one life in the process), but now what do you do with the cars? Turns out, it's not easy to destroy 4,703 cars and not get in trouble, damage your brand, or get sued in the process. It took Mazda a year to plan and about another year to actually do it. Who knew?

POPSignal - Boston, May 15th

POPSignal Those of you in Boston may remember Tech Cocktail last fall. If you were one of the lucky 300+ people in attendance, you know how successful it was. I know I enjoyed it, and I met some great new contacts there. Well, Brian Balfour and Jay Meattle are at it again, but now it is POPSignal.

POPSignal parties are aimed at bringing together the local tech community in a fun and informal environment. There is no format, presentations, or speeches. However, there is always a free open bar, free food, music, fun activities from sponsors, and great conversation.

The date is May 15th, 6:30-9:30pm, at Tequila Rain near Fenway Park. To RSVP and get more details check out http://popsignal.eventbrite.com/.

Come on by and say hello.

The Web Me

It took a while, but I finally got to the top. Those of you with a name like a celebrity or a common name know what I mean. Use Google to search for yourself. What page are you on? I happen to have the same name as a former Mr. Olympia and actor from from the movie "Pumping Iron." For the longest time, his name dominated searches for me. Now, between this blog, LinkedIn, and a couple of other web voices, I am at the top of the list. It's actually pretty impressive considering none of the web sites that mention me get huge amounts of hints, but Google still is able to rank based on relevance and recentness. Lesson learned. If you want to get yourself found on the web, start a blog and get people to link to it. Note, reciprocal links don't count as much (if at all).

The funny thing is that by me linking to the other Dave's site above, I may have just moved my rank down since a big part of page rank is inbound links. Now I just need more people to link to this blog...

Body Heat Could Charge Your Cellphone

Body Heat Could Charge Your Cellphone Saw this article the other day, and I couldn't get over the possibilities. As interesting as charging your cellphone from body heat is, think of all the other possibilities. If you live in the North East like I do, you could generate electricity from the lost heat of your furnace or boiler. It is unclear how much power you can generate from heat, but making power generation orders of magnitude more efficient is a pretty huge jump. Power stations being 100x more efficient would sure save a lot of fuel costs.