Saturday, November 19, 2016

Too ManyDead Brain Cells Are Not Conducive To Good Writing

Wow this is hard..

It's 10:00 am on Saturday morning. I'm starting to put together my first blog post in two years and I'm sitting here with a brain feeling like it's filled with molasses. Thoughts that should flow, or at least dribble out are only coming out in slow sticky drips.

This is not new by any means. For years now I've struggled during the process of writing.
Losing thoughts or my entire train of thought as soon as I encounter the next descriptive word that's playing hide-and-seek with my brain, or being unable to remember how the punctuation or grammar should go.

Part of the process to deal with this has been going into the thesaurus and searching through sometimes multiple (here's a good example of struggling for a word that should take seconds to decide on but may take 5-20 minutes now, and may lead to me forgetting what I was originally trying to say. "tangents" is the only word that came to me but I'm sure that there's another word that's much better, that fits what I'm describing. What I need is an app where I can describe what I'm trying to say and have it produce some choices for me. I seem to recall something like that where you could type in some words and it would kind of distill your input, hopefully providing the word or phrase you were looking for.). See what I did there? In the process of trying to explain, one thing led to another, and the next thing you know 30+ minutes have passed. 
Tangents was an appropriate word. I want to go from A to B but along that path I end up taking multiple side trips, and when searching for words in a thesaurus the words are all hyperlinked so I might open up multiple browser tabs from the original word, then the same thing can happen from any one of those other words. To make it more distracting, sometimes I just get interested in some of the other words I encounter!

Now many writers will not worry about fine tuning things in the first draft and just concentrate on getting their thoughts down without restricting the flow. In my case I would likely never get back to finish them because I can't follow any structured, organized schedule. I've learned that the way I get things done (when possible) is to complete them in one shot, and if that means working on a blog post all day & into the night that's what I have to do. The times I do end up working into the night have a way of ending sloppily though. Fatigue sets in and that's that. It would be so nice to be able to pick up where I left off the next day or even have multiple projects going but these days I consider myself fortunate to even feel like writing (at least more than 140 characters at a time).

Writing, in part, has been a way for me and so many others to achieve a small level of control during stressful times. My need for things to be correct, lined up and in order detract from that control because I realize that my writing skills, specifically my grammar and punctuation (and likely other areas that I'm not even aware of) are sloppy and are much lower than I would like them to be.
I simply have lost the ability to learn anything new (and retain it) unless it's something I can apply on a daily basis, and since there are very few things I do regularly these days learning new skills is rare.
It would be so helpful if I had someone to proofread and edit my writing, however ever since my father, then mother died within a short time of each other, I have lived a very solitary life and do everything alone. The whole technology revolution (at least since the desktop computer & Internet) has been something I've tried to learn on my own (not having any 'tech' friends that I could ask questions or collaborate with). I did fairly well keeping up with most of the advances and even authored a consumer-level security (alerts & advice) blog in a section of my local paper the Concord Monitor. But things like recurring depression and family matters started eroding my memory and intellectual abilities to the point that I wasn't able to do all the work necessary to keep up with all the news.
Without having someone 'live' to ask questions to about punctuation or grammar (as opposed to websites like "Grammar Girl"), or someone to check/correct things, I kind of just ended up doing what I can with what I've got.

I almost completely stopped writing anything for a while during the time of their deaths. I was diagnosed with Diabetes, Sleep Apnea and a few other things. Those things, combined with pre-existing mental health and neurological problems, all the medications and their side-effects, along with the physical effects of disorders like apnea, high cholesterol and diabetes have had over the years, conspired to starve my brain cells of oxygen. 
Lately, while my diabetes and cholesterol is under better control than it has been in years, the Sleep Apnea has increased to a scary level. My brain (and other organs) is being starved of oxygen at night and the daytime starts out with me being very spaced out, not getting much clearer over the day.
It's now 1:41 pm and as I was writing that last sentence my mind just took another trip into the void for a few seconds..

Despite all that I somehow wrote these 955 words in the last four hours..

I will try to do better than one post every two years. Next will be a new post over at The Chesterfield Dispatch (with lots of photos and possibly video in the future!).

Thanks for reading.

Sunday, September 28, 2014

Oh Microsoft, why do you...(& why can't you, why don't you) - aka; The ongoing struggle to get and/or understand Msft "help".

To start with I want to say that Microsoft is far from the only one that makes using their software harder than it has to be, but they do it *so* well..

Today I was getting caught up on my email and was reading a SANS newsletter that included an entry:

Title: Microsoft reissues windows patches that previously caused blue screens

Description: Microsoft released updates to patch 2982791 to resolve the
bluescreen issues.  Microsoft strongly suggests all customers uninstall
patch 2982791 and install the updated patch, 2993651.



- So, I look in my installed updates and I see both. "updated patch, 2993651" is installed, and "patch 2982791" is also.. 

My first question is: Is there a reason that MS automatic updates didn't uninstall "patch 2982791" before installing "updated patch, 2993651"?

Then I read through the MS reference information related to the issue..
Instead of clarification what I find is more confusing (and conflicting) information.

In the "Update FAQ" section it says: "Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it.
Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel."

And in another area is the boilerplate: "Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically."

Tell me how Automatic Updates helped me in this case..

OK, so I am a 'customer who has automatic updating enabled...' and as so; "... will not need to take any action because this security update will be downloaded and installed automatically.", right? (underline added by me)

"[...] will not need to take any action [...]" 

-- OK fine, but what about where you say "Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it."  (underline added by me).

If you 'strongly recommend' it then why didn't you do that as part of your "automatic" updates?
If there was some technical reason that precluded doing that you don't mention it, neither do you say anything about whether or not to uninstall 2982791 if, as in this case, it's still installed after the 2993651 update.

You say "Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel.", but nothing is said about any issues that may arise as a result of leaving it.

It just doesn't make sense to me that you would make such a "strong" recommendation yet leave customers like me hanging like this. On the other hand it hardly surprises me, and one more time I'm left cursing Microsoft.

Saturday, August 20, 2011

The Security Consequences Of Mozilla's Rapid Release Schedule

'Mascot' image from the Mozilla ADD-ONS Blog

Continuing on a topic from my last post I want to focus on the security threat created by the 'rapid release' schedule the Firefox browser is now on.

I won't dispute the positive aspects of this move for Mozilla, however from a security standpoint it creates multiple hazards. A 'Ready or not, here we come' dictum may be OK in some cases, but it's a recipe for trouble when it comes to security.

Like it or not Mozilla bears the responsibility for not just it's browser alone, but also for taking into consideration the extended 'technosystem' of add-ons that have a somewhat symbiotic relationship with Firefox. They also have a responsibility to contribute to overall Internet security.

When so many of their users have security software that either integrates with or is a standalone 'add-on' to Firefox (and these users are to be commended for contributing to the overall security of the Internet),  rushing ahead and leaving them vulnerable is irresponsible and thoughtless.

Rushing to get something done often results in mistakes. You can rush things and get your product out first, but it rarely results in a quality product (and in this case you can add "secure" to that).

I realize that Mozilla can't simply wait until every 3rd-party piece of software is updated on their own schedule. There has to be some form of cooperative effort to find a middle ground however.

The consequences of the current situation are giving even more ground to the security threats confronting Firefox users. You wouldn't leave your children home alone (before the sitter gets there) while you go to work, and a wilderness guide wouldn't forge ahead and leave people behind to fend for themselves.... would you?

As people mature they learn to consider the consequences of their actions and hopefully become less self-centered. I realize that many businesses don't act this way, but good ones do (in varying degrees) and those get my respect (and patronage).

This world needs more cooperation not less.

Edit/add [8/20/2011 1:05 PM]:

I left out (in my haste!) the people on the security software side of the equation who need to do their part by starting their update process as soon as they can. They too have a responsibility to work in cooperation with Mozilla so both end up with a reliable product and safer users.

Wednesday, August 17, 2011

Caught In The Middle

Numerous issues are impacting me that have me caught in the middle and [nearly?] powerless to change (at least in the near-term). The first two affect many people, not just myself.

The first is the recent (and ongoing) fight over the debt ceiling and budget. I and many people like me that are living solely on their Social Security/Disability income had to wait literally until the last moment, not knowing if they could pay their bills. You know, little things like rent, utilities, food & medications..

The right-wing's lack of concern for some of the more vulnerable citizens is disheartening, and the notable favoritism shown towards the upper class and corporations combined with their manifest contempt of those in need is despicable. I want to mention that the silence ("willful ignorance"?) on this subject by vast majority of the media is disgraceful, and will be looked back on (along with many other examples) as a major failure of the Fourth Estate during this time in our nation's history. The abdication of power and responsibility by this Fourth Estate has enabled  those with selfish and dangerous ambitions to take our country in a direction far from the ideals so thoughtfully laid out by our Founding Fathers.

Caught between Mozilla - Firefox and security software

Since Mozilla started it's rapid release schedule for the Firefox browser many of the security add-ons & extensions I rely on haven't been updated to work with the current version (at the time of this post Firefox 6.0 has just been released). Previously, security software companies such as AVG (LinkScanner), Symantec-Norton, M86 Security (SecureBrowsing) and others had plenty of time between 'major releases' of Firefox to update their software (so it will work with whatever changes the new version of Firefox has).

That time has been drastically cut since this 'rapid release' initiative began.

This is from the "Mozilla Firefox: Development Process" page:

"Firefox uses a schedule-driven process, where releases take place at regular intervals. That means each release happens regardless of whether a given feature is ready, and releases are not delayed to wait for a feature to stabilize. The goal of the process is to provide regular improvements to users without disrupting longer term work."

- Further down the page:

Security Releases

"This proposal makes security updates occur along with Firefox releases, meaning we'll no longer be maintaining old branches. Having security branches for each major update is untenable if we release as often as we aim to."
Extension Compatibility 

"Extension compatibility is the trickiest part of the transition. In particular, it's not what the policy should be when a user has extensions that are incompatible with a new Firefox release. Each release will have at least 12 weeks to identify extensions that are no longer working, but this issue will be complicated."
On the Future Release Blog there's a post named "Every Six Weeks".
"We’re studying the effects of the process carefully; it’s a big change and we will be flexible in our approach as new information comes in. We may decide that 6 weeks is the wrong interval, for instance, though it’s worth remembering that Firefox maintenance releases have been released on 6-8 week intervals for years, and sometimes included major changes. We’re also paying close attention to the impacts this cycle has on our ecosystem of add-ons, plugins, and other 3rd party software that interacts with Firefox. We’re working with large organizations, too, to understand how rapid release can fit into their software deployment systems."

"Whatever adjustments we make, it’s clear that rapid release is a major improvement in our ability to respond to the needs of our users and the web. Every 6 weeks we have a new Firefox to evaluate and, unless some surprising and irreconcilable breakage is discovered, release to the world. No one will have to wait a year for the developer scratchpad now in Beta, or the massive memory and performance improvements already on Aurora, or the slick tab management animations soon to land on Nightly. Rapid release is already paying dividends, and we’re just getting started."

Johnathan Nightingale
Director of Firefox Engineering"

Now as far as the security software (companies) side of things, I haven't read any comments directly from them about this issue. 
I have heard directly from M86 Security after I posted a comment on Twitter about their "SecureBrowsing" browser add-on:
Firefox just updated to v5. When will your plug-in be updated?
(Posted 22 Jun)
Their reply:
@TRDaggett We do not have a definitive date at this time, as we are currently reviewing Firefox 5. We'll keep you posted
(Posted 27 Jun)
It's now August 17th and Firefox 6.0 has now been released.... and if you go to the M86 SecureBrowsing (FAQ) page it says:
5. Q: Where will SecureBrowsing work?
    A: SecureBrowsing has been designed to work on the most commonly-used Internet tools.
         The current version of M86 SecureBrowsing supports the following:

 Web Browsers:
  • Microsoft Internet Explorer 6.0, 7.0, 8.0 and 9.0
  • Mozilla Firefox 3.x and 4.0
  • Google Chrome 10
 BTW, Google Chrome's current version is 13x.
Despite the fact that @M86Security told me "We'll keep you posted", I've heard nothing from them [to date]. So if they were "reviewing Firefox 5" and still haven't gotten back to me by the release of Firefox 6..... 
1.) They don't care enough about their users to (proactively) keep them informed.
2.) They're not able to keep their SecureBrowsing product updated (for 2 major browsers) in a timely manner leaving those users unprotected.
3.) M86 Security SecureBrowsing needs to append the FAQ page "Web Browser" information with a note regarding future updates to Firefox and Chrome or remove them from the list.
(Make a decision M86 Security. Then please inform your users.)
I also use the (free to Comcast Internet customers) Norton Security Suite. This version complicates the update issue even further because it's different from both Norton Internet Security and Norton 360 and [probably] has it's own 'team' of people working on it's updates (including various browser add-ons).

I noticed that if I open up the Norton interface on my desktop and click on Identity Protection [View Details] it says that Norton Safe Web and Identity Safe are both on and working!

I called the Norton Security Suite support folks today and was told that they were working on the browser compatibility updates but they wouldn't provide any time table as to when they would be released. I want to mention that the support call must have gone to India because there was a noticeable delay and the woman was very hard to understand, So the combination of those two factors made for a poor quality support call (which I have to say has not been the case with most of my previous support calls involving outsourced support centers in India). It was unfortunate that I was already irritated by several factors including the fact that this was my second call to Comcast support about this matter. The first customer tech support person tried to transfer me to Norton support but used the wrong number, aborted, came back to tell me what she did, and then on the second attempt ended up transferring me to Netgear support!
Finally, AVG LinkScanner (which I've used for years, since before AVG bought them out and ruined incorporated LinkScanner into their products) partially works with Firefox 6.0 but the feature that checks web [page] links and search results (like Google) hasn't been updated yet. AVG has been quite a bit quicker than Norton to update their Firefox add-ons. I can still use the AVG Toolbar to search via the AVG secure search feature or open the desktop LinkScanner interface and enter (and scan) a URL manually. It's not as convenient, but it adds a valuable security resource to my kit.

Mozilla's rapid release schedule has created a security issue for Firefox users who rely on various security add-ons and extensions. I'm not saying that the problem is solely because of the faster schedule though. Other security add-ons (like Giorgio Maone's "NoScript" and Wladimir Palant's "Adblock Plus" ) have kept pace, but it seems likely that the security software produced by the bigger security companies has a much different (and complicated) process that it has to go through. A good analogy is probably that of an aircraft carrier vs. a Coast Guard cutter.
As I recall after Firefox version 5.0 was released my Norton Toolbar* and IPS 'broke' and after a few weeks some protection features (like search results) were updated but the toolbar wasn't (and still hasn't been updated).

Ultimately I hope to see [at least] two things happen. Security software companies who's products integrate with Firefox (and Google Chrome) will adapt to a faster update schedule, and Mozilla will adapt their release schedule to better enable security add-on software to stay current (and 'on the job'!). Rapid release schedules are great but not if it results in leaving your users vulnerable. 
Best practices call for a 'layered' approach to security. We need to work together as much as possible to increase Internet security.

*The Norton Toolbar includes the Identity Protection features like the 'Identity Safe' that I used daily. [Among other things] It securely stored passwords for websites and automatically logged me in to those sites. It also held 'cards' that I could fill with customized identity information which in turn could be automatically entered into forms on web pages.

Tuesday, May 10, 2011

On Newspapers & Paywalls

There are some basic requirements that must be met before I'll consider paying for online news. In my case it's [specifically] the Concord Monitor.

First let me preface this by explaining that I survive solely on my disability check from Social Security each month (which hasn't increased for a year or two, and isn't likely to next year either). So every expense I incur comes out of a fixed amount. I have to consider the value of every cent spent and also weigh it against every other expenditure. And despite what the CPI* indicates, the cost of many of these are going up.

So for me to take a portion of this [shrinking] pie and spend it on the local newspaper there has to be:

1. Exclusive content that I value and is well written, informative, complete & accurate.
2. A well laid out & easy to navigate website.
3. A website that is secure and well maintained (best security practices incl. 3rd-party audits/pen testing).
4. Also a secure payment system utilizing the best security available to protect customers including full encryption of transactions and storage of customer data. Also requiring the same of 3rd-party payment processors (or *other*) are used.
5. Plenty of local content.
6. Lots of compelling photography.
7. Blogs (but EXCLUDING political** blogs!)

I'd also like to see a local 'Technology' section, possibly getting local experts to contribute regularly with advice & tips (that could even be done/sold? [tastefully] as 'Adver-Tips') and regular 'cybersecurity' information (similar to my [former] BlogsNH blog*** "TechAlert"), because caring about computer & Internet safety needs to be force-fed (subtly) to the public at every opportunity.

Finally, even though it's expensive and time consuming (and takes a certain amount of institutional intestinal fortitude), some investigative journalism would be nice to see. Frankly I see too much ...... (trying to think of the right word[s]) .. quick, superficial, non-confrontational articles, and I'm trying to recall the last time I read anything that exposed some serious wrongdoing or corruption concerning local public officials, organizations or businesses. To be fair, my memory is awful and I'm sure there have been some, but we both know the larger percentage goes unreported (and/or undiscovered).

I'm going to give the Monitor a shot and see how it goes, although I hope that I can pay 'in person' instead of online. I've been victim of numerous database breaches over the years including Concord Hospital, the VA, Student Loans, and most recently the Sony PlayStation Network (where thankfully I chose to use their prepaid cards instead of a credit/debit card). I hope they consider this option and develop a way of implementing it.

- BTW, I hope that it's only the AP [text] content the Monitor's opting not to use and not Jim Cole's outstanding photography!

* Consumer Price Index
** Too divisive & (many of) the regular 'article' comments are *more* than enough negativity/fringe (especially for the moderators).
*** This is the page you see if you look today.. Hey Clay, I must have missed your alert to save our blogs before they weren't available anymore? (I'm glad that I saved most of mine and didn't leave it to chance..).