My favorite information sources

I’m one of those obnoxious facebook friends who tends to look things up before I repost, and when I discover something is incorrect, or only partially correct, I don’t hesitate to post additional information in a comment.  I’d say about 70% of my friends are glad to learn more.  The rest, well….have you ever heard of “don’t confuse me with the facts”?  It’s really more like “don’t annoy me with the facts”.  

I find facts to be very handy things.  They are, however, tough to find on the internet sometimes.  The web is the ultimate democracy – anyone can post anything.   There is no Fact Police.  There can be plenty of pushback for a post, but there’s no guarantee the pushback has anything to do with actual facts.  

I tend to stay away from most news sites, especially the ones connected to television stations.  The ones with obvious political biases – BOTH left and right – are, to me, pretty transparently off base.  The only newspaper I read regularly is The Economist.  If you usually get your news from a US source of any kind, I encourage you to give it a try.  It’s very enlightening to read about us from a point of view outside the country.  And I also like learning about other parts of the world.  One of the things I really hate about American media is the apparent assumption that if it didn’t happen in the US or directly affect Americans, it isn’t really important.  The other source I trust for news is NPR.  Folks on the far right seem to think it’s very left leaning, but I find it pretty balanced, and it often has the detail I crave on a topic that interests me.  

For many other things, I might read them but unless an article feels solid and I can corroborate it with other sources, I usually won’t repost it.  Snopes.com and Politifact.com are good friends.  I love that Politifact pulls no punches: you’ll find “pants-on-fire” labels on untrue statements no matter who made them.

As a geek, I do my best to keep up with what’s happening in IT.  It’s tough. There are so many subspecialties that no one person can possibly stay current on everything.  Fortunately, there are lots of good blogs and news sites.  Here are some of my favorites:

• Sophos’ NakedSecurity keeps me up to date on what to watch and I find them mostly written in English rather than tech-ese.  I repost their articles a lot. 
• InfoWorld has several interesting blogs, especially Tech Watch
• TechRepublic’s multi-topic site
• Gizmo’s reviews of freeware, known as techsupportalert.com
• Wall Street Journal’s CIO Report
• My friend John Ahlberg’s blog at Waident.com, which also tends to cover many IT-related topics.  

Then there are the sites for cycling, for knitting, for gardening, for fun, and for inspiration.  Just having that list might make you think I couldn’t keep up with them ALL, all the time.  And you’d be right.  Still, I imagine there are good ones out there that I don’t know anything about.  What are some of your favorite sources? 

Happy Birthday, Mr. Handel

George Frederick Handel was born on this date (more or less – it was pre-conversion to the Gregorian Calendar in most of Protestant Europe) in 1685.  Famous for his Oratorio Messiah and his Water Music, he in fact composed hundreds of works in a wide variety of genres over his 74 year lifetime.  He lived in Germany, Italy, and England and traveled extensively.  He was revered by later famous composers – notably Mozart and Beethoven – and is generally considered one of the greatest composers of the Baroque era.

Prior to 3½  years ago, though, I would not have placed Handel in my top 5 even if asked to confine consideration to the Baroque.  I revere Bach and his mathematical precision, love the passion of Vivaldi and the brilliance of Purcell, and think Scarlatti’s sonatas are fun.  My long-ago pretense at being an organist included Buxtehude and Telemann.  Oh, I loved singing the Messiah and enjoyed hearing Music for the Royal Fireworks and had a passing acquaintance with parts of a few other oratorios.  But somehow Handel escaped my getting to know him well.

Then Mr. Handel’s legacy and my life crossed paths unexpectedly, in the guise of the Handel Week Festival (www.handelweek.com).  The festival, directed by Dr. Dennis Northway, was planning to present Handel’s oratorio Israel & Egypt. It requires a good-sized double chorus, and Dr. Northway was looking for an additional mezzo soprano.  I am grateful to Dr. Wilbert Watkins for the introduction.  The rehearsals and performance of Israel & Egypt, coupled with Dr. Northway’s enthusiastic, entertaining and enlightening stories about Mr. Handel and the work, opened my eyes to a whole new world. 

I have had the amazing fortune to remain with the Handel Week chorus since then.  I continue to learn about the man and his music and to learn to be a better singer and musician. I’ve made terrific friends in that chorus, even as I remain astonished that I am allowed to sing with musicians of this caliber.  And now I count Dennis as a friend as well as a teacher.

This season the Handel Week Chorus prepared two concerts.  Last Sunday we presented the famous Messiah as is traditional every 5 years of the Festival's life.  Dr. Northway chose Mozart’s 1789 orchestration of the work this time.  In addition to discovering there was much I still could learn about such a familiar piece, the orchestra accompaniment was refreshing and occasionally hilarious. You can feel the movement toward the Classical Period.  You can also catch Mr. Mozart’s sense of humor.  My new favorite aria is in Part III, just before the end: “If God be for us, Who can be Against us?”, for Soprano – and bassoon. 

Next Sunday, March 2, we will present a concert titled The Celebratory Handel. It includes two Coronation Anthems (including Zadoc the Priest, which is still performed at every British Coronation), Music for the Royal Fireworks, and The Te Deum for the Peace of Dettingden.  The choral music was all new to me.  The joy of the journey continues.  Happy Birthday, Mr. Handel – I am very selfishly glad you existed and were such a musical genius.  I am one of millions, perhaps, whose lives you have enhanced in unexpected ways

Security: Password Basics

Every single day, there are stories in the news about security breaches.  For every news story, there are thousands of unreported incidents, most of them limited to one or a few people. 

Astonishing as it continues to be to me, there are scads of people all over the world who have made a career of breaking into computers and accounts that don’t belong to them for the purpose or mischief, theft, or worse. I often wonder what the world would be like if we could somehow turn all that energy toward good instead of evil, but that’s a topic for another blog post.  

We have come to the point where computers are not really very useful unless they connect to the Internet.  But, if you’re going to connect to the internet, you’re at risk.  The key is how to minimize that risk so that you don’t end up being a target.

The biggest, and easiest, key is the use of passwords.  I continue to be surprised at how little priority people place on password management.  In case you’ve forgotten, here are the rules you absolutely MUST follow to minimize your risk of “being hacked”:

1. Every password should be more than 10 characters long.  Longer is better. 
   
2. There should be NO recognizable words in your password.  Let me say it another way: no string of characters in any part of your password should appear as a word in any dictionary.  In any language. 
   
3. Your password should contain numbers and special characters. Two of each is a good minimum.  There are still some accounts that don’t allow characters.  But where you can use them, use them. 
   
4. Every password should be unique.  In other words, do NOT use the same password for more than one account.  

 

Oh, I can hear the wailing and whining now.  I can’t remember all those passwords!  I can’t type them right if they’re that long!  XYZ company makes me change them every 30 days anyway!  

Okay. First of all, it's worth the effort.  Really.  How much will it cost you if someone gets into your bank account?  You really don't want to think about it.  So here’s how you make it [relatively] painless:

1. Create two  master passwords.  Use the rules above.  Here are two options and examples:
1. Pick two completely unrelated words, but ones you will remember. Substitute some of the letters for numbers or symbols.  Add additional numbers and symbols if necessary to create a password of more than 12 characters.
   Example:  Edition + Severity  = E41tions#v#rITY
2. Think of a pass PHRASE that you’ll remember.  Pull the 1^st letter from each word.  Substitute as above, again ensuring you have at least 12 characters.
   Example: Oh, I never remember passwords, but I will remember this one! = oinrpbiwrto = 0INr*,BiwR71!
   
2. Memorize your Master Passwords.  I mean it.  You’re going to use them every day, multiple times per day.  It should only take you a day or two before you can type them cleanly and remember them.  If you have to use a yellow sticky crutch, do it in the privacy of your home (and DON’T leave it where your teenager can find it).  If you’re still worried you’ll forget, put that sticky somewhere away from your computer.  In your jewelry box or something.  Don’t label it, especially if you keep it in your wallet.
   
3. Use one of your memorized Master Passwords to log in to your computer.  If you don’t know how, google “create password” or “change password” along with whatever operating system your device uses.  The instructions are simple. 

4. Use a Password Manager to keep your passwords.  I use KeePass (http://keepass.info/), but there are others out there that have good reputations and might be better for you, depending on what you do, and how many devices you use to access the internet, and what your favorite operating system is.   Use your other memorized Master Password as your password for your data base.  Then let your Password Manager generate ALL the rest of your passwords.
   This means, every time you log in to an account using your computer, make an entry in your Password Manager’s data base for that account, and reset the account’s password to what the Password Manager generates for the entry.  Occasionally you have to modify – amazingly, there are sites out there that won’t take the 20+ character passwords KeePass generates for me.  But do it, every time.  Pretty soon all your accounts will be in the data base.  Organize the entries so that you can find them easily.  Be sure to save a backup of the data base.  

If you do this, and get all your accounts re-passworded with complex passwords from your Password Manager, you can stop worrying about remembering them.  They’re there when you need them and safe when you don’t.   I like not knowing what my Facebook password is!  My KeePass data base is on Dropbox, so it's automatically up-to-date on all my devices.  KeePass also has a portable installation so that I can use it from a USB drive when using a computer that is not mine (at a client's office or the library) without installing anything or leaving a copy of my data base anywhere I don't want it.

An additional plus: most of the time, you’re using copy-and-paste to put your passwords in the appropriate field while logging in, thus foiling keystroke capture.  “ctrl-v” doesn’t help hackers  much. 

Do I follow these rules?  Well, no.  I don’t.  I make the following two exceptions:

1. I created and memorized a 3^rd Master Password, which I use for my email account.  Sometimes I’m too lazy to open up KeePass just because I want to check my email.  However, that password DOES follow the rules for complexity.
2. I have an “easy” password that I use on extremely low-risk sites, like forums.  It’s still a pretty secure password, but it doesn’t quite follow the rules above and I do use it in multiple places.   Although in recent months I’ve started replacing that password with one from KeePass in part because I also use KeePass to remember what accounts I have in the 1^st place.  Eventually I’ll probably also follow the no-duplicates rule because it’s so easy to let KeePass do the work.  

One other question to answer, and that’s about resetting your password.  There are indeed still a few sites that require passwords to be reset periodically.  Your Password Manager makes that easy – just generate a new one and use it to reset.  If I hear of a breach or a danger, I likewise go back to KeePass and set myself a new password for the account in question. Otherwise, frankly, I don’t worry about it much.  

The Security Community has slowly moved away from making people reset passwords frequently.  It only encourages folks to a)choose simple, short, easy-to-use passwords and/or b)use the same password for multiple accounts. Both of these are set ups for hackers.  If you create a complex, hard-to-crack password using my suggestions above, it stays complex and hard to crack. There’s no need to change it. 

There are other steps individuals – and IT departments – can take to reduce the risks of a security breach. But this one is far and away the most important.  It’s really not very hard.  And it’s in your hands.

Do you do these things?  What other ideas do you have for password management?  If you don’t generate unique and crack-resistant passwords, why not?  Tell me about it in the comments.

Cccccccolddddd….

Happy 2014.  And Welcome back. 
 

Probably half the bloggers in the USA have written about how cold it is this winter. I am using it as an excuse to start posting again.  Living in ChicagoLand, it’s been pretty interesting.  I can’t say I like temperatures below zero.  But I have enjoyed the cold a fair bit when it was less extreme – teens and twenties (farenheit).  I love to cross-country ski.  It’s my favorite winter workout.  It gets me outdoors and pushes me to the edge of breathless, a lot like a good Bulgarian Pajduško.  

Since it’s been so long since I wrote, of course a lot has happened.  Big things: Home Ownership (December 2012), loss of Leo (January 2013) and adoption of Coco (September 2013).  

I wrote about Leo in April of 2010.  I loved that boy.  He got me through some of my darkest times.  I had every reason not to expect him to live a normal Golden Retriever lifespan, but he did.  His end was fast and easy/painless.  For him, which is what counts.  My pain still exists.  But I am grateful to have had him for so long and that he didn’t suffer a long decline.  

Coco is a rescued poodle mix.  Recently I described her to facebook friends as “15 pounds of cute entitlement”.  

Photo Credit:  Margaret Loomis

She’s smart, sweet, playful, and snuggly.  She’s not Leo.  But she has her own special place in my heart, having wormed her way in overnight when I fostered her for a weekend in late September to “see if we’d suit”.  I try to maintain discipline and mostly I succeed. 

I bought a lovely house that I’m still crazy about.  The yard could be bigger, but it’s big enough to grow flowers and a small vegetable plot.  It is perfect in every other way.  I have been reunited with my piano and I have a real kitchen again (and my kitchen stuff!).  Leo got to live in it for 3 weeks before he died.  Coco is snoozing on the loveseat here in my office as I write. 

I feel pretty settled, now.  I have a small group of very dear friends here (you know who you are!) and a large group of activity buddies, conversation companions, professional colleagues, and assorted fellow audience members.   I have been thinking for a while about coming back, and I guess…I’m here.  I hope to hold forth on a new variety of topics in the same spirit in which I began this blog.  Variety is still the spice of my life.  Hope you’re getting started on a great year, too.

Happy 2012

…and where the heck did January go, anyway? It was right after New Year’s day that I fired up the blog again, wrestled with some “technical problems” that turned out to be operator error, and was going to start writing.

Now it’s the last day of January already. Wow. I tell you, people, don’t blink.

In the interest of being chronological, what happened in 2011? Well, I dropped worrying about blogging. I wanted to pay more attention to living and feeling and growing. I’ve done a LOT of growing; this has really been a watershed year in a number of ways. Some of that will come out, probably, as I write this year. I rode my bike – a lot (at least for me). I did my first Chicago 4-Star Bike Tour in August, with my friend Karin. We had a lovely day and a great time. I did some contract work with several small and one rather large client – interesting work, good people. I went to the EEFC East Coast workshop as usual. I sang with Sing to Live and in the chorus for the Handel Festival. I spent time with good friends, and time alone. It was a good year all the way around,.

And where DID January go? Well, part of it went to a trip to NYC to attend Golden Festival. It was a really fabulous experience; so fabulous I’ll probably devote a whole post to it soon. There was the usual work and rehearsing. Chicago had 2 snowstorms; one just before my trip to New York. I’ve only gotten out to cross-country ski on the Salt Creek Trail twice. But, unbelievably, I’ve been out on my bike 3 times. We’ve had so much mild weather that it seemed like the thing to do. Two of the rides were also fun time with Karin but today I rode on my own. It felt good.

2012 is going to feel good, I can tell.

Happy New Year

Well, it didn't turn out to be much of a year for blogging for me.  I'd rather be living than writing stuff to an audience I can't see or hear and who I'm not sure exists.  But I'd like to say it's been a year of ups and downs, mostly ups, and I am grateful for all the things I've learned, all the people who have touched my life and let me touch theirs, and all the experiences I've had.  2011 is going to be great, I know it.  I may blog about it -- or I may not.  I AM going to live it.  I hope you do, too.

Happy New Year. 

Cloud Computing

I attended an AITP group meeting this week on the two hot topics of the moment: Cloud Computing and Social Media Marketing.  The speakers are known, respected representatives of their fields, but on the Cloud Computing side I have to say I was less than impressed.

The message was: this is the next big thing and I’m on the forefront of it and you need to pay attention to it.  But what, exactly, are we talking about? 

Several of my colleagues in the audience asked excellent if pointed questions, like: how is this different that what we are doing now?  Is this not still just a make/buy decision with different parameters?  How do I safeguard my proprietary and customer data if I don’t know exactly where it resides and what my Cloud provider’s processes are?  Whose fault is it if my data is compromised or I can’t get at it to do business?

This last one is easy to answer, since the advent of Cloud Computing doesn’t change things: you are.  If you’re the CIO of a corporation, you are responsible for the safety and sanctity of the company’s data.  It does not matter whether you decide to keep it in house on a server you can see or farm it out to Amazon or Force.com or whatever, or something in between. 

It seems to me that though we have new technologies every month to consider as tools to do business, the fundamental issues don’t change.  Perhaps my negative reaction to the presentations stems more from the idea that the term “game change” equates to a complete overhaul of everything. 

Cloud Computing  clearly has some excellent opportunities and potential cost-savings.  It is also, as one of the presenters pointed out, the beginning of the realization, finally, of the true promise of the Internet.  It’s very exciting to consider the kinds of gains we can make in our ability to scale, to react to business needs and changes quickly, and enable new ways to collaborate in a global marketplace.  But my colleague who asked if things really are the same is right.  We still need to look at the costs, benefits and risks of the alternatives for performing every business process we execute.  Some things lend themselves very well to being put in the cloud.  For others it will make sense to keep them in-house.  And of course it’s not a yes/no decision, there is a range of possibilities.  Don’t throw away your common sense, IT professionals.  That is still very much in demand no matter what “game changing” new thing is being hyped.

Social Media Marketing next.