Tuesday, September 30, 2008

Squeezebox Boom

After visiting a friend in New York a couple of weeks ago and playing with his Slim Devices (nee Logitech) Squeezebox Classic, I just had to have one. I just wished they had one with speakers- the place I want to put it doesn't have a stereo handy. A quick visit to their website shows the new Squeezebox Boom- perfect! Clickety-click to Amazon, and it's on the way...

Fast-forward to last night, when I "To My Desk"'d it from my EarthClassMail account and ripped the box open in the office to set it up for a late-night coding session. Right out of the box, I was enamored with the build quality- it's got a beautiful black enamel finish with really clean lines, and it feels quite dense for such a small device. Lots of little niceties like the magnetic remote "dent" in the top of the unit and the sleep/snooze button on top in case you want to use it as a hella-spendy clock radio. Plugged it in and had my SqueezeCentral account created and the device on the network within a couple of minutes. I went for the wired connection at the office- didn't even try the wireless, since our office wireless network security doesn't play well with a lot of devices. I didn't set the local server up (that's for home), so I was just playing with the built-in internet services. There's quite a bit of content available for free- even more if you're willing to create accounts and link them up. I was pleased to see the "local radio" option- it shows you all the internet streams of the local radio stations (all my favorites were on there), as well as allowing you to browse around the world right on the device.

I had pretty low expectations for sound quality. The device was kinda spendy ($279), but not enough of a premium over the speaker-less Classic model's $199 price tag to set my expectations very high. Right from the start, I was blown away. This thing sounds great! It has great mid-bass response from a pair of 4" speakers- the low end is "as expected" (eg, not going to rattle the windows out with sub bass-y goodness), but they do provide a sub-out if you're worried about it (I'm not).

I've seen the device UI described as "fiddly", and I'd have to agree- it takes a bit of getting used to, and the navigation isn't terribly friendly unless you know the whole sequence (as well as whatever nagivation the radio service you're using provides too, since they're all different). Things also work a little differently via the remote than using the wheel. It is more or less consistent, though, once you get used to it. My wife had it figured out within a couple of minutes and was having a blast with the "artist search" stations on the Slacker service.

We're both musicians, and yet there's not a lot of music around the house most of the time. Hopefully this thing will make it easier for us to have music around the house wherever and whenever we want.


Monday, September 15, 2008

Trying TrueCrypt full-disk encryption

I've been looking for a way to secure the data and IP on my laptop without a significant sacrifice of performance, reliability, or convenience. I looked into a few different directions:

  • BitLocker - This actually became an option once I upgraded from Vista Business to Ultimate (had to rebuild my dev laptop after an unfortunate Windows Update problem that MS couldn't solve). However, my laptop doesn't have a TPM, so I'd have to use an external USB key to boot. External key = high on the security scale, low on convenience. Next!

  • Windows EFS - Convenient, and allows the flexibility to encrypt at the folder level, but is difficult for multi-user access (something I do more of than I'd like). There's also a major performance hit for SQL Server operations. FAIL.

  • SQL 2008 Transparent Data Encryption - This one was intriguing, but it ultimately sounds like it wouldn't work well for my needs. I'd have to have the same keys used to create the backups, or encrypt AFTER restore of an unencrypted backup. Also, obviously limited to SQL Server, which doesn't cover everything I need. Either way, not going to fly.

  • TrueCrypt - Free, supports both file-based volume encryption, as well as bare-metal volume encryption. I'd used TrueCrypt before for the former, as well as for non-performance-sensitive stuff where we needed to move large volumes of sensitive data around on removable drives. I couldn't find anyone talking about the real-world performance hit, though. Windows boot volume encryption support is also fairly recent, so that made me a little nervous.

  • A few weeks ago, I decided to try the TrueCrypt route. To start, I created a file-based volume and did some testing in there. My benchmark was far from scientific, but I tested with things I do every day. I did a full SVN checkout of a code branch, opened and built it in Visual Studio, restored a SQL Server DB there, etc. Performance wasn't horrid, but it wasn't anywhere close to my bare-metal performance either- especially the SQL Server DB restore (took about 5x as long as on bare-metal). Most of the other operations I timed took anywhere from 1.5x-2x as long. There also doesn't appear to be a way to auto-mount file-based volumes, which means on every boot, I have to manually mount the volume (by entering the password), then restart the SQL Server. Gets old fast.

    A file-based volume just wasn't going to cut it. Two weeks ago, I finally bit the bullet and decided to try hitting "Encrypt System Partition/Drive" (AFTER a full backup, thankyouverymuch). Making the leap easier to take was the fact that the process claims to be fully reversible. The experience was quite good- after choosing a password and generating keys, I burned a recovery CD (I'm glad the UI makes such an issue of this!). After the CD had burned and verified, it proceeded to background-encrypt the disk. I could theoretically use the system during this time, but decided not to try- just left it to crank overnight. When I came back the next morning, all was well. I rebooted and held my breath. I was presented with the TrueCrypt password prompt, followed by the normal Vista bootup process. Cool!

    I went and retried my real world benchmarks, and much to my surprise, most of them were indistinguishable from their non-encrypted counterparts! The only one that was notably slower was a SQL DB restore- and that was only when the backup had a large log file. In case you didn't know: SQL Server won't allow you to resize the logfile on restore, so it allocates and zeroes an "empty" logfile matching whatever the server's logfile size was. We pre-allocate production server logfiles fairly large so they don't have to autogrow during large transactions. The side-effect is that restores to a clean DB are painfully slow. If I re-created the backup after truncating down to a reasonably-sized logfile, the restore performance was almost exactly the same as on a bare-metal, unencrypted drive.

    Two weeks in, I'm really impressed with what the folks at TrueCrypt have done. 6.0a is as-advertised, and the performance hit is pretty minimal for just about everything I've tried. Looks like this problem is solved!

    Yay Chase- security is good!

    At some point in the not-too-distant past, I noticed that Chase switched their main home page to use HTTPS. In general, it's a marketing site, so who cares? However, the thing that's great about this is that Chase provides a web banking login right on their marketing site's homepage. Even though the old HTTP page posted back to an HTTPS endpoint on submit, it was a major security hole- subject to phishing, DNS poisoning, man-in-the-middle, and who-knows-what-else attacks. They're also using secure cookies, but not httpOnly. Decent, anyway...

    As a side note, we've resisted marketing and user requests for this functionality since day one. Marketing has not (to date) been willing to switch their site to HTTPS-only, and we're unwilling to make the security compromise. I think a number of users were taken aback by our response to "but my bank does it, it must be secure!"

    Bravo, Chase- hopefully your competition will follow in your footsteps, leading to a slightly more secure financial web for us all.

    Saturday, September 13, 2008

    Chicago hotel fun

    Boy, this is starting to smack of last year's vacation from hell (right down to Jenny still being on United's "see agent, you must be a terrorist" check-in watch list). Didn't make it to the game, so we were sulkily watching the Purdue/Oregon game from our hotel room on a brand new LG flat-panel that looked and sounded like a bad 70's TV with rabbit-ears. I don't understand why hotels spend hundreds of thousands of dollars to upgrade to flat-panel HDTVs in every room, then leave 1980's analog cable infrastructure to drive them. Anyway, right at the end of halftime, the fire alarm went off. Great. At least I thought to grab the car keys and my wallet, so we didn't have to sit in the lobby for an hour. We went and grabbed some munchies at Walgreen's (the only place we can drive to- everything around O'Hare is hotels and industrial areas, and we're still pretty much flooded in). When we got back, the fire alarms had finally stopped, so we went back to the room. We were greeted with a smell about like wet dog- the "balcony" door was leaking onto the carpet from all the rain. To boot, Purdue's butt-kickin' lead from the first half had evaporated, now tied at 20-20. Grr.

    Hope we can just cut our losses and get out of here on time tomorrow.

    Stuck in Chicago

    So we flew into Chicago for a quick trip down to West Lafayette to watch the Purdue/Oregon football game (on our way to the east coast). Unfortunately, Chicago's been hit with a lot of rain and flooding. We're staying in a hotel about 100 yards from the freeway, which is open and running fine, but we can't get out of the little hole we're in because all the roads are closed. Argh! The game starts in three hours- I don't think we're going to make it. So the main purpopse of the first leg of our trip (visit Purdue, watch football) was pretty much a bust. We did have a nice visit with Jenny's cousin Adam and had great sushi at Sushi Samba last night, though.

    Off to Philadelphia tomorrow (I hope). O'Hare's experiencing lots of delays due to the local weather issues as well as downstream effects from Ike. Ah, joy. At least we don't have a terribly fixed schedule beyond the football game and flight to Philadelphia- everything else is fairly flexible.

    More to come...

    Tuesday, September 2, 2008

    Google Chrome Browser: First Impressions

    Just installed the beta of Google Chrome on Vista this morning. Generally, it's pretty slick! Installation was painless, only took a couple of minutes to download. Rendering is first-rate (no surprise- they're leveraging WebKit). I tried our site - all the basic smoke tests seemed to work fine. The JS engine didn't seem terribly snappy- though with all the JIT stuff they're doing, I'm sure they've got plenty of work left for cold startup perf.

    The "Incognito Mode" is pretty nifty (non-persistent browsing sessions)- wonder who stole what between Chrome and IE8's InPrivate mode.

    Really like the integrated JS console and debugging stuff- hopefully that stays in the finished product rather than being a separate download/install. Having customers with Firebug on their machines is invaluable for debugging weird one-off issues- it'd be even better if something similar was built in!

    My coworker was able to crash it on YouTube, and was also able to get the "Sad Tab" (it says "Aw Snap!"- sweet). The process isolation stuff is fantastic- kinda back to the way IE3 used to do frames in their own processes... Funny how we always end up repeating ourselves, for better or for worse.

    UI looks very similar to IE7 in most respects (layout, etc), except for the position of the tab bar where each tab has its own address bar. Very comfy and familiar. Looks pretty on Vista.

    Anyway, a very polished first beta from first impressions- kudos to the Chrome team! My interest is piqued- I'll be watching carefully and will continue to play with it.

    PDC 2008

    Got my confirmation for PDC 2008 last week- this will be PDC #3 for me. Looks to be good stuff on the sessions they've posted so far. I was dreading staying out by the airport- all the conference-rate hotels near the convention center were booked up by the time I got the OK to go, but they added one more at the last minute. Score!

    Most of the people I've met up with in the past aren't able to attend this year- crummy economy, employer politics, whatever. In addition to all the tech content, PDC's a valuable developer networking event- I've met great folks with whom I both learned and shared useful information. Drop me a line if you're going!

    Through various working relationships at Microsoft, I've been playing early with some of the bits that'll be unveiled at PDC this year. I can't talk about much yet, but I'm looking forward to the day when I can. We're hoping to have some code ready by PDC that shows off integration with the new mystery technology. Some of these things really are game-changers, and I wish I could ship with them right now!

    Monday, September 1, 2008

    Bachelor weekend redux...

    Jenny took off to Phoenix to visit a friend for the long weekend, so I figured that'd be a good time to do some kitchen experimentation and work on some house projects. OK, so I spent more time lazing than laboring, but I got a few things done that've been hanging over my head for awhile.

    First the food stuff- I got a new food processor for my birthday, and it's been sitting in the cupboard calling to me. I tried out a Good Eats hummous recipe- the food processor worked great, but the recipe had a little too much garlic (didn't know that was possible!). I also tried out a shrimp scampi recipe- didn't quite make it to the peach cobbler I'd been planning on making- maybe next week.

    On the house: job one was to rid ourselves of the stinky makeshift shower curtain that's graced our shower for far too long. The folks we bought the house from had made the shower curtains out of some kind of industrial plastic and a corded curtain rod (making it fairly inconvenient to get out of the shower). The curtains were endlessly slimy and smelled like wet dog on a good day. This is actually the first house where I've put up with a shower curtain at all- everyplace else, I've installed tub enclosures. Unfortunately, our master bath is set in the floor, so a normal tub enclosure won't work- we'd have to get an 8-footer custom built, and given that we're going to redo the master bath sometime soon, that'd just be a waste. I picked up a cool hotel-style curved shower curtain rod (keeps the curtain off you) and two normal fabric shower curtains. Rather than test my 7th grade home-ec sewing skills, a friend of my mom's hacked them up and made an 8 foot tall franken-curtain. Worked great- thanks, Jane!

    Next up: fix the master bath toilet. This one ended up being quite a chore. We've been using the commode down the hall for awhile now. I leaned on the toilet while switching it over to a new valve, and it popped off the floor. One of the old flange bolts had corroded right through, so gravity was all that was holding it down. Not good, but no problem (and happy to find it before we had a ... messier problem)- just get some new flange bolts and all is well, right? Hmph. When I pulled it up, it had an old iron closet flange that the bolts screw down into, instead of the modern kind where they key into the flange and stick up. OK, fine- just use my handy-dandy screw extractor to pull the broken one out and replace. Err, no. The screw extractor broke off in the bolt. Crap- now it's either tear up the floor and replace the flange (a lotta work for a temporary setup) or tap in a new bolt near the old one and try to get everything slopped into place. Turns out, there's a third option: a "super ring". It's a flat metal ring that sits over the existing flange and attaches directly to the floor, and it has slots for modern keyed flange bolts. Cool- now I just have to grind out some space on the surface of the old one for the bolts to slide on, seal it up, and we're good to go. Well, almost. A couple of the screw ears on the new ring prevented the toilet from seating properly, so I had to cut them off with the grinder (mmm, burning metal smell). What's left seems to hold everything together just fine, though. Did I mention that our master bath is carpeted? I hate carpet in bathrooms, especially around the shower and toilet. While it's nice to do your morning bidness with cushy carpet under your feet, it's just gross to think about what lurks in there. Anyway, I was very careful to have a piece of plastic sheeting under the toilet for all the dry-fitting I was doing while working this out. The last time I removed the toilet, though, the back edge of the old wax ring scraped on the carpet, leaving a nasty brown stain (rust and wax, not poo). Still- ew! Wax is not easy to get out of carpet, especially when it's intermixed with rust (and in front of the toilet, it so LOOKS like poo). Anyway, toilet is seated, working, and apparently leak-free.

    Next, I decided to replace the toilet's fill valve while "the patient was open"- the original one had a lot of galvanized pipe chunks in it and took forever to fill (the overflow fill tube was completely clogged with rust). I already had one out in the garage- should be nice and easy, but true to the rest of the day, it wasn't. The new package was missing the overflow tube, so I had to resurrect the old rust-clogged one with lots of bending and tapping and poking. Then, the fill stalk hole on the toilet tank was slightly misshapen, so the tank leaked a bit after I got the new one mounted. Argh! I was able to take care of the leak with some caulk between the stalk and the retention washer (again, just temporary- we'll be replacing this toilet soon anyway).

    Next up was the fancy "leak sentry" thing that came with my new fill valve. It's a clever device that I'd never seen before- basically a metal blade that sits below the float and is hooked to a second chain on the tank lever. When you flush normally, the chain retracts the blade away from the fill stalk and the float moves as normal. If the tank is leaking, the blade engages against the fill stalk, preventing the float from dropping, so you have to "double click" the tank lever to refill, alerting you that there's a problem. Don't know if it wasn't designed for the ancient mondo-gallons-flush toilet I'm using or what, but I just couldn't get it to work right. I futzed with it for about 20 minutes (I even R'dTFM!), but finally gave up and removed it.

    Last was trying to clean up the nasty wax mess on the carpet in front of the toilet. I tried using an iron on a paper towel over the wax to melt and soak it up (Google sez this works well for candle wax), but it didn't really work too well for my mess. Next up: the SpotBot. I'd heard and read good things about this little automated stain remover, so I figured I'd throw a tough job at it. Picked one up at Fred Meyer, dropped it on top of the stain and hit a button. I was amazed: it worked quite well! The carpet's never probably going to look quite the same (it was pretty luxurious carpet), but it did get almost all the wax and rust stains up, even just on the "quick" mode. I'll see how it dries, and maybe give it a go on the "deep" mode if there's any remaining rust color. My only complaint: it really burns through the cleaning solution, though the manual mode gives you full control over that part if you're willing to trade some elbow grease. Some very clever engineering on the device- I was most impressed by the "burp" valve design on the dirty cup that breaks the vacuum when you dump the cup out.

    A fairly productive weekend, anyway, and now I have a new toy for cleaning up the inevitable future messes I'll make on the carpet.