Monday, November 27, 2006

thanksgiving hacks

Having just cooked a two Thanksgiving dinners, I thought I would blog a few Useful Thanksgiving Hacks.
Turkey: Turkeys are actually easy to cook.
1. remove turkey from whatever packaging it came in.
2. Remove neck and other icky pieces from inside it and toss them
3. use a nice turkey roasting dish
4. rub the entire turkey with butter, shake some salt & pepper over it
5. toss about 6 bay leaves into the turkey cavity
6. put it in the oven at about 350
7. set a timer for 45 minutes
8. when the timer goes off, pull out the turkey. use tongs to flip it (easier than using those crazy turkey forks) and re-butter the entire bird
9. put it back in, re-set the time
10. when the breast & wings start getting very crispy, cover them in aluminum foil
11. cook, flipping & re-buttering every 45 minutes, until it's at 165F in the breast
Gravy: create a roux by putting 2 tablespoons of butter into a pan, and adding some flour. stir it around & mash it up. add some chicken stock and turkey juice. if you need to thicken it, make more roux in a new pan, then move the gravy to that new pan & stir well.
Timeline: the hard part of making a thanksgiving dinner is time management. Here's mine:
1. start the turkey
2. cook some veggies that can be microwaved at the end (sweet potatos, green beans)
3. prepare some biscuit dough that can sit in a fridge
4. make some mashed potatos, leave them sitting over a double boiler on low with a lid on them
5. when the turkey is done, pop the biscuits in the oven
6. make gravy, have someone warm veggies in microwave
7. when gravy and biscuits are done, serve

Friday, November 17, 2006

working from a browser

Web Worker Daily asks how you know when you're a web worker today. My answer is easy, it came the other day in a discussion about replacing my work powerbook possibly with a macbook. I expressed my needs for a work computer as (1) runs a web browser and can ssh (2) can do EVDO (3) light as possible. That pretty much sums up all I need to do my job. I guess coffee helps too.

Friday, November 10, 2006

when I learned what XSS is

Here's another old Amazon history post. February, 2000- I'd had Declan for barely over a month, and I remember being outside with him, walking around our parking lot, on a rather sunny day. (It's never sunny in Seattle in February, that's why I particularly remember this.) I was the oncall frontend QA- basically, if we had to do an emergency content push to the onlines, I would be the one checkpoint. Small responsibility for a 22 year old. My pager went off, I went in, and logged into my computer, and read the problem. It linked to CERT Advisory On Malicious HTML Tags on slashdot. That was the birth of XSS.

I spent the next several hours testing pushes for every single page on the site that echoed back user input. On a site like amazon, you can imagine what that was like- I seem to recall that a lot of my time was frantically deleting pages from my pager because it kept running out of space for stored messages. Thankfully I worked with some great people, I remember farming out a lot of the testing to Jason, who was still really a newbie at that time. This is one of my starkest memories: we had the slashdot article on this open, and would reload over and over again reading the comments as more vulnerable sites were found, more exploits related to this came to light. The comments are still an interesting read today.

It took a few days for me to wrap my head around what this bug was, at the time I was just trying to test with the sample input we had, without totally following the complete theory of what we were doing. To be fair, I doubt anyone that understood that. I can talk a lot now about filtering vs escaping, why I love <plaintext>, and so on, but that day was more about survival mode. Lots of fun, though, and another insane amazon experience that I wouldn't trade for anything.

Tuesday, November 07, 2006

30 degrees & RFID interference

This is a "I need to investigate something" note to myself. I've read lots of interesting stuff on RFID theft (schneier on security covers skimming today), it's something that's fascinating- I wonder if the person who invented the "tin foil hats" meme years ago could possibly have predicted tin foil wrapped passports. However, I have 3 proxcards on a chain that I carry around every day. When I need to scan one, I have to take the particular card that I want to read and either flip it out almost perpendicular to the other cards, or fan it out (as if I was holding some playing cards in my hand) so that there's about a 30 degree angle between the card I want and the others. Holding the cards stacked up on top of each other- as they usually are on the chain- means that none of them will scan. I think this must be some kind of radio wave interference, and I wish I knew the physics behind it. One more thing to look up some weekend. I really wonder why 30ish degrees is the magic angle.

a found morning

My ancient ipod finally died this weekend (almost 4 years old, it lasted longer than many laptops), so I decided to make a small trip to the 5th Ave apple store on Monday to trade in the old one- that store is open 24 hours, so I could stop off before work. When I tried getting into the 123 line from Penn, it was a mad zoo, and jampacked with people. No one was moving, I could hardly make it through the turnstiles (no idea why I went through them, I should have turned around, but I wasn't fully caffinated yet). In any event, once I squeezed though and saw that two trains were sitting on the local and express tracks, going no where, the station attendent made a very crackily announcement, of which I made out something on the lines of "trains stuck at 42nd st" - I think. It was really unclear, but I got the idea no trains in this station were going to help me out any time soon. I decided to give up on my $2 fare and hike to Herald Square for a NRW. Once outside, it was warm, and almost sunny. And gorgeous. A complete "I love this city" morning, so I walked over to 5th and hiked up 5th to the Apple Store. I hadn't walked up 5th in ages, so it was a nice break- I noticed Saks and Lord & Taylor were all set up for Christmas (already!). Sadly, I found out later that the reason why I took that walk was that someone was killed by the 1 train, which gave sort of a sad twist to my found morning of NYC bliss. I still can't get over how lucky I've been, getting to be in NYC every day. What a gorgeous, incredible city.

Saturday, November 04, 2006



Taken in New Hampshire at the beginning of October

Wednesday, November 01, 2006


Originally uploaded by wck.

Yesterday I went trick or treating with Ana and Kate -it was really warm! It was the first time I'd gone trick or treating with them, I mostly held Ana while she played with the glow-stick attached to her jacket.

With the recent warm spell, my cosmos FINALLY bloomed. Or... one bud did. Took long enough. I took a picture of a cosmos in New Hampshire a few weeks ago, I'll post that shortly.