We had a fairly nice relaxed weekend. Friday Anji stayed late downtown to attend a co-workers going away party so Kailey and I headed off to Reily park to enjoy the beautiful weather.

Saturday morning I attended a free seminar on lighting at The Camera Store. The seminar was at 10am and I got downtown at about 8am just so I could wander around and take some photos. Mostly, because I’m scared of taking pictures in front of people, I stuck to back alleys. Which is interesting because a few blocks from where I was wandering around (and about 7 hrs earlier) there was a fatal shooting in a night club. Earlier when Mike and I went to the last Camera Store presentation we arrived just after a fatal stabbing in a club across the street. Anji doesn’t want me going downtown any more for these seminars Aside from that sort of stuff though the alleys were fun. I found all sorts of interesting stuff to photograph. I pretty much exclusively shot B&W I won’t be able to post them on my website unless I print and scan them. Oh… and at the Camera Store I was wanting to buy some 8×10 photo paper and it turned out they had their Forte stock at 40% off so I bought a 100 pack for $27. Nice!

Sunday morning Scott, Doug and I went to Princess Auto which I think just won my award for coolest store ever! I ended up spending about $70 (I got off easy) on all sorts of neat stuff including a couple large electric motors, tiny drillbit set (0.0135″ and up), snazzy black vice grips, pop rivet gun and ammo, and all sorts of other neat stuff. I’m already regretting not buying more small drillbits (they were $5 for a set of 20), a bit 1/2HP 120V motor, and the huge lethal capacitor (no reason why I want one aside from who doesn’t need a capacitor with a capacitance >= 1? It is the prefect store for the inventor / mad scientist type!

Due to popular demand (ok. really it was just me) I’ve posted my bookmarks to my website here. This data is pretty much live data shared between Firefox at home and at work. So there you go

It just seemed like cheating to use a real service like Haloscan for my comments so after using it for about 24hrs I’ve dropped it and written my own system. Aside from the moral reasons I had several strong technical reasons for dropping it.

It’s written in Python and plugs into my page build system. Each HTML file that should have comments (blog entries, articles, album entries) will have a corresponding .comments file which is really a sqlite database of comment entries for that node only. This database is stored along side the html file. The reason I want many databases instead of one big one is that it makes moving content much easier. I just move the pages and comment files and it just works .

Comments are entered using a python CGI script which adds comments into an comment journal. Periodically I run another python script that reads through the comment journal, shows my the comment details, and assuming it looks worth posting, it copies the entry into the individual comment database and removes it from the journal.

It’s all rather complicated but it really works rather slick with my website and it’ll keep junk from being posted onto my website (ie. comment spam).

So feel free to leave comments and let me know how it goes. Mike: sorry I lost your two previous comments.

A long time in coming but I finally got around to adding comments to my web-log entries and photo albums. Mostly I wanted them on my albums so people could make comments on my images. I wanted to build a solution myself but couldn’t come up with a really nice way to make it play with my static pages so in the end I wimped out and I’m going to try Haloscan a free comments service. We’ll see how it goes.

Came across Adox BlueFire Police Film today and it looks rather interesting. It’s another extremely fine grain film to replace the discontinued Kodak Tech Pan 25. The really cool thing is this company is Calgary based and sometime this week they are dropping off a batch of this film at the Camera Store (my favorite camera hangout). I may have to swing by and pick up a couple rolls to try out. According to the sales pitch this film surpasses the resolving power of most lenses and it’s ISO 80. The down side is that developing requires a special developer and it looks a bit finicky.

I found some “plans” to build a neg scanner from a digicam and an enlarger. I bet I can Make something that works like this…

here.

Last night when I left the office they guys told me there was an accident. Apparently there was a fire downtown and an LRT nailed a fire engine on the way to said fire. Made a mess of the fire engine and LRT but luckily nobody was hurt in the accident or the fire. Anyways I figured it sounded like it could be worth a peak so I headed down dragging my Yashica and my Olympus. I wimped out and didn’t bring out the Yashica but there I was right in the midst of hoards of confused transiters who were looking for a new way home with my little camera shooting the commotion and destruction In the end I’m sure none of my pics are very good and the Sun guy was already there so my plans for selling my pics are probably out the window (he had a fancy Nikon DSLR with a massive lens) but I was really pleased that I actually did it. I find it so difficult to bring out my camera and point it near people but I did and nobody cared. Anyways the pics will be posted when I get a chance to have the roll developed.

So the world has changed after this whole Sarbanes-Oxley thing in the U.S. and it’s soon to be twin in Canada. Basically the ruling is that companies can’t get away with the kind of crap that they have in the past and if they try it the executives are accountable. In practical terms part of the “solution” seems to go nuts with security and auditing to make sure they can say who is allowed to do what in their company. I’m sure some of it is for the best. Executives should be responsible for what goes on within their company and proper reporting and controls help with that… to a point.

Unfortunately this whole thing seems to be very confusing for everyone involved (including myself) and companies are scrambling to hire auditors to tell them if they are SOX compliant. My theory is these auditors don’t understand it any better than the rest of us but they have a check list and they go through a company with their checklist and make recommendations, whether they make sense or not, just to be safe. Which explains some of the things are clients are telling us.

This whole process reminds me of the big Y2K scare. Some people were lazy, which they shouldn’t have been, and made some mistakes that needed to be fixed. Yehaa. But it got blown out of proportion and people were predicting the end of the world. Obviously the world didn’t end and Y2K was rather uneventful. But the point was that management everywhere was frightened they might be held accountable for anything that went wrong if they didn’t do their best to ensure everything they relied on was Y2K complaint. I had the good fortune of being one of the grunts tasked with going from electronic device to electronic device recording the specifics, contacting the vendor, and ensuring it was indeed compliant. Now for things like servers and PCs I have no problem with this but it didn’t stop there. People were really paranoid and wanted assurance that pretty much every device that could conceivable keep track of time was compliant whether it mattered or not. A specific example of how dumb this was. I actually had to phone Toshiba to inquire as to whether the specific model of microwave the company I was “auditing” was Y2K friendly. My thoughts are who cares. Sure it shows the time but it definitely doesn’t show they year and even if it was wrong would anybody care? Seriously.

Anyways SOX definitely wreaks of Y2K. Our clients are large oil and gas companies and they are very worried about SOX compliance (whatever that is). They’ve had their auditors look at their company and for some strange reason the universal recommendation for our software is that it should enforce complex passwords for user accounts. What exactly a complex password is seems to be up for debate. It seems to converge on N characters consisting of some upper case and lower case letters, digits and symbols. In some cases complex also means time expiring and limiting the reuse of passwords. I am extremely opposed to this for a whole bunch of reasons. But in the end we’ll probably cave because it’s something the auditors demand.

It’s pretty much universally known that passwords are a lousy authentication mechanism. People can’t remember passwords and usually pick weak passwords given the opportunity. If we take away that opportunity (by enforcing strong passwords) they will resort to writing their password on a post-it-note and sticking it on their monitor. If we require them to change their password every N-days they’ll just add a counter on the end and use “myP@ss1″ and “myP@ass2″…. And they’ll still write that on their monitor. So really what have we gained. Not much in terms of security and a coworker brought up and interesting point that we as a vendor might loose a great deal. Users will come to know our software as hard to use and annoying if these policies are enforced and eventually that will impact sales.

I’m not really sure our app needs such high security. The app exists in a networked environment and requires access to network resources. You don’t get access to those resources unless you are authenticated on the network. So that at least leaves it up to Windows to keep foreigners out of the network and similarly our app. But I can see the point that they are worried about abuse within their company. Currently have of our users seem to stick with the password ’1′. So I guess pretty much anyone can get in and do stuff under anyone else’s account which is probably bad and we should do something. But maybe the solution isn’t to go overboard on the auth scheme in our app and build in all these password checks and controls.

Given that our app exists in a network environment I am of the opinion that we shouldn’t provide any password mechanism at all. Instead of having accounts in our system with passwords we could instead map user accounts to Windows system accounts. If we make the assumption that the machines on the corporate network are sufficiently locked down that the “logged in user” is who they say they are, and that the network will not allow foreign machines onto their network, we can simply rely on the Windows login user and map that to the correct account in our system. It’s simple and it’ll work and as long as the admins are locking down their network sufficiently, which they have to for SOX, it should be secure enough. Then we don’t need to care about password management. Simple for us. And more importantly I bet our users (the people users not the admin users who seem to hate stuff like this) will love it.

The downside is that I imagine networks will not be locked down sufficiently. If it’s not on the auditor checklist then it’s probably not going to be touched. Also I’m not sure the auditors will be happy with that even. From what we’ve been hearing from some they want to see passwords on all apps (which seems really stupid). I can see the auditor saying “Whoa. Back up. I see you’ve got Paintbrush on this computer and it’s not requiring a user-name and password to open. It says here on my fancy checklist that this is bad. If you don’t have this fixed your company isn’t SOX compliant and your board members are doomed.”. Luckily Microsoft is big enough that they can say that’s stupid and just not do it.

I guess we’ll have to see how this pans out. Like I said some of this is good. We are being forced to seriously look at auditing within our application which is something I think is important. Also the user authentication is something we’ve been thinking about for some time. Maybe this will give us the motivation to actually make some changes. I just hope those changes will be in a good direction for us and our users and not something that will make our users hate us.

On a positive note I’m thinking with Sarbanes-Oxley being such a hot topic my little rant here is likely to bring in some pretty hefty google advertising revenue

Our weekend went way to fast and I didn’t really do anything I was planning on doing (developing my pinhole pics, a couple rolls of film, going hiking, etc) but it was pretty nice.

Saturday evening my Mom, Dad and Christy came over and we had a BBQ and played Jon’s dice game. Everyone had a really good time. Dad and I even stayed awake through the game. Poor Anji had the worst luck ever. In the game you basically roll for 10,000 points. We were mostly there before Anji got any points. It was unbelievable how unlucky she was

Sunday morning Anji treated me to brunch at Heritage Park. It was great. It’s been a long time since I’ve eaten that much food. They had the usual brunch stuff and an omelette bar and tonnes of fresh fruit. Mmmm.. Sunday evening we watched a nice sappy v-weekend type movie, “The Prince and Me”. Awww.

Last night Mike came over and brought his snazzy new slide projector and we took a look at my slides (the ones I had London Drugs scan) and we confirmed that they are indeed very sharp. We can blow them to 4′ x 6′ and it looks rather sharp (even from about 1′ away). So the question remains how come London Drugs with their fancy Fuji Frontier can’t produce a scan of this image that will look sharp and grainless on a 15″ display? Either the Fuji Frontier really can’t handle slide film (unlikely) or the techs at London Drugs don’t have a clue how to scan slides (much more likely). So this weekend I guess I’ll head back and see if they can do a good job or give me my money back.

Part of the problem might be that a highres 4535×3035 JPEG should be about 10M not the 1MB file they are giving me. Maybe they’ve just been saving it with some crazy compression.

While Mike was over I got to show off my new homemade photography stuff and we even made a print from a C41 B&W neg I had and I think Mike was pretty impressed at the results. The print turned out better (aside from dust marks everywhere) than anything I’ve had done at Walmart, etc. More contrasty and richer blacks. Cool

Kyle showed me The 2.5 gigapixel photo where some people used a telephoto lens on a digicam and robotic arm thingy to take a zillion individual photos and then they stitched them together into a very very highres image. They have a nifty little app to pan around the image and zoom in on things. Wow. He also gave a link to A company that will make prints up to 4′ by 10′!

I built another pinhole camera. This one is out of a tin can and takes 4×6 photo paper. I think I’m going to try and do more pinhole photography now. It makes for some awesome images. Here are some cool ones from the net:

• Krzysztof_Chrobak
• ok. i lost interest looking around for links but there are some pretty awesome ones.