Morning workout

I decided to restart the kettlebell basics with the 24kg bell. I never
really did the Program Minimum properly, and I think my skill suffered for
it. The only minor change I made was DARC swings instead of regular ones.

I did the five minutes of get-ups without too much trouble, although my
right side is definitely weaker than my left. I've had that issue for
awhile. If anything will fix it, this will. It was the twelve minutes of
swings that killed me. I think I need a proper interval timer to make sure I
don't spend too long resting. It's easy to lose track of time without
something objective in front of you. Time swinging always feels longer than
time resting.

Stretching tonight, while watching old Star Trek episodes. Tomorrow: bodyweight drills

Training Log

First workout since I had my little operation. I didn't think I'd lose so much conditioning in a week. I did two or three intervals of DARC swings (like regular one-arm swings, but you switch hands at the top of each swing) and it fried me.

This was also the first time I've trained outside with my kettlebell. I don't think I can go back. I'll have to figure out some frostbite-safe way to train outside in winter with iron. You can go to a much higher intensity because property damage isn't a worry. I must have dropped the thing a dozen times. That would definitely ruin the hardwood inside.

The only thing left to decide is what to do tomorrow. I'm thinking I'll go up to the heavier bell (24 kg) and keep with swings and get-ups. A week of inactivity did more harm than I thought, and I need to get back to basics.

On picking my battles...

I used to work for a software company. Part of the reason I left was that I had serious reservations about the quality of the product. Part of what drove home those reservations was the fact that the company that hired me away hired me to fix their installation of that product.

Today I was dealing with the support department, and I noticed a small gap in the program. Passwords for an outside service were stored in plaintext in the database. Since the module isn't even in general release yet I didn't think it was a big deal. I reported it, and got this answer:

Afternoon Iain, as you're aware there already multiple levels of security needed to access the tables within SQL. Once there a user would have to know what they were looking for to find this information. In most cases anyone who was able to find the password would probably already have access to it. In speaking with our product developer she does not feel this is a security gap to a proportion that would warrant a change. If there is anything else I can do for you on this issue please just let me know.

This irritated me. The guy is fairly new, so I don't know if he's lying on purpose, or if he's repeating lies someone else told him. I especially like the implication I should already know what he's about to tell me. He's half right.

There is one poor level of security, not multiple levels. The username and password for access to the DB are stored in plaintext file (the .ini file). Even if they use Windows authentication, it requires all users to have db_owner access, so as long as you have shop floor level access, you have access to the table. Finally, a simple glance through the table names can suggest 'BusinessRules' is valuable.

I agree it isn't a huge gap, SMTP isn't very secure to begin with, but I will point out that user passwords are stored more securely in the SFSUsers table, and they have exactly the same level of access as sys_BusinessRuleSettings.

I understand you will not be resolving the issue soon, but I would like it put on the list. The reasoning for not including it doesn't hold up.

I'm not too fussed about the gap in general. We have a good firewall, strict group policy, all that sort of stuff. It would be easier to hijack another SMTP account on the network than that one, but the message just annoyed me. I'm fine with it not being a high priority. I agree. But don't try and BS me that a program with a 25 year code legacy has "multiple layers of security". The only layer of security it has besides a password is that it's so opaque to anybody who hasn't been trained on it.

Can't follow my own advice

I had some very minor surgery yesterday. One of the things the doctor said was to avoid any kind of lifting for a week, and only light weights for the week after that.

Naturally, I assumed this sensible advise applied to everyone but me. I made a post on one of the forums I visit asking for mild exercise I could do while "benched". I only got one answer:

Do some visual drills. Go to the movies. You have the rest of your life to train......unless you blow your guts out doing drills involving abdominal pressure before you are ready to.

He's right of course. I don't like that he's right, but he is. And I'm sure I've given exactly the same advice on that same forum before. I'm sure I'm not the only person who fails to follow their own advice.

6 days left until I can start light training, and the most strenuous thing I've done is carry a plate of burgers to the BBQ. This will be an act of will, but I'll manage.

Open source healthcare

I was watching a video with Tim Ferriss and Kevin Rose last night (link) and one of the things they talked about that really struck me was a site called Cure Together. Check out the site, but basically it's a source for people to track their own success or failure with treatments for medical conditions, as well as get some ideas on what they might have by entering symptoms.

Users enter their own results, which is added to the pool. You can literally track anything you want (they have a widget for it). Stealing from one of their blog posts, people are tracking things like:

• Exercise (minutes)
  
• Hydration (%)
  
• Laughter (units)
  
• Productivity (pages)
  
• Web-networking (hrs)
  

(not a complete list, by any means)

I love the concept, and their implementation is amazing. Some of the odder things being tracked would have a hard time getting funded in a traditional study (web-networking?) but can be useful for the day-to-day lives of those with the condition.

And since my wife has anxiety, it's a good source of data for my family. I've almost convinced her to try kettlebells (best form of exercise I have ever found).

Why blog?

Why am I doing this? I've been thinking about the future a lot. What I want to do. What I don't want to do. What goals I have. I think putting some of it out in public will help make me more accountable. Even if my traffic is low, having made the public statement will encourage me towards action.

There are other reasons. Two of my friends encouraged me to "build my online brand". They're right. The internet isn't going anywhere, and the next time somebody wants to know something about me, they're going to Google. A smart person will be proactive about what they're going to see.

This blog isn't going to have any kind of theme. I haven't done any proper writing in years, I'm sure it'll be a mix of musings, training log, anecdotes and politics. If I make some cash off it, great, but that isn't the goal.

Curious anecdote to close this out: I've always found the hardest part of something like this is choosing the name. True to my internet reliance, I found a tool to mix adjectives and nouns that let me keep trying until I found something I liked. I got some weird ones too. "Solid Organ" would have been a lousy blog name. "Notorious query" was pretty good, especially with all the time I spend in SQL.