Monthly Archives: September 2010

Racing for Grace

I had a Saturday morning free and had not run a 10K race in awhile, so I headed over to Tucker for Racing for Grace.  This event was sponsored by St. Andrews Presbyterian Church, benefiting their youth mission work and building program.

The advance work on this race was excellent.  It was well promoted (a Run Georgia Premier Event), the event web site was professional and informative, the T-shirt logo (with Isaiah 40:31b quote) was well done, and the 10K course was USATF certified.  There was a huge number of race-day volunteers (all wearing recognizable white event shirts), and good facilities.  It was a combination 5K and 10K, and the 10K was far from crowded.

And it was a nice run: the weather was beautiful and the tree-lined roads were pleasant.  The course meandered through nearby neighborhoods, with rolling hills and many turns.  Many cones and volunteers directed the way, but unfortunately not quite enough.  There were two confusing points along the way: one where several runners and I did a loop we probably shouldn’t have and another where we took a wrong turn.  So I’m not sure exactly how far I ran.  My Nike+ reported 6.53 miles, but no matter how much I calibrate, it’s never completely accurate on hills.  My time (55 mins, 25 secs) was in the ballpark for a 10K, albeit slower than usual, even with the hills.

For a “first annual” event, it had a lot going for it.  Several runners provided feedback about the route problems, so I’m sure there will be course corrections and more participation next year.  It’ll be a race to look forward to.


During my freshman year at Georgia Tech, Tina gave me a coffee mug depicting green bar paper bearing the words “While the Computer is Down…” repeating in a Westminster font.  That old phrase registered at that time because I then did most of my programming assignments on an overworked and frequently-crashing CDC Cyber (I needed at least sophomore status to use the Xerox Stars, HP 9000s, and other more modern machines).  Restarts usually took 20 minutes or more, and there was nothing we could do but wait.  So, at the very least, “Cyber is down” meant we could enjoy a good coffee break.

My first real job put me alongside seasoned mainframe programmers who knew well how to handle outages: step away from the green screen, talk a walk, visit the cafeteria, catch up on techniques, chat with friends, and so on.  These guys would often swing by my office while I was pecking away at my LAN-connected PCs and servers, totally unaware of the outage.  And they were usually pretty good at convincing me to join them in their forced break.

The advent of the personal computing era meant that any outage was under my own control, and there was always a suitable backup nearby.  So “always on” became a way of life: if my PC, laptop, PDA, pager, or cell phone died, I typically had several alternatives to turn to.  This removed all excuses for ever being disconnected, and we grew to expect 24×7 access to everything.  The unexpected result was that, in making these redundant devices slaves to us, we became slaves to them.

Now, of course, cloud computing is chipping away at that and pushing us back into a bygone era when folks were at the mercy of whatever was at the other end of a dumb terminal.  As more of what I do gets pushed out into the cloud, I lose more control.  Remote VPSes, VMs, and EC2s replace local servers, Gmail and GCal replace Outlook, Mint replaces Quicken, and so on.  I have multiple ways to access all these things, but there’s still just one of each of these services out there.  And along with that, we get back the shared computing pecking order: paying customers with SLAs get all the redundancy, fail-over, and guaranteed up-time, while smaller and free users rank somewhere below computer science freshmen.

So downtime has again become a part of life.  Just recently, I was affected by extended outages at Visa, Chase and Intuit, and shorter outages at less critical sites: Google, 1and1, MapMyrun, Facebook,, etc.  What can one do when such outages occur?  Not much, other than find something else to do, like take a coffee break.  And that’s not always such a bad thing.

Cartecay Day

It’s been a long time coming: I’ve wanted to run the Middle Cartecay since the waters warmed in the spring.  But it’s a bit too fast for the entire family, so other nearby rivers and lakes took precedence for this summer’s kayaking trips.  But with Tina and the girls out of town for a soccer tournament, the boys (Luke, Stephen, and I) headed over for a beautiful September afternoon on the river.

This section has a lot going for it.  It’s only 35 miles from home and very scenic.  With mainly Class IIs (and occasional Class IIIs), it’s approachable even for teens and beginners.  It’s a short run (two hours or less), so it can be done easily in an afternoon.  And yet within that 2 1/2 river miles are some interesting rapids: Rock Garden, Surfing Rapid, S-Turn, Whirlpool, and the grand finale: Blackberry Falls.  There are a few outfitters in the area, so it’s easy to get shuttles and any extra rentals needed.  For all the above reasons, this is one nearby river section I highly recommend, particularly before taking on longer runs.

A heavy rainstorm the night before lifted the water to near 1.4′ on the standard American Whitewater gauge:  high enough to be runnable (we never got stuck) and low enough to keep the rapids easy.  Although neither Luke nor Stephen had run this stretch before, they handled it like pros, maneuvering the falls and s-curves perfectly.

The first mile was gentle, and offered time to relax and get accustomed to the river.  We enjoyed the trees, rock faces, mountain laurel, birds, riverfront homes, and a friendly dog along shore.  After a few shoals, we paddled straight through Rock Garden and Surfing Rapid, which provided a good warm-up for what lay ahead.  The S-Turn near mile two provided our first real challenge: Luke’s kayak got swamped and he struggled a bit to find a place among the shoreline boulders to flip and drain it.  We met another kayaker there with goggles, treasure-hunting in the big pool at the end.  Just this week, he found two rings and a dozen pairs of sunglasses in those eddies.

Shortly afterward, we heard the rush of Blackberry Falls and enjoyed running it the only way we could at this depth: left to right through the chute, then hard left at the end.  Our two unskirted open kayaks swamped on every run, so we used the one sit-on-top for repeat runs.  I ran it six times in a row: never gets old.  After some body-surfing down the rapids, we passed under the bridge to our Mulkey Road take-out.

I’m determined to catch this stretch at higher water levels, so that the rapids will be faster and we can run a longer section.  That’ll likely mean getting out there in cooler weather (late fall or early spring), but I’m sure I can talk the boys into it.


Hats off to local SecureWorks for detecting and thwarting the massive BigBoss Russian check counterfeiting ring.  Their Counter Threat Unit (yes, 24 fans, there really is a CTU) uncovered an operation used to create over $9 million in counterfeit checks over the past year.

It was a sophisticated attack utilizing ZeuS trojans, SQL injection, a couple thousand infected computers, and a VPN to transmit stolen data.  The perps stole over 200,000 check images from archive services and used these to create counterfeit checks.  They then overnighted these checks to U.S. recipients (drawn from a stolen database of job seekers) who were to deposit the checks and wire some of the funds back to them.  These unwitting money mules (who thought they were job candidates) did become suspicious, so the plan was apparently not very successful.

Compared with credit card fraud, widespread check fraud is less common and is typically easier to resolve.  However, check authorization systems are incomplete, so prevention is more difficult.  But solutions are well within reach, such as a secure national shared database of positive pay, authorization, negative list, and “stop” information that could be accessible to everyone, not just large commercial customers.  This could plug one of the last big security holes in our bank accounts.


I don’t miss frequent flying, mainly for one reason: there is no longer any slack in the system.  Airlines have optimized to the point that almost all flights are nearly full and are often overbooked.  Toss a storm or failure into this machine and it can take seemingly forever to get furious passengers on canceled flights home.  I still have haunting memories of being stuck in Newark for 28 hours following a relatively small snow storm watching five overbooked flights to my destination leave before me (and I was holding a Class Y ticket, no less).  In the midst of all of this overclocked chaos, I’m pleased when I can drive rather than fly.

Ignoring the Obvious

This is essentially the point Tom DeMarco makes in his book Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency.  From the very outset, he states it plainly: “the more efficient you get, the harder it is to change.”  Trouble is, change happens.  And when it does, the end results to an over-optimized company aren’t pretty: angry customers, missed opportunity, diminishing revenues, and obsolescence.

DeMarco’s book is a quick read, and many of his points are painfully obvious, yet painfully missed.  For example, he describes:

  • How “ax-wielding crazies… trade away the future to make the present look a little more rosy”
  • The problems that come with treating employees as “fungible resources”
  • How the net result of the Hurry Up mantra is really Slowing Down
  • The value of human capital and the real costs of losing employees
  • The myth that information work can be rushed (“people under time pressure don’t think faster”)
  • Tell-tale signs of a poorly-run company: aggressive schedules, extended overtime, Culture of Fear, process obsession, and Management by Objectives
  • Why effectiveness is more important than efficiency
  • What true corporate vision and leadership looks like
  • How to encourage change and manage risk.

Dated, Yet Timely

While the book is nearly a decade old, DeMarco’s advice is now even more needed, but less heeded.  Our times place even more emphasis on cost-cutting in lieu of potential, short-term profits instead of investment, regulation in lieu of innovation, and so on. That explains the common large company strategy of “cut costs, stop innovating, and hope to make it up with acquisitions” (and why those acquisitions are ultimately so expensive).  I would argue it’s also a primary systemic cause of our current economic woes.  It’s essentially the thrift paradox: if everyone is cutting costs, no-one will grow.

Yet I think DeMarco would be pleased that, against prevailing government and business winds, today’s most successful companies have done exactly what he prescribes.  IBM’s Think Fridays come to mind, but perhaps a better-known example is Google’s 20% Time.

A typical corporate cost-cutter would not tolerate such a thing.  After all, how much revenue does Google get directly from Gmail, Google Talk, Google News, Google Sky, and the other 20% projects?  Almost none, when compared to their massive advertising revenues.  So an astute efficiency expert might find 20% “fat” that he could cut out of Google’s expense equation.

But over half of Google’s products originated in this 20% time, and these projects have dramatically improved the reach, goodwill, and public impression of Google.  As eWeek puts it, they “gain more influence over the internet landscape.”  It keeps them highly relevant, and helps prevent them from going the way of Alta Vista and Ask Jeeves (if those names aren’t familiar, just google them or gmail me).  And this week’s unveiling of Instant search is yet another example of Google’s proactive change; one that bean-counters might argue is an unnecessary and cannibalistic change.

Just Ask Yourself

While DeMarco writes in abstract terms, many of the mistakes he describes are quite familiar.  I don’t know how these problems look in a manufacturing company or utility, but I’ve seen them in technology and software companies.  So I would propose the following litmus tests.  If you answer “no” to one or more of these, you might be a breakneck.

  • Are my R&D and revenue pipelines diverse?  Instead of expecting one or two big new product investments to pull off a revenue miracle, am I spreading the risk across a portfolio of new product developments knowing that some will fail and some will succeed?
  • Do I routinely solicit new product ideas from my employees (who may see opportunities that I miss)?  And do I act on these?
  • Am I significantly investing in R&D, including “skunkworks” projects?
  • Am I giving my employees time to innovate?
  • Is my company giving back to the open source movement, or is it “all take and no give?”
  • Am I encouraging career development in my employees, instead of treating them as “fungible resources”?
  • Am I allowing time in schedules for unknowns and risks?

The solution to many of these problems is simple: do business the old fashioned way.  Think long term.  Invest broadly in the future.  Hire good people and value them.  Don’t lay off or outsource just because you can.  Look beyond just this quarter’s financial results.  In short, make room for change and cut the world some slack.

Labor Day “Triathlon”

My original Labor Day plan was to run the U.S. 10K Classic (a great race, I’ve heard), but that would have stood in the way of the family canoeing/kayaking trip (something of a family Labor Day tradition now).  But then the late-breaking forecast called for mid-50s in the morning: perfect for running, but not good for little ones in a river.  So we delayed hitting the river for a few hours, which gave me time to head over to nearby Hickory Flat and run the Hickory Flat Out 5K.

I was glad I did.  The 5K was sponsored by Mt. Zion Baptist Church, and benefited their children’s camp ministry.  The race was run on the roads in front of the church, and ended on trails behind it.  It was a beautiful setting for an early morning race, participation was good, the event was well organized, and the volunteers were very friendly and helpful.  The technical shirt for the race was nice, although I didn’t get one: that’s what I get for registering only minutes before the race started.  However, the volunteer at the shirt table told me they would mail shirts to those who didn’t get one.  That’s a very nice gesture; with many races, the policy is, “you snooze, you lose.”  I’m a bit out of training, so I certainly didn’t set any personal records (my time was around 25:30).  But I enjoyed it, and it was much better than morning loops around my usual running spots.

Afterward, we loaded up the two kayaks, one canoe, and 5/7 of the family and headed out to run the 13 mile stretch of the Etowah River from East Cherokee to 140.  Last year’s floods changed this section a bit, but it was still very nice, with blue herons escorting us, interesting aquatic life, and the native American fish weirs still intact (Tina posted some nice shots in her Picasa Gallery).  Water levels had receded, but it was very runnable.  Rapids never get above Class II in this segment (if that), so it took awhile: 6 hours for us (with stops), and it made for a good paddling workout.  My only complaint is that put-in and take-out remains a real challenge; we look forward to the planned launches to improve that situation.

Following that we rushed home just in time for me to grill “dad burgers.”  There: we squeezed as much into one day as is humanly possible.  Can we do it again tomorrow?

Run, canoe, grill: pretty much a perfect Labor Day “triathlon,” if you ask me.

Third Time’s a Charm

Reality is firmly rooted: we don’t quite yet have quantum computers, nor have we really proven that P != NP.  Yet while cracking most modern encryption and hash algorithms falls into the “not impossible, just highly improbable” category, academic weaknesses do get attention.  So much so that the old SHA-1 and MD5 hashing mainstays are no longer considered acceptable.  Soon enough, SHA-2 will also be as uncool as a rickroll.

Just in the nick of time, the NIST is narrowing the list of candidates for the new SHA-3 algorithm.  The second round just finished, and it’s down to 14 candidates, with the winner to be chosen before the Aztec calendar ends in 2012.  It should be a good contest, as long as FIFA referees aren’t involved.

This is exciting stuff, and I’m sure you’ll want to play along.  Just use your jailbroken, Krakenproofed cell phone to text your favorite to 2600.  I’m pulling for Skein, mainly because of the cool name and celebrity status.