David S. Read

I recently purchased a Wacom Intuos tablet to connect to my computer as a tool to allow real-time annotation on slides during a presentation. These presentations could be recorded or live in nature. Using the mouse or touchpad was too limiting and magnified my already poor penmanship.

Once I had the tablet hooked up it was easy to annotate using PowerPoint’s own menus for selecting the mode (pen, highlighter) and colors. However, the navigation to access those features required traversing through an on-screen menu each time the pen was being selected or whenever I wanted to change the pen color. This was a real nuisance and meant that there would be an on-screen distraction and presentation delay whenever I had to navigate through the menu.

I hunted around for an alternative one-click shortcut approach and could not find one. Maybe I missed it but I finally decided to see if I could use PowerPoint macros and active shapes to give me a simple way to select pens and colors. I did get it to function and it works well for my purposes.

I’ve documented and demonstrated what I did in a short video. I’m sharing it in case others are looking for an option to do something similar. Once you get the framework in place, it provides the flexibility to use macros for more than just pen color control, but I’ll leave that to the reader’s and viewer’s imagination.

The video is located at: http://monead.com/video/WacamIntuosTabletandPptAnnotations/

The basic pen color macros that I use in the video are located at: http://monead.com/ppt_pen_macros.txt

I’d enjoy hearing if you have alternative ways to accomplish this or find interesting ways to apply the technique to other presentation features. Happy presenting!

The Internet is full of examples of simplifications creating vulnerabilities.  A good number of these can be represented as indirection enablers.  IP addresses, domain names, URIs, tiny URLs, QR Codes and now Microsoft tags.  Each of these serves the purpose of simplifying and decoupling.  We have seen many exploits for the first four, what about these last two?

As you likely know, QR Codes and Microsoft tags are graphical images targeted at print media, though there is no reason they can’t be used in an online fashion.  They are most often presented as rectangular graphics (examples below).  The reason for using them is to provide an easy way for someone to access a web page (or other online resource) related to the printed content.  Since these images represent character data they can also be used to house information, like contact details, that do not require online access to interpret.

The use case is simple: install a special program that interprets the codes or tags; point the camera from a smart phone or computer at the graphic; and voilà, your phone presents a web page, phone number or other embedded content. Basically this avoids having to manually enter a URL.  Depending on a company’s marketing strategy this is a powerful feature since a particular ad might want to direct a person to a URL that embeds  information about the specific advertisement, media source, publication page and so forth.  Typing in a complicated URL would put off many people but this removes most of the effort while making the print media interactive.

The main issues with adoption are educating the public about the use of these codes and getting people to install the reader software.  Some of you may recall Radio Shack trying to do something similar several years ago.  They created a scanning device, given out for free, that people had to connect to their PCs.  They could then scan a specific item in a Radio Shack catalog or advertisement and be brought to a web page with detailed information and ordering instructions.

Although that particular attempt failed, these newer approaches have the advantages of being broadly available, leveraging a common accessory on a smart phone (camera) and providing benefits to more than one company.  It will be interesting to see if any of the competing standards catch on with the general public (beyond the two mentioned already there are others such as Data Matrix, Quickmark and PDF417).

My concern, however, isn’t whether these graphical links become popular, it is whether they present another security risk. I believe that they do, in a manner similar to Tiny URLs, yet possibly more insidious.

(more…)

I am happy to report that I have been awarded the Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium [(ISC)²]^a.

I started pursuing the certification in mid-2009, got serious about studying early this year (2010), took the exam in late April, was notified that I passed and had my background endorsed in May, had to update my resume for an auditor in early June and was awarded the CISSP designation at the end of June.

I felt that this certification was important both professionally and personally.

Professionally, the certification serves as a validation that I have a solid and broad understanding of information systems’ security.  People who have worked with me know that I have been focused on IS security for many years.

Whether performing security-centered code reviews, fixing flawed implementations or teaching designers and developers how to improve the security of their systems, I have been on a mission to mentor and train people to observe effective security practices and principles.  I’ve also had operational responsibility for system infrastructures.  With that experience I was able to pass GIAC’s GSEC and Red Hat’s RHCE exams several years ago.

Personally, the process of studying and passing the exam allowed me to pursue and attain a non-trivial goal.  I am enrolled and taking classes toward my master’s degree, but completing that work will require several more years of part time attendance.  Setting and achieving intermediate goals helps to keep me focused and learning.

If you are wondering what the CISSP is all about, please read on.

(more…)

This was the first year that Sarah and Michael were on separate teams.  Sarah and her team chose to do this year’s classics problem, Discovered Treasures, while Michael and his team chose this year’s technical/performance problem, Return to The Gift of Flight.  The older team, being high-schoolers, competed in Division III.  Michael and his teammates were in Division II.

The  teams worked hard.  Lisa coached both teams so she had twice the fun from previous years.  The house also contained twice the cardboard and other assorted paraphernalia as usual.  As the year progressed it was clear that the two problems required very different strategies in terms of planning and execution.

(more…)

During the past several months I’ve had an interesting experience working with Brainbench.  As you may know, Brainbench (a part of Previsor) offers assessment tests and certifications across a wide range of subjects.  They cover many technical and non-technical areas.  I have taken Brainbench exams myself and I have seen them used as a component within a hiring process.  However, I did not understand how these exams were created.

That mystery ended for me late last year when I received an email looking for technologists to assist in validating a new exam that Brainbench was creating to cover Spring version 2.5.  Being curious about the test creation process I applied for the advertised validator role.  I was pleasantly surprised when they contacted me with an offer for the role of test author instead.

I will not delve into Brainbench’s specific exam creation approach since I assume it is proprietary and want to be sure I respect their intellectual property.  What I found was a very well-planned and thorough process.  Having a background in education and a strong interest in teaching and mentoring, I know the challenge of creating a meaningful assessment.  In the case of their approach, they focus on an accurate and well-considered exam.

I believe that I am quite knowledgeable regarding Spring.  I have used many of its features for work and personal projects.  The philosophies supported by the product (encouraged, not prescribed) address many areas of coding that help reduce clutter, decouple implementations, and simplify testing.  As a true fan of Spring’s feature set, I found it challenging to decide which aspects were most important when assessing an individual’s knowledge of the overall framework. (more…)

I have been following the work being done by The Brain Observatory at UCSD to carefully section the brain of patient H.M. The patient, whose identity was protected while he was living, is known as the most studied amnesiac.  His amnesia was caused by brain surgery he underwent when he was 27 years old.

Screenshot from the live broadcast of Project H.M.'s brain slicing process

I won’t redocument his history, it is widely available on various websites, a few of which I’ll list at the end of this posting.  For me, this study is fascinating in terms of the completely open way the work is being done.  The process of sectioning the brain was broadcast in real time on UCSD’s website.  The entire process that is being followed is being discussed in an open forum.  The data being collected will be freely available.  For me this shows the positive way that the web can be leveraged.

I spend so much time in the world of commercial and proprietary software solutions that I sometimes end up with a distorted view of how the web is used.  Most of my interactions on the web are in the creation of applications that are owned and controlled by companies whose content is only available to individuals with some sort of financial relationship with the web site owner.

Clearly sites like Wikipedia make meaningful content available at no cost to the user.  However, in the case of this work at UCSD, there is an enormous expense in terms of equipment and people in order to collect, store, refine and publish this data.  This is truly a gift being offered to those with an interest in this field.  I’m sure that other examples exist and perhaps a valuable service would be one that helps to organize such informational sites.

If you are interested in more information about H.M. and the project at UCSD, here are some relevant websites:

• Project H.M.: http://thebrainobservatory.ucsd.edu/hmblog/
• Wikipedia: http://en.wikipedia.org/wiki/HM_%28patient%29
• NY Times Obituary for H.M.: http://www.nytimes.com/2008/12/05/us/05hm.html
• S.D. Union Tribune Article on Project H.M.: http://www3.signonsandiego.com/news/2009/nov/30/hm-recollected-famous-amnesic-launches-bold-new-br/