Got Ya Day

She’s here!

And she’s a bit shy. But she had a pretty unsettling couple of days being loaded into a greyhound hauler for the trip to Tidewater, a few hours with Dominion Greyhounds adoption coordinator, then hand-off to me. The original plan was to do introductions at my friend Judy Schooley’s home, then take the dogs on home. Missy was so shy that I nixed that plan, stopped to retrieve Nick, and took her straight home. Of course, this was Friday, a mid-day beer tasting outing at O’Connor Brewing here in Tidewater with Judy, send Nick to Judy’s, drive to Gay’s to get Missy, then to Judy’s to retrieve Nick and home. We got in around 4 PM on Friday.

Missy loaded up without fuss. I put some treats in the way back, told her to kennel up, and she did. Nick crawled in the back seat of my Audi A4 Avant and snuggled up with the X-Pen that was in the foot well. The trip home was uneventful. Missy quickly settled down in the way back to watch the world go by. No words were said. No dirty looks were given. An auspicious beginning.


Once home, I brought both hounds to the back garden to meet. These things generally go easier when both dogs are off lead and have some room to move around. Missy and Nick walked around a good bit, Nick with Missy in tow as he showed her the back garden. Nick also introduced her to the back garden squirrels who are now picking pecans next door in a velociraptor free yard. Nick and Missy beasted one squirrel together then played a bit of chase. Nick was ready to go in but Missy decided to play hard to get. It took a good 30 minutes to coax her back in. She was shy of me and shy of the narrow back garden entrance. But after a half-hour of silly human games, I was able to get a lead on her and escort her in.

Nick settled right down while Missy toured the house. Eventually, she settled down and both goofed off until supper. Missy had not been fed before her trip north so she was ravenous. She ate her ration, then Nicks, then another two cups. A very full dog, she tossed the third ration up later that evening. For the rest of our turnouts, she went out on lead and dragged a lead to make her easier to retrieve.


Saturday got off to one of those starts. Nick wanted to go out at 0600. Missy wanted to come along. I let her off lead, mistake! Two hours later, she finally let me bring her in. Same not quite sure of me or the back garden gate thing. But her Second Chance trainer mentioned in her letter that Missy liked balls. I went in and brought out this big red thick-skinned dodge ball that can be rolled but is ribbed to allow a dog to carry it. I rolled it across the lawn. Missy went after it, grabbed it, and began ripping around the yard having a grand time. When she tired, she was ready to be retrieved and go in. During the course of Saturday, she realized that the retired moocher life was not so bad. By evening, she came when called to be put on lead and actually sat on cue. She slept through the night.


They change so much in the beginning. Missy and Nick trotted out into the back garden, did morning toilet, played some chase with the ball, and came in. I showered up for church with Missy paying special attention my bathing and dressing. Fortunately, shower doors open outward or I’d be chasing a wet dog about the house!

They both went out for pre-church toilet. Missy came right in and entered the house with minimal prompting. She’s getting the hang of this pet life pretty quickly. I brought them in and set up the baby gate with them in the two back bedrooms. Missy hopped up on my bed and settled down. Both were muzzled for some extra safety if someone stepped on someone and the stepped upon one took offense. It is rare for things to go to teeth in that circumstance but caution is wise in the beginning and during rough play.

By this point, it was pretty evident that Missy has decided to stay around. She’s sweet on me and on Nick and is a real hoot. She’s got the nicest ears and carries them half erect while she’s up and about and she is definitely playful. Nick has the running buddy he’s always wanted.


Introducing Dancin Bahama

The new chaos unit is in a halfway house beginning the transition from the working girl life to retired moocher life. According to Jennifer, her mentor, she is doing well with her house manners but is startled by noise. Not one to take to the Harbor Fest fireworks!  She’s expected to complete charm school in about 2 weeks and will be traveling to Tidewater Oct 16.

Thanks to her original owner, Peter Limer, for offering Dancer for adoption. Peter is a well respected NGA member and has campaigned a number of top gear dogs. He is well thought of in the industry and is regularly mentioned in NGA articles.

Dancing Bahama at her farm
Greyhound Data reports that Dancer had 40 starts, all finishing in the middle but off the back a couple of times. She was not covering her grocery bill so she’s petting out at 2 years 6 or so.

She’ll be my 6th retired racer. They’ve all been unique individuals and each one has presented his or her challenges. Dancer joins Lord Nick, also known as Nearly Headless Nick, Captain SLO (a story for another day), or Nick Nut. Nick fancies himself Alpha and can be a bit full of himself. But he’s acting like he’s ready for a best buddy. From her trainer’s notes and from her running style in her racing stats, Dancer is content to go along and get along. She didn’t have to be out front but was always in the thundering herd. I think she’ll be content to be Lord Nick’s consort. Lord Nick and Lady Dancer has a bit of a ring to it.

Messing around with available light

Web hacking

Hosting Options for Small Non-profit Web Sites


ODU Virginia Beach Higher Education Center


This spring, I enrolled my church in Google Apps for Non-profits. Being new to the process, we started with a Small Business Trial enrollment, then the non-profits enrollment, and finally, tying the two together.

Today, I started my second Google Apps for Non-Profits application, this one for Old Dominion University Institute for Learning in Retirement. ODU ILR is an almost all-volunteer run non-profit. We have two office staff that handle member enrollment, program registration, book keeping, and receive the member’s program fees for us. We have a web site, accounting system, member enrollment and course registration system, and do mass mailings. Most of these systems were established in the 1990’s and have become dated, especially our MS FrontPage and E-mail.

Web hacking

Google Apps for US Houses of Worship, Part 2

Google Apps for Non-Profits

Google offers its Google Apps services to qualified non-profit organizations. In the United States to qualify an organization must be either a

  • US IRS 501c3 corporation whose Employer ID number is registered as such in the IRS EIN database
  • An affiliate of a 501c3 corporation that has established an Group Exemption Number and has included the affiliate in the group.

To verify your status, Google checks the IRS database. If your organization qualifies, its records will include a group exemption letter like the one shown below.

Google Accepted IRS Group+Exemption+letter+formatThe annotations to the right show the information that Google requires.

Google Follows the Rules!

Back in the spring I wrote about applying for Google Apps for Non-profits on behalf of my church, Unitarian Church of Norfolk. Apparently, our application awoke Google and they have developed stricter guidelines for application processing. At the time UCN applied, UUA had established its EIN as a 501C3 qualified corporation but had not established an affiliated-organizations group number.

At the time, Google let UCN slide in to home. Since then, Google has expanded Google Apps for Non-Profits to the UK, Japan, and more. As the program has grown, they have become stricter about the rules. UC Boise attempted to apply in late summer of 2014 and was unable to find a way through the maze. Like most Unitarian Universalist churches, they were relying on their existence as a house of worship to provide tax-exempt status. They, like UCN, had not enrolled as an IRS 501C3 corporation. And the UUA has not established an exempt affiliates group.

UC Boise’s experience is that Google strictly requires one of two things.

  1. The church’s qualified EIN
  2. The church’s membership in a qualified group

Further, Google is requiring that this be verified electronically by query to the IRS database. They are no longer crawling submitted paperwork.

Becoming a 501C3 Corporation

The process is not complex but it will take a day or two of a member’s time to complete the IRS paperwork. The rub is that the IRS charges an $850 fee to process the application. This is a significant one time expense that would have a 1 to 3 year payback time depending on the number of Google Apps seats needed. Most houses of worship will want from 5 to 15 seats to cover employees and church jobs that need E-mail. Google Groups may be used to reduce the number of addresses needed. Google Groups is useful for church activities that don’t need to have an official voice. Most committees are better served by groups but minister, office, web admin, and the officers really should have E-mail accounts.

Two IRS forms are of interest. Form 1828 describes the regulations governing US houses of worship. Form 1023 is used to file to become a 501c3 organization.

Form 1023 includes the application, instructions, and fee information. The applicant’s yearly budget determines the fee with a break point at $10,000/year. Most churches will be above the break point and will incur the $850 fee (2014). The IRS estimates that it will take 8 to 16 hours to gather the relevant supporting information.

The wise church will apply for 501c3 status while its budget is below $10,000/year. Although not strictly required for tax purposes, membership has its advantages like free Google Apps for Non Profits.

 An Alternate Google Apps Approach

UC Boise has elected to use Google Apps for Small Business which provides similar features (but probably not the new Classroom product). Google charges small businesses $5/E-mail per month or $50 for the year prepaid. UC Boise has elected to establish 5 accounts, probably a workable minimum. Most congregations will want accounts for the following billets

  •  Minister
  • DRE
  • Office
  • President
  • Treasurer

It is good to have accounts for the Webmaster and Google Apps admin but these can be directed to the office. This design will cost UC Boise $250 per year. With a more robust 15 accounts, Google’s bill would be $75 per month or about the same as the phone service. This more robust provisioning would cover the rest of the officers, provide Google Apps and Webmaster dedicated accounts, and provide an account for the Volunteer Spot volunteer coordinator.

By way of comparison, $75/month is about the cost of high speed Internet service or telephone service for 3 lines from Cox Communications in Tidewater.

Why Google Apps?

The more astute moochers out there will quip that free services will do all of the stuff that Google Apps does. That is indeed true. Zoho does E-mail, Dropbox and Evernote support collaboration, YouTube is free, etc. Why Google? Generally, when a service is free, facts about the users are the product. Be sure you read the terms of service and understand the acceptable uses and what the provider will do with information derived from your activity.

UCN elected to go the Google Apps for Non-profits route because

  • 50 or so of our fellow congregations had blazed the trail
  • There is a single point of administration and control
  • All services can be UCN branded
  • Key services G-mail, hangouts, drive, YouTube, etc are increasingly integrated


Site changes Web hacking

New URL:

The New URL

Today, I finally took the plunge and gave this beast it’s own URL, Those of you having book-marked will find that you are forwarded to Please update your book-marks as Automattic makes no promises about how long the mapping will be maintained.

I registered the domain indirectly via Automattic, the fine folks who make WordPress and operate Automattic still hosts the blog for me. For a simple, no-frills site like this one, it made sense to do it all with Word Press rather than registering separately with EasyDNS at retail. That route would have been a bit more complex and expensive. Word Press with a custom URL is $26/year. There will still be an advert at the bottom and I’m still restricted with respect to theme choice and plug-in choice but the stock 2014 theme and plug-ins meet my needs.

Personal Computing

Making Good Passwords for the Rest of Us

Every week brings stories of a new software exploit or corporate data breach in which user names and passwords are stolen. Security “experts” are advising us to make ever longer and more complex softwoods and to use unique passwords for each site that we visit. Why is this good advice and how do we go about making good but usable passwords? And how do we remember them all? I’ll attempt to answer these questions in this article in a way that is accessible to my retired buddies and family.

Why a User Name

There are lots of reasons to have a user name and password at sites that you visit regularly. Some benefit you while others benefit the site operator in a way that allows them to continue to provide the site’s service to you.

  • The site can provide personalized service
  • Some services are provided only to authenticated users having a standing business relationship with the organization (like your bank)
  • The site accumulates information that allows it to provide better services to you.

Some of these things can be done with or without an E-mail address using your home’s IP address as a substitute. Without an account, the site has no way of knowing which of several users at an address is actually visiting: you, your spouse, your 13 year old son? Without a sign-in, the site has to make somewhat general decisions about what to show you.

Why a Unique Password?

A password is a secret shared between you and the web site. When the user name and password pair are unique to the site, successful presentation of the user name and the associated password verifies you to the site and the site to you. You’ve shared that particular secret with only one web site. You each know that the intended party is at the other end of the line.

If login fails, you may have miss-typed the URL. Double check the URL before doing missing password procedures. It is not uncommon for unscrupulous operators to attempt to collect user name and password pairs by impersonating a site on a common misspelling of the URL.

Why a “Complex” Password?

The primary reason to use a complex password is to avoid well-known passwords or passwords composed from information known about you that an impersonator can obtain. This basically prevents an unscrupulous unskilled individual from committing theft of service or tampering with your relationship with the various sites that you visit. It is not intended to protect you from an organized and systematic attack.

Intelligence agencies and criminal syndicates make sophisticated attacks to break into web sites. One thing they try is to use statistically common passwords like “password12”. And surprisingly, they can make all the mess-ups like “pa$$word12”, “pas$word12”, etc. Most sites attempt to protect accounts against password guessing using several techniques.

  • Limiting the number of failed log in attempts in a time period
  • Increasing the delay between log in opportunities
  • Locking the account and requiring use of lost password procedures which involve different shared secrets.

How Passwords are Stored

Reputable web sites do not store your password. Rather they store the results of operating on your user name and password and possibly some well-known (to the site, anyway) other stuff to compute a hashed value. The addition of other stuff is called salting the hash or just salt for short. A hash function is a function that maps a string of data into another pseudo-random string. It is easy to compute the hash but prohibitively expensive or impossible to retrieve the original string from the hash because the hash function makes a many to 1 mapping. The hash is useful because the inputs that map to a given output are wildly different. No recognizable variation of the input string will give the same result as the correct string .

As a result, Google can not tell you your G-mail password. Google only has the hash. It is likely that the hash input and hash algorithm are designed to give different results when a common password is used with multiple Google accounts. Compromise of one account does not imply compromise of other accounts. Others may not be so clever or careful as Google.

What is taken in a break-in?

In many break-ins, the attackers gain the password database which is basically a list of user names with their hashed passwords. Many sites, especially entertainment sites, use a well known authentication process. Each such site produces the same hashed value from your E-mail address and password.

It is common for attackers to sell lists of user name password hash pairs. Today it is possible to break the hash to recover the original password. In other cases, the password list is stored in the clear and lists of user names with passwords are also available. Availability of these lists allow others to compromise your account to steal from you or to impersonate you.

What do I do?

To limit the consequences of password compromise and to authenticate my bank and broker’s web sites, I do the following.

  1. I use unique passwords for each site
  2. I use a password manager to store all my passwords
  3. I use a password manager that syncs password data among computer, phone, and tablet
  4. I chose the password manager carefully.

Making Unique Passwords

It is hard to make up good passwords. Choosing words myself generally results in using words associated with me, my interests, or my experiences. They’re not really random. Same with numbers. They’re usually the last 4 of an ancient phone number.

Instead, I use dice ware to make good but easy to type passwords whose parts are chosen randomly. Dice ware is a word list used with a dice cup and 5 dice. Do use real dice as computer random number generators are “pseudo-random”. That is, started with a seed, the random number generator will always make the same sequence of numbers. Which is to say, that they’re not random, they only appear to be. You can’t guess the next one given this one but you can reset the seed and recreate the sequence.

For web sites, I use three rolls to pick two strings (usually words) and a number. Each roll has 6 to the 5th power outcomes that are independent so there are 6 to the 15th power outcomes. Two rolls select a word from the word list. The advantage of the dice ware technique is that two words and a number stick in short term memory long enough to allow them to be typed easily yet the search space is big and fairly random. And you will come to remember those you use frequently. And there is nothing about the passwords that suggests you are using dice ware to make them. The dice ware word lists are available for a number of languages in addition to English that use the Latin alphabet.

Most sites will hold a password made this way. The troublesome sites are those that have a high complexity requirement but short string length. It is difficult to produce easily remembered 8 character passwords that have 2 digits, 2 punctuation, and one or more caps. You’re down to 4 letter words or going random. Also troublesome are sites that don’t tell you the maximum password length. These sites are truncating your password so the numbers, caps and special characters can be lost if they’re near the end.

Remembering 200 Passwords

I can’t do it. I don’t think computer security expert and ace cryptographer Bruce Schneirer can do it. So I use the OS X/IOS built in password manager and commercial product 1Password. The built in pass word manager works in the web browser and stores passwords in the OS X key chain. It can also store your SSH keys (for geeks) as of Mavericks and is synchronized via iCloud as of IOS 7.

I keep everything in 1Password also because I can use 1Password to keep track of security questions and responses and other information about the site and my relationship with the site that Key Chain will not store. As of IOS 8, applications will be able to ask 1Password for data. Agile Bits explains this interface and the actions they’ve taken to prevent misuse in their blog.

1Password never gives anything up without you authenticating using your 1Password master pass phrase. I have a good one that I can remember that I made using Dice Ware. It is guess proof.

The folks at 1Password understand cryptography and know how to build secure cryptographic applications. All 1Password data is protected using AES256 encryption and care is taken that the plain text and cypher text are not left lying around in memory.

Web hacking

Web Scale Software Challenges for Lay Folk

An Example

This post grew out of a chat with Jae Sinnett, a great jazz drummer, composer, band leader, and music educator here in Tidewater Virginia. Jae likes to write essays about jazz music and the joys and trials of being a working jazz musician. He publishes these on Facebook and he writes well and at length. But Jae’s essays often come out as a single block of text with the paragraph breaks missing.

Thinking Jae had not discovered the secret sauce for getting Facebook to create a paragraph break, I commented on a recent essay to describe the shift-return technique. It turned out that Jae knew this technique but that it worked or failed at random. What could be going on?


Tablo TV One Month On

Back in June I took a flyer on brand shiny new gadget TabloTV. TabloTV had been on the market all of two months so there was little more than press releases at the time. To fill a void, I wrote about how one went about setting up and using TabloTV.

Where is Tablo Now?

Tablo is still ensconced in my media cabinet next to his friend AppleTV. Earlier this week (July 7), a firmware update shipped. My normal process with firmware updates is to start them right before turning in. This time, I decided to apply the update between programs. It went smoothly. This update added some nice things.

  • Parsimonious record new episodes logic
  • Record by time and channel
  • Support for program guide subscription

Tablo is a work in progress. The firmware that shipped in April provided a usable but partially complete DVR functionality that could not record by time and station and would greedily record new episodes (the guide would mark all airings of this week’s new Nova as new). The new front end and back end changes fixed this issue. Now, only the prime time airing is marked new. Tablo no longer records the late night showing and the next day showings on 15-2. Now I can pick series record all new episodes knowing Tablo is not going to eat the disk.

Tablo Disk Management

Tablo logic for disk space management is still in development but should be coming later this year. Until that time, delete programs after the household is finished with them. No TiVO like logic to garbage collect the file system of old watched episodes as disk space is needed.

Tablo Program Guide Subscriptions Coming

The folks at Tablo are not charging for the program guide currently because they are still working on functional issues and back end subscription management support. The latest firmware does check subscriptions. Until the store and front end features are ready, all owners are treated as subscribers. Eventually, free things will come to an end but not without adequate warning to subscribe to the guide.

Personal Computing Retired Live Web hacking

Second Life, Web Hacking Edition

To keep busy, I’ve been doing web sites for two non-profits, my church and the local Road Scholar Lifetime Learning Institute Network affiliate sponsored by Old Dominion University.  Both web sites were in need of updates for the brave new world of iPhone and iPad. Neither site was responsive and both had become disorganized as the sponsor’s activities grew in scale and complexity.


Tablo TV Arrives

I placed my order for a 2 tuner Tablo TV on Sunday afternoon. On Monday, Tablo shipped my unit by USPS from upstate New York. It arrived in Wednesday’s post. While waiting for my Tablo TV to arrive, I did some reading and selected a LaCie Porsche Design portable USB 2/3 disk.



What you need

To make a complete Tablo TV installation requires the following.

  • ATSC HD TV antenna, preferably external.
  • Tablo TV
  • Tablo TV iPad or Android app
  • External USB 2/3 disk drive
  • Local WiFi network for iPad/Android
  • Local WiFi network or Ethernet for Tablo TV
  • Internet access to Tablo to acquire the program guide

Choosing a Disk

DVR service is a moderately aggressive use of a disk drive. The DVR can spend 2 to 3 hours per day recording material and a similar amount of time playing back material. This duty cycle is more aggressive than the typical laptop/desktop duty cycle but less so than a corporate application server. It was with a little fear and trembling that I went looking for a disk to use with Tablo TV.

After some poking around on the InterWebs, I settled on a 1 TB LaCie USB 2/3 portable disk. These are the ones in the pretty package and are “compatible with Time Machine.” I’m hoping that LaCie chose wisely from Seagate and WD’s offerings and picked a disk that is suitable for several hours of continuous activity per day. Only one way to find out, have a smoke test.

Unboxing and Installation

Tablo double boxed Tablo TV for shipping. The inner box was typical of recent Apple or Nest packaging, simple graphics and thoughtful design to protect the product during handling at retail. The inner box was sized to be a snug fit in the outer shipping box so little dunnage was required. The package contained the following.

  • Switching power supply
  • Tablo TV
  • Ethernet cable
  • Quick start sheet
  • 2 weeks trial use of the program guide

Cabling up is simple.

  • Connect the antenna
  • Connect the disk
  • Connect the Ethernet
  • Connect the power supply
  • Plug in the power supply

The unit powers up as indicated by a blue flashing light. The light flashes at different rates during self test, program loading, OS initialization, and application initialization. Once ready, the light is solid. The behavior is similar to that of Ooma Telo so it may be a Linux thing.

Settling In

The next step is to install the partner Tablo TV application on your favorite mobile controller, for me, an iPad. Once you have a blue light, start the Tablo App and select the option Connect to TabloTV. If not previously initialized, this will be the only choice available.

If your Tablo TV is on the wired network, the application will find it without fuss. If using WiFi, the connection process is a bit more complex and is similar to that for Belkin WeMo devices. The Tablo TV will advertise its own network. You divorce from your home network, connect to the Tablo network, and do the initial configuration dialogs to set the SSID and password. Then Tablo joins your home network and you have your iPad rejoin.

Once found, the Tablo App will guide you through channel identification, program guide loading, and disk formatting. Tablo TV will reformat your external disk which will take some time. Plan on this part of the process taking 30 minutes or so.

Will Power!

Resist the temptation to watch live TV on the first day. Tablo needs some time to complete disk formatting. Once the program guide is aboard, you can schedule recordings but give time to have the disk ready and a day to settle down. That said, I was able to schedule recordings about 30 minutes after I began installation and made my first recording at 8 PM, five hours after installation started.

Using the Tablo App

The remarks that follow apply to the iPad Tablo App. I expect the Android app will be very similar.

A menu button appears in the upper left corner of the display. Tapping the menu button opens a side bar menu. From this you can choose the following.

  • Live TV
  • TV Shows
  • Movies
  • Sports
  • Scheduled
  • Recordings
  • Settings

Use the Live TV menu to view a channel/time matrix of what is now airing or about to air. From this, you can select a channel to watch by tapping the channel label in the left column. This will open a player window that you can use to play live TV on the device. On iPad, this view includes an AirPlay widget that allows you to direct playback to any AirPlay server on the local network. Think Apple TV or a Mac running Mountain Lion or Mavericks.

TV Shows, Movies, and Sports allow you to see the scheduled programs in these genres. Selecting TV Shows will show you a listing of each series or single episode show. Selecting Sports will show tiles for the major north American sports genres. Tapping a tile shows a list of available programs that can be recorded. Tapping a REC button picks that episode for recording. If the show is part of a series, the upper part of the pane while have a series record button. Activating series recording presents the choice to record all episodes or new episodes.

TV Shows Organization

Selecting Tablo TV’s TV Shows menu item opens a matrix showing tiles for each series or unique program appearing in the program guide data. At the top of the matrix, a tool bar lets you filter the view to show all shows, series with new episodes or new shows, series that are premiering, or shows by genre. This last button opens a genre side bar. The side bar has categories for news, talk, educational, children, consumer, reality, religious, animated, sitcom, crime drama, comedy, drama, etc. This list is sorted by number of entries in the category. A program may appear in multiple bins, for example, Magnum PI might appear in drama, action, crime drama, etc. Tapping a tile brings up the program summary and recording options.

A similar Channels option lets you filter programs by the originating channel.

 Play Back

Tapping the Recordings menu item brings up a matrix of shows for which recordings are available. Tapping a tile brings up a form showing the series description plus a list of available episodes. Tapping the play button at the right side of the episode tile begins playback on the local display or on the active AirPlay server.

Disk Space Management?

I missed the part of Tablo’s materials that talk about disk space management such as deleting watched programs, etc. Disk space management is currently manual. There is actually a way to delete recordings. It’s on the episode tiles appearing in the program’s entry in the recordings view. Tapping the center of the tile reveals the episode description with a delete button located below.

Work in Progress

Tablo TV is early in its development life cycle. The product launched in April 2014. Tablo’s frequently asked questions indicates that a number of product features are coming to make it possible to save recordings, use network disks, etc.