So, from April 5th through the 8th I was in San Antonio, Texas on business for the annual Ratabase conference. I’d been planning on live blogging it again like I did last year (actually, I was planning on doing it better than last year), but things didn’t quite work out that way. So, instead of the latest news on cool new things you can do with an insurance rating calculator (stop laughing!), I’ve got a cautionary tail about relying on new equipment, planning before doing things, and generally about how I do stupid stuff with technology.

Now for a bit of background. Windows Vista & 7 have this cool feature called “BitLocker”. Basically, it encrypts your hard drive so that if the computer/drive is stolen, an attacker would have to go through the OS level security mechanisms (usernames/passwords/smartcards/ACL’s). The attacker wouldn’t be able to circumvent the OS mechanisms by, say, editing the password store to give change the passwords. Or they could go after the EFS keys and just decrypt files that you had encrypted explicitly so that other people wouldn’t be able to read them!

One “mode” of Bitlocker relies on this cool hardware device called a TPM (trusted platform module). The TPM is involved in the key management/access process, and basically serves to ensure that the entire system, starting from the beginning of the boot process, is “trusted”. After all, you wouldn’t want some nefarious person coming in, booting to a different environment that can impersonate the BitLocker process, and then unlocking/decrypting the BitLocker volume and thus bypassing all the security it was supposed to offer. If the TPM/BitLocker (not sure which actually does the checks) detects that the system is under attack (for example, the order of the devices that the system boots from has changed), the system will require that a 56 digit recovery key be entered. Assuming you created a recovery key initially…but everyone does that & keeps that key safe, right?

A week before I was to head to San Antonio, my new Tablet PC (a Lenovo X200T) arrived. Incidentally, it’s a very nice system…fast, light, long battery life, lots of accessories (I bought most of the options…X-Base so I have an optical drive, webcam, fingerprint reader, WiMAX, HSDPA/UMTS, GPS, etc.). And it has a TPM v1.2. Which was cool, because it meant I could use BitLocker!

So I put Windows 7 (beta) on the system, enabled BitLocker, created the recovery key, and used the system successfully for a week. One time while rebooting the system I had to enter the recovery key, which I thought was kind of funny at the time, but didn’t really worry that much about it. So along came Sunday morning, it’s 5:00AM and I need to head out to the airport, so I hibernate my tablet and pull it out of the docking station (X Base). Figured I wouldn’t need the optical drive, and certainly wouldn’t need the extra weight. Thought about putting the recovery key on a flash drive or the external hard drive I was taking, but then thought “nah, I wouldn’t need that”. Besides, the key would be a lot more exposed to compromise if I had it with me and, say, my flash drive got lost/stolen.

Remember how I said the boot order mattered to the TPM? And remember how 1) I installed the OS shortly before this (from a DVD), & 2) how I wasn’t taking the X-Base with the DVD drive with me? And how I ignored the fact that when I’d last attached the X-Base I had to enter the recovery key? And how I wasn’t taking the recovery key with me? (this is where it should become apparent to most people that I am, in fact, an idiot.)

Of course I got all the way to the airport, through security, and was sitting at the gate with 30 minutes until boarding started when I went to use my tablet. And of course it saw that the DVD drive was no longer present and began going “oh noes! I’m under attack!”. Which then caused me to first realize exactly what mistakes I’d made, then freak out (it’s amazing what sorts of brief, complete clarity you can have when a situation goes to crap).

Part of the freak out was calling up a trusted friend and giving him all the details of connecting back to my network via VPN (including user names and passwords). I figured “okay, get connected to the internal network, then the administrator account can be used to login to the online CA and security server to retrieve the recovery key”. Yes, it was a moment of weakness and complete stupidity. Fortunately, years ago when I got the VPN stuff working, I had the foresight to use L2TP and require certificates to connect in addition to passwords. So no VPN connection could be established, giving the passwords did absolutely no good (but no harm either), and the recovery key couldn’t be retrieved. Hurray for defense-in-depth.

I was not totally without my tablet during the trip though. Remember how I brought an external hard drive with me? Well, that drive is the bootable one that I use to make OS recovery images. And I’d used it just a week before to backup the Lenovo factory default config. So I spent the flight down to Texas doing restores until I got the system working again.

Here are some pictures from the trip (more (and higher res ones) can be found on my Windows Live Photos album for the trip):

Westin La Cantera Resort gulf course outbuilding

San Antonio, TX Riverwalk. There’s a boat ride around it that’s kind of cool too (+). Lots of people (-). On the whole, it was a cool area, and made for a good change of pace from the conference.

The Alamo (of course!).

Now playing: Greg Laswell – Three Flights From Alto Nido – 04 Comes & Goes (In Waves)

There have been entirely too few random bits posted here lately, so here's an IM conversation from yesterday...

Jeffrey says (05:34):
you're up kind of late...
Jeffrey says (05:35):
unless your computers are LIEING
Matt says (13:31):
or up early
but more likely is that my computer is full of lies
Matt says (14:10):
but you
are idle
remember Jeffrey...
idle messenger clients are the Devil's beowulf cluster
Matt says (14:11):
Now the devil has a better SETI@home score than Jesus, are you happy now Jeffrey?

Now playing: Stars – In Our Bedroom After the War – 10 Bitches in Tokyo

US Airways flight 1549 (the one that had the forced landing on the Hudson River back in January):
http://feedproxy.google.com/~r/typepad/ZSjz/~3/SSL89J3Le2M/mallons-salvage-pictures-back-online.html

Opting out of online advertising cookies & their tracking behaviours:
http://feedproxy.google.com/~r/typepad/sethsmainblog/~3/4mvAgzlGUaI/how-to-opt-out-of-cookie-sniffing-and-trading.html
(not sure I entirely believe that opting out would really do anything)

Doctor Who humour:
http://roflrazzi.com/2009/01/08/celebrity-pictures-tennant-pop-up/

Exception Driven Development (I actually added something along these lines to the app at work that I used to work on…it was quite enlightening to be notified about the crashes/errors and see 1) how alike your users think, & 2) how different that is from what you thought they’d think and the assumptions you implicitly made when building the software)
http://www.codinghorror.com/blog/archives/001239.html

Now playing: Holy F*ck – Holy F*ck EP – 04 Lovely Allen

http://www.wordplace.com/ap/index.shtml

http://www.qwantz.com/fanart/timetravelling.jpg

http://blogs.msdn.com/michkap/archive/2009/04/08/9537233.aspx

We need more Engineers

And lastly, for anyone that reads the blog just via the RSS feed and never visits the sites, my pictures are now hosted via Windows Live Photos. We’ll see how well that works out in the long run… URL is http://cid-348cb3ddffbdf313.photos.live.com/

Now playing: Emm Gryner — Get Brave

DasBlog 2.3 is out! Upgrading took longer than it should have...probably because I did a bad job of separating the application from my SharePoint migration customizations last year. But that’s been fixed, and upgrading from my custom build of 2.1+ to 2.3 went pretty smoothly.

In case I accidentally delete the files I saved these changes off into (again), here are my customizations:

• ~/web.config (I actually just copied & reused my existing web.config file, but this is the big change*):

  <system.webServer>
    ...
    <security>
      <requestFiltering>
        <hiddenSegments applyToWebDAV="true">
          <add segment="siteConfig" />
        </hiddenSegments>
      </requestFiltering>
    </security>
    ...
  </system.webServer>

• ~/siteConfig/site.config (these are in addition to the regular ones that have to be performed, like site title, notification address, root url, etc.):

  <!-- CUSTOMIZATIONS: -->
    <DisplayTimeZoneIndex>90</DisplayTimeZoneIndex>
    <AdjustDisplayTimeZone>false</AdjustDisplayTimeZone>
    <ContentDir>~/App_Data/content/</ContentDir>
    <LogDir>~/App_Data/logs/</LogDir>
    <BinariesDir>~/attachments/</BinariesDir>
    <ProfilesDir>~/App_Data/profiles/</ProfilesDir>
    <SmtpServer>localhost</SmtpServer>
    <EnableSmtpAuthentication>false</EnableSmtpAuthentication>
    <CommentsRequireApproval>true</CommentsRequireApproval>
  <!-- END OF CUSTOMIZATIONS—>

Other customizations:

• Backup from old installation and restore to new install:
  • ~/siteConfig/blogroll.opml
  • ~/siteConfig/navigatorLinks.xml
  • ~/siteConfig/siteSecurity.config
  • ~/App_Data
  • ~/attachments
• Change ACL on ~/siteConfig to grant NETWORK SERVICE modify access (ACL's on App_Data and attachments should be retained when backed up & restored; if not, grant this access to those directories too)

* I run dasBlog on IIS7, so my web.config file is actually quite a bit different than the one that ships with dasBlog. But those differences (other than the one highlighted above) were created by migrating the existing config file.

Now playing: Emm Gryner – Goddess – 07 Match

One lane bridge on the road to the coast between Carlton, OR & Beaver, OR. It has a couple different names depending on where you’re at on it: Meadow Lake Road, Nestucca River Road, Upper Nestucca River Road, & Blaine Road. It was fun to drive when I took it, but I imagine that would change as soon as some snow got on it. So probably only safe to take it from late spring to early fall. In mid-April 2008 it was passable enough, and there’s a number of campgrounds that were completely empty along the National Forest parts. There are some nice views towards the Carlton side that I wish I had captured pictures of. Maybe for next year!

Cape Kiwanda, as viewed from the south near Pacific City.

Offshore rock at Cape Kiwanda.

Now Playing: Brenda Weiler – Live – 18 Sweet Lullaby

Taken back in March when Emil & his girlfriend were visiting. For some reason I didn’t take pictures of the informational signs, so I don’t actually remember which waterfalls these are pictures of. They’re in the Columbia River Gorge, off the old highway. I’ll have to head back out there sometime & capture what the names are...

Now playing: Stars – Sad Robots (EP) – 05 14 Forever

Lewis and Clark Bridge across the Columbia River between Rainier, OR and Longview, WA. Taken last year while heading to the coast via Astoria.

Fort Clatsop (replica) in the Fort Clatsop National Historical Park. It was prettier when I was there in July (2007), but unfortunately I don’t seem to have any pictures from that!

Astoria Bridge that carries US 101 across the Columbia River at Astoria, OR.

The beach at Nehalem Bay State Park. See, not all days out at the coast during winter are that bad...

...just don’t look in the other direction.

Or maybe it was just luck that there was a clear patch right over the part of the beach I was walking on.

On the dune right next to the beach at Nehalem Bay State Park.

Cannon Beach. The water seemed colder then at Nehalem beach when I was walking around out in it.

Now playing: Lifehouse – Lifehouse – 01 Come Back Down

It was hot Friday and Saturday. Which meant I was busy being lazy and staying cool by sitting in my car (with its AC running). I should have posted this when it was 100+ degrees out, but I didn't, but now it's appropriate again because snow is predicted to fall in the mountains tomorrow!

Yes, the weather has gone crazy this year.

Outside my apartment window, back in February.

Now Playing: Brenda Weiler – Fly Me Back – 09 Fly Me Back

US 26, right after/before the tunnel through the west hills. Looking towards downtown & PSU.

Houses/apartments/condos/whatever built on the side of the west hills.

Now Playing: Po' Girl – Home to You – 09 9 hrs to Go