Ups and Downs and Everything In Between

• @wendyblackheart I don’t think that list of 100 Top Sex Bloggers is sorted by “topness” because I can’t possibly be number 36, right? #
• @ProblmLikeMaria When she saw your link, @BloodyLaughter said “Yaayy! Now I have more people to bookmark and love!” and I wiggled a lot. :) #
• Introducing @BloodyLaughter to Scrum as the Product Owner for her own website. I’m playing the dev team, Scrum Master, and everything else. #
• @BloodyLaughter is the best office productivity app user I have ever known! With her help, I am able to grok iWork Numbers’ UI for charts! #
• Doing a code review of another website. It always astonishes me that I can do these in 15 mins, but then it takes ~1hr to prep for an exec. #

Ever since I was introduced to the Scrum methodology of software development, I’ve enjoyed my work so much more than before. Most of that enjoyment is due to a sense of visibility, of knowing what’s going on.

I find working without an accurate awareness of the situation at large very disorienting, and software and web development are notorious for being circumstances that change rapidly. That’s why one of my favorite things about Scrum is the burn down chart. This is nothing more complex than a simple graph that depicts how much work you bit off and how far along trying to chew it you actually are. The benefit, of course, is that it’s pretty obvious pretty quickly if you’ve bit off more than you can chew. ;)

So up ’til now, my team and I have been doing this all on paper. There’s a certain tactile appreciation I have for doing this sort of thing on paper, but of course there are disadvantages, too. For instance, you can’t easily archive the information. You can’t easily share it with remote contractors. You can’t automatically mine this valuable data with software tools. You get the picture.

There are a few cool plugins to some tools like Trac that do all this, but at first blush most of these tools seem to require that you move all of your Scrum’s planning into the digital world. That is, you can’t just do the burn down chart, you have to do all your estimation (MoSCoW desirability, sizing, estimating ideal hours) through some tool. That’s a big step, and I wanted something simpler.

So naturally, I came up with a spreadsheet in Numbers.app as my solution. I mean, how much simpler can you get? Sure, it’s not exactly “well integrated” with other tools, but your non-tech-savvy boss will probably love it, and AppleScript can be used to automate data extraction. Here’s what it looks like:

An example Scrum-style burn down chart in Apple's iWork '08 Numbers spreadsheeting application, complete with an actual chart.

(Click the screenshot to get a full-size view.)

As you can see, the Numbers sheet is a simple table and a line chart. I’ve embedded instructions for how to use the chart into the example itself, which I’ll quote here:

This is a sample Scrum-style iteration burn down chart for software development created by Meitar Moscovitz. It can be used to plot a team’s progress throughout a development cycle (aka. “iteration” or “sprint”). This sample chart depicts a 3-week iteration (15 working days) with a 150-point target goal.

The X-axis represents time, and is thus labelled Time in Days, while the Y-axis represents the work to be completed, and is labelled Points.

The green line shows the team’s ideal velocity based upon the total number of points—termed the Remaining Initial Value—scheduled for completion in the graphed iteration.

The blue line shows the team’s actual velocity (or “completed work”), which is entered by the team leader (aka. Scrum Master) after each day in the Done column.

To use this chart: duplicate this sheet, enter your iteration’s total points in the Initial Value row of the Remaining column, and delete the values in the Done column except its initial value of 0. To add more days, copy and paste more rows into the table. Optionally, give the sheet and its contents new titles. ;)

Feel free to download the Example Burn Down Chart.numbers file and use it yourself. If you do use it, please leave a comment and let me know how you’re going. Thanks, and enjoy!

• Woke up to more snarkiness from the Under30SydBDSM list. I’m always amused when people have no idea who they’re dealing with with me. #
• There are a lot of culture wars going on right now. In tech worlds this can be summed up as: It’s better to ask forgiveness than permission. #
• All this week I so wished I was getting paid to do something interesting like research for my next book, or something I actually care about. #
• Best part of today: I learned about philosophy from a coworker. http://en.wikipedia.org/wiki/Qualia Strangest thing: We lost our AirPort AP. #
• Update on missing AirPort AP: an employee moved it so it could be attached to different speakers. Innocent mistake but very annoying. #
• Fantastic presentation by @factorypreset on technology and human society, machine readability, gendered technology and humanity. Woah! #
• Ditching the studio for the Drupal Australia meeting to learn about Drupal views & how they work. I need some relaxed tech after today. #
• Fucking hell, the one time I don’t bother to get someone’s last name I’m stopped at building security. This is why I am always anal! #
• Went to head into the Broadway shopping Center to meander around the stores and food court, listening to tech podcasts for my tech fix. #
• I’m sure most ppl think I’m rocking out when they see me w/my iPod. I’m really educating myself freely better than they are at school. #
• Spent the last two hours catching up with @sheershir over an iChat video conference. I love that the biggest problem w/communication is TZs. #
• Fixed up my résumé to include hcard’s XMDP profile tonight. Also, unrelated http://youtube.com/watch?v=5gpJ1hVoJqU = AWESOME! via @sheershir #

• One of our office’s desks just collapsed taking an iMac and several cups of coffee tumbling to the floor. The iMac is okay, the mugs aren’t. #
• Seems I’ve become the Bad Cop in “Under30SydBDSM” group while prodding them to get organized. Good thing I grew up with a really thick skin. #
• Not at all surprised at the immaturity of most of Under30SydBDSM, like most BDSM groups…they are supposed to be young after all but so am I. #
• At the Sydney Python User’s Group watching a presentation on Python 3. Interesting to compare language features between one another. #
• Coolest new Python 3 feature is, without doubt, the method annotations. This is literate programming on steroids. Absolutely gorgeous! #
• Chatted with some devs about SMP, threads, SharePoint and version control tools. Learned a lot, wish I could spend more time with them #
• This is SO the best “Why can’t we all just get along?” comic ever! http://xkcd.com/471/ Also, is it just me or is the furry kinda hot? :) #
• @laughingrhoda Enjoying Burning Man? I’m having increasingly frustrating experiences w/the communities in Sydney & wish I was back in the US #

• Woke up to some feedback of my work calling it “achingly good.” That’ll be awesome so long as I don’t kill myself through sleep deprivation. #
• Wondering whether I should pony up the $450 to go to Douglas Crockford’s JavaScript workshop http://tinyurl.com/63vnvx #
• Holy crap, I just noticed that the latest beta of Firebug shows Firefox’s ua.css (default style sheets) in the Style tab! That’s great! #
• Holy crap again! Just noticed that Firefox 3 zooms the whole page by DEFAULT, with an option to “Zoom text only” to do font-size-only zooms. #
• Coworker unplugged my Time Machine HD. Running Apple’s “Repair Disk” takes forever to check multi-linked files. I can’t wait for ZFS pools. #
• After small victory fighting w/Plone’s way-too-complex theming layers for the day, heading towards the Uni for dinner and snuggleings. #
• @factorypreset What in the good lord’s name are you doing at work at 11 PM after being out all day? At the most just come in early tomorrow. #
• @taomlin Do you like the Google Chrome browser? Just about to try it out now…at worst it finally means FOSS ones outnumber proprietary ones. #
• @factorypreset Oh. I totally forgot about that. See how quickly I am purging that project from my memory? Can’t get rid of it fast enough…. #
• Coolest preference options in Google Chrome: built-in Google Gears support & the option to block all insecure content on HTTPS-served pages. #
• @supertailz Chrome is Windows XP or Vista only, but I have VMware Fusion specifically for browser testing, so I put it in a virtual machine. #
• Other interesting things about Chrome: DNS prefetching, V8 JavaScript engine; via http://tinyurl.com/5m2dxk #
• @limi You don’t sound bad as the Norwegian voice for Chrome. :) Would help if I spoke that language, of course. So far, Chrome looks good! #
• @BloodyLaughter remarks, “I bet Bristol Palin’s boyfriend is freaking the fuck out right now.” Great commentary at http://tinyurl.com/5e4dm4 #
• @dlsspy Time Machine onto a FreeBSD ZFS over Samba sounds like a sweet setup! Would that be feasible for a small office of, say, 25 seats? #
• Dinner was massivly disappointing due to no snugglelings & intrusion of people I hadn’t the energy for, but I’m finally in bed before 2 AM. #

• Groggily waking up at 11:45 after completely and utterly oversleeping the likes of which I haven’t done since grade school. Awesome…and not. #
• That kid nobody but me liked in school ‘cuz the other kids were assholes has done very well for himself. http://avischer.com/ Good for him! #
• VCS apps are the perfect example of a generation gap. CVS/SVN users will never understand merges like this: http://icanhaz.com/gitopusmerge #
• Didn’t get a lot done but needed a slow day emotionally. Now I promised myself I’d leave the studio at COB and I will to see @BloodyLaughter #
• @essinem Glad I could help set you up with your own server and WordPress blog. It’s good karma for me, which I am often in need of anyway. #
• Suddenly found myself @ a wine & cheese event where everyone’s breath smells terrible. Why are these things held in crowed bars again? #
• Enjoying seeing @BloodyLaughter be the social butterfly I often encouraged her to be. Nice to see the encouragement paying off at last. #
• I’m off in a corner easedropping on an utterly adorable couple clearly flirting with one another. It’s absolutely precious to watch. #
• Of course, one wonders what the point of social events are if one spends one’s entire attendance at said events tweeting during them. #
• Okay, I suppose that was worth the $8 entry fee for the wine at least. Now, at 9:30 in the evening, I’m off to get some breakfast. #
• @ProblmLikeMaria We love YOUR twitters cuz we don’t feel quite as distant from you when you update! Enjoy the beach—and the boys, of course! #
• This is a great quote: “Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing.” #
• Oy. 3 AM again! Is it that I’m simply physically incapable of laying down in bed before dawn or is there some other conspiracy happening? #
• @thepete I was at least able to deliver the major portions of a freelance gig tonight, so that’s good. Still wish I could sleep more, tho. #

• Seriously considering buying a YubiKey http://tinyurl.com/yubikey WordPress blogs can use it per-user w/plugin! http://tinyurl.com/wpyubikey #
• @ellie_lumpesse That’s because we like it when you tease us. ;) #
• This morning I rushed to a meeting that got cancelled, it’s been sunny all Monday, rainy and gloomy all weekend…so bleary-eyed @ work today. #
• Tonight a blast from the past; sooo much fun! Watching rented Tron DVD then hours of playing GLTron with @BloodyLaughter. http://gltron.org/ #

In some communities, this is sort of old news, however I’ve recently become aware of an exciting and affordable security product called the YubiKey, manufactured by Yubico. The YubiKey is a $35 USD one-time password second-factor authentication token that uses 128-bit AES encryption to provide identity verification. That’s a mouthful, but what it really means is this: using a YubiKey to log in to stuff makes your logins about as secure as a military installation. Here’s how.

When you log in to just about any Web site or Internet-enabled service, say Basecamp for example, you traditionally simply type in a user name and matching password. This is known as one-factor authentication because all you need to do to log in successfully is use a matching pair of user names and their passwords. Since the user name is not hidden, the only piece of the puzzle that’s providing any security is your password.

Now, a password is something you have to remember, so this factor is called "something you know." Of course, if someone else also knows your password, this means that person can log in pretending to be you. Thus enters the need for a second factor for authentication.

The YubiKey is a physical USB fob device with a unique ID. That is, each YubiKey in the world has its own ID, meaning that no two are identical. This implies that if you have a YubiKey with you, no one else can have that same YubiKey anywhere else in the universe. Thus, this gives you a second factor with which to authenticate yourself, specifically it’s "something you have."

When you combine something you know (for instance, a password) with something you have (such as a YubiKey), you have two-factor authentication. Authenticating yourself with both of these factors is obviously more secure than relying solely on one factor because in order to compromise it an attacker needs to compromise both factors; the attacker would need to know what you know (figure out your password) and steal something you have (physically obtain your YubiKey).

If you’re familiar with one-time credit cards such as those that PayPal offers, you can think of the YubiKey like one of these cards, but instead of being used to make online purchases, it’s used for logging into stuff (and, of course, you don’t need more than one physical YubiKey). Of course, for authentication to work with the YubiKey the application or service you are logging into has to be able to understand that you’re using one of these authentication devices.

The good news here is that the entire process of using a YubiKey is a well-documented, open-source, and open-spec scheme so it’s easy for service providers to implement. And, because Yubico is also an OpenID identity provider, you can use your YubiKey to log into any site that supports the OpenID protocol right now, such as (you guessed it) Basecamp! There’s even a WordPress YubiKey plugin so you could theoretically use your YubiKey to secure your authentication to any of your WordPress blogs.

The YubiKey spec is, itself, completely independant of the OpenID spec and vice versa, which is what makes the combination so formidable. What’s so cool about this process is that the site you’re authenticating to, such as Basecamp or your WordPress blog, doesn’t have to know anything about how you’re authenticating because the OpenID provider (Yubico in this example) simply returns the answer—a perfect example of a well-constructed API at work. Either you have successfully authenticated to your OpenID provider or you haven’t, and the site can respond accordingly.

And if that’s not cool enough, want to know the coolest thing about the YubiKey? It’s environmentally friendly! The YubiKey web site states that the robust, ultra-thin and battery-free design increases lifetime and reduces environmental impact.

I’m more than seriously considering getting one of these myself, and even beyond that, getting one for all of my fellow site editors on some of the community web sites I help maintain. This is especially important for sites dealing in confidential or otherwise sensitive information, such as those which hold financial records or have other privacy concerns. Securing the authentication of privileged users such as the site administrators seems a natural step.

Even better yet, because the only cost to implementing this system is developer resources and the cost of the physical YubiKey device, I’m also seriously considering baking this right into any new sites I develop. At $35, a YubiKey is actually cheaper than an SSL certificate, and even though they don’t protect against all the same attack vectors, I think a device like the YubiKey is clearly a vastly superior solution in the majority of use cases.

I never really had a compelling reason to begin to propagate an OpenID identity before but now, at last, I do.

• @sanbeiji Aw man. That’s about as sneaky as it gets. What a PITA, especially for our next book, eh? I like Håkon’s suggested image, though. #
• @sanbeiji Haha. =) And with the magic of UTF-8 character encoding, all of Earth’s cultures lived happily ever after, peacefully coexisting. #
• Utterly FANTASTIC presentation by Jeff Hawkins on neurology and artificial intelligence, VERY highly recommended: http://tinyurl.com/4a28ae #
• @avahdi Some good OS X guides: http://www.apple.com/pro/tips/secretcapture.html & http://tinyurl.com/r5ddg #
• @seraglioletters I think it is crazy that the question is whether or not Palin is a good person instead of whether she would be a good VP. #
• Once again, I fail to even remotely get to sleep at a reasonable hour. Then again, there is rarely anything reasonable about me at all, so…. #

• @ProblmLikeMaria Does it have something to do with how they hit on you? I’m so uncomfy w/getting hit on I don’t even notice when it happens. #
• @BondageFreaky I see you’re looking for speech to text programs and have already found iListen. That’s the program I would recommend to use. #
• Got excited at spam in my inbox that read “Mistress wants something big?”, but then disappointed when I realized it meant mistress=affair. #
• Tradeoffs: @BloodyLaughter and I fail at leaving the house, but succeed at having awesome morning makeout sessions and afternoon orgasms! #
• Okay, things that have suddenly become very urgent requirements: Breakfast, coffee, sunshine, and eventually getting work-like things done. #
• I feel good about responding to friend’s private emails asking about kink/sex-related questions, bad that it sometimes takes too long. #
• In ‘05 I created an Amazon guide titled “Become a Front-End Web Design Guru.” Today I added my own book to it! http://tinyurl.com/mywebguide #
• Getting ready to head out to a party, but I’m hungry and don’t know how social I feel. This could either be really good, or really bad. #
• On the 14th floor of a building being renovated. Loud music blasting, tons of teens drinking. Having flashbacks to things I never did. #
• Heading home alone after leaving @BloodyLaughter at the party. I saw that coming a mile away; I was never that young, even when I was. #
• @factorypreset Funny, I just ditched one of those warehouse party things. Decided to go to the office to get a terminal to do work instead. #
• @ellie_lumpesse Two hot bi boys & a king size bed? That’ll surely give me sweet dreams! I’ve been looking at http://boundgods.com/ too much. #