Tuesday, August 30, 2011

Extreme couponing: a real man's sport... or so I keep telling myself (part 1)

Who hasn't heard of "extreme couponing" by now?  I'm not sure how something as stereotypically feminine and boring as clipping coupons suddenly turned into something that could be mistaken for an X-games sport, but it has, and it has caught my attention. My challenge:  avoid clipping my man card while I plan trips to the store for deals on make-up and tampons.

My wife, like so many other women (and men too I guess) started watching Extreme Couponing on TLC and decided she wanted to try her hand at it.  I thought to myself what a waste of time.  I mean, is it really worth hours of digging through ads and clipping coupons to save $.25 on a $10 package of paper towels?  The people on the TV show really are extreme, almost to the point of being sick.  I have a sneaky feeling we will be seeing some of these people on an episode of another popular show called Hoarders :)  We have enough of the crazy spectrum covered in our house so adding coupon clipping to the mix wasn't exactly top on my list.

I had pretty much written off the idea as crazy and hardly worth the effort, but if she wanted to try it I would at least be supportive and let her.  She went out and bought a paper then spent a few hours going through ads and got what she felt was a decent amount of coupons for stuff we "could use". 

For whatever reason she decided to send me to Walmart to pick up a few things and try out the coupons.  It was a disaster.  I went through the store like I normally do, which was a big mistake, randomly browsing clearance aisles, walking through hardware, checking out sporting goods, playing with electronics, etc.  At the check out, I used her coupons and saved about $6.  Not too bad... but considering my overall bill was about $250 I considered it a mega fail.  I bought a ton of stuff on impulse and we ended up with a bunch of food no one liked, or that we liked but didn't want to cook because it required too much effort (Jimmy Dean Skillets).

My wife had pretty well given up, but I couldn't now.  I despise the feeling of failure and I took this very personal.  So, instead of giving up, I decided to treat it like a problem that needed a solution.  The problem was:  "why didn't coupons work for me while they do for other people?"  With this, I turned to my good friend and mentor Google for research and advice as I would with almost any other problem I need to solve.  I'm sure there are millions of sites out there about the topic, but I found a great website that clicked with me called Living Rich With Coupons and it seemed to have very up to date information but most importantly, a "Beginners" section :)  I started to realize that coupons are big business and can be a serious way to save some cash.

With a little research under my belt and a fresh set of terminology in my head, I set out to get redemption (and hopefully a few deals).  We bought a few Sunday papers and got started, again.  My wife did help me clip coupons but this time the planning was up to me.  This time was going to be different.  I was a man on a mission and nothing could stop me.  My target:  Walgreens.  My goal:  I wanted to come out with a cart full of stuff for around $10.  How did I do?  Well... tune in for part 2 of this documentary to find out but let's just say the phrase "third time is the charm" seems fitting.

Saturday, August 6, 2011

I ate a whole package of cookie dough and started thinking…

I’ve been trying to eat healthy lately and it has been tough.  My wife eats ultra healthy but yells at me if I eat something she bought for herself.  My kids refuse to eat healthy all the time and we have company quite a bit so we always have snacks and other junk food available at arms reach.  I’m normally fine with that stuff.

Yesterday, however, was a different story.  We had several packages of Pillsburry Ready-to-Bake sugar cookie dough in the fridge that mom had given us to cook for the kids.  Well, anyone who knows me knows that I love cookie dough!  It is like my catnip or something.  Anyway, it was getting old and my wife said she was going to throw it out.  Anyone who knows me also knows that I don’t like to waste food.  I had to rescue it!

While I was packing my lunch for the day I went ahead and threw the cookie dough down in the bottom of my lunch box, hiding it like a teenage boy with a Hustler.  When I got to work I had planned on just eating a couple pieces and then throwing it away myself, but, well, ended up eating the whole package.  I felt like garbage for the rest of the day and even today my stomach is all sorts of messed up.

So I started thinking.  I wanted revenge on the little bastard for being so irresistibly delicious, but what to do?  Ah ha!  I would take the rest of the cookie dough and make a big Pillsbury doughboy likeness and cook him!  But then I thought, when cookies bake, they get golden brown and even more delicious looking so that would be counter productive.  This made me wonder, what kind of dough is the doughboy actually made out of?  Flour?  Cookie?  Pizza?

I turned to Google to try and find an answer but no one seems to know for sure what he is made of.  I did however find that others have gotten their revenge by looking at Google Images for “cooked Pillsbury doughboy”.

Then, my heart dropped and I was filled sadness when I found his funeral announcement.  Rest in peace little doughboy.

What do you think the doughboy is made of?  Any pictures of your own revenge schemes?  Let me know!

“Somebody set up us the bomb! We get signal. What!”

Wow!  I just read an article from CNN about Charlie Miller, a St. Louis resident who just recently demonstrated a hack at the Black Hat security conference in Las Vegas that can disable the battery of a MacBook.  He said his goal was to see if he "could make one blow".  He unable to accomplish his goal because of different mechanisms in place on the battery hardware itself but he was able to get it to essentially stop working.  A pretty cool proof of concept!

0324_p40-risk-miller_398x380

Getting one to blow up though is not too far fetched of an idea, however.  The circuitry that protects the battery from exploding is probably accessible through the same mechanisms he used to disable it.  Purely speculation here but he was probably a few lines of code away from getting to those protective mechanisms, exploiting them, and then having complete control over the battery in an unstable way, but was probably on a deadline to get his presentation out and figured disabling it was going to have to do for now.

So what does all this mean to the general public?  Well, it means we should be thanking Mr. Miller for finding this exploit before someone malicious released it into the wild.  Because of his efforts, this problem will probably be “fixed” relatively soon with a patch from Apple.  I would imagine that a stream of devices will probably all be patched in the near future to prevent this type of attach from occurring including primarily phones and laptops, but think about the number of devices you use or know about that connect to the internet and have a battery:  Amazon Kindle, Barnes and Noble Nook, high end alarm clocks, satellite radio, home security systems, cars with OnStar, etc.

While disabling a battery doesn’t really seem like much, think about the potential for a few minutes.
Let’s look a totally fictitious scenario for a moment:  a major software company wants to drive sales of its latest operating system but it found that many people were still satisfied with the one from 10 years ago and have no real desire to upgrade.  What to do, what to do?  One way to get people to upgrade is to drive new hardware purchases, right?  Ah ha!  Release a “patch” for that 10 year old operating system that disables the battery of those older laptops!  Then people will be forced to upgrade!  Brilliant!

style_warning

Is that all that can be done though?  Not necessarily.  Picture this more sinister scenario:  a terrorist cell identifies the logic to disable the safety mechanism on the battery and actually get it to explode.  This opens the potential to disable it on any similar battery.  They also figure out how to trigger a remote code execution on your laptop, phone, OnStar, whatever and push this code out via text message, email, website popup, etc.  Payload day comes and boom goes the dynamite!  Millions of micro chemical explosions worldwide, disabled workers, crippled communications, highways littered with dead vehicles, etc, etc.

We could essentially all be carrying bombs with us that could literally be remotely detonated and explode at any time!  Sounds pretty crazy, but it seems like almost every wireless device has a battery, and inside the battery is a combination of chemicals, and on the cover of every battery is a warning that says caution, explosive!

Probably VERY far fetched....... or is it?!  You tell me!  ;)  Until next time, keep your electronics away from the women and children!

References:

http://www.cnn.com/2011/TECH/mobile/08/05/miller.apple.battery.hacks/index.html?hpt=hp_t2

http://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html

Oh, and for those that do not get the "Somebody set up us the bomb!" reference, see the classic worldwide phenomenon All Your Base Are Belong To Us.

Thursday, August 4, 2011

FortiGate 200B - Central NAT Table causes potential performance issues

I just had the pleasure of dealing with a strange issue on a FortiGate 200B 4.0 MR3.  The client was reporting slow internet browsing from their hosted offsite Citrix server (which is behind the FortiGate).  They were able to connect to their Citrix server without any problems, run all of their applications at normal speeds, print, etc. just fine, but when you launched Internet Explorer from within the Citrix session, it would give sporadic results.  Most pages were just very slow to come up, others would load only half of the page, and some would just load the title bar.  I checked to make sure that it was not just the Citrix server but it was also happening from their Small Business Server, their Microsoft SQL server, and other line of business application servers in their environment, although the Citrix server seemed to be the worst.

I went over to SpeedTest.net to run a quick speed check and it failed.  Yes, failed.  I have seen some strange results from that site but I had never seen it actually say fail.  I was able to get it to fail repeatedly from their environment but it worked everywhere else I tested from outside of their environment.

After looking over the rules on the firewall and looking at performance counters, my co-worker wanted me to try and change the outbound NAT policies on the FortiGate from "Use Central NAT Table" to "Use Dynamic IP Pool".  Since then, the problem seems to have gone away and internet browsing speed has returned to normal.  SpeedTest.com also now completes successfully from their environment.

I did a quick search on Fortinet’s website and on Google and have not found any similar issues being reported.  I am going to have my "FortiExpert" (the co-worker that had me change to IP pools) review this and give me his analysis and submit it as a “FortiGlitch”.  Luckily the client was just trying to use the Central NAT Table as a convenience so they did not have to enter each address that they wanted to translate in the policies. 

Maybe this is why the Central NAT Table is disabled by default?  Or maybe it was just a misconfiguration that half-way sort of worked.  Either way, more research is required on this one.