The Case for Watermarked UUIDs

UUIDs are my latest toy

They fill my little world with joy
Forgive me for waxing lyrical. The more I play with UUIDs, the more wonderful uses I find for them.

Take one-time tokens used for idempotence, for instance.

Joe Gregorio's nugget on how to use UUIDs with hashes to prevent spoofing got me thinking. What if the hash could be hidden in the UUID itself? UUIDs are so roomy and spacious, they can tuck a lot of things inside without losing their core property of universal uniqueness.

But first, a summary of Joe's piece for those too impatient to go over and read it.

Idempotence is (or should be!) a basic concept that all IT folk are familiar with. Performing an idempotent operation more than once has exactly the same effect as doing it once. The way this is commonly implemented is through the use of one-time tokens. [If you do a 'View Source' on your bank's transaction confirmation page (the one that asks "Are you sure?"), you may see a hidden form variable with a large random value. That's the one-time token the bank uses to ensure that you don't end up posting a transaction twice even if you hit the submit button twice. It's a wonderful way to ensure a measure of reliability over an unreliable Internet.]

Joe Gregorio suggests the use of UUIDs as one-time tokens for RESTful idempotent services, but also raises a potential problem with the use of raw UUIDs. Anyone can spoof a token by just generating a UUID. For a server to be able to recognise that a UUID is a genuine one-time token that it itself had handed out earlier, it would normally be expected to store the token somewhere so it can verify it when it's presented later on. But such a naive design would open the server up to a "resource exhaustion attack". A malicious user (or bot) can swamp the server with millions of requests for one-time tokens, and the server's database will rapidly fill up with useless UUIDs that are never going to be used.

To address this, Joe suggests a hash. If the generated UUID is combined with a secret string that only the server knows, and this combination is hashed, then the combination of UUID and hash will let the server validate its genuineness, because no one else can generate a valid hash for a random UUID without knowing the server's secret string. In Joe's model, the one-time token is not the raw UUID, but a combination of the UUID and a hash. With this design, the server doesn't have to store a one-time token when it's handed out, only when it's actually used to perform a transaction. The number of such UUIDs can be controlled, because spoofed UUIDs can be filtered out through a mere computational check.

I think this solution is elegant and ingenious, but I believe it can be made even more "clean".

A UUID looks like this:


It consists of 5 groups of hex characters separated by hyphens, and the regular expression for it is


What I want to do is replace the last set of 12 hex characters with another one representing a hash (or at least part of a hash). Then, while the UUID will still look like a UUID (and indeed, will be a valid UUID), it is in effect "watermarked" by the server and can be verified by computation alone.

What do we lose?

Mathematically, we lose a great deal of uniqueness. We're now dealing with just 20 hex characters instead of 32 (It's not 24, because the 4 hyphens don't count). 20 characters are still a lot, and we actually get something back through the 12-character hash, because this is calculated not just on the 20-character UUID prefix but on the combination of the prefix and the server's secret string. So it's an independent 12-character hex string, and while it may be a more sparse range than its length may suggest, it's still something. So I don't believe we lose too much from a uniqueness perspective. UUIDs are so huge you can trim them and still not encounter conflicts.

Is there a danger that some random UUID out there may accidentally be computed as a valid watermarked UUID because its last 12 characters miraculously match the hash? Well, the probability of this is 1 in 16 raised to the power 12, which is about 1 in 3 quadrillion. I'd take my chances.

Architecturally, it would seem that we have introduced meaning into what should have been a meaningless identifier, and that would then open the door to implicit dependencies (tight coupling) and consequent brittleness. However, on closer inspection, there is no way an external system can seek to build any dependency on the structure of a watermarked UUID, because without a knowledge of the server's secret string, the hash cannot be externally calculated. The UUID remains necessarily opaque to all external parties. The implicit dependency of one part of the UUID on another would seem to be a limitation too, but this is by design! The "limitation" serves to exclude spoofed UUIDs.

And so, I believe there is no real downside to the use of watermarked UUIDs. On the contrary, they retain the visual elegance of plain UUIDs and furthermore simplify the design of idempotent services by encapsulating the entire token-validation function within the service with no leakage through to the interface.

I've written a couple of classes in Java that should help developers get started (no warranties, of course). The base class is called TokenWatermarker, and it performs the basic hashing and string concatenating logic on any token string. It can watermark LUIDs, for example. It also performs verification of previously watermarked tokens, of course. Then there's the UUIDWatermarker class that extends TokenWatermarker and provides the same capability for UUIDs.

Running the compiled classes using "java TokenWatermarker" or "java UUIDWatermarker" will print out a sample output that will show you how these classes work.


Football, Fracking, Folly: stupid things we keep doing.

Three stories in the overall category, "why do we do such stupid things?"

Football and Brain Injuries

The brain of the late Cincinnati receiver Chris Henry contained so many signs of chronic disease... that it shows a football player can sustain life-altering head trauma without ever being diagnosed with a concussion.

Dr. Bennet Omalu: "I'm not calling for the eradication of football; no, I'm asking for full disclosure to the players. Like the surgeon general considers smoking to be dangerous to your health, repeated impacts of the brain are dangerous to your health and will affect you later in life. Period. The players need to know this.

"I think it's an epidemic. It's beneath the radar. We simply didn't identify it [early and properly].

"The NFL wants us to believe that documented concussions are the issue. I've always believed that it's not about documented concussions. It's about repeated impacts to the head ... sub-concussions," Dr. Omalu said. "The issue is repeated impact, repeated blows to the head."
Encouraging children to play football is so reckless that it makes soccer and the World Cup seem rational.

What a fracking mess

Today's Vanity Fair presents an account of fracking operations in Damascus, PA and Dimock, PA in order to exploit the natural gas found in the Marcellus Shale. Both towns are in the Delaware River basin watershed.

The story tells about one family whose (post-fracking) well-water eroded their plates in the dishwasher, made their children dizzy after they took showers, and eventually could be set on fire as it came out of the faucet.

Folly: Losing Afghanistan

Today's Economist (reg. req'd) talks about our failure in Afganistan. Although we're ostensibly fighting the Taliban and al Queda, the corrupt Karzai government has announced plans to seek a diplomatic rapprochement with them. Karzai is also manuevering with Pakistan to cement his Pashtun tribe's power.

Even Henry Kissinger (the godfather of American Realpolitik) says that what we're doing and saying is a formula for failure. I'm all for killing bad guys over there, but I'm not convinced that we're not creating more bad guys than we're killing.

I really, really, really hate to quote John Kerry, but his rhetoric fits this situation perfectly. How do you ask somebody to be the last man to die for a mistake? How can we tell a grieving parent that the loss was justified, when the Afghan president and congress are both cutting deals with the purported enemy?
Primbee is a southern suburb of Wollongong - I bet you've never heard of it.

It has the ocean on the eastern side and Lake Illawarra on the western side.

Today Buster and I walked to the beach and returned home along the lake foreshore.

Eat ya heart out....

The track leading into the beach. I used to have problems initially walking along here.... 1735099 and BOAB will understand why.

Up over the sand dune and we are there

Windang Beach looking south towards Shellharbour with Saddleback Mountain way in the background.

Looking north to Port Kembla Beach. I am letting you in on a big secret here - you won't find a cleaner beach, it is great for kids as it is shallow.

Buster hates the beach. He won't go anywhere near the water.

Heading west towards the lake

Lake foreshore. Can you see the old couple sitting in the sun on the far left? It doesn't get any better than this. This is crown land, but the owners on the boundary keep it nicely mowed - a magic spot on a day like today.

No comment required eh?

All pictures taken with that great little Canon IXUS80IS camera

Click for Larger Pics

France's Jeannie Longo offers Lance some hope

From France, we have news that Jeannie Longo, 51-year old veteran cyclist, has won the national title in the individual time trial at the French national cycling championship.

From VeloNews:
Jeannie Longo won her 57th national title at the French national championships on Thursday, decisively winning the women’s time trial event for a third successive year.

The 51-year-old Longo covered the 24.7-km course in Chantonnay a full 1:19 faster than two-time national champion Edwige Pitel, 43. Former national road champion Christel Ferrier-Bruneau, 30, finished third at 1:45.

The win represents Longo’s 57th French national title since she won her first in 1979... Longo’s presence in the women’s cycling peloton, whose average age is usually half her own, has on occasion prompted the odd grumble. However the Frenchwoman known for her no-nonsense attitude has always defended her right to compete, no matter what her age.

That belief was vindicated Thursday, when, asked why her rivals could not match up, she suggested they “hadn’t done enough specific training. I’m sorry to say it, but they need to go back to the drawing board on a few things.”

“You can’t discount my 30 years of experience,” added Longo, who actually won her first national championship jersey 31 years ago.
I like the notion of the peleton grumbling at the lady's age.

As Americans, of course, we view all cycling events through the lens of: What does this mean for Lance? Perhaps this is the year for age and treachery triumphing over youth and skill.

Pictured Alberto Contador (current heir apparent) and Lance Armstrong (who was something, once); Contador wears the yellow jersey.

Click for Larger Pics

Gatorade, Exercise, and My Type 2 II Diabetes

I usually don't blog about personal events because (1) I lack any perspective on them, (2) nobody would find them that interesting, and (3) I don't have much of value to say. But I had an experience recently that I wanted to blog about, if only to have this post appear when somebody else googles "Type 2 Diabetes Gatorade exercise".

I am not a Doctor (IANAD), I am not a Lawyer (IANAL) and probably neither are you. You should see your doctor with your questions. This is just my anecdote. And you know what they say: the plural of anecdote is not information.

I'm a Type II diabetic and a Cyldesdale bicyclist. I've ridden several long, multi-day rides with my Type II diabetes, which is (mostly) in control. These long rides are 80 to 100 miles a day for up to four days, mostly TOSRV and DC-Pittsburgh.

In 2010 I was preparing for another long ride, and my prep rides were turning out to be mostly 20 miles long with the occasional 40-miler. That's not as long as they should be, but my time was tight. I was drinking water and eating power bars and packets of honey on the bike.

As the ride approached I started getting all my gear on the bike and started doing what I'd be doing on the ride, which included drinking Gatorade. In previous years I drank a 50% gatorade/water mix, but this year I started drinking more straight Gatorade. I don't know why.

A curious thing started happening to me when I rode. After an hour, maybe at 1h+15m, I'd feel a blood sugar crash - loss of energy, nervousness, feelings of impending collapse. I'd get off the bike, eat something and drink some Gatorade, and it would pass. I'd get back on the bike, ride for a half-hour, and then the same thing. For the rest of the ride it would be a thirty-minute ride with a twenty-minute break. I figured I wasn't being disciplined enough with my eating.

I went on the DC to Pittsburgh ride. We started in DC and after an hour I started to feel the crash coming on. I'd been focusing on hydrating (gatorade) the whole ride, but I drank some more Gatorade and pressed on. By 1+30 I was feeling terrible and abandoned the day's ride, because I was in a group and I didn't want to hold them up.

Each of the next few days, I'd ride for an hour and crash. Drink more Gatorade, get back on the bike, a half-hour then another crash. So I rode with the group for the first and last 90 minutes each day. It was not the ride I'd hoped to have, and although I really enjoyed the riding I got, I was disappointed to be a DNF and verklempt to think my long rides were over.

Back home I kept riding, and I noticed my daily mileages were slipping from 20 miles, to 15 miles, to 12 miles. Each ride I'd have an energy crash about an hour into it. Finally I tested my blood sugar during a ride and the numbers were very high, 255 mg/dl.

I had thought my problem was that my diabetes was interfering with the bike riding, but then the thought occurred: could it be something I was doing on the bike was interfering with my diabetes? Which led me to: Could it be drinking the Gatorade?

So I Googled "Is drinking Gatorade safe for diabetics" and found this opinion, which said No, it's not. There's a few other similar opinions on the web.

Gatorade and Exercise ~ Diabetic Poisoning For Me

Your mileage may vary, but I found that when I removed the Gatorade and replaced it with water the situation improved dramatically, to the point where I now think I was practically poisoning myself with the Gatorade.

Gatorade contains a lot of carbs, simple sugars, and electrolytes designed to get into your bloodstream quite rapidly. Apparently for me this really spiked my blood sugar which screwed up my energy levels. When I cut out the Gatorade I felt like my old self on the bike again.

To be clear: Gatorade is not poisonous, it's just really, really bad for me. I've read that's it's actually useful for Type 1 diabetes and for people with low blood sugar. The manufacturers aren't evil people.

To repeat, this is just my experience, you should talk with your doctor. Just providing food for thought.

It should be no surprise to regular readers of this blog that I am in love with UUIDs. As I have said before, they are an inexhaustible source of identifiers that are meaningless (not a pejorative term!) and whose generation can be distributed/federated without danger of duplication. As a result, they are an extremely powerful means of providing a uniform and federated identity scheme.

As a SOA-indoctrinated IT practitioner, I am loathe to expose domain-specific entity identifiers to the larger world because such leakage leads to tight coupling and brittle integration. Yet identifiers of "resources" must often be exposed. How do we do this? Even "best practice" guidelines fail to adequately admonish designers against exposing domain-specific identifiers. [e.g., Subbu Allamaraju's otherwise excellent RESTful Web Services Cookbook talks about "opaque" URIs in recipe 4.2 but ends up recommending the use of internal entity identifiers in recipe 3.10 :-(.]

My point is simple. If the 'employee' table in my application's database looks like this

| id | first_name | last_name | dob |
| 1122 | John | Doe | 12-Jan-1960 |
| 3476 | Jane | Doe | 08-Sep-1964 |
| 6529 | Joe | Bloggs | 15-Jun-1970 |

I do not want to be exposing resources that look like these


I don't want to expose my application's local primary keys to the entire world. They may be "meaningless" but they're still coupled to my domain's internal data structures. I need something else.

My standard solution so far has been the magnificent UUID. I add a candidate key column to my table, like so

| id | first_name | last_name | dob | UUID |
| 1122 | John | Doe | 12-Jan-1960 | 4885c205-8248-4e5b-9c45-4d042e7cc992 |
| 3476 | Jane | Doe | 08-Sep-1964 | cdbf87dd-93cb-4c53-9c5d-718c596b0a00 |
| 6529 | Joe | Bloggs | 15-Jun-1970 | 73feb1bf-e687-4d58-9750-5bf98ca7b9fa |

or I maintain a separate mapping table, like so

| id | UUID |
| 1122 | 4885c205-8248-4e5b-9c45-4d042e7cc992 |
| 3476 | cdbf87dd-93cb-4c53-9c5d-718c596b0a00 |
| 6529 | 73feb1bf-e687-4d58-9750-5bf98ca7b9fa |

and I expose my resources like so


I've still got unique identifiers, they're guaranteed not to conflict with anything else in time and space, and more importantly, my domain-specific identifiers remain hidden. I can now even change my entire domain model, including identifiers, and still preserve my external contracts. That's SOA.

But the sad fact of the matter is that many legacy systems and packaged software do not readily support UUID datatypes or even char(36) columns for various reasons. I have recently heard of a far-sighted software vendor that has provided for a "Public ID" field in their database tables for this precise reason, i.e., to allow an externally visible identifier to be specified for their entities. But alas, the column is defined to be varchar(20), much too small to hold a UUID.

It occurred to me that there is nothing sacrosanct about a 128-bit UUID (expressed as a 36-character string). It's just that the larger a random number gets, the more remote the probability of conflict with another such random number. 128 bits is a nice, safe length. But smaller lengths also have the same property, only with a lower degree of confidence.

The constraints of vendor packages like the one I described above led me to postulate the concept of the LUID (Locally Unique ID). This is just a string that is smaller than 32 hex digits (a UUID has 32 hex digits and 4 hyphens in-between). I call this a Locally Unique ID because the smaller it gets, the lower the confidence with which we can claim it to be universally unique. But we may still be able to rely on its uniqueness within a local system. If I'm only holding details of a few thousand employees (or even a few million customers) in my database, an LUID may still be expected to provide unique identifiers with a reasonable degree of confidence.

That vendor package definitely cannot hold a UUID such as "2607881a-fec1-4e5d-a7fc-f87527c93e2d" in its "Public ID" field, but a 20-character substring such as "4e5da7fcf87527c93e2d" is definitely possible.

Accordingly, I've written a Java class called LUID with static methods

String randomLUID( int _length ) and
String getLUID( String _uuidString, int _length )

The first generates a random hex string of the desired length (without hyphens). The second chops a regular UUID down to a hex string of the required length, again without hyphens.

You can download the class from here. Just running the compiled class with "java LUID" will result in some test output which should illustrate how it works. Feel free to incorporate it into your own projects, but be warned that there is no warranty ;-).

Of course, there is a limit to how small an LUID can become before it loses its utility, but I'm not going to draw an arbitrary line in the sand over this. The class above represents mechanism, not policy. Application designers need to think about what makes sense in their context. An LUID of the appropriate length can enable them to implement SOA Best Practice by decoupling externally visible resource identifiers from internal entity identifiers (another example of the difference between Pat Helland's Data on the Outside and Data on the Inside) when a standard UUID cannot be used.

Bottomline: If you can use a standard UUID, do so. If you can't, consider using an LUID of the kind I've described. But always hide the specifics of your application domain (which include entity identifiers) when exposing interfaces to the outside. That's non-negotiable if you want to be SOA-compliant.

Update 27/06/2010:
I should perhaps make it clear what my proposal is really about, because judging from a reader comment, I think I may have created the impression that all I want is for entity identifiers to be "meaningless" in order to be opaque. That's actually not what I mean.

To be blunt, I believe that any entity/resource that is to be uniquely identified from the outside needs _two_ identifiers (i.e., two candidate keys). One of them is the "natural" primary key of the entity within the domain application. The other is a new and independent identifier that is required to support the exposure of this entity through a service interface (whether SOAP or REST). There should be no way to derive this new key from the old one. The two keys should be independently unique, and the only way to derive one from the other should be through column-to-column mapping, either within the same table or through a separate mapping table as I showed above.

To repeat what I wrote in the comments section in reply to this reader:

There was a content management system that generated (meaningless) IDs for all documents stored in it, and returned the document ID to a client application that requested storage, as part of a URI. At one stage, it became necessary to move some of the documents (grouped by a certain logical category) to another instance of the CMS, and all the document IDs obviously changed when reloaded onto the other instance. The client application unfortunately had references to the old IDs. Even if we had managed to switch the host name through some smart content-based routing (there was enough metadata to know which set of documents was being referred to), the actual document ids were all mixed up.

If we had instead maintained two sets of IDs and _mapped_ the automatically generated internal ID of each document to a special externally-visible ID and returned the latter to the client, we could have simply changed the mapping table when moving documents to the new CMS instance and the clients would have been insulated from the change. As it turned out, the operations team had to sweat a lot to update references on the calling system's databases also.
I hope it's clear now.

1. Entity only seen within the domain => single primary key is sufficient
2. Entity visible outside the domain => two candidate keys are required, as well as a mapping (not an automated translation) between the two.
3. UUID feasible for the new candidate key => use a UUID
4. UUID not possible for some reason => use a Locally Unique ID or LUID of appropriate length (code included)

Boy on a Bike

I'm reliably informed that this title is a croc .

It should be UGLY boy on  a bike.

He rides to work and takes pictures of blokes bums.  I kid you not!

Each day I check out his blog hoping to see some nice female forms in lycra and each day I am disappointed.
His photos are a technical improvement, mainly because of my efforts and my superior brain helping him out by showing him how to take bloody great pictures.

Check him out here

Here is a recent picture he took of Anzac Bridge in fog, after I fixed it up for him, of course.....

The Pirate's Shining Moment of 2010

From the Post-Gazette's Dan Majors:

Pirates put pierogi back in the race

Andrew Kurtz, one of the men who perform as a racing pierogi during Pirates' home games, has been rehired by the team after management determined that "he should not have been fired" for posting a disparaging remark about the team on the Internet.

"The fact of the matter is that neither HR nor senior management were involved in the decision to fire the employee," Mr. Warecki said. "When they were made aware of the improper termination on Friday evening, they conducted an investigation into the firing. Upon learning the facts of the case and determining that he should not have been fired, [management] contacted the employee Saturday morning to offer him his job back, and he accepted." The bad publicity, Mr. Warecki said, did not factor into the decision.

"He was rehired on Saturday morning because it was the right thing to do," Mr. Warecki said. "That same decision would have been made of any employee who was let go in this manner, whether it was reported in the media or not."

They can say the publicity didn't matter.
They can say they'd skipped a step on the HR checklist.
They can say whatever they need to say, now.

They manned up and did the right thing. Bravo.

My compliments to 2PoliticalJunkies and their wonderful post Who Knew?. This is a candidate for Blog Post of The Year.
From comes news that Chinese historian Xu Quan Long has found ancient plans of the first bicycle and has rebuilt a working model.

Previously, the earliest known example of a bicycle was the wooden 'velocipede' invented by German engineer Baron Karl von Drais in 1817. It wasn't until the development of metal-framed 'boneshakers' in France in the 1860s that bicycling began to achieve popularity.

Xu Quan Long said he stumbled across the drawings while studying the works of legendary ancient Chinese inventor Lǔ Bān (魯班), who was born more than 2,500 years ago. He then recreated the original design using materials available at that time.

Xu Quan Long said that Lǔ Bān's notes regarding the bicycle were unfinished. Other documents writted by Lǔ Bān's students in the same year suggest that he was actually killed while riding his bicycle. Lǔ Bān was struck from behind by a horse-drawn carriage driven by a "blue eyed devil" named Ÿagoff K. Pintek, who later wrote in his own journal that he (Pintek) had just invented a game called "bump the biker".

Even 2500 years ago, Ÿagoff K. Pintek's actions were so egregious that his name became a byword for boorish behavior. According to Wikipedia, as his infamy spread the Chinese were unable to pronounce his unusual first name and they settled on Jagoff. Chinese literature from that time is replete with comments like, "don't be a such a Jagoff, one Pintek is too many". Graffiti found at the site of the terra cotta warriors in Shaanxi Province has been translated as saying, "your ancestors are Jagoffs". His legacy is memorialized in modern times by the use of his name as a pejorative reference.

Jagoff Pintek's direct descendent, Mike Pintek, is a disk jockey and talk-radio personality who was recently noted in Pittsburgh for expressing his own desires to bump and/or frighten bicyclists. Although (Mike) Pintek later acknowledged that "mistakes were made", he has not apologized, retracted, or corrected his outrageous comments.

An apology sounds like this: I said insert actual comment here. I shouldn't have. I was wrong. I am sorry. I apologize. I will not do it again.

An apology does not sound like this: Did I say things that weren't smart? Sure. Did some people take offense? Yes. But what I meant to say was insert something completely different here.

He's making the old Ÿagoff proud.
One of my mates dropped in to see me today to show me his new purchase, a Canon DSLR D550 complete with two lenses – a wide angle and a medium telephoto lens.

He took exception to my writing on part 8 where I cast aspersions upon Lexus 4WD owners (he owns one!).  He read it the day after he bought his new camera. He thought my comments were directed at him.  Gee I didn’t know I was psychic!  Anyway, he has a nice camera with plenty of megapixels.

I feel pretty humble about all this attention.  I have said many times I am a dumb grunt, and I mean it.  It is often hard for me to grasp things – but once I get it into this dumb grunt brain of mine, in a form that I can understand, I can usually retain it.

Thank you for the emails and phone calls, I really appreciate the attention.  I didn’t realise how much I knew about taking bloody great pictures.

Today I want to run though the markings on that dial – you know, the one with all the symbols on it.  Now that you understand the relationship between aperture, shutter and ISO; this will be a breeze.

And just for you misguided Nikon people I have catered for you also.

Typical Canon

Typical Nikon

Well how about that – they are almost identical!!!

So let’s look at each symbol in turn and see if it can help us to take bloody great pictures.......

Camera on legs(Canon) – Video - They take beaut videos.  With image stabilisation, they are great in low light for that quick take on an event.  Be aware though that they chew memory, so buy a big capacity card if you want to use this feature often.  You will be surprised by the clarity of the picture and the sound!  Experiment to see if the zoom works while you are videoing.  Some do, some don’t.

Person with star – Night Flash
I showed you this in part 7.  You need a tripod to bring out the best results for flash pictures at night which will show up the dark back ground.  This is a very powerful feature to have.

Hills – Landscape
We know that for landscape shots we need a large depth of field, so we want a small aperture opening (large F number) but I consulted my manual to see what else it does.  It says to use it for night scenes, and also that it boosts blues and greens and sharpens the image a little bit more.

Flower – Macro (close ups)
Use this setting to take close up pictures of flowers.  Your lens may say the minimum distance , or focal length,  the camera can handle.  Bear in mind that the depth of field will be very narrow.  Just the ticket for getting that great shot of burning ants.

Running Man – Sports
This sets a high shutter speed to capture that movement nice and sharp.  On my Canon it will take up to 6.5 shots per second – so you won’t miss that whale jumping out of the water, or your grandkid scoring that winning try.

Woman’s Head – Portrait
I checked my manual – soft focus (no wrinkles), blurred background, good skin tones and it take 3 shots a second, so if they blink the next one will be OK -  great for the grandkids who always seem to look away at the wrong time.

Kids (Nikon)
I’m guessing here, but it would probably choose a high shutter speed and allow multiple pictures per second to get that ‘just right’ shot.  If you have a Nikon, experiment with it, or better still, borrow a Canon.

Lightning with line through it – no flash
Use this to rely on ambient light for that great shot.  Use a tripod for best effect, but remember if you have image stabilisation it takes great shots in low light.  You will be surprised at the results – often ambient lighting gives a warm effect to the shot.

Cav’s Tip – At your grandkid’s birthday, frame up to the face of the kid lit up by the candles on the birthday cake – snap away - magic!

That’ll do for today, I’ve had a couple of rums. 

If you can’t underconstumble this, have a few drinks and read it again.

My mate was saying how he spent a lot of money getting his new camera.  I showed him how to look up prices on the internet.  As his camera was a brand spanking new model there were no cheap internet prices, so he did OK with the deal he got - it does pay to shop around.

Photography can be expensive.

In part 8 I mention the following Canon lens:

EF 600mm f/4.0 L IS USM Lens.

The cheapest internet price is ... $US8,049.99

Those Crazy Kiwis

It's a Folden, and someone bought it!

Read all about it here
What a dickhead.

I've circled the guy that had his back to the ocean.  Maybe his mates would tell him if a big wave was coming.

Click for Larger Pic

We drove about an hour south to Huskisson on Jervis Bay to do a spot of whale watching.

It was nice and smooth in Jervis Bay but once outside the heads I had trouble walking let alone holding the camera steady.

That's Point Perpendicular in the background.  It often gets mentioned in weather reports.

I wuz hoping to get some shots like this...

This is what I got....

I needed one of these cameras....

KDKA's Mike Pintek is a Dangerous Idiot

Truly an excellent post by Illyrias titled, Do Bicyclists Deserve to Be Attacked?.
Illyrias refers to several reports of local violence against people on bikes, and then quotes local radio voice Mike Pintek whose was interviewing Bill Nesper of the League of American Bicyclists:
Mike Pintek said: "There are some bicyclists who are just these arrogant little dorks that think that they can do anything they want because they're on a bicycle and we're being green and environmentally friendly."
A Pittsburgh Blog that's new to me and quite excellent is Lolly's Reimagine an Urban Paradise. In Dearest Station Manager: Fire Mike Pintek, Lolly relays this about Mike Pintek:
He further went on to state that cyclists “are arrogant dorks” that are “lucky to be alive” and that he has the desire to “bump them” with his vehicle.

I cannot believe that KDKA would allow a man to advocate violence against cyclists. “Bumping” a cyclist would certainly result in severe physical harm and would likely cause broken bones and possibly death.

KDKA's Mike Pintek: Wait, There's More!

In another post, Mike Pintek Should Lose His Drivers License and His Job, she provides this transcript of Pintek's bike foolishness:
I’ve gotta tell you they’ve been times when I’ve come around a curve on a country road and you’ve got three of em abreast in MY lane and they’re just lucky they’re alive. Because, am I WRONG?

There are some bicyclists who are just these arrogant little dorks that think they can do anything they want because they’re on a bicycle and ‘we’re being green and environmentally friendly”…

I have been thoroughly tempted — I haven’t done it cuz I’m not going to do it — I’m not that kind of person… but I have been so tempted to just bump em.

I have been so tempted to pull up behind them when they’re doing this — you know spread out across the road — put my car in neutral, jam the accelorator down, race the engine, and scare the living crap out of them.

They’ve got to stop being so arrogant about what they’re doing. They’ve got to obey the rules. they have to do the right thing or else they’re going to get killed.

 So, first things first: I hope you'll send an email to KDKA program director Marshall Adams,, who is Mike Pintek's boss and responsible for what Mike Pintek says on the station's behalf (over the public's airwaves). Tell Mr. Adams what you think of Mike Pintek promoting violence against bikes.

The report is that Mike Pintek will address these bicycle issues on his Monday show, 12noon to 3pm Local, on KDKA radio.

This presents me with a pragmatic dilemma. I understand that Mike Pintek is an entertainer, a panderer to our darker tendencies, a pot-stirrer whose value-add for his employers is that he says things outrageous enough to keep the audience enduring the advertisements that are the basis of his paycheck.

My dilemma is that I don't want to be Pintek's chump, proving his effectiveness. I don't want to tune in and listen, because that meets the needs of Pintek and his advertisers. I don't want to reward the dangerous, idiotic behavior.

I called Marshall Adams, Mike Pintek's boss. He wouldn't disavow or disapprove Pintek's comments. His only refrain, repeated a few times, was a suggestion that I call into the show and participate in the discussion. They're shills and provocateurs. I can't feed the trolls.

In the end, I've decided that all I can do is to do my part to see that when somebody types "Mike Pintek", or "Mike Pintek KDKA" into Google, they see my comments. I believe in free speech. I just can't tolerate a paid entertainer and scoundrel (and that's what he is) advocating violence by people in cars against bicyclists. I've also got reservations about post-peak hacks who make their living fomenting controversy without contributing solutions or having skin in the game.

It's interesting (if somewhat sad) to look through Mike Pintek's website, which has a picture of him with Shimon Peres back in the glory days. I guess he looked young compared to Shimon Peres, fifteen years ago. It reminds me of this song:

Ah, the Pirates. For quite a while recently, they've been on the verge of pulling off one of the greatest public relations dodges in Pittsburgh sports history. Since 2009 they've gotten Pirates fans to repeat their koolaid: The difference now is they’re building for the future.

It's not about this year, it's about three years from now. What a great shovelful of nonsense. I want to be able to say, "Yes, I suck at my job. Yes, I'm the worst in the industry. No, it's not about this year - it's about my 2013 results. You wait and see". This is a better con job than the PAT bus authority blaming their fiscal problems on the bus drivers.

The "it's not about this year" meme, which is kind of funny in a business where they keep so many statistics on annual performance (first place, the World Series, personnel contracts, etc) was becoming widely accepted, it was often repeated, and it was on the verge of becoming an Accepted Truth.

"It's not about this year!" Don't you think that BP wishes that they'd said that to Congress? "Mr. Senator, we're not in this for the short haul; we're in this for the five-year plan. That's why we're not rushing into action, and we're not giving you any indication that we're accountable for this year's results."

Unfortunately the Pirates have snatched defeat from the jaws of victory and offended the web 2.0 community. People may not care themselves about Blogging, Tweeting, and Texting, but they really do defend the notion that people should be permitted to do it. Fundamental American concept, and all that.

The Pirates have terminated an occasional employee who worked as an unknown, masked distraction from their actual performance.

Andrew Kurtz, 24 years old, of New Brighton, gets inside the costume of an overstuffed Pierogi for the staged "pierogi races" held at the new stadium the taxpayers bought to keep a world-class team in Pittsburgh. Mr. Kurtz is paid $25 for each of the occasional home games he works at, usually four per month, and is paid $50 for appearing at local publicity events. He's a runner who managed to find some small cash pursuing his hobby.

Mr. Kurtz had the unfortunate impulse to make a FaceBook post about Pirates team president Frank Coonelly's stealth decision to extend the contracts of GM Neal Huntington and manager John Russell. Mr. Coonelly did not see fit to announce the extension initially, presumably because it's in the future and after all, we're not about this year. (Coonelly's dissembling has been called LiarGate by Bob Smizik.)

Mr. Kurtz's Facebook entry read:
"Coonelly extended the contracts of Russell and Huntington through the 2011 season. That means a 19-straight losing streak. Way to go Pirates."
Four hours later he was fired.

The Pirates have unwittingly unleashed the Streisand Effect upon themselves, in which an unwise decision to try to control unwelcome web 2.0 content results in the unwelcome info getting more attention than it ever would have if they'd just left it alone. (Previously mentioned here.) Would any of us have heard of Mr. Kurtz or his Facebook page if the Pirates hadn't been silly enough to fire him?

Out of the mouth of a pierogi, we get the truth: The Emperor has no clothes. The Pirates can't control the ballgame, so they're trying to control the truth about the management team.

Even a pierogi from New Brighton (NTTAWWT) can see the corruption in that.

Mr. Kurtz's mother, who probably does not have a blog or a facebook, called a strike a strike:
"My son always was a big Pirates fan... He took pride in being a pierogi runner. Since when, in this country, are you not allowed to state an opinion? Well, here is my opinion: The Pirates came through again and let go one of their biggest fans and dedicated workers."

Finished, Shop Class as Soulcraft

Finished reading Shop Class as Soulcraft: An Inquiry into the Value of Work, by Matthew B. Crawford. Crawford is a Ph.D. (political philosophy) who left academia to make his living as a motorcycle mechanic. This book is an expansion of an essay originally published in the journal The New Atlantis, and the essay is a fine introduction to Crawford's thoughts.

Crawford talks about the psychic appeal of manual labor, and points out that it is in dealing with the physical world that we interact with reality, and that those who do manual labor usually have to improvise based on the situation at hand - a decision-making process that improves with experience, requires thoughtfulness, and presents an objective measure of success - things often lacking in contemporary work.

He talks about the crafts and the teaching of a craft to young people, providing an arena for failure, learning, and the development of pragmatism. He talks about the degradation of blue-collar work, then of the degradation of white-collar work, and explains that by removing judgement and discretion from the worker (wearing any color collar), Corporations are moving the thinking part of the job into the corporate process, and dumbing down, demeaning, and removing opportunities for excellence and mastery from the employee's realm. The book is a cultural rebuke to the field of knowledge management. Crawford suggests that the blue-collar, hands-on jobs considered "low" by today's culture may actually provide for more intellectual work that office jobs do.

Crawford encourages young people to go to college for an education, and to learn a craft for a livelihood. He points out that plumbers, electricians, and mechanics haven't faced outsourcing and overseas competition because the physical nature of their work and the fact that the worker must adapt to the specific situation at hand makes these fields incompatible with "knowledge management" and "process improvement" - he makes the point that when you want a deck on your house, you hire a local, not somebody in China.

He recognizes the complexity of modern life and sets a simple virtuous standard for interacting with the modern world - he calls for achieving "a mastery over your own stuff", being able to fix and maintain your own property and devices.

In my own experience, I take a small pleasure in repairing flat tires on my bicycle and then patching and re-using the tubes, not because it saves a bit of money and reduces waste, but because it permits me to interact with the thing-in-itself, it lets me work on my own "stuff", and it is clearly done either well or poorly.

I really enjoyed the way Crawford describes the increasingly lost concept of the journeyman, and teases out the tension between judgment and decision making on one hand and on slavish attention to rules and procedures on the other hand. He points out that although Rules may permit untrained inexperienced people to handle basic-to-normal situations, Judgment will develop journeymen who can adapt and resolve difficult-to-complex situations. This was a particularly pleasing part of the book, because the spectrum between judgment and rules is of great interest to me (I fall with Crawford in favor of Judgement).

Philosophically, he suggests a chosen life focused on the physical rather than the virtual or administrative, a work focused on livelihood rather than self-esteem, the development of judgement rather than rule-following, and a participation in the local rather than the global economy.

I found the book very similar to Robert Pirsig's Zen and the Art of Motorcycle Maintenance: An Inquiry into Values, but curiously the somewhat negative NYTimes book review specifically says that this is not Pirsig Part Two. Having read the book, I disagree with the NYTimes reviewer; I did not find that the book has "a chip on its shoulder", but rather found that it suggested an alternative approach to the admin 2.0 workplace, in a manner that continued Pirsig's line of thought.

This was an excellent book and I recommend it.