Jarrett House North

Psst! New blog!

Tim Jarrett

I don’t have all the lights on yet, but you can find me at my new WordPress blog. In a few weeks, this site will automatically redirect over there, but why wait?

What happened? And, going forward

Tim Jarrett

A few people were surprised last week when the part of my blog at discuss.jarretthousenorth.com went offline. Well, me too! I had a lot of concert commitments at the end of last week and didn't notice over the weekend when the site went down, nor when my site was replaced with a default Weblogger.com page. But obviously it’s back now.

So here’s what happened: the Manila server that powers my dynamic site (the part where I actually create the content and that serves my RSS feed) suffered a hardware failure. Fortunately, my blog host, the redoubtable Mr. Erin Clerico at Weblogger, had a full backup; it took the better part of the day to bring the backup online on a secondary Manila server, and then my blog took a little longer because of its size (hey, seven years of blog content isn’t a trivial amount of data).

The good news is that after this event, Erin is even more motivated than before to move his Manila sites to a platform that’s more stable and that is being actively maintained. So he’s officially announced his migration service for taking Manila to Wordpress. At the end of the process I’ll have all my blog content (except, unfortunately, the old comments; but those haven’t been accessible for two years now anyway) in a new, modern container that includes far more support for management and spam elimination. Sounds like a win-win to me.

Or, as I told Greg yesterday: I for one welcome our new open-source blogging solution overlords!

Reports of my blog's death slightly exaggerated.

Tim Jarrett

But just slightly. More details after I get out of this rehearsal.

Les Troyens: Early reviews in

Tim Jarrett

Boston Globe: Glimpses of Fire, Passion at Symphony Hall. As I mentioned last night, Dwayne Croft’s cold was in evidence, and Jeremy Eichler mentions it, and is negative about Marcello Giordano’s performance as well. But he gives thumbs up to Yvonne Naef and practically glows about the TFC, giving the longest review mention (a full paragraph!) that we’ve had from the Globe in recent memory:

The hero of last night's outing was the Tanglewood Festival Chorus, which sang, from the outset, with unflagging energy, commitment, and focus. The expansive contours and sheer tonal force required for the score's massive climaxes were all present, but so were the delicacy and transparency necessary to bring across passages such as the beautifully tender prayer sung by the Trojan women at the outset of the second tableau of Act II.

Oh, and thanks to the angle the photographer took for the article photo, you can clearly see me. Look directly above Clayton Brainerd (the second standing soloist from the right) and I’m two rows up, with my mouth wide, wide open. Hey, it was a big scene.

And regarding the “rough-edged” comments about the work: we have three more performances, and history tells us that each one will be better and better.

Wow, that was something: Les Troyens

Tim Jarrett

Opening night is past. Les Troyens, Part I is a magnificent beast, and it has already bloodied the cast—poor Dwayne Croft had a cold the likes of which I’ve never heard from someone singing a part like that. I think we all breathed a sigh of relief at the end of the duet. All the soloists were magnificent, but the prize has to go to Yvonne Naef, or as I called her in my Facebook status “Yvonne Fricking Naef” in homage to John Moltz’s Jennifer Fricking Connolly. Her Cassandra is vulnerable, fierce, and fey, and easily the strongest presence on stage. A close second would have to be our women: hats off to Fanw and other women of the chorus, whose second act number is one of the great heart-seizing moments in Berlioz (or in all women’s chorus literature, for that matter).

I’ve been overwhelmed with the rehearsals, but now I can’t wait to sing it again. Good thing we repeat Part I three more times!

The intersection of Barack and security

Tim Jarrett

Netcraft: Hacker redirects Barack Obama's site to hillaryclinton.com. Okay, folks, here's the thing: never trust any place where a user can enter text into your website and have it displayed back at you. Never trust any text that comes from a form field on your site. Because if you do, smart and devious people like Mox here can use your trust to do embarrassing things to your visitors.

On the (very) slightly mitigating side, the attack was not against the main Obama website but his community blog platform, and the vulnerability that was exploited has already been closed. But this type of vulnerability, Cross Site Scripting, is insidious unless you begin your web application with the assumption that all user input needs to be sanitized. And even then, it’s not enough to check your code; you need to check all the third party code that makes up your site.

It would be immodest of me to mention that my company’s service can do just such a check, without requiring you to build security expertise inhouse and for a modest fee.

Performing for the Pope

Tim Jarrett

My friends and colleagues in the Suspicious Cheese Lords have been busy lately. This weekend they sang for Pope Benedict XVI (Yes, seriously.) at the Pope John Paul II Cultural Center. The piece was a composition by George Cervantes, a setting of the Peace Prayer of St. Francis of Assisi, making the occasion that much cooler. Plus Skip was interviewed on CNN about the performance. And the video is prime Skip. Full video of the performance (starts at around 18:30). and other activities at the center is available through the EWTN Global Catholic Network site.

Way to go, guys. I expect to hear about your official appointment as choir in residence at the Sistine Chapel any day now. (But maybe not an appointment to be a CNN correspondent! Boy, they cut Skip off pretty fast in that interview!)

New mix: 2:42

Tim Jarrett

My 2:42 mix is now posted at Art of the Mix. I decided to keep to the format of the original, and only included twelve songs.

I noticed, looking at Isis’s version, that some of her track lengths were different from mine—for instance, her version of “That Teenage Feeling” by Neko Case is 2:42, whereas mine is 2:43. A second’s difference is surprising—maybe it’s just the difference between buying the track digitally and ripping it. Or maybe different media players round differently, who knows.

I haven’t had a chance to take up Greg’s challenge and make a 4:33 mix yet. Who knows what that would turn out like? Very quiet, I expect.

2:42

Tim Jarrett

Joshua Allen at The Morning News (via BoingBoing) writes about his deductive process of identifying the perfect pop song length, at two minutes and 42 seconds:

The scientists then dug up this song by a group that pretty much defines one-hit wonder: the La’s. The song is “There She Goes,” and is so flawless that it instantly made everything else the band did pointless. This ditty is two minutes and 42 seconds, and is all about songwriting economy....
What else is at 2:42? “Don’t Do Me Like That” by Tom Petty. “Divine Hammer” by the Breeders. “Helplessly Hoping” by Crosby, Stills & Nash. “Get Up” by R.E.M. “California Dreamin’” by the Mamas & the Papas. “This Charming Man” by the Smiths.
You need more proof? Jerk. Let’s look at Sgt. Pepper. “Lovely Rita” is two minutes, 42 seconds. It delivers that psychedelic vibe and a coda but then gets the hell out of your life.

Allen then lays down the challenge with a mixtape of twelve songs that clock in at exactly 2:42. Which sounds like a meme waiting to happen. Unfortunately my iTunes library is at home so I can’t try the experiment, but I’ll put it out there for the usual suspects. Can you top his mix?

Edit the Oklahoma Sex Offenders Registry!

Tim Jarrett

In what is shaping up to be a fine security trifecta (see yesterday’s post about an as-yet unpatched cross-site scripting vulnerability at CIA.gov), yesterday’s Daily WTF posting concerned a naked SQL Injection vulnerability on the Oklahoma Department of Corrections website. The vulnerability allowed anyone who cared to download lots of details from Oklahoma’s sex offender registry that shouldn’t have been accessible, including social security numbers (identity theft, anyone?), and also allowed access to other tables in the database, including information on corrections staff members. The page is now, mercifully, offline, though not before a commenter claimed that he was able to insert someone’s name into the database using a different SQL statement in the URL.

Little Bobby Tables at xkcd illustrates this type of vulnerability as well. Moral of the story: don’t trust user input!

Cross-site scripting, illustrated

Tim Jarrett

Wired ThreatLevel Blog: Look Ma, I'm on CIA.gov. Wired’s security blog reports a cross-site scripting vulnerability in the CIA’s web site and gives a convenient demo exploit. The exploit is benign enough, illustrating how JavaScript can be used to load an iframe on the CIA’s search results page containing arbitrary content. But the potential for mischief is significant. Imagine loading a phishing site this way. Or imagine this vulnerability on your bank’s home page.

Too often security vulnerabilities are abstract. This one, thanks to Wired, is pretty real. I’m surprised it’s still up, actually.

Fun with Berlioz

Tim Jarrett

We had an unusual rehearsal the other night. Instead of being in the chorus room in the bowels of Symphony Hall, we were on stage, and we had cameras on us. It was for the BSO’s podcast series, and the episode is now out: an interview with our fearless leader John Oliver, with shots of the Tanglewood Festival Chorus rehearsing the Berlioz Les Troyens and some footage from the recent Met staging of the opera. I think it gives good insight into both the piece and the chorus (as well as some amusing photos of John in the 1970s).

What’s that? You didn’t know the BSO had a podcast series? Well, that might be because the podcast link is ill-placed on the front page, is not autodiscoverable, and isn’t in the iTunes directory. Not to mention, the podcast URL has a session ID in it. Hey BSO webmaster—fix it, won’t you?

The danger of outsourcing...

Tim Jarrett

...your bookmarks. Del.icio.us is offline and my whole morning routine is off. Okay, so instead of tagging these two links I’ll post them to my blog instead.

First, for those new product managers out there, as well as those that have been the copy machine once too often, check out the free ebook from Pragmatic Marketing, The Strategic Role of Product Management. There’s nothing new here; in fact, it’s all stuff you’ve seen before, on Steve’s blog or in other Pragmatic publications. But it distills a bunch of lessons on why product management matters to a single document that makes a compelling story.

Okay, but once you get management buyin of the strategic importance of product management, how do you avoid getting bogged down in minutiae? How can you stay strategic? One answer comes courtesy of the Good Product Manager: Delegate tactical responsibilities. The methods to do so are simple even if you don’t have direct reports: transfer knowledge, teach to fish, and examine priorities constantly to ensure that the “urgent task” really needs doing.

We love it when our friends become successful

Tim Jarrett

In another of an intermittent series of posts about past acquaintances of mine who are now Doing Great Things, I happened to think the other day about Darius Van Arman. Darius and I went to the University of Virginia at around the same time, and primarily bumped into each other in the basement of Peabody Hall, where all the University publications were at that time. I was getting a poetry magazine called Rag & Bone off the ground; he was working on a music and creative magazine called 3.7. I publicly disclaimed some things the magazine did (spending lots of money on heavy cover stock, lookalike black covers, extremely goth fiction and illustration, heavy reliance on distorting type on a path in Quark—the latter was a Darius trademark) and privately admired the magazine’s confidence in its own aesthetic and their ability to get interviews with musicians and artists, a real differentiator between the magazine and anything else that was going on.

I bumped into Darius a little while after graduation. He was still living in Charlottesville but was working on starting a label, which he was going to call Jagjaguwar.

This week I decided to search for Jagjaguwar and see what I could find. What I found was: Jagjaguwar is the home of bands like Okkervil River, Black Mountain, Bon Iver, Wolf Parade side project Sunset Rubdown, and Ladyhawk. They’s got a good nationwide scope through a distribution deal with indie label Secretly Canadian. Heck, I’ve been listening to Jagjaguwar cuts on the KEXP podcasts for a year or more without knowing it. Darius has made it... well, not big, but he’s made something real without compromising his credibility. Heck, he even did an NPR interview with ex-Sleater Kinney guitarist Carrie Brownstein. Back in the Hook, that would have gone the other way around.

Veracode: Cool Vendor

Tim Jarrett

Quick pointers to a few awards Veracode has won recently:

It’s great for Veracode to get this kind of recognition. I’m really proud to work at a company that can make a difference to how companies address application security.

—Oops. Almost forgot to mention: Looks like I’ll be at the Gartner IT Security Summit in early June in Washington, DC. I’m looking forward to getting the long view on the industry. And from the speaker list, it looks like I might get a chance to get Bruce Sterling’s signature next to William Gibson’s on my copy of The Difference Engine.