If I can lose 17 lbs in 3 months, so can you!
Now that I’ve lost 17 lbs in 12 weeks, I get a lot of questions about how I did it. The answers are pretty simple, but one rises above all others… burn more calories than you take in. But if it was that easy, we would all do it right? Here are some notes on what worked for me. It assumes you go to the gym, work out already or want to work out… of course your poundage may vary.
Do some type of weightlifting for your workout…
Keep it light to start. One of my problems when I first started back to the gym at Lifetime Fitness was my tendency to overdo it. I worked out too hard with too much weight. I could never get into a rhythm because I would be too sore to exercise for 5 days. Trust me on this, when I started out with a personal trainer at Lifetime, I didn’t use any free weights over 12.5 lbs and no cable setting higher than about 22-25, depending on what I am doing.
Avoid using exercise machines that force you into one motion. Why? Because they don’t force you to use all your stabilizing muscles. Work your way up from 2 sets to 3 sets in about a month. A set can be between 15 and 25 reps depending on what you are doing. Mix it up and don’t do the same exercise each workout. Do work a variety of muscle groups, sometimes called total body, if you have time. If you don’t have time, do legs one day, arms the next, etc. Try to do a little core every time… just crunches and maybe leg lifts, no full sit ups to start because you could hurt yourself. Start on a floor pad of some type for the first few weeks. Then try movements on a Dynadisc, BOSU, and Exerball in that order. By progressing this way, you keep the motion and reps the same, but it gets harder by the nature of the position you are putting your body in. If you get sore or stiff, do some foam rolling.
Do some type of cardiovascular exercise…
Cardio is essential so your other work outs go well. Good cardio allows for faster recovery and will allow you to do more with your workout. For cardio, if your knees are bothering you, an elliptical machine or bike is best. Go slow and increase resistance if needed. You don’t want to be “out of control” on the elliptical because you can hurt your knee more. Focus on the heart rate. One trick is to get a telemetry strap to track your heart rate that is compatible with your gym equipment. You don’t need the watch, but it is more accurate because gyms don’t calibrate very often. I use a Polar RS400. Grabbing the heart rate handles is a pain and interrupts the flow of the work out. Once you have really strengthened your knees, you can try the treadmill and work your way to jogging. Certain cardio zones are good for burning fat, others for “power and endurance”. Many of us, including me, need the previous more…we aren’t training for the NFL, so weight loss is key, at least for the first 6 months to 1 year. Keep your heart rate in the fat burning zone… overtraining is bad because your body will shut down… consistency is best.
Eat something!
Oh yeah, eat breakfast and jump start the metabolism. If you don’t eat breakfast, you are literally starving yourself and your body will start storing fat as much as possible. Also, do snack… as your metabolism goes up, you will need to keep feeding it to keep it burning fat throughout the day.
Here is what I’ve been eating as my “extra” meals in the day and for breakfast:
Champion Protein Powder -You’ll need a protein shaker. You can mix with water or skim milk, but water plus the chocolate version tastes fine to me.
Myoplex Lite – This is a good meal replacement drink for right after the workout. I like both the vanilla and chocolate, some may like the strawberry, but it is hard to find.
Kashi Bars – I like the trail mix variant, some of the others just taste bad to me.
Yo Plus Yogurt (by Yoplait) – This is my favorite, but any will do. I like the Blackberry, Blueberry, Vanilla, and Strawberry in that order.
Bananas – These are easy and filling, if you don’t like bananas, try a hot cereal (whole grain) or other fruit. Dole tastes best to me, but it is hard to find good bananas around me because they are shipped green.
Basically, you don’t want to feel weak or hungry during the workout. I work out in the morning, so it is especially important for me to eat breakfast.
Portion Control and Cooking at Home…
Don’t eat everything on your plate, especially if you go out. Order light or eat only part of what is on the plate. Also, try to cook at home so you have control over what is on the table. We do this, and not only is it more affordable, it also helps keep calorie intake down. We usually avoid starch, but we do rice, pasta and potatoes from time to time. Actually, sweet potatoes are easy… boil them, peel and put in a blender or get a potato ricer to make it smoother. Also, we can buy good food for less than fast food. One night we had Panko breaded chicken tenders and baby asparagus and a little wine. Sometimes we eat fruit for dessert or a scoop of ice cream or something like that. Yes, I said ice cream. I grilled a steak one night while my wife cooked up a vegetable. We aren’t the greatest cooks, but for the week we pick what is EASY and HEALTHY.
Whether my wife or I are cooking, we don’t feel like spending more than 20 minutes in the kitchen after work. We meal plan, so there are no surprises (unless something doesn’t work). For example, I popped in a pork loin my wife prepared the day before. It was a new recipe and it was terrible (we have two other pork loin recipes that are great). So we defaulted to the next meal for the week that was easiest to prepare. In a pinch we will order pizza, but only eat a slice or two and save the rest for lunch. We also try to cook meals that we can “brown bag” the next day.
If you make food that travels well, you’ll save money and have something better than fast food for lunch the next day.
I hope these ideas help you reduce your calorie intake, burn more calories and lose weight like me. If you have questions, let me know.
Mind the Gap – Mobile Devices and the Web
I built my first web site in 1994 while an undergraduate. I used the pico editor which of course required building everything using text and that most revered of markup languages, HTML. I probably chose pico because it was like pine, my e-mail tool. Of course, there was no WYSIWYG, which is not always a bad thing. After many hours of work and looking at HTML for the first time, I launched my first web site.
It was horrible.
It wasn’t just sort of bad either. The category of “abysmal” comes to mind, but only if there were actually enough public web sites to actually form categories back then. There weren’t. Actually, all the sites back then were as horrible as only the early-90’s era web could be. They were meant to run on NCSA’s Mosaic and share basic information (usually a photo, my university e-mail and research links). Of course it didn’t really matter as they were being rendered on ancient university computers the processing power of which we marvelled at because they could also run MATLAB, do word processing and possibly draw some black and white images (not at the same time of course).
It wasn’t just the computers, it was the network. The pages were being sent over fairly slow university networks, possibly via my SLIP connection or, *GASP*, AOL or Prodigy, and a speedy 28.8 or 36.6 modem… maybe faster if money was no object and you got lucky. Animated gifs (remember those?) loaded slowly… but once they did we could all get a good chuckle about the animated dog running back and forth at the bottom of the page or the dance of numerous small fuzzy rodents filling the screen.
The bad news is that there were limits, the good news is that there were limits. That isn’t a typo. Limitations and constraints make us think about what we’re doing. It forces trade-offs and, possibly, leads us to a more rigorous thought process where we are forced to make choices. Fast forward 15 years and the world of the web has less limits. We now face a gap that is forming between what designers and developers can do and the systems users use to access those web systems.
For a (hopefully) brief moment in our history, we are being thrown backwards as the mobile web becomes more important and the capability gap of mobile devices vs. their desktop/laptop brethren are painfully obvious. Once again economy of design and speed are important. The first mobile phone call was made by Martin Cooper at Motorola in 1973. He first called a competitor at Bell Labs, presumably to gloat, much like associates who acquired first generation iPhones in 2007. Now we have mobile web browsers on devices such as Blackberries and iPhones and a growing dependence on mobile technology. Mobile subscriptions worldwide have far exceeded those of fixed lines. Some estimates put those mobile subscriptions at 4x more than landlines, while also growing at a faster rate than landlines.
Unfortunately, many designers and developers are simply trying to make web sites that have the most flash, features, buttons and advertisements in an attempt to monetize their content, create traffic to their web site, generate leads or meet some other business goal. Many of the aspects of these sites can not be utilized by mobile web browsers.
Sure, maybe the iPhone users can view your “awesome” flash-based web site, with some work, but everyone in the world doesn’t use iPhones. Designing just for the iPhone is the equivalent of designing for a particular browser, instead of testing for cross-browser compatibility. Notably, in the United States, iPhone users are stuck on AT&T’s 3G network which is abysmal and unpredictable… faster than dial-up in 1994, yes, but only when it works. Apparently this is helped by praying for forgiveness to Steve Jobs nightly for that old PC you still use from time to time.
Also, many phones don’t have the horsepower or compatibility to look at your flash-based web site. As a matter of fact, maybe you didn’t know, Mr. and Mrs. Designer, your site actually crashes some browsers on regular desktop computers. The fact that it locks up many of our mobile web browsers should be obvious.
It is time once again to reconsider what good web design is and consider anew how to best approach building or repurposing web sites for mobile. Some of the lessons of the “old days” of the web can still be instructive as we wait for mobile devices to catch up to the modern web. Content is still king (well, services too) and economy of design, AKA “less is more”, is still the best philosophy. If the web is about content and applications to utilize that content then the central system to your mobile strategy should be a Content Management System (CMS). I am continually amazed at how many international companies do not have a CMS. They have plenty of content, but they horde it, serve it up in a single language, don’t repurpose it for the web and generally have poor work flows for updating the content.
These are well known problems a CMS can help solve, along with a group of people in the organization committed to change. Multi-platform content distribution applies to mobile devices as well, no surprise. Mobile devices are almost a language unto themselves, they require that we translate our sites so that they can understand, often with WAP or WML, but most importantly with the way we produce and distribute content and services. This would be tedious to do by hand, but with a CMS it becomes much easier and will help bridge the gap between mobile devices and the latest web content and applications.
Virtual Meeting Alternatives
As you know, many alternatives to popular and expensive software abound. Star Office can basically replace Microsoft Office. SugarCRM can substitute for SalesForce.com. And so on. If you’re really interested in Free and Open Source Software (FOSS), try sourceforge if you’re brave and osalt if you know what commercial software you are trying to replace.
While WebEx is a strong webinar platform, it is expensive and often overkill for small businesses. There are alternatives that are good and pretty lightweight such as GoToMeeting which has been my “paid” solution of choice. However, in the realm of the “free”, there are also options which work, particularly if you only need a small meeting (<20).
One of my more recent favorites is Yugma. Yugma is free for up to 20 attendees. There is limited functionality, but the basics are there. There is also a real nice integration with Skype in the Yugma SE (Skype Edition). It also works across platforms. However, there are some drawbacks, not the least of which is an enormous client to download. Those without the highest speed connections or the latest hardware may find it onerous.
With that said, I began looking for alternatives to Yugma.
I looked at Microsoft Shared View for about a minute. Everyone needs a Windows LiveID… next! Also, it doesn’t play well across platforms… next again.
I ran across a nice solution called DimDim. They also have a 20 person limit on the free edition, but some paid editions start as low as $99. There is nothing to download, even for audio/video, and you only need a plug-in if you are screen sharing.
The DimDim platform also reminds me of something we use at GSU for online classes called Elluminate. Elluminate has gotten better over the years, but is still clunky and is too feature laden, hiding many of the critical functions many menus deep. DimDim even has a virtual classroom platform.
Of course, I would be remiss to not mention Zoho Meeting which is looking nice as well.
Let me know if I missed any!
Go Green Expo Coming to Atlanta
The Go Green Expo is coming to Atlanta this weekend. Check it out here:
http://gogreenexpo.com/events/index.php?evid=6
A few exhibitors interested me when I scanned the list so I wanted to post them here:
Building
http://dixiehomecrafters.com/home.html
http://thehootsgroup.com/
Consumer Products
http://www.kleankanteen.com/
Lighting
http://ledoptics.com/
Solar
http://gettingyourhomegreen.com/
http://radiancesolar.com/
Rain Capture
http://www.rainbankusa.com/
http://rainwaterpillow.com/
Displays/Trade Show
http://www.gogreendisplays.com/
Multi-criteria Project Selection Model
You probably use multi-criteria project selection every day, but you probably don’t call it that on the consumer side of your life. Whenever you make a purchasing or investment decision you are using some variant of the tool. Whether you are purchasing a new TV or deciding which route to take to work, you are thinking about many variables which inform your decision. You break the decision into categories and then might have specific criteria under those categories. Then you compare and score and make a decision. By the way, making a decision not to purchase or proceed is also a decision. All of these actions tend to be intuitive for many and everyone approaches it differently and may emphasize certain criteria more than others.
This happens in business too, but the hope is that the selection process is rigorous and justifiable. One mechanism to help with this is a multi-criteria model. The multi-criteria model I use below is adapted from Information Systems Project Management: A Process and Team Approach by Mark Fuller, Joe Valacich, and Joey George. This multi-criteria analysis can be used to weigh project alternatives and provide a mathematical model for selection of projects or products. The number of requirements and constraints is not important, but it is important to keep the decision factors narrowed to those the organization views as most important.
Rules:
- The total weight for requirements and constraints should equal 100.
- You may bias the model toward one or another of the items, but for in general start by balancing the requirements and constraints with an equal weight at 50 points total.
- The authors of the textbook use a 1,2,3,4,5 scoring model. I prefer a 1,3,9 scoring model because it forces tough decisions and creates separation in the model.
- The individual weights assigned to individual requirements and constraints are a matter of negotiation among the project selection team. In this model, larger numbers indicate the project is better along that line item.
- The scoring and summary columns are calculated fields and should not be modified.
Example:
The organization has determined that X system is needed. We have been asked to evaluate three platforms using the organization’s multi-criteria analysis. Step 1, requirements and constraints have been set based on negotiation and review of the organization’s needs. Step 2, weights for the criteria are applied based on negotiated values. Step 3, alternatives are selected from a “consideration set” and ratings are applied, giving us a final total. The larger number wins.
- Step 1: Multi-Criteria Analysis
- Step 2: Multi-Criteria Analysis
Step 3: Multi-Criteria Analysis
Note: This example is not prescriptive… criteria, weights and ratings are unique to each selection process, as well as each organization.
Using VRIO analysis for IT Project Selection
The fact that information technology departments are swamped by requests for services on a daily basis is well known. Many of these requests are for projects. These requests are often not put through a filter to determine the relative value of one project over the next. The larger your projects, the more time and effort should be put into the selection of the projects. Oftentimes the tool sets for selection are lacking. Some organizations use SWOT analysis to select projects or an SCP model. There may also be a generic multi-criteria model utilized. I will talk about product selection using such a model in a later post. One analysis that is oftentimes overlooked is VRIO (aka “VIRO” for easier pronunciation). All of the previous serve as good starting points for filtering projects. However, VRIO can assist further. VRIO stands for the following:
Valuable – Is the project valuable to the organization? Can the value be quantified in any way? For example, you might identify projects tied to the balanced scorecard metrics, or they may be tied to a particular department or sales region success metric. If the project helps move that metric in a positive manner it is valuable. This may also be tied to process improvement and/or automation. Of course, to determine this value, the organization has to know which metrics are important and has to be able to measure them with some level of accuracy. If your company has the ability to do this, then definitely focus on aligning your IT projects with improving those metrics!
Rare – Rarity has to do with whether or not the competition has a similar resource. Rarity might be tied (probably briefly) to a unique software or technology stack, particular experts within the organization, contractual arrangements with suppliers, etc. In the context of project selection, is it something everyone else is doing or has done, or will this lead to an outcome that provides a unique capability.
Imitable (or “Inimitable” depending on context) – This deals with resources that are difficult or impossible to imitate or substitute. A concept known as “path dependence” sometimes plays a role here because even a direct duplicate of processes and resources may not produce similar effects across companies. This is the most difficult in IT project selection because almost any IT technology stack can be reproduced by a competitor. Installing the latest OS or the most popular DMS does not make you competitive. It may be a baseline for competition, but it is easily imitable. Full systems, people, processes, software, hardware and data, are harder to copy completely. For this case, it might be helpful to attach a time component. For example, can it be imitable within a year or two? If not, then by all practical assessments, it is inimitable because of the technology product lifecycles and the unique processes and people put in place during the development of the system.
Organization Ready – Is the organization ready to capitalize on the project? Projects can be suggested for a variety of reasons, but the organization has to be ready to grasp the opportunity if it meets the three previous requirements.
So, for the purpose of IT project selection, consider filtering projects first by whether they are valuable and rare, then by whether they are inimitable within the context of the time horizon selected. If the answer to these three is yes, it is obvious the organization should be ready to sign off on such a project.
Why shouldn’t I store SSNs in databases?
I get this question a lot more than I would expect. There are still many misconceptions from clients, students and even developers about what is ok and what is not when storing sensitive data in web applications. This is particularly problematic for small and medium sized businesses that may not have the resources or expertise to put the appropriate security mechanisms in place. This is especially true in a business where capturing SSNs are a necessary part of doing business.
Almost all of us have personally identifiable information stored in a database somewhere on the Internet. Quite commonly this information is stored in the public view in the form of social networking sites like Facebook or Twitter. However, the real litmus test of data sensitivity for consumers is whether or not the information may be used to compromise the user’s identity. There are certain security standards in place to help with this such as HIPAA or PCI.
Your web host is PCI compliant. You’re using Zen Cart, osCommerce, or a COTS e-commerce solution. Your database is mySQL and you have SSL running to protect the transport. By all practical measures your e-commerce environment is secure.
However, if a compromise should occur no one can steal your customer’s identity by simply finding out their name and address. Anyone can find that easily via the white pages, Google or any number of other mechanisms. To steal my identity, the attacker would also have to also know something unique about me. In fact, they may need multiple unique pieces of information to effectively steal my identity (my billing history, my SSN, mother’s maiden name, etc.). Anyone can get names and addresses from any list provider.
Credit reports with billing information can be had. The brokering, and compromise, of SSNs has been around for a while… maybe you’ve heard of the ChoicePoint debacle?
The latter is the worst, because if a database is compromised, and SSNs get out in the open, they are very difficult to change. If a piece of data, like a credit card, is compromised then the problem can be contained. Simply change the number, reverse the charges and open a criminal investigation. If an SSN is compromised, it cannot be changed easily and may be utilized until the criminal is caught. The criminal may also sell this data to others.
The risk to any company collecting data is enormous, but even more so when collecting SSN data. The question of how to shift this risk is answered by the process used for collection and whether or not the data is stored. There are ways to protect the SSN using well known techniques like AES encryption. These are built into some databases or can be coded fairly easily.
Unfortunately to decrypt the data, to view the clear text after initial encryption, requires a developer to use encryption methods which allow for the data to be decrypted. This mechanism can also be attacked by compromising a password for the administrative interface where the SSN is viewed. If an authorized human can view it, a hacker could view it also.
For something with a well known pattern, like an SSN, it is also possible to do a brute force or dictionary attack to compromise the SSN if the encryption algorithm is known or can be guessed.
Let’s say a hacker, we’ll call him Bob, compromises your database and gains access. However, you have encrypted the data using a built-in algorithm. Good for you, the clear text identifying data is not in the open… yet. However, Bob knows there are a few limited mechanisms used for encryption (AES for example). Bob also knows there are a limited number of numeric combinations for SSNs. So, Bob can write a program to run through all possibilities, encrypt them with various algorithms, and then match the encrypted string in your database. By matching these, Bob knows what the SSN is because he knows the starting clear text. Because the information is stored in the same DB Bob also has matching names and address data. Obviously, if it is stored in clear text, Bob has a much easier time.
So, how do we defeat Bob the hacker? Here are some suggestions and more are welcome:
- Use an API from a credit reporting agency. This shifts the risks to the credit reporting agency because the SSNs are never stored. You can still do a credit check based on information entered by the user.
- Add “salt” to the original SSN string if you are storing an encrypted version. This can be done at time of encryption and means the dictionary attack won’t work in a feasible amount of time with a strong salt value.
- Set up a separate encrypted database for SSNs. This keeps the data separate from your main e-commerce system and allows additional security measures to be put in place.
The good news is that hackers don’t often waste their time on small and medium sized companies, unless they are small to medium sized hackers. The prize is simply not big enough. Unfortunately, automated scripts can help hackers find vulnerabilities to exploit, which includes your web site. Follow some of the suggestions above and you can feel more comfortable conducting business online where SSNs are required as part of the transaction.
Migrating all web assets to Wordpress
It has been a while since I have posted, mainly because life got busy right around our trip to Singapore and they haven’t let up since. Now that I have a little break, I just wanted to post as a promise and/or reminder that I’m migrating all my web assets from my other domains to this site. Soon, all relevant domains will be pointed here and I will utilize the Wordpress platform to manage my content. Also, this will be where I post topics of interest based on my consulting and teaching activities, including whitepapers, case studies and more. So I look forward to filling it up with good, useful content as well as general updates about me and the family, as well as my various hobbies and ideas. So, stay tuned. The first order of the day is to transfer some domains and possibly backfill some of the months where there are no content 
Why have a personal kaizen event?
For those you know me, you know I have many interests. My educational and personal background indicates this, and as a result I generally try to garner knowledge from various disciplines to inform aspects of my life. In short, I try to take lessons learned and improve.
Over the last few years I began feeling a little burned out. A combination of gaining yet another advanced degree, trying to grow a business and raising a toddler with my wife proved to be quite challenging. I’m sure many others are in a similar position and I began thinking… why am I burned out at age 35? Why are so many others? Isn’t that about 5-10 years before I should be having a mid-life crisis? So, I started thinking how to break through and recharge.
After working at a local Atlanta interactive agency for the last four months and getting a project pointed in the right direction, I decided it was time for my own personal kaizen event. Kaizen is a concept usually associated with Six Sigma and relates to slow, continuous improvement. Kaizen events usually involve rapid improvement in a very specific area or process and can be quite disruptive.
I realized that between mind, body and soul, I have spent the most time in my adult life on the mind and soul. This has been a positive, but with my family’s gene pool on display it also means that one important and impactful part of my life has been largely ignored. So, instead of getting another degree, or starting a business, or doing anything, I’m taking a moment to relax my mind and exercise more. I’ll write a lot about this and the challenges I face along the way.
The first step is for me to create an actual workout spreadsheet with reasonable expectations that I can follow, as well as a weight chart. I’ll share this once I put it together.