Cephalapod Surprise Chowder

Chop four slices of bacon and start cooking them over medium heat.

Chop one small onion, three small carrots, two sticks of celery.

Add them to the cooking bacon, with the fat.

Let them cook until the onions start to go transparent.

Add a cup or two of beer.

Add 3 or 4 fingerling potatoes, cut into small bite sized pieces.

Add water to cover and let this simmer until the potatoes are soft.

Chop four or five small squid into half-inch square pieces. Tentacles can be left in larger pieces.

Put these in a pan with a few tablespoons of melted butter. Cook briefly until the squid firms. (Ten or fifteen seconds, thirty at most.)

Add the squid to the simmering potato mixture.

Add a cup or two of small scallops, and a cup of small shrimp.

Cook a roux, equal parts butter and flour until the flour is golden-brown.

Add it to the simmering mixture and whisk to combine, and remove the heat.

Add 3/4 cup of heavy cream, or 1 1/2 cups of half and half.

Let stand for a bit, and serve.

Season with salt and pepper, and add a quarter cup of chopped fresh dill.

Simmer until warmed through again. Don’t let the scallops overcook.

Let cool slightly

A simple primer on cryptographic primitives

A field guide

Or “don’t trust anything that screws these up even slightly.”

Key

A private, hard to guess piece of information, meaningless on its own, but used to secure other pieces of information.

Public Key / Private Key

Specifically, these are keys with certain properties: They come as a pair, they’re usually a couple prime numbers (which are mathematically hard to factor, which is where their security comes from)

Things encrypted with one key can be decrypted with the other and vice versa.

Hash

Using a cryptographic hash function (which is often based on an encryption function, but not always) takes an often big piece of information and turns it into a fixed length token that represents it, in a hard to fake way. Even small changes will make a cryptographically strong hash function change its output entirely.

Some example hash functions: MD5, SHA1, SHA256, SHA512

Signature

The result of using a key and a hash function together on a piece of information to give some proof that the information wasn’t forged. If the key and signing algorithm used are public/private paired keys, then the public key can verify that the information was signed by the private key.

Certificate

A signature on a public key, and usually some ID information. If the certificate was signed by a trusted party (trust is a complicated thing, though) then there’s usually some assurance that the information signed by the the private key that matches the certificate is from a known source. Of course, can you spot a forged ID?

HMAC

A way of hashing information with a key securely to form a signature that can’t be altered. Turns out that if you just start with the key and add data to the end of it, then hash that, an attacker can keep adding things and keep running the hash function from where it left off and the signature will look valid. HMAC mixes the key with the information being signed in a way that prevents this.

Salt

When you’re using a hash to make information hard to brute-force, you make sure that an attacker can’t just build a list of all the likely things and see if you have them by adding randomness to the thing you’re hashing. Now, since this changes the hash value, you have to include it in a way that the thing comparing the hash can do the same way, so a salted hash often looks like data + salt = $salt$HASH. Usually this is combined with a very slow, hard to do hash function, so you can’t just whip through all the possibilities on a fast computer in a day or two. Computers keep getting faster, though…

TL;DR

Key = random unguessable; Key + hash = signature, signature + keypair = certificate; Hash + salt = hard to crack hash + salt.

Quote: Design Philosophies of Developer Tools

One of the nice things about Git is how its internals are both exposed for the world to see and thoroughly documented. We can easily write scripts to automate common tasks or create different workflows. With a bit more effort, we could even write new tools that integrate with the Git suite. These tools can do things that Git’s authors never intended, as long as they follow the documented repository structure. Git isn’t so much a version control system as the means to construct one.

And</>

All of the Ruby development tools have independent release cycles, and they don’t seem to plan or coordinate with one another in advance of each release. Integration testing is left up to the users.

Design Philosophies of Developer Tools (via Digital Digressions by Stuart Sierra)

Some very good thoughts.

Gluten-free Crullers

Boil 1 cup of water

Add 2 sticks of butter and let it melt completely

Remove the mixture from heat.

 

Add 1 cup of Glutino all-purpose gluten-free flour. Another mix with some bean flour might have better texture at the expense of flavor.

Add 1/2 teaspoon Xanthan Gum

Add 1 tablespoon tapioca flour

 

Beat and add three eggs, one at a time, incorporating completely.

The dough will start out the texture of mashed potatoes, but eventually become a soft, pliable consistency between dough and batter. Work the batter hard until it’s completely smooth.

 

Heat oil for deep frying to 375 °F.

 

Fill a pastry bag with the dough, cut a 1/2" hole for the tip. Squeeze sticks or curls into the hot oil carefully. 

 

Fry until golden.

A great idea for SVG fonts

From this www-font posting by Adam Twardoch

INTRODUCTION

Obviously, SVG Fonts have some good and interesting concepts. One of

their advantages is that they can – at least in theory – freely

combine all aspects of SVG: multi-colored, multi-layered vector

graphics, and bitmaps.

However, SVG Fonts also have some serious drawbacks: while the glyph

definition using SVG is a great concept, all the other aspects of SVG

Fonts that make them work as a font, especially the character mapping,

access to alternate glyphs, and the layout behavior, are somewhat

under-defined and hard to implement. Therefore, it’s rather unlikely

that at any time, all OS and application vendors will agree on a good,

full implementation of SVG Fonts.

Therefore, I’d like to suggest a different path: place an SVG Font as a

table inside of an OpenType font*, and combine the power of both formats.

Batch extract audio from mp4 videos

for I in *.mp4; do ffmpeg -vn -acodec copy -i "$I" "$I.m4a"; done

Thoughts on a (maybe) sane build system.

I’ve been thinking about build systems a lot this week, thanks to V8’s terrible use of scons, its replacement, gyp, being a broken pile of steaming still, and everyone’s collective hatred of autoconf.

I think Guru (vaporware with a good idea) is onto something, though.

I think a lot of build systems are too process-focused, which is exactly the path that leads to platform dependence and the craziness that’s come before.

If each module declares what it should know about the process, that’s a start: main.c knows that it’s the entry point of a program. It can say so. foofuncs.c knows that it’s the implementation of the functions defined in foofuncs.h, but it doesn’t know whether it’s destined for a static or dynamic library, or even just #includeed into other code. It can declare the parts it knows about.

Then, there can be module-level declarations: “These things form a coherent library”, “These parts are required for feature frobnicate”, “this must be linked with library having function foo”

Then at the package level, one has to configure major options – are we installing in an application specific root, or a system-wide one? Are we building full-featured or light? Cover-your-ass static linking of everything for a build that works everywhere, or shared-everything to play nice with the specific system being installed.

What do you want a build system to do, and more, not do?

Oh, the unsuspected woes of server migration

Last night, I migrated The Internet Company’s servers from a Linux-VServer host to an OpenVZ host. It all went well, except one crazy detail.

The OpenVZ host runs on CentOS, and apparently its way of calling gettimeofday(2) doesn’t agree with PLD’s glibc’s way. Specifically, the 9th bit of the resulting time is wrong … some of the time.

` with kernel.vsyscall64=0: 2011-05-09 17:14:48 -0600 1304982888 1001101110010000111010101101000

with kernel.vsyscall64=1: 2011-05-09 17:19:56 -0600 1304983196 1001101110010000111011010011100

with kernel.vsyscall64=0: 2011-05-09 17:15:04 -0600 1304982904 1001101110010000111010101111000 `

Fixed!

So what happens is that you get errors like Dovecot complaining of things like this:

May 9 15:36:31 host dovecot: pop3: Fatal: Time just moved backwards by 290 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki2.dovecot.org/TimeMovedBackwards

since the mail server needs to know what time things arrived, and the date going backward is a sign that the clock is Not Reliable.

It also gives errors like this when things move forward again:

May 9 15:33:54 host dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) May 9 15:33:54 host dovecot: pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) May 9 15:33:54 host dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes)

So the solution? set kernel.vsyscall64=0. It fixes the mismatch between guest and host on OpenVZ, making the five-minute jump disappear. Just pop that line into /etc/sysctl.conf and then apply it with sysctl -p.

Using the Learning Puppet VM under VirtualBox

First, get the VM from PuppetLabs.

Unpack the .tar.bz2 file so you see the learn_puppet_centos.vmwarevm directory.

Start VirtualBox, and create a new VM. Set it for Redhat Linux, not 64-bit. 512mb RAM is fine.

Add the cent55_386_ks.vmdk or a dummy image as the hard drive.

Save the VM, but don’t start it yet.

Edit the settings for the VM, and remove the SATA controller, and add the disk image to the IDE Controller. The VM only supports the PIIX controller, so the AHCI SATA controller that VirtualBox 4 uses by default won’t work.

Boot! Enjoy! The login is root and the password is puppet.

On statistics

A friend asked me today what the standard deviation means of something that’s not normally distributed.

I had to answer “not terribly much”: an average, and a standard deviation, are good measures when things follow the normal distribution, where things cluster around a center point.

So what, then, is the right tool for his case, a long tail distribution? Most of his users last a certain number of months of service, and then each successive lengthening of the term has fewer and fewer users. I suggested percentiles or quartiles — show what that long tail looks like, and see where most of the users fall, where most is some interesting portion like 1/2 or 2/3.

All this comes down to estimating average lifetime revenues of customers of a business that isn’t all that old nor all that huge. It means the margins for error are larger, thanks to the relatively small populations.

At some point, I’ll have to revisit this post and add some graphs.

A great idea

From Patryk Zawadzki:

Here’s an idea for GNOME 3.x. Instead of showing a static wallpaper, start treating the wallpaper as an infinite plane. Basically instead of using a JPEG or PNG file as input, build a library that given a rectangle returns the image data (raster or even better vector) corresponding to the surface it covers. As monitors and workspaces come and go, the shell can expand and contract the background, calling the library as needed to build the missing parts.

Awesome! And parallax, multiple monitors. Great idea!

A great idea

From Patryk Zawadzki:

Here’s an idea for GNOME 3.x. Instead of showing a static wallpaper, start treating the wallpaper as an infinite plane. Basically instead of using a JPEG or PNG file as input, build a library that given a rectangle returns the image data (raster or even better vector) corresponding to the surface it covers. As monitors and workspaces come and go, the shell can expand and contract the background, calling the library as needed to build the missing parts.

Awesome! And parallax, multiple monitors. Great idea!

Mirrored from Aria's Blog.

Terms and conditions details are important

Today, a customer introduced me to a free(!) fax-to-email service, FaxBetter. Neat idea, looks like a solid implementation. I almost signed up for a free account to try. I didn’t. Here’s why: at the foot of their “Terms and Conditions” (A click-through contract: you do have to check a box saying you agree when you sign up. Legally binding: maybe.

NON-DISCLOSURE/NON-COMPETE AGREEMENT. The DepositDox Non-Disclosure/Non-Compete Agreement located at www.faxbetter.com/Legal/nda.aspx discloses our Non-Disclosure/Non-Compete policy. By signing up for DepositDox and/or by using DepositDox, you consent to the policy described herein as it changes from time to time. (link) Okay, that’s slightly scary, to have an updatable document included by reference. It gets worse. In the referenced document: IV. Prohibited Acts: User understands and agrees that, other than in the ordinary course of business, all Confidential Business Information is to be preserved and protected, is not to be disclosed or made available, directly or indirectly, to any third Persons, whether by private communication or by public address or publication, without prior written authorization of Board or Shareholders (or other authorized Officer) of the Company, and is not to be used, directly or indirectly, for any purpose unrelated to the business objectives of the Company without prior written authorization of the Board or Shareholders (or other authorized Officer) of the Company. Specifically, and without modifying or limiting this Agreement, User understands and agrees that, except in the ordinary course of conducting business for the Company, no Confidential Business Information, nor any part of it, either in original form or in duplicated or copied form, is to be (i) removed at any time from the premises of the Company, or (ii) disclosed or made available, verbally, by electronic transmission, or by any other form or manner of communication, to any Person for any reason or purpose whatsoever, without prior written authorization of the Company. Must defend a company because you used their free service. C. The Company and User agree that it may be difficult or not feasible to establish whether a former employee of the Company was working within the geographical areas served by the Company, was using the Company’s Confidential Business Information or was soliciting the Company’s Customers. Accordingly, for the protection of the Company’s interests, User agrees that, during his employment and for a period ending two (2) years from User’s last day of employment by the Company for any reason, he will not engage in any of the following acts, directly or indirectly, within the “Restricted Territory,” for himself or on behalf of a Conflicting Organization:

1. be employed by, join as a partner or member with, hire out as an independent contractor for, or associate in a business relationship with a Conflicting Organization or Person managing, employing, or contracting with a Conflicting Organization;

2. engage in a consulting practice with a Conflicting Organization;

3. acquire or maintain any financial interest in any Conflicting Organization unless specifically approved by Board; or

4. seek or accept employment, partnership, membership, or association with any Conflicting Organization or acquire a greater than five percent (5%) shareholder or equity interest in any Conflicting Organization unless specifically approved by Board. Can’t get hired by GoDaddy, eFax, or Google for two years afterward. I couldn’t even run my own eFax service.

No, thank you. FaxBetter is evil.

{placekitten}

{placekitten}.

Generate placeholder images for web page designs … yielding kittens!

Now someone just has to integrate this into Quark Xpress and get rid of the ugly old X.

1323

[22:43:01] Aria: Build systems are like printers. [22:43:10] Aria: They’re the interface between nice neat logical stuff and ugly reality. [22:43:26] Aria: And unfortunately, that predisposes us to think of them as being part of the nice neat logical stuff. [22:43:28] Aria: Which is NOT TRUE.