Apr 12 2020
software installation roulette - The practice of piping the output of a web browser or other HTTP tool directly through a system shell, usually as root to install something important. The danger is that you don't know if the shell script has anything nefarious in it (such as rm -rf / or the installation of a rootkit) and by the time you find out it's far too late.
For example: sudo bash -c "$(wget -q -O- https://totally.legit.example.com/install.sh)"
Feb 28 2020
90/10 rule - phenomenon - When 90% of all the stuff management tells you to deploy is monitoring and orchestration software. The remaining 10% is actual make-us-money software.
May 25 2019
Disclaimer: The content of this post does not reflect my current employer, or any of my clients at present. I've pulled details from my work history dating back about 20 years and stitched them into a more-or-less coherent narrative without being specific about any one company or client because, as unfashionable as it may be, I take my NDAs seriously. If you want to get into an IT genitalia measuring contest please close this tab, I don't care and have no interest.
Time was, back in the days of the home 8-bit computers, we were very limited in what we could do in more than one way. Without even a proper reset button or development tools other than the built-in BASIC interpreter if something went wrong there was really no way that you could debug it. If you happened to be hacking code in any serious way on the Commodore chances are you'd shelled out good money for a debugger or disassembler and had at least a couple of reference books nearby. If you were doing everything in BASIC then either you were growing your program a few lines at a time or using some code you got out of a magazine to do low level programming from inside of BASIC (an exercise fraught with frustration, let me tell you). Even then, if something went sideways it was difficult to figure out where you went wrong and fix it. The tools just weren't common at the time. All you could really do was turn off the machine, wait a few seconds, turn it back on, and give it another shot in the hope that the machine wouldn't lock up on you again.
Jun 03 2018
If you're plugged into the open source or business communities to any degree, you've probably heard buzz that Microsoft is considering buying Github, an online service with a history of having a toxic work environment due to pervasive sexual harassment but still remains the de facto core of collaboration of the open source community - source code hosting, ticket tracking, archival, release management, documentation, project webpage hosting, and generally learning how to use the Git version control system. At this point it's unclear if they're considering merely investing in the company (currently valued in the neighborhood of $5bus) or buying it outright, the way they did LinkedIn. Github is certainly an attractive property for Microsoft to consider: The service currently has something like 23 million user accounts and 1.5 million organizations. I don't think anybody's tried to count the lines of code that Github stores and serves copies of. It's been observed that Microsoft seems to be carrying out a strategy of controlling as many of the access points to the tech job market. Not only is Github a highly useful service for managing software projects, but if you're trying to get a job in a technical field having a Github account and a couple of repositories is practically a pre-requisite.
There's also the issue that at least some parts of Microsoft have no qualms against stealing things they think will be useful and filing the identifying features off (local mirror), and fuck the license. By this, I refer to Learna. But now I'm getting a little off-track.
As one might imagine, once word got around people began expressing their intention to bail on Github if the takeover went through. Not that there are no alternatives to Github which not only have many of the same features but are self-hosted, meaning that all you need to do is get an inexpensive virtual machine someplace, install the package, set up backups (you DO back your stuff up, right?), pull your stuff out of Github (easy to do because just about everything is a Git repository), and then push it all back up to your new server. This is possible because when you clone a Git repository, you get the entire history of the repo - every change ever made, from the very first gets copied to your workstation. This means that if you then do a `git push` to a new repository, you're effectively making a backup copy of the entire thing to that new remote. This also means that if there is even a single copy of a Git repository someplace, you can reconstitute the entire project. This is how I maintain multiple copies of my projects' source code repos simultaneously. Among these self-hosted alternatives to Github are Gitlab (which is a bit of a bear to maintain, I'm told), Gogs, Gitea, and even Keybase's Git support.
There is, however, another option that I'd like to talk about a little, which I think would be a good alterantive to Github. It's called Fossil.
May 20 2018
A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen. If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated. Good times.
You've probably wondered why stolen passwords are dangerous. There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services. Coupled with the fact that many online services use e-mail addresses as usernames, this means that all someone has to do is try to log into... well, everything.. with those stolen credentials and see which ones work. The second is that attackers now have lists of passwords that people actually use, and not huge dictionaries of potential passwords assembled for completeness. This means that password cracking attacks can be much more precisely targeted and will probably take less time.
There is no shortage of helpful suggestions for generating passwords that are relatively strong and easy to remember. The one that I find the most useful is the Diceware technique, which is fairly straightforward.
- Get a handful of six sided dice.
- Take a large dictionary of words where each word is numbered, and each number consists only of the digits 1 through 6, i.e., 41524
- Roll the dice. Find the word with the corresponding number in the dictionary.
- Do this until you have a long passphrase.
It's a bit tedious, though. Of course, people have written their own implementations of Diceware for various platforms and with varying states of usability. I use plain old diceware on Windbringer, mostly because it's available through the AUR but it lacks a few features that I really find useful. For one, to mix things up I like to sprinkle numbers over my generated passwords, like so: rerun-anteater-idly-00877-lining-paddling-8283
(No, I don't really use that passphrase anywhere. Come on.)
So, I decided to write my own Diceware utility in Python. I wrote it to be as self-contained as possible, which is to say as long as you have Python installed on a system it should run. The wordlist is built into the utility (which accounts for most of its size) and it's as easy to use as I can make it. I deliberately did not make some options I prefer defaults because I wanted it to be as helpful to people as possible. Per GNU standard, running ./diceware.py --help will print the online help. It's also open source so feel free to use it anywhere you like. I've tested it on Arch Linux and Mac OSX, and I don't see any reason why it wouldn't work on, say, Ubuntu or Raspbian.
Share and enjoy!
Mar 04 2018
So, you're probably wondering why I'm posting this, because it's a bit off of my usual fare. The reason is I think it would be useful to make available a fairly simple algorithm for implementing a general purpose dead man's switch in whatever language you want, which is to say a DMS that could conceivably do just about anything if it activated.
But what's a dead man's switch? Ultimately, it's a mechanism that has to be manually engaged at all times if you want something to happen, and if that switch turns off for some reason, something else happens (like a failsafe). A good example of this is the bar on the handle of a power lawnmower you have to hold down so it'll move while the engine's running. If you let go of the bar the engine keeps running but the lawnmower doesn't keep rolling forward. Another example can be found in locomotives; the conductor has to hold down a switch or lever so the engine will pull the train, and if that lever is ever let go (say the engineer has a heart attack or is otherwise incapacitated) the throttle closes and the train will grind to a halt. More along the lines of what I'll be talking about are the watchdogs found in industrial controllers and realtime operating systems. While running normally a software process inside the device flips a bit somehow - say, writing a 0 into a certain device node. If the underlying hardware ever finds that the bit didn't get flipped within a certain period of time it reacts somehow to fix things (for example, it might reboot in an attempt to un-stick the gizmo).
Nov 27 2017
A couple of weeks ago a new release of the Keybase software package came out, and this one included as one of its new features support for natively hosting Git repositories. This doesn't seem like it's very useful for most people, and it might really only be useful to coders, but it's a handy enough service that I think it's worth a quick tutorial. Prior to that feature release something in the structure of the Keybase filesystem made it unsuitable for storing anything but static copies of Git repositories (I don't know exactly waht), but they've now made Git a first class citizen.
I'm going to assume that you use the Git distributed version control system already, and you have at least one Git repository that you want to host on Keybase; for the purposes of this example I'm going to use my personal copy of the Exocortex Halo code repository on Github. I'm further going to assume that you know the basics of using Git (cloning repositories, committing changes, pulling and pushing changes). I'm also going to assume that you already have a Keybase account and a fairly up-to-date copy of the software installed. I am, however, going to talk a little bit about the idea of remotes in Git. My discussion will necessarily have some technical inaccuracies for the sake of usability if you're not an expert on the internals of Git.
Oct 12 2017
Originally published at Mondo 2000, 10 October 2017.
A common theme of science fiction in the transhumanist vein, and less commonly in applied (read: practical) transhumanist circles is the concept of having an exocortex either installed within oneself, or interfaced in some way with one's brain to augment one's intelligence. To paint a picture with a fairly broad brush, an exocortex was a system postulated by JCR Licklider in the research paper Man-Computer Symbiosis which would implement a new lobe of the human brain which was situated outside of the organism (though some components of it might be internal). An exocortex would be a symbiotic device that would provide additional cognitive capacity or new capabilities that the organism previously did not posses, such as:
- Identifying and executing cognitively intensive tasks (such as searching for and mining data for a project) on behalf of the organic brain, in effect freeing up CPU time for the wetware.
- Adding additional density to existing neuronal networks to more rapidly and efficiently process information. Thinking harder as well as faster.
- Providing databases of experiential knowledge (synthetic memories) for the being to "remember" and act upon. Skillsofts, basically.
- Adding additional "execution threads" to one's thinking processes. Cognitive multitasking.
- Modifying the parameters of one's consciousness, for example, modulating emotions to suppress anxiety and/or stimulate interest, stimulating a hyperfocus state to enhance concentration, or artificially inducing zen states of consciousness.
- Expanding short-term memory beyond baseline parameters. For example, mechanisms that translate short-term memory into long-term memory significantly more efficiently.
- Adding I/O interfaces to the organic brain to facilitate connection to external networks, processing devices, and other tools.
Dec 01 2016
Sometimes, very occasionally, when using the Lastpass plugin with Google Chrome, you may find that Lastpass will start acting wonky. Specifically, if you've had Chrome running for a couple of days, you will notice that Lastpass has logged you out, even if you're in an Incognito Window. When clicking on the browser plugin's icon, you will be able to log into it as usual; multifactor authentication will similiarly work as expected. If you wait a few seconds, the plugin's icon will go dark again. If you're quick and drop into "My Vault," you'll see that screen for a second or two before you get bounced out again. You won't be able to log into anything, and you'll eventually start cursing the day you decided to stop using a password manager like Keepass. You might do this a dozen or two times, scratching your head all the while.
To break out of this frustrating loop, clear your browser cache (Chrome menu icon -> History -> History -> Clear Browsing Data, check Browsing history and Download history, uncheck everything else -> Clear browsing data), fully terminate Chrome (don't just close all of your windows), and start it up again. That should fix the problem.
May 26 2016
I'd beg the forgiveness of my readers for not posting since early this month, but chances are you've been just as busy as I've been in the past few weeks. Life, work, et cetera, cetera. So, let's get to it.
As I've mentioned once or twice I've been slowly getting an abscessed molar cleaned out and repaired for the past couple of months. It's been slow going, in part because infections require time for the body to fight them off (assisted by antibiotics or not) and, depending on how deep the infection runs it can take a while. Now I can concentrate on getting the molar in front of it, which has long been a thorn in my side, er mouth, worked on. Between being in close proximity to a rather nasty infection and the general stresses applied to molars during everyday life the seal on the crown broke at some point, leaving it somewhat loose and making squishing sounds when I chew. I don't know the extent of the involvement, but from coming home from work wiped out just about every night I'm starting to suspect that something nasty is going on in there also; it's a pattern that I've come to recognize over the years as suggestive of an immune response. There's a good chance that this particular pain-in-the-ass is going to need major repairs and, given how little of the original tooth is left (I lost count of the number of surgeries and root canals performed on it a couple of years ago) I'm pretty much resigned to losing the tooth entirely. I'll probably wind up getting an implant in its place if it does get pulled for the sole reason that it'l prevent the rest of the teeth in my mandible from slowly drifting to the fill in the space. Of course, if I do get an implant I'll try to stick a magnet to it and if it works I'll post the pictures.