May. 10th, 2011 10:38 pm
handslive: (Default)
Fireplace! by HandsLive
Fireplace!, a photo by HandsLive on Flickr.

A bunch of tiling is done. Some backsplashes are done. Some lighting is starting to be installed. But, most importantly, the fireplace is bricked. :-)

handslive: (Default)
Plywood ceiling by HandsLive
Plywood ceiling, a photo by HandsLive on Flickr.

Things are proceeding quickly as we get down to the final bits of work. The ceiling (as you can see) is almost done. More things are being completed all the time.

handslive: (Default)

View from the hallway
Originally uploaded by HandsLive
Drywalling is finished, more or less, and painting and finishing has started. So, it must be time to post more pictures.
handslive: (Default)

West exterior
Originally uploaded by HandsLive
So, the drywall is coming along on the second floor and, to my surprise, the siding has also started. The colour is everything I'd hoped for.
handslive: (Default)
This is a problem I've been thinking about a lot.  I have a significant list of passwords, PINs, passphrases, and bits of profile information for the sites and applications they get used on.  My partner (or at least my estate) should have access to the most up to date version of this information.  It gets changed regularly and this means a safe deposit box isn't really the best choice.  What I need is a kind of digital escrow service that I don't have to hand my keys over to.

Thinking about how to do this )
handslive: (Default)

Originally uploaded by HandsLive
Did a walk-through with the electrician yesterday. This was also the first time I'd been up there when it wasn't raining or overcast, and the first time [ profile] purplejavatroll had been up there at all.
handslive: (hiking)

Blue Dragonfly
Originally uploaded by HandsLive
[ profile] purplejavatroll , [ profile] mouseman , and I went on a hike at Blackfoot Provincial Recreation Area out near Cooking Lake today. A whole bunch of photos posted as a result.

If you look closely at my Flickr feed, there are also pictures of the house and some random shots I somehow hadn't gotten around to posting previously.

The Blackfoot Rec Area shots are here.


Jun. 30th, 2010 08:14 am
handslive: (coding)
I sucked at statistics when I took the required courses at university.  But I also developed an appreciation for the kind of bent thinking statisticians have to do sometimes when looking at the data they analyze.  Yesterday I saw a remarkably fun example, which I probably wouldn't have posted about frankly, that's related to an older problem first proposed by Martin Gardner called the Two Children Problem.  There's an excellent article about it here (warning: contains a light coating of math and fun thinking about sampling biases).

The reason I'm posting at all is because /. then had a link to a fantastic report on Daily Kos about rigged poll results and how the company they had contracted for polling services was defrauding them.  That one contains scads of statistical analysis.  It's also fascinating to me because tests for randomness are fascinating to me (and seeing human biases creep in because of our assumptions about randomness is even cooler).  It's good reading just to see what bad data looks like and how even simple tests (the first test is so simple you could teach it to junior high school students, I think) can make you skeptical.
handslive: (Default)

Front door
Originally uploaded by HandsLive
The big news this week is that the builder has made a lot of progress on the roof. The house looks more like a house as a result.

Livingroom and front door
Livingroom and front door
Originally uploaded by HandsLive
I also stepped inside and took a few shots. This gives you an idea what the living room would be like.

There's some others on Flickr.
handslive: (hiking)
On Monday, some of us went out to Clifford E Lee again.  There are photos here.

Also, more work has been done on the house.  There's some of a second story there now.

More house

Apr. 26th, 2010 03:45 pm
handslive: (Default)

From the front
Originally uploaded by HandsLive
We stopped by to checkout the stump grinding that was done a week and a half ago (and it looks good). More of the shell is up now, although it's not ready to be poured yet.

We interrupted a coffee break that two of the guys were having (it was around 3:30pm). They told us they've never had so many people stop by to ask questions about a house before this one. Apparently, the stack of maple (before we put most of it away anyway) was also a source of some questions, which is no surprise.

Today was spent talking to the two window & door suppliers the builder got quotes from.
handslive: (coding)
Way back when, I posted this screed on passwords.  In there I said:

In cryptography, the strength of a key is generally considered on the basis of how many operations an attacker would have to perform in order to break it.  My thinking is that password strength should be considered the same way.

But, frankly, I didn't do a good job of backing this statement up.  All you might say is that I didn't like traditional statements about "entropy" because it relates to natural language phrases, which is in part where the NSA's model comes from for cryptanalysis.  Passwords are not simply part of the collective space of language after all.  They have unique characteristics based on context that shape the likelihood of the user's password, its guessability.

I had the chance last week to read the article pointed to by this Bruce Schneier blog post.  He links to another blog post by one of the authors.  The author includes a link to the paper as a PDF.  If you're just that lazy, I've saved you a couple of steps.  Their study is based around security questions (a popular topic here at work) and there's some tasty bits in there.  They pretty much nail the "strength" question with the comment that the attacker only needs the 3 most popular answers.  They don't mention that the attacker also needs the usernames, which is worth mentioning, but somewhat to the side.

In any case, they have their own model for calculating entropy based on "guessability" assuming you have a data set to perform the stats against.  This gives a good measure to compare against.  A part of me wonders if we can reasonably use two big password file disclosures I can think of (a MySpace phishing leak from 2006 and the RockYou password database breach) as a basis for measurement.  RockYou is probably the more statistically significant leak, but folks have done analysis on both incidents.

The paper that Schneier linked to also references work that's been done to tune credential choices by using an entropy measure to pass or fail what the user enters.  Many sites now have strength meters for password entry, which are usually either checklists of attributes your password has or, in some cases, a zero sum game of good points and bad points.  This idea takes that to its game theory conclusion by suggesting that you could measure the statistical likelihood of the password against a set and agree that no attacker will try that one except in brute force cases.  The question is where does the set come from?

As a security practice, no one I know is building a database of the passwords people put in to their systems.  In fact, we're trying to make it hard to even know what the answer is you gave for the silly security question in your profile.  But without full knowledge of the set, how do we tune our statistics in order to provide useful feedback?  This is doubly interesting to me because John the Ripper uses a small packed database to generate brute force guesses and this is supposedly based on a statistical model of likely character combinations.  I don't know exactly what the developer for John used as his basis.  The documentation just says "based on my experience cracking passwords".  On the one hand, this means the attacker is doing his own research.  On the other, it would be nice to tune things for locale and user audience.

In spite of how good the research was on this, I wonder if it will affect how online systems manage passwords or how password-based systems are designed.
handslive: (coding)
[Posting from the conference]

For the umpteenth time, I've heard someone talk about the ease of switching to a different telecom provider if your current one went down or, worse, out of business.  Maybe this is a regional thing, but it makes me wonder what they're smoking.  I think a lot of these people have no idea to what degree core facilities and infrastructure are shared by more than one vendor, but usually operated by only one or two of them.  There are places in this country where this is even more the case.  Think northern BC or the Yukon.

Recent stories about businesses impacted by an FBI investigation into fraudulent use of VoIP services should come to mind.  Yes, you can switch to a different data centre if your current data centre goes away.  Can you afford it when your core functions are gone?  It turns out, mostly you can't.

The IT blogosphere thinks of the cloud as some ubiquitous computing platform, but it's not.  It's highly distributed in the sense that you and your services are not in the same place (I don't think I live anywhere near a Google data centre for example), but it's not ubiquitous.  The network may be ubiquitous, but even that's highly variable.  I do not have good network access at my parents' farm, for example.  Not on the cellular network and not on land line networks.

5 subjects

Apr. 1st, 2009 08:03 pm
handslive: (Default)
Comment on this post and I will give you 5 subjects/things I associate with you.  Then post this in your LJ and elaborate on the subjects given.  As provided by [ profile] buhrger.


I have at best an amateur's appreciation for it.  The very first thing I found out about it at work is that encrypting things is easy.  Managing encryption keys is hard.  Encrypting them is easy for much the same reason that programming is easy but writing programs is hard.  A lot of smart people have done the heavy lifting for me.  Then they hand over the tools and I'm free to make amazingly destructive and asinine mistakes.

The most recent thing I've learned is that we (meaning security folks for the most part) do not know what people actually do with the information they handle every day.  And once you learn what they do, it doesn't tell you why.  Adding encryption into that mix in order to control access to information or at least prevent it from leaking out means having to learn why in a lot of cases.  Managing people using encryption is also hard.

Peter Watts

Over beer at a con in 2007, Peter described a premise for (I'm going to make up a term here) a generative device.  I say "generative" rather than "literary" because it wasn't clear as the discussion progressed that he was talking about a novel or even a narrative per se.  He had several thoughts for how the premise might expand, change, progress, or be experienced by the audience.

He's posted snippets of text in his blog that refer to this idea and they're definitely enticing.  I mention this simply because I can imagine this premise in several different media and I wouldn't mind experiencing it in any of them.  In a sense it's too bad he couldn't produce something in all of those media formats.  And I only say "too bad" because I can't imagine such a broad swathe of people understanding what they were looking at and going, "Oh, yes, please."

Vague enough for you?

Poetry, Piano, Aikido

Yeah, I'm combining all 3 of these.  The point of commonality I'm going to hitch them to is "art".  Weirdly enough, I don't mind saying that I have some handle on making "art".  I may not be any good at these arts, but I have felt and directed consciously the outcomes of some of my efforts in them (whether the results were any good is pretty dubious).  This is my preface for a comment about what could laughingly be called my path for "art".

I've been fiddling with poetry longer than I've been playing piano, and doing both of those for longer than I've played around in martial arts.  Much longer than I've been learning aikido.  But I'm going to start from aikido because I think that's where I learned my first steps towards treating it like an art.

If you troll back through some of my first postings on LJ (don't do it!), there are comments about the role of intention in my training.  This is the biggest thing for me and it was my first realization about training.  I want to do what I intend.  Prior to understanding this, most of my efforts were focused around technical skill and a reactive process.  I would feel my partner move a certain way or anticipate the movement and react to this with an appropriate technique.

When [ profile] buhrger gave me these 5 topics with the challenge to combine some of them, it occured to me that this starting point of intention was something that had also been developing in my poetry and music.  From the very beginning, playing piano was not about technique for me, but about bringing out the music I felt or sometimes heard inside.  To a lesser extent my early writing was the same.  This isn't any kind of unique experience.  What's the point of angsty teenage poetry in the first place?  To bring out feelings, images, and an expression of oneself in words.  But, again, the process is inherently reactive; it occurs in response to the feelings that prompt expression.  So, I'm not saying how I approached it was special, but that doing what I intend in music or writing is really just the same creative process that many people go through.

Where I've moved somewhat in my aikido is in the shaping and control of my intention.  I don't feel I'm at the point where that happens regularly or even consistently.  It's certainly easier in some exercises than others.  Previously, for example, I'd have said it didn't matter which way I moved to avoid an attack; there would be an appropriate technique to do from my new position.  Now, I'm starting to feel like there may be a particular outcome or expression of intent that should be present in my movement.  This will mean I must move to a particular place or even that I actively work to create the situation that allows that movement.  It isn't enough to intend to avoid the attack.

This is something that I'm not sure I have in my writing.  It may be the thing that is missing (and there must be something missing).  Similarly, I'm not sure that I have this ability with the music I've made.  But I think I understand what has to be done in order to begin learning it there.  I can feel where I need to stretch myself.  Truthfully, I feel less and less like someone with any artistic sense these days, so it's not like I'm regularly and honestly developing myself.  Makes the whole discussion above feel horribly pretentious.  But I tied the topics together anyway.


Oct. 30th, 2008 07:30 am
handslive: (Default)
[Edited:  To fix the math errors.  Not that anyone will notice, I suppose.  And it took me 2 weeks to get around to doing it.  Procrastinate much?]

Two things happened in the last month to make me think about passwords.  The first was an issue at work where I was asked to describe in some technical detail how hard or easy it would be to guess a single person's password if I had access to the password hash stored in the application's database.  The second was that I screwed up when changing my password in KeePass and had to give some thought to whether I could recover it and how.

Boring details )
handslive: (Default)
A month ago, I had cause to go back and look for an early post on this LJ.  Really early, like the first year or something.  What I thought I'd use this for then is different than what I ended up using it for and eventually all my uses for it dribbled out.  Sort of.  I wouldn't say I have no use for it.  I read a lot of other people's posts, even though I respond rarely.

I used to write about work, but now writing about work would mean anonymizing some stuff and dancing around some things and hand waving to distract the audience.  It's really not worth the effort.  I love the work I'm doing right now.  It has its moments of humour, banging my head into the desk, heavy thinking, and direction setting.  And it's not that I'm working on the super secret or anything.  But I haven't felt comfortable writing about it.  I'm starting think I should  find some things to write about it, so we'll see I guess.

I used to write about writing and music.  But I haven't written any original poetry in like two years or more.  I haven't sent any work out to beg to be published in that time either.  I still beat on the piano, but frankly I was trying to find a way to record what I was doing and share that.  I'm not happy with my slapdash attempts, though.  And I'm much slower about new stuff (and have been slower for a long long time) than I was when I started out.

I used to write about training, but.  Hmm.  Our arrangement with the U here fell apart when the rec department took a new direction in the fall.  There's been an internal split of sorts over how that happened.  It's very up in the air in some regards now.  I got bronchitis in late Feb and, after going to maybe two or three classes, got a nasty cold at the start of April and am only thinking of heading back again this coming week.  So, training is teh suxxor.

I'm going to try to post more often.  May the powers that be help you.  We'll see how it goes.
handslive: (coding)
As part of the reading I'm doing for my GCIH re-certification, I've been reading about software that tries to detect whether it's running on a real machine or on a virtual machine.  This makes me think about how a person might try to detect whether the world is real or virtual, not philosophically but in practical terms assuming some limitations on the part of the software.

There are 4 common techniques used today by malicious software to detect virtual machines and I'm going to try to restate them as though they applied to virtual worlds:

  • Look for artifacts in the physical environment (in software, they refer to processes, file system, or operating system registry)
  • Look for artifacts in the world's awareness of itself (in software, they refer to memory, but I think for this proposition we could mean linkages between separate "physical" things that either should be there and aren't or vice versa)
  • Look for physical things that are clearly identified as only belonging to virtual environments (in software, they refer to virtual hardware, like virtual network cards that always have the same set of MAC addresses)
  • Look for virtual environment specific features or capabilities that don't work in the real environment (in software, they refer to processor instructions that only work in the virtual machine or that work a specific way in the virtual machine)
In the Matrix, 3 of these things are clearly present to tell you that the environment is virtual.  The reference to 'deja vu' in the movie is clearly an artifact of the Matrix.  The agents are clearly only present in virtual environments.  And the abilities of both agents and resistance fighters within the environment would clearly not exist outside of that environment.  Which is fine in terms of thinking about the Matrix, but the resistance knows they're going into the Matrix each time and essentially has exploit code that bootstraps them when they connect.  Ordinary people are indoctrinated or reprogrammed or removed as necessary, but these guys always start with elevated privileges.

This led me to think about a group of people whose job is to hop through virtual worlds.  They're indoctrinated during loading each time and must work out from scratch that the world is virtual and how to hack the world.  So a key factor in the story is not only how to tell that it's virtual, but providing training that will survive indoctrination and give them the tools they need.  The necessary assumption is that at least some virtual worlds are not consensual places.  And they don't start out with elevated privileges.  They need to hack from the inside to get those.

[Edited to add:] The more I think about it, the more it seems like you'd want hard science folks looking at things from the inside.  Looking for artifacts seems on the face of it to be one of the easiest ways, even if it's something goofy like rounding in some physical constant or rounding errors that crop up in certain interactions.  What if quantum entanglement (or a lack of it) were a sign that the environment was virtual?  Would we be able to detect that the "universe" was losing seconds periodically using an atomic clock?  (That might be a sign that we were running against another universe's clock.)  What biological processes might be simplified at the molecular level or higher up (and how would it be detected)?
handslive: (playing2)
This post requires explanation, or possibly a time line.  Boing boing linked to a John Scalzi post of Dec 18th.  This post includes a YouTube link to a music video.  Imagine that the Beatles had written and performed Stairway to Heaven in the mid 60s.

That made me laugh (also -- head: spinning).  But if you go down the list of comments in the Scalzi blog post, there's Ozzy Osbourne and Slash performing In My Life.  Damn.  There's a link to Beatallica, who I think I'd heard of but never heard.  Problem solved.

Then there's sort of a jackpot comment in the original blog post with Scalzi replying to someone else.  A link to 101 versions of Stairway to Heaven.  You'll need to roll sanity checks on some of these.  I haven't listened to all of them, but this one caught my ear, by Dixie Power Trio.

I mentioned this to a guy at work (all of it).  When I mentioned Dixie Power Trio, he said, "Have you heard Hayseed Dixie?"  So, now we get to the real purpose of this post.  If you've listened to 70s and 80s metal and never heard of these guys, I'm about to injure your brain.

Highway to Hell (originally by AC/DC)
Ace of Spades (originally by Motorhead)
Walk This Way (originally by Aerosmith)
Hells Bells (originally by AC/DC)
War Pigs (originally by Black Sabbath)
Dirty Deeds (originally by AC/DC)
Black Dog (originally by Led Zeppelin)

Old news

Nov. 18th, 2007 09:29 pm
handslive: (Default)

Guess what I bought?
Originally uploaded by HandsLive
Well, old for most of the people on my flist anyway. I bought something about 3 weeks ago. Batteries included.
handslive: (hiking)

Lake Oesa Trail
Originally uploaded by HandsLive
Many of you may already be aware that our hiking trip was a bit short due to weather. I'm not really disappointed. We booked optimistically and we still got two very nice hikes in.

I have several pictures from the trip that are, um, green. I mean they look like I used a green filter to take them or something. Even the rock looks green. Clearly I should have done like [personal profile] nlindq  and set the white balance manually on those shots. I may play with them in Gimp and see what I can do.

In the meantime, there are 83 photos on Flickr.

I should probably also add that the temperature was a very reasonable 7 C or so in most of these pictures.  Yes, it was snowing in several of these pictures, but it was actually nice hiking.
Page generated Jul. 24th, 2017 12:48 am
Powered by Dreamwidth Studios