petrol
By anders pearson 28 Mar 2002
my whole apartment building smells like oil for some reason.
<p>and i think i’m starting to like it…</p> march 23, 2002
By anders pearson 24 Mar 2002
lani came up to visit and prasanth came down from maine for the weekend.
<p>we were standing outside Tom’s waiting for a table to open up so we could get breakfast and milkshakes when someone rode by on a Segway. there were some people on a golf cart with a videocamera following and filming.</p>
<p>after breakfast we went down to the <span class="caps">MOMA</span> but the line was massive so we went to the natural history museum instead and looked at various dead animals stuffed and behind glass.</p>
<p>then we watched Blade 2. it was cheesy, not terribly creative and the special effects were overdone. still, it was entertaining and there’s something about that whole cyber-vampire aesthetic that i find innately appealing even if the plot doesn’t really make sense and the acting is uninspired. </p>
<p>we spent the rest of the night at Decibel, a sake bar down on east 9th st, having sake and japanese snacks.</p> the surgery channel.
By anders pearson 20 Mar 2002
it will happen.
<p>some day. you can count on it.</p>
<p>The Surgery Channel: all surgery. all the time.</p> sorcery
By anders pearson 15 Mar 2002
after reading a few intriguing reviews last week, i decided to give Sorcerer Linux a try. the thought of a distribution that was completely compiled from source on my own machine and had the ability to automatically keep all the software installed completely up-to-date was more than enough to make me drool.
so last friday night, i backed up all my data and made careful notes of my hardware configuration. on saturday i went to download the ISO image for the install cd from what was the current site at the time, sorcerer.wox.org. instead of the page i’d seen before, i was redirected to the lunar penguin site. there had been mention in a few of the reviews that Kyle Sallee, the main developer of Sorcerer was getting a job and wouldn’t be able to continue working on it. from what i could glean from a quick look at the lunar penguin site, it looked like kyle had finally given up and abandoned sorcerer and lunar penguin had taken its place. i decided to hold off on installing just to let things settle down a bit.
so i installed Debian instead, spent a few days trying unsuccessfully to get networking working, gave up on debian and reinstalled mandrake. all the while i read through the Sorcerer mail archives trying to figure out what had happened and what direction things were moving in.
what i found was absolutely fascinating. it was a little more complex than just being kyle running out of time and energy to work on the project. while none deny that kyle is a fantastically talented coder who did some great work, there were apparently some personality conflicts. he would consistently reject patches that others contributed. in general it looked like he only wanted contributors who would do exactly what he told them and who would do all the grunt work for him. but he would refuse any contributions that came with input on the direction of the project. all this time, he was loudly complaining that if people didn’t start helping him (on his terms only) SGL development would have to stop.
naturally, flame-wars ensued on the mailing list, egos were damaged, tempers flared, and kyle became less and less coherent. some of the other developers, who were largely interested in having periodic “stable” releases forked the code and created the lunar penguin distro. around saturday, something in kyle snapped and he took down the sorcerer web site, replacing it with a redirect to the lunar penguin site. from this and some comments he made to other people, it appeared that he was stepping down from SGL and was endorsing LP.
meanwhile, the rest of the sorcerer developers, free from kyle’s restraints got busy picking up the pieces, reorganizing and getting things going again. they put together a new website and got back to work on the code.
but things got weirder. the original SGL website changed from redirecting to LP to an almost surreal manifesto. unsigned and written in the third person, attacking the LP team and the SGL developers alike and making vague, questionable legal threats. no one seems to have heard directly from kyle since it appeared. he hasn’t come forward to either confirm or deny that he wrote and posted the diatribe or to answer any of the many rebuttals to it.
after following this whole saga i figured that at the very least i should install sorcerer just to make sure it was worth the time and energy i was putting into researching it. the amount of activity and the speed with which the SGL developers recovered the project after kyle pretty much deliberately tried to kill it assures me that SGL isn’t going to be abandoned anytime soon. technically, i have yet to hear any criticisms of it beyond bug reports on some weird configurations.
so i downloaded and installed. i started wednesday night and, because i hadn’t RTFM’d carefully enough, i screwed some stuff up and couldn’t get it to boot without a rescue disk. it took about 5 minutes on irc yesterday to find someone who knew how to fix it to help me out. when i went home last night i made the change and everything started working flawlessly again. i got networking up without a hitch, updated the system, rebuilt it so the binaries of the minimal system that came on the install CD were replaced with freshly compiled and optimized ones. compiling is slow so that took pretty much all night. i started xfree86 compiling before i left for work this morning; i expect that it’s still going as i write this. i’ll still have to compile gnome and kde before i have a whole desktop machine again but already i’m impressed with how smoothly things have gone.
when you go to compile an app, sorcery automatically figures out all of its dependencies, downloads those and compiles them. i’m not really done yet but so far i’m definately impressed with sorcerer. with some UI work on the installer and better documentation i think sorcerer has what it takes to be a major distribution. being highly optimized, configurable and constantly updated should make it the distro that all the “cool” geeks are running within a year or two. of course, since the install takes so long and you need to know a lot about linux just to get it working, we’ll probably still be handing out redhat or mandrake CDs to newbies.
amputation time
By anders pearson 14 Mar 2002
since digitally i sign every email i send, and i have to type in my GPG passphrase every time, i’ve typed that passphrase many, many times over the last couple years.
<p>nevertheless, i still have the occasional day like today when, for some reason, the connection from my brain to my hands is scrambled and for the life of me, i can’t type it in correctly. </p>
<p>it mystifies me. i’m sure i’ve gone for weeks at a time without mistyping it a single time but some days i screw it up every time i type it unless i consciously slow way down and enter it very carefully and deliberately.</p>
<p>the odd thing is that i can still type other stuff normally. it’s just that one passphrase that’s been hardcoded into my neural pathways that gets screwed up.</p> ozzy + sharon
By anders pearson 13 Mar 2002
as much as i like to slag on the big media conglomerates like aol/time/warner, i have to hand it to mtv: the osbournes is one of the funniest shows on tv. i really watch very little tv, so that’s probably not saying much coming from me.
<p>omar and allison (my roommates from the summer) came over tonight and we had 40’s and watched the Osbournes. it’s only the second show of the season but i find myself really enjoying it. honestly, i feel a little guilty that i actually like something mtv has produced. i feel dirty.</p>
<p>i think what i find most amusing is that of the entire family, ozzy is really just an innocent bystander. compared to the rest of them, he’s the sane one. </p>
<p>the only *bleep*ing problem i have with the *bleep*ing show is that *bleep*ing everyone in the *bleep*ing family *bleep*ing swears so *bleep*ing much that you *bleep*ing can’t *bleep*ing make a *bleep*ing word out. but it’s still *bleep*ing funny.</p> adaptive, distributed jukebox
By anders pearson 10 Mar 2002
hanging out at the bar tonight with obert, julintip and her friends i had an interesting little idea.
<p>suppose everyone had a tiny portable electronic device on them that stored their musical preferences and had short range wireless capabilities. then, if you had a jukebox that could detect and talk to those devices, it could tailor its playlist to roughly match the musical tastes of the people in the immediate vicinity.</p>
<p>i think it would be really nice. sort of an automated, telepathic dj. you could extend the idea to other places that play music: bars, clubs, even replace the muzak in elevators. i think it would be great if i stepped into an elevator alone and the barry manilow that was playing was quickly replaced with some good, heavy industrial or something.</p>
<p>of course, the main problem with this idea is the chicken and egg problem. if no one has the devices, it wouldn’t make sense to have the jukeboxes around and vice versa. so i’d suggest initially putting the technology into cellphones. enough people have cellphones already and always carry them with them that it would help bootstrap the system.</p>
<p>sprint (i think it’s sprint) has a service where you can hold your phone up to some music playing, dial the right number and it will tell you the artist and song that you’re listening to. if you combined this idea with a “i really like this song” and “i really don’t like this song” buttons on the phone, people could easily train it to their musical tastes. add in some data-mining like amazon uses to tell you that people who bought book X also frequently bought book Y and the system could train itself even better <em>and</em> alert you to new stuff that you might like by talking to the other devices it comes in contact with. if you’re in a room with someone who likes a lot of the same music as you, it could automatically add some of their preferences to your system.</p>
<p>you could also get CD players and various home stereo equipment that talk to your device and tell it that since you listen to a particular CD a lot, you probably like that album.</p>
<p>since i’m really into wearables and ubiquitous computing, i also think it would be need to add some contextual awareness. maybe if the device had a way to read your pulse/blood pressure/skin conductance/etc, it could tell what kind of mood you’re in and learn to associate particular groups of songs with particular moods. if you’re driving in your car, it could play good driving music for you; if you’re working on the computer, it could play whatever you like to listen to while you work; if you’re just chilling out and reading a book, it could play more mellow background sort of music.</p>
<p>probably not feasible at the moment but as cellphones and <span class="caps">PDA</span>s get smaller, more powerful, more widespread, and with more wireless capabilities, i think it could work quite nicely.</p>
<p>so if you like the idea, please desseminate it so that if in ten years, some company tries to patent the technology, there will be a lot of prior art to fight them with.</p> SGL
By anders pearson 09 Mar 2002
gaah!
<p>i’d set aside the weekend to install <a href="http://www.distrowatch.com/sorcerer.php">Sorcerer <span class="caps">GNU</span>/Linux</a> on my computer. the combination of having a highly optimized distro custom compiled for my machine and the claims of seamless upgrades had me drooling. i’d wanted to do a <a href="http://www.linuxfromscratch.org/">linux from scratch</a> install for quite a while but i know how tedious the endless “./configure; make; make install” process can get. <span class="caps">SGL</span> seems to offer all the benefits but with a more streamlined process.</p>
<p>so last night i printed out and read all the documentation, made careful notes about all my hardware and configuration stuff and backed everything up. this morning i go to download the latest iso images for the install cd and find that the sorcerer website was now redirecting to <a href="http://www.lunar-penguin.com/">lunar-penguin</a>. upon further investigation, it appears that <span class="caps">SGL</span>’s man developer has run out of time and energy and given up on the project. lunar penguin is one of several parallel projects by some of the other developers trying to reorganize and continue with the project.</p>
<p>at any rate, <span class="caps">SGL</span>/lunar-penguin is in a state of flux at the moment so i think i’ll hold off on installing. i plan on watching the mailing list and websites for the next couple weeks and trying again when it stabilizes (or at least when lunar penguin gets a better name).</p>
<p>but i got myself all worked up to spend the weekend playing with a totally new installation so i’ve got to do <em>something</em>. i’m thinking maybe i’ll check out the newest debian release and then maybe play with some of the dangerous low-latency kernel patches…</p> trendoids
By anders pearson 04 Mar 2002
lani was up for the weekend. we intended to hang out with mimi while she was back visiting new york but managed to miss her at every turn.
<p>on friday night we went down to some club called the ‘slipper room’ in soho to see Avenue D (daphne and debbie’s dirty rap group) perform. everyone there was young and annoyingly trendy. there was excitement in the air because a rumor was floating around that Daft Punk was hanging out in the club that night. but no one knows what they look like so it turned into a game of ‘spot the french guys’. they probably look just like any of the other young trendy people though so i don’t think anyone was successful.</p>
<p>Avenue D was good though. they had 6 or 7 songs this time; much more than the 1 and a half songs they had last time we saw them. while it doesn’t seem possible, they’ve gotten even raunchier. apparently they’re even starting to build a small following.</p>
<p>on saturday caron came over and we went out for mexican food (living in a latino neighborhood means that i have to deal with a near constant assault of loud salsa and spanish dance music but redeems itself with the high availability of quality burritos) and watched Ghost World.</p> pearson cipher?
By anders pearson 01 Mar 2002
pretty much everyone who studies cryptography a little eventually thinks they’re clever and comes up with their own encryption scheme. of course, since they’re just amateurs, most of these schemes are easily broken by any expert who has time to crack it. but experts’ time is precious so the end result is thousands and thousands of (weak) amateur encryption routines floating around. still, coming up with your own encryption scheme is fun and good practice so here’s my attempt. i at least know enough to do a little analysis and maybe point out some of the interesting parts. it’s a pretty straightforward cipher so i’d be surprised if no one else has independently discovered it, but i couldn’t find anything similar in the small collection of crypto books in my apartment.
<p>first, i need to explain a little about pseudo-random number generators (<span class="caps">PRNG</span>s). since it’s really impossible to generate true randomness with a deterministic machine like a computer (as Von Neumann said: “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.”). so when computers need “random” numbers, they resort to <span class="caps">PRNG</span>s, often using a “seed” from the outside world. a <span class="caps">PRNG</span> is essentially a mathematical function that given a particular number as input will give you another number as an output in a way that doesn’t really have any predictableness or pattern to it. you generate a series of random numbers by feeding the output of each cycle back in as input. you can generally prove that for any starting “seed”, a given <span class="caps">PRNG</span> will eventually loop back to the beginning and give that seed as output after a certain number of cycles. the better the <span class="caps">PRNG</span>, the more cycles you have to go through before you get this repetition. the algorithms most cryptographic applications use will only loop after somewhere on the order of 2^256 cycles. since that’s more than the number of atoms in the universe, even though it’s not “true” randomness it’s usually good enough for practical applications.</p>
<p>the other key thing to understand with <span class="caps">PRNG</span>s is that they should be repeatable. meaning that if you give it the same seed twice, you will get the same sequence of random numbers both times. this is useful because it lets you check the results of some simulation that you may have used the numbers for. it also means that if you really want random numbers, you have to be careful to pick a seed that can’t be guessed. so usually some kind of outside source of randomness will be used as the seed, eg, a number based on the time between keystrokes as the user types.</p>
<p>also a note about one-time pads. one-time pads are the only <em>provably</em> secure cipher. as long as the key used is longer than the message being encrypted, is random, and the same key is <strong>never</strong> used more than once, a one-time pad provides perfect encryption. the problem is that the restriction of keys never being used more than once makes them somewhat impractical.</p>
<p>my cipher essentially makes use of a <span class="caps">PRNG</span> to generate keys for one-time pads. here’s how it works:</p>
<p>Alice and Bob have a shared number K<small><sub>A-B</sub></small> that they generated randomly (using a “true” random number generator) that’s about 128 bits long (or longer if they’re really paranoid). they’re the only ones that know the number and have gone to great pains to keep it secret. there is also a <span class="caps">PRNG</span> P which is public, has a really long period (ie, it’s a good <span class="caps">PRNG</span>) and is repeatable.</p>
<p>when Alice wants to send a message to Bob, she generates another random number S (also about 128 bits long). then she takes the bitwise <span class="caps">XOR</span> of S and K<small><sub>A-B</sub></small> (<span class="caps">XOR</span> is the exclusive-or logical operation: 1 <span class="caps">XOR</span> 1 = 0, 1 <span class="caps">XOR</span> 0 = 1, 0 <span class="caps">XOR</span> 1 = 1, 0 <span class="caps">XOR</span> 0 = 0). she uses the result of this <span class="caps">XOR</span> as a seed for P. the string of random numbers that P produces, she uses as a one-time pad key for encrypting her message M. she takes the resulting ciphertext C and sends (C,S) to Bob. </p>
<p>to decrypt, Bob takes S, <span class="caps">XOR</span>s it with K<small><sub>A-B</sub></small> and feeds it to P to produce the one-time pad key. with that he decrypts C to retrieve M.</p>
<p>that’s all there is to it. what i think makes this algorithm interesting is that it offloads all the security to K<small><sub>A-B</sub></small> being secret and large enough that guessing it would be pretty much impossible and to the <span class="caps">PRNG</span> not being predictable. if fact it should be fairly simple to prove that cracking this scheme is <em>entirely</em> dependent on discovering a pattern in the <span class="caps">PRNG</span>. while i’m not an expert, i believe that there are some pretty good <span class="caps">PRNG</span> algorithms out there. however, i would guess that, similar to how we suspect but haven’t ever proven that factoring large numbers is extremely difficult, the best we could do for a <span class="caps">PRNG</span> is suspect but not prove its lack of predictability.</p>
<p>the drawback may be that since you have to generate a new random S for every message, the generation of S could be slow if you require that S also be truely random. i’m not sure if that’s really a requirement though; it’s probably good enough if S was generated from a <span class="caps">PRNG</span> that was given a truely random seed. in that case, we could also prove that the speed of encrypting and decrypting is pretty much dependent on the speed of the <span class="caps">PRNG</span>.</p>
<p>the advantages are that if you have a <span class="caps">PRNG</span> which you know to be efficient and secure, you can do encryption that is just about as efficient and just as secure.</p>
<p>from a theoretical point of view, the cipher may be interesting because it is provably as secure as the <span class="caps">PRNG</span>. eg, Rabin public key encryption, though not used very much, was considered a big theoretical advancement because it was provably as secure as factoring large numbers. ie, you could crack Rabin encryption if and only if you could factor large numbers. <span class="caps">RSA</span> on the other hand, <em>may</em> someday be shown to have other weaknesses.</p>