Steve Gets A Life

phantom trackbacking

so i was looking at my webserver logs today (in a fit of boredom) and discovered that someone (from cable.mindspring.com) had visited my site, coming from Christopher Allen's blog. more specifically, from his entry on privacy. i checked it out, and there i was, listed as a trackbacker.

so i've never read up too much on trackbacks, but here are a few links i just found about the subject.
now from what i understand, what should have happened is this:

1. i read Allen's entry and enjoy it
2. i decide to write about it
3. just before i hit "publish," i include Allen's trackback link into my list of URLs to 'ping'

but i didn't. instead, i skipped the last step entirely. but it seemed to not matter.

is there something doing the pinging for me? is just mentioning the URL of the blog entry in the few first lines enough? whaddahey?

---

so maybe im an idiot. i found the answer:

Auto-Discovery
A final option for using TrackBack in Movable Type is to enable TrackBack auto-discovery in your weblog configuration preferences:
When you do this, Movable Type will look for any links in your weblog post, and use auto-discovery to determine if those links are TrackBack-enabled. If they are, Movable Type will automatically send TrackBack pings to those sites. You don't need to use the URLs to Ping field, nor do you need to use the bookmarklet to select TrackBack-enabled posts.

but then i checked. and that checkbox wasn't checked <gasp!>

mellow days

so maybe its just the heat (100s today), but this quarter has seemed really mellow. not a lot of running around, imaging machines, fixing printers, discovering something totally doesn't work, etc.

maybe it's because im used to the job now. i've got it figured out. there used to be all these things going through my head while trying to get something simple done ("what's that IP address?" "which professor needed the hub? and where is his office?" "which building is #21?"), but now that all of those things have become second nature, i can concentrate more on the actual jobs at hand.

i also think that since arriving here, i've made the place a bit more organized. not to toot my own horn (too much), but i've introduced some quite helpful tools that really cut down the time needed to do mundane tasks, and even eliminated some.
for example, before when a machine was hosed, someone would go to that machine and run the re-image script. you had to connect to the server, download the script (actually, most people would use an old, possibly out-of-date script that was on the machine), run the imager, wait 20 minutes, reconfigure the machine, make sure all the permissions were right, etc.
now, since i've made a few changes, one can stay at their desk, fire off a script that will tell an arbitrary list of machines (from a single one, to a whole lab, to the entire college) to fetch the current script from the server (ensuring we always use the latest-greatest script), run it and reboot, retaining all preferences (network settings, printers, etc). and you don't even need to type in a password for each machine thanks to our buddy ssh. gotta love it.

so, for now, i put out minor fires, answer questions, refill the toner on the printer, and basically do my own thing. its nice because its so mellow, but i feel like im being lazy. like i should be breaking stuff just so i can go fix it. or something.

quantum bank transfer

some researchers from the University of Vienna have reportedly transferred money from a bank to Vienna City Hall using a process secured by quantum cryptography.

from what i've heard, this is the first real, publicized use of quantum crypto that uses single photons. read the article for some details, and if you're interested, check out The Feynman Processor by Milburn and Davies for more info on what the heck quantum crypto is. i have a copy, you can borrow it. also check out these other links

why should you care? there are already secure bank transfer mechanisms. well not quite like this. this is really the only provably secure (besides one-time pads) system for data transfer over public channels. everything else is just really close to totally secure ;)

privacy

well it looks like today is a good day for blogging. here is another good post from Chrisopher Allen. this guy's blog is great, go read it, add it to your RSS feed, whatever.

The term privacy seems to be so overused and poorly defined. my undergraduate security course (which i later TA'd) simply defined it as such:

privacy: confidentiality with regards to personal information

if that helps at all.
allen, on the other hand, breaks it down into 4 types: defensive privacy, human-rights privacy, personal privacy, and contextual privacy.
while these might not be all types of privacy concerning people, they are the big ones. in fact, i hadn't even considered breaking down privacy into types like this, but it really does make a difference. for example, my SSN is private in a very different sense than my ethnicity or religion. one i would like to keep secret from nefarious people trying to make a buck, and the other i would like to keep from any kind of evil nation-state or large hate group. while this might seem a bit over the top, take Allen's example:

This comes from their [Europeans'] history: the Netherlands in the 1930s had a very comprehensive administrative census and registration of their own population, and this information was captured by the Nazis within the first three days of occupation. Thus Dutch Jews had the highest death rate (73 percent) of Jews residing in any occupied western European country -- far higher than the death rate among the Jewish population of Belgium (40 percent) and France (25 percent). Even the death rate in Germany was less then the Netherlands because the Jews there had avoided registration. (source: The Dark Side of Numbers).

now its time for the tin-foil hat. if you have never thought much about privacy, consider the current trend of identity theft crimes. now consider that the people doing this are at best, organized criminals. now consider how easy it would be for large governments (there are more than one) with massive budgets, computing power, and political leverage, to compile similar amounts of data on a much larger set of people in this age of automation and full-text search. in fact, its already being done. people are being stopped in airports due to terrorist watch-lists all the time. and that could be just the beginning. the scary idea is more in line with the example above. sure, you trust your government to keep that giant list of theirs and use if for the Powers of Good, but what about the day that list is leaked by a spy? it can happen. its just a file.
that is why people spend this much time thinking about the word privacy.

economics of distributed computing

posted by windley, this is an interesting idea of breaking down the economics of computing on a very large scale. the idea that sneakernet (passing information via real-world transports like UPS or your own pair of sneakers and a floppy) is the most cost-effective to move a TB of data is pretty interesting. i would like to think that is simply a limitation of our networks that will be handled in the near future.

but the point of the discussion is the idea of breaking down the services of computing into parts like storage, bandwidth, database accesses, etc. much like other industries outsource (see article for examples like ATMs).
what if there were thousands of companies out there that needed an infrastructure for massive web services, but didn't want to be in that business? would others step forward and provide the service of providing services? would there be a few companies that compete in the Data Storage Market? would they be necessarily tied to the Bandwidth Market? what about services like that of Inktomi? will those disappear in the future of super networks? im thinking "probably not."
when one takes a step back from these technologies and looks at them from a business/economic viewpoint, new realms appear. i don't normally look at things from that vantage, so it's nice to see now and then.

gmail testing

so an old friend of mine hooked me up with a gmail account. pretty neat. some of the cooler features (ignoring the obvious 1Gb of storage):
note: if this post violates the gmail agreement (i read most of it, but i'm no lawyer), i will remove it upon request.

• conversations: a nice way of looking at a thread of messages. better presentation than normal email threading (see screenshots). puts a clickable, one-line header (with fancy round corners) containing the sender's name, a short blurb of the content, and the date (including relative time) for each previous message in this thread. very slick, should be quite useful.
• labels: better than folders. allows you to mark messages instead of file them away. sounds a bit lame (why can't i file all my work stuff under a "work" folder?) until you think a bit more. instead of filing messages, you just mark them and archive them (makes them "invisible"). later when you want to see all your work stuff, pull up the "work" label. just as you would pull up the work folder.
  • killer: mark one message with multiple labels. essentially allows you to file a message in two folders at the same time. thanks google.
  • feature request: allow the labels to be arranged hierarchically.
• "star" messages. you know when you get an email and say "ok, i need to get on that." but then it works its way down your inbox till its off the screen? and moving it into a "todo" folder just doesn't work for ya? just "star" the message (zero reload time, just like clicking a button) and its on your "special" list.
• filters: now this might not be all that new of a feature, but combined with labels, its great. everytime i get a message from family, mark it as family. when its my mom, mark it as mom. if it has the word "italy" in it, mark it as "italy trip 2004". don't have to think "ok that message about eurail passes from mom.. did i file that under 'family', 'mom', or 'italy'?" because it is "filed" under all of them.
• address completion: using some sort of mighty (hidden) trickery with javascript / DOM / something, they have managed to accomplish the holy grail of webmail: address autocomplete. you know, like i type "stev" and i get a list:
  • steve@there.com
  • steve@here.com
  • steve@ctu.gov
  very cool. in my opinion, this is a killer feature. that is, it kills other webmails. then again, i dont use many other webmails, so maybe im just behind the times.
• spellcheck: now this might not be all that neat if you're like me running OSX 10.3.3 (spell check built-in in almost all text fields in any app), but odds are, you're on windows so this applies to you.
  whenever you write an email, you can click on "Check Spelling" and the window will change (but not reload, awesome, see below for more comments on that) to a read-only version of your message, with typos highlighted in red. clicking on a red word will pop up a tiny box of suggestions. i swear im typing emails on a native email client when this happens. i have no idea how this works in a browser, but i love it.
• it's fast: webmail clients in the past have imitated native-client interfaces through clicking on buttons, waiting for a new page, then clicking on another button, reload, etc. not gmail. enter some obviously smarty-pants XHTML/DOM/ECMAscript engineers and you have a webpage that responds to your commands instantly. no going back to the server for a whole new page, no reloads. spell-checking, email address autocomplete, that whole conversation unhiding thing, application of labels, resizing and altering all sorts of GUI elements is all done instantly. its really kind of creepy. at first i thought i was just getting really good bandwidth/latency.
  this browser voodoo is awesome. finally, somebody is using the power of our modern browsers.

of course, i have some requests as well:

• IMAP: no way this will happen for free unless the body of the emails have ads appended. in text? html? im betting this will be a pay-for service. first (optimistic) guess: $20 a year.
• mailbox imports: if this works so well, i'd like to move all my old mail into it. the best way i've found to move mail is via IMAP commands. maybe they will allow some sort of limited IMAP calls? this also might not happen because of storage space. sure, 1GB is enough to store 5 years of mail. but what if i've been using email for 7 years now? and ive been good enough to save all my old mail, from all my old ISPs? as a consumer, id love to have all that mail in one place, searchable. as google, id say "no way". The way this 1GB thing works is that almost nobody is going to use even close to that 1GB limit, not for the first year or so, at least. but if you offered a way to let every geek import their entire previous mailboxes, half your userbase is going to suck up their limits and start saying "1GB isn't enough!" so i predict.
• addressbook imports: now this is a lot more plausible. let us upload our thunderbird/mozilla/outlook/turba/squirrelmail/whatever contact lists. support as many protocols as possible. allow for merging of addresses (unique key: primary email address). do it right. allow some kind of synchronization with users' home machines (when i get a gmail from somebody, i might want their address on my palm the next day). they've got the right idea with the auto-collection of addresses you send to / receive from already. just take it another step.
• pay-for no-ads: i predict this will happen pretty quickly. either use this for free with ads, or pay us $50/year to not place ads (but they might still parse your mail, hey i bet yahoo does that anyway)
• hierarchical labels: see explanation above.

interesting tidbit: the source of these pages are very obfuscated. that is, attempting to see how the page is laid out brings you to a bunch of seemingly gibberish such as:

D(["ct",[["gmail",0]
,["jobs",0]
]
]
);
D(["ts",0,50,2,0,"Inbox","fc1310ac71"]
);

this is done in an attempt to dissuade/prevent people from writing automated tools to go out and fetch their mail, bypassing the revenue-generating ads. pretty smart, assuming it works. and knowing google, thats a pretty good assumption.
if i were google, id have an interface to programming the content / layout of gmail that allowed the obfuscation to be totally interchangeable. that way, if the obfuscation were to be "broken" it would simply be a matter of supplying a new method, or even simply passing it a new key of some kind. of course, this is probably exactly what they do.

conclusion: looks interesting. the security nerd in me stops me from really using it very much right now, but we'll see.
i would recommend this to those people i know that are currently stuck on Yahoo! mail or Hotmail (especially hotmail). and, of course, that is exactly what Google wants to hear.

oh yea

saw eternal sunshine last week with andria. pretty dang good. as andria put it, it was artsy, but not in that way that you don't know whats going on or anything. just enough.

i think a neat part of the movie was the fact that of the three or four big-name stars, each of whom is often type cast, none of them fell into their "usual" role. each was a little "weird," and really took on their character well.

---

on iTunes: Everybody's Gotta Learn Sometimes from the album "Eternal Sunshine of the Spotless Mind" by Beck

horses horses horses

went horseback riding on sunday for an extended birthday present for andria. it was a pretty mellow 90-minute ride from Los Osos out past the sand dunes, onto the beach. We just cantered or trotted or whatever you call slow-walking until we got to the beach. then we got to "give 'em a kick" and go a bit faster. i never got to galloping, but went pretty quick a few times.
it was a lot of fun. i'd really love to do it again soon. this time i'd be more confident and try to really let loose. i felt really comfortable on a horse. im pretty sure i was a cowboy in a past life. ...or maybe a ninja. but that's unrelated.

oreilly on gmail

Tim O'Reilly (as in the books) talks about gmail, why the people who are freaking out about it are lame, and why it will change things. more interestingly, he goes on about the eventual Internet-as-a-single-giant-computer thing. pretty neat.
i wish my job was to sit around and envision the future.

new server

mcgheemail.com has changed to a new server. we are now hosted by the always-fun, sb-based, wicked-fast, T1-in-a-condo, readaccess.com.
all the blogs and photos, etc are back up (they were probably down for about an hour or two while i figured things out). so everything should be back how it was. the main page is undergoing some reshuffling based on the fact that nobody used it before because of its unnecessary complexity. it will soon be just the discussion forum, as that was the only popular part of the old site.
lets hope this gets posted ok...

---

on iTunes: Losing a Whole Year from the album "Third Eye Blind" by Third Eye Blind

gotta start coding again

ive been feeling like i really should start coding again. been looking at open-source projects, looking for one that i might be able to contribute to. hopefully something security related. the only problem is that most of those are pretty hardcore, shellcoding type of stuff. i found metasploit while chatting on IRC the other night. pretty cool looking except its almost all windows exploit stuff. well maybe they need someone to get in there with UNIX stuff.
started reading up on stack/heap overflows again, too. totally know the concept behind them, now im just trying to get a handle on the details. might have to break out an OS or architecture book to remember what the EBX register does, etc. i remember thinking that this stuff was way too much the first time i heard it, and i kinda tuned it out. but now i realize that i have to learn this stuff all the way down to the hardware if i really want to do it. hrm.
in related news, i keep reading about Objective-C and haven't done much actual coding. its hard when my only chance is while im at work, where i have other things to do. ugh.
having gentoo at home is really helping me focus again. just having code so close at hand, a mellow windowmanager (fluxbox) to avoid distractions, and the whole linux feel make me want to code. which is good.

xcodin

just wrote my first ever program using Objective C (and apple's Xcode). of course, it was a total ripoff, but it worked nonetheless. pretty neat.

pretty awesome wallpapers

i found these images when looking for wallpapers for my new gentoo installation. i have 6 desktops and its nice to be able to distinguish between them on sight.
i must say, a transparent aterm over a stormtrooper is mighty cool. uh, right?

newcastle, beach bonfires, and turkey-calling.

mike came down this weekend.
i showed him around SLO town a bit, checked out Montana de Oro (state park), a bit of downtown (woodstocks, the mission, etc), the reception site in pismo, and the oceano dunes. then we went for a quick mountain bike ride in Poly Canyon.
we met some of andria's friends for a bonfire at the oceano dunes and had the Best Burgers Ever, s'mores, more newcastle, and plenty of fun.