Steve Gets A Life

bunny hop

so i rode over a mountain yesterday after work. it was pretty awesome.

after work, i rode over to the base of madonna mountain (aka Cerro San Luis) in the suburb area behind albertsons (up a big hill, there's a trailhead at the end of the road clearly labeled "no mountain access" with a big trail running down it.) asked a guy which way to go, ended up being a bit off. i rode around the mountain (as opposed to up it), until i almost ran right into the middle of a pack of horses. confronted with giant mammals and barbed wire, the only way was to go straight up, so off i went (look for the first steep incline in the image above with associated cardiac arrest).

that brought me onto the "real" trail which was really more for hikers: a lot of gravel and large rocks (no traction, hard to maneuver), so i ended up carrying my bike for a while. i finally ran into the guy who gave me directions in the first place and he explained that i turned too early. oh well. continued to the top, checked out the view until i got cold (note to self, bring a camera next time), then went down via the fire trail.

the descent was fun and fast (check the graph to get an idea), but pretty loose gravel and my hands cramped up from braking so much. i finally got down to the base and rode into town, rode into Farmers' Market, bought some awesome strawberries and avacados, and a decent steak sandwich.

who knew thursday evenings could be so entertaining?

cringely goes nuts (university)

say what you will about the guy, but robert x cringely says some pretty insightful stuff. it might not be totally on-target all the time, but he's obviously a smart guy, and everything he writes about is well thought-out and often very insightful (did i mention that already?).

take this last article, for example. very cool. when i see a router running linux, i don't think "micro-ISPs collaborating with VoIP companies to take down the man," do you? he did.

and what about this earlier, similar article? or this more recent, totally different article? i mean the guy is all over the place. its great. he sees problems (that most people don't even see) and comes up with solutions. he doesn't move on them, he eggs people on to do it. kinda funny, even.

by the way, the title of this post is based off a strongbad email

poly canyon, finally

so i finally figured out that there is plenty of daylight left after work for a good ride up poly canyon. i also finally figured out how to get out past the barns onto the "real" trails. i think i rode up and back down the "dirty slide" (or something) trail. it was pretty fun, at one point a huge cow blocked the trail (on a single track, nowhere else to go), so i had to yell and make big arms at it. that was interesting. when i got back to campus (to meet up with andria) i felt so much better, having actually worked out (climbed about 600ft, total ride time was about 45 minutes). kinda scratched up my leg a bit on my crappy pedals (an unfortunate side effect of having giant calves). fell once (at about 2mph uphill), wimped out on one decent, and finally remembered how to ride a mountain bike again :)

no mo' twenty-fo'

here's a funny quote from salon.com about the greatest show ever:

A springtime ritual came to an end at my house Tuesday night with the season finale of "24." All basketball and hockey playoff games get the pause-button treatment while the wife and I follow Jack Bauer through another hour of another really bad day.
He's had three real stinkers now, but you know what? I'd take a Jack Bauer bad day, I really would. I'd take the stress, the guns held to my head, the serial kidnapping of my only child, the requirement that I kill innocent people from time to time, the fate of millions in my shaky, heroin-addicted hands. I'd take it all if I could, just for that one day, have the cellphone reception that guy gets.

so anyways, that show rules. the last episode was pretty good, too. good ol' kiefer even showed a bit of emotional range.

awesome

dino visits australia

a common password for every site. kinda.

if you're a security dork, check out quepasa, a system that allows you to essentially remember one passphrase and apply it to all websites, without actually using the same password on every system.

Here's an example: you need a password for Amazon.com, and you've previously selected the passphrase I am too sexy for my shirt. Simply type:

quepasa amazon "I am too sexy for my shirt"

In this case the password is WQ45f(A.. Notice how it's a mixture of letters, numbers and other characters. Now you need a password for Yahoo! as well. Do the same command:

quepasa yahoo "I am too sexy for my shirt"

In this case the password is %kHcyMQ..

a good extension off the process i use currently, using a sort of algorithm to change passwords between sites, while keeping them predictable by me. this way when i come back to some random support forum, i can remember my password quickly, without trusting them with my "real" password.

why bother? why not use one password for every site? its simply a matter of trust. lets say you have the same password for your online trading company, your online bank, and your webmail. do you trust all of those sites? they're probably big-name companies with plenty of insurance and internal audits of security processes, backups, internal database encryption, firewalled everything, etc. you can probably trust those companies to not divulge your password along with 10,000 other clients in a security breach. maybe.

now what about generic_computer_help_forum.com? do you really trust some guy to secure his database? even ignoring attacks and password leaks, what makes you think this guys isn't hosting this site purely to harvest passwords. instead of encrypting your password and storing it in his database, he keeps it in the clear and sells them off to shady folk.

so, to avoid the potentially bad situation of disclosing a valuable, sensitive password (e.g. banking password) to any old potentially-shady website, mixing up your passwords is recommended. but remembering hundreds of passwords is not going to happen, so an algorithm is developed. for example, you can develop a good password and mix in the initials of the website you are visiting. for example a wellsfargo password might be Wl4kers4evaF but your eBay password might be el4kers4evaB.

the only problem with this is the correlation of a stolen password developed in this way and the site it came from, revealing its structure. for example if bobs honda_forum.com password was Hl4kers4evaF, and honda_forum.com nefariously sold its password database to some evildoers, they might take the time (not very likely) to notice the HF in bob's password and might try using WF for his wellsfargo account, thus breaking the scheme.

seem unlikely? well what about if the passwords are correlated with names? then you get 10 shady sites that sell their passwords this way and a black-hat can build a dossier on a user, noting all of his passwords for each site visited:

honda-forum.com - Hl4kers4evaF
beastieboyfanclub.com - BBl4kers4evaFC
corporate-stuff.com - Cl4kers4evaS
potbellypigfarms.com - PBl4kers4evaPF

once this dossier is built for a hacker's target, the scheme is obvious. attempting to log in to other sites becomes a trivial task and the target's identity is taken over.

quepasa is a better way of doing this. instead of using naive and simplistic methods like appending site names, acronyms, or numbers to common passwords, it uses cryptographic techniques to produce irreversible (but still repeatable) passwords. the above dossier becomes something useless to an attacker:

honda-forum.com - WQ45f(A..
beastieboyfanclub.com - #krRxl$%)
corporate-stuff.com - afG%J-4
potbellypigfarms.com - bcg5$S-R

redefining crazy

check out this nut.

When this over, the pagan part of the ceremony is over and the disco music, the dancing and eating can start.

uh. disco? your religion promotes disco? that does it.

knobbys

back on the ol' mountain bike.

i went for a ride up Poly Canyon. i got lost, jumped about a dozen barbed wire fences, almost spooked a few herds of horses, got stared down by one particularly big horse (then rode the long way around him), rode through countless cow patties, climbed some serious hills, almost stacked coming down those hills with tired legs and worn-out brakes.

felt great when i got home. a bit muddy, tired legs, heavy lungs. took a cool shower and laid down to read. got about ten pages out of "The Martian Chronicles" before i passed out for a good hour. awesome.

note to self: do that again, but try to fix up the bike first. and bring the camelback again. that was key.

internet is the new cable

watching this video about yahoo's past, present, and future, i picked up on an idea of Terry Semel's regarding contrasting Cable television and the Internet.

when HBO first started, they had to purchase all their content and distribute it for a subscriber's fee. eventually they got some content "exclusively" ("see 'Splash' only on HBO!"), and more recently they have developed their own premium content (Sopranos, Sex and the City, etc).

The idea is that at first, companies like yahoo simply delivered content (search engine, advertisements, etc), with a little bit of premium content (yahoo games, fantasy sports teams, etc). their goal was to get more people to become Yahoo users.

currently people use yahoo because it is not only an easy way to get to the third party content they desire, but because Yahoo is the only one with a certain piece of content, or the cheapest place to get it. eventually it will be that you use Yahoo for something that is totally Yahoo-specific. (yahoo mail is not yahoo specific, i can get free webmail at several places, hotjobs is not yahoo specific, etc). developing this product that will draw users simply through its existence solely on your site is the trick.
that's the next killer app.

just think of how many people subscribe to 24-hour HBO just to watch the Sopranos once a week. thats where you make money.

back on the bike. hopefully.

i need to get back on the bike. that is, i need to start riding more than my daily one mile to and from campus. i got a map from a SLO bike group (im not sure which) that reminds me a lot of the map i got when i first started riding in SB.

im obviously feeling the urge because of my recent trip to Austin, seeing people race, fit people. i don't really feel the motivation to go out and train for triathlon, so i think i should find some good local trails and become a mountain biker (again). those hills can really work you, plus its a lot of fun. less car exhaust or potential to get run over and more trees, creeks, and mud. well, creeks and mud in places where it actually rains, unlike here. so im looking for trees, dirt, and dust. or something.

anyways, i've also realized that i don't have to allocate a full two hours or so to train like i used to. instead, i should just go run for 30 minutes and get it done with. i'll be happier, fitter, and spend less time watching TV. which would be nice.

a texan weekend

i spent the weekend in sunny wonderful interesting Austin, Texas (home of Lance) for the first leg of the Balance Bar Adventure Race Series, Adventure Sprints.

this is my other job, but i kinda wish it were my real job. i'm the timing director for the sprint races, which means it's my responsibility to make sure that every team's time is recorded accurately and published onto the web ASAP. i handle the race database, making sure the racers are in the right categories, that their names are listed correctly, and their time is associated with their team name as they cross the line. its really not that hard of a job in that respect, but it is still challenging.

its not often at my real job that i find myself dehydrated, running across wooden structures, avoiding fire ants, building mud pits, or managing volunteers. those are the parts of this job that i love.

it is such a dynamic environment and each member of the crew is hard-working and ready to help each other out for the sake of the event. as the Timing Director, it is not in my contract to carry wood scraps to the dumpster, or to push athletes up a 20-foot wall, or to help hold down a giant tent as the wind tries to uproot it, but those are exactly the kind of things that everyone is expected to do, that everyone loves doing. it is just so much fun. if i could do this year-round, i would in a heartbeat. maybe i should move to Colorado or Oregon, maybe that would help things along.

in case you were wondering, the results for the Austin race are here.

finally, an awesome HCI product for the masses

after looking around a bit for cool iSight related products (i didn't have to look too hard), i ran across ToySight. check out their video demo here.

i installed it and played the demo. pretty dang cool.

(by the way, HCI is Human-Computer Interaction, a branch of computer science devoted to getting rid of the mouse and keyboard ;) )

RSA speech review

it seems that its good to hear from the implementors of RSA.

skip the first half. the bottom is a bit more interesting. best parts:

reports from the Department of Justice show that no federal wiretaps encountered encryption in 2002. In state and local jurisdictions, investigators encountered encryption in 16 wiretaps out of approximately 1,300 cases; however, in none of these cases did encryption interfere with the ability of the investigators to gather the evidence needed for prosecution.

“Cryptography is typically bypassed, not penetrated.” He said he is unaware of any major, world-class security failure in which hackers penetrated systems by using heavy-duty cryptanalysis. They usually use much easier methods.

ichatting (AV)

we've had an iSight in the office for some time now, but its been sitting on an unused computer. just sitting there.

so today the professor who bought it (the local Mac zealot) said "you can just put the iSight on your machine if you want, oh and here's an attachment if you want to take it home and use on your new iBook"

so the image is my very first AV chat (with the very same prof). cool stuff.

---

on iTunes: Yer Blues by The Beatles

sasser worm causes DoS

the latest worm to hit the internet has had a horrible side-effect on the internet, that is, it has effectively DoS'd all internet news and security update sites.
want to know about recent developments in p2p? gotta wade through the sasser-fest first.
even want to learn exactly sasser is? you have to find which one of the zillions of posts has any kind of useful information (tip: it is article number [one zillion minus one]).

ugh. i hate these trends in online publishing. it reminds me of People magazine ("bennifer! bennifer! brad and jen!")