Gessel On…

If not in all circumstances at least for anyone who wears a black shirt and doesn’t enjoy having their ass randomly sprayed with toilet water.

I recently ran some updates on my FreeBSD server and ran into a problem that resulted in the following error in /var/log/maillog

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

The update process tends to kill saslauthd which will generally restart itself properly on reboot, but if you’re in the middle of a long rebuild and need to restore mail service quickly some or all of the following may help:

/etc/rc.d/inetd restart
/usr/local/libexec/courier-imap/imapd-ssl.rc stop
/usr/local/libexec/courier-imap/imapd-ssl.rc start
/usr/local/etc/rc.d/saslauthd stop
/usr/local/etc/rc.d/saslauthd start

Some very clever people have figured out how to create an exploitable real world MD5 hash collision.  It is interesting work and suggests that the value of an MD5 signature to verify a certificate is lower than intended.  In the end the work shows it is possible to spoof a web site in such a way that a browser’s normal security features for detecting false websites are defeated.  But does it really matter?

That presumption, that a CA would be meaningful in preventing phishing or redirection or whatever by uniquely identifying a site as belonging to the entity in question because the user trusts the domain name, is prima facia absurd.  Would you even think about going to www.bofa.com instead of www.bankofamerica.com or whatever?  I wouldn’t; most banks would buy every variation of their name including common misspellings (www.bnkofamerica.com?), so that a misspelling seems to work wouldn’t surprise me at all.  That a misspelling gets a cert thus means nothing either.

Further, what do you do when a cert fails, for example if the CA can’t be identified or the cert is expired or whatever?  Do you back out of the transaction and call the bank to find out what’s going on?  Do you think you could ever reach anyone at the bank who knew?  Send them an email? (which would probably go to the fake bank anyway).  I just accept the cert and move on.

Since CAs and certs are already a complete failure as a proof of identity mechanism, MD5 signature spoofing is also irrelevant for the vast majority of users.

HTTPS is useful for encrypting traffic.  It shouldn’t be used for anything else.  The whole signed CA/Cert thing is an impediment to this useful function for a useless feature that is merely cryptographically entertaining.  Google’s and various browser mechanisms to identify malicious sites are far more effective, although a few users are likely to get scammed before the fraud is identified.

The movie What the bleep do we know is a pseudo-scientific exploration of using quantum mechanics to justify a human potential-like pseudo-religious concept. I have an undergraduate degree in physics from MIT, and so I recognized a lot of the arguments as absurd immediately, but I reached the limits of my depth, particularly on the history of QM in this argument. Most, but not all of the concepts could be easily refuted from an undergraduate understanding such as mine, some seem to require more depth. But the practicing physicists I reviewed my answers with seemed to think they had nothing useful to add to the discussion, in part I suspect out of the still-somewhat-in-vogue idea that the best way to confront anti-scientific ideas is to ignore them, viz the debate over intelligent design (which I think, personally, the flying spaghetti monster settled.)

(more…)

For the last year or so I’ve been waiting for the acceleration slidewalk at the Toronto Airport to open. One day last March I saw it running, but never since. It works a bit like an acceleration ski lift. The hand rests and the tread expand for the first 10 meters or so of the slidewalk as it starts, moving faster as they expand. It looks like it runs about twice as fast as a regular slidewalk - nearly a jogging pace. At the end it slows down as the treads compress into each other. I can’t wait until it opens.

Acceleration_Slidewalk_YYZ.MOV

I noticed that postie was doing a terrible job at resizing images.

It turns out that the default GD library isn’t super good at resizing - it does a simple subsample and the result is quite jaggy (see the GD version of this image in this post)

I think the version above looks a lot better. It should have been as easy as just turning on the “use ImageMagick” function in the postie config, but it wasn’t that simple. Two files were not where they were expected to be. The easy one is “convert” which postie expects to find at /usr/bin/convert, but under BSD is actually at /usr/local/bin/convert. This isn’t a big deal as there’s a config option to point postie in the right direction. A bit harder is ImageMagick identify which postie expects to find at /usr/bin/identify, but for which there is no config entry.

The fix for BSD is to edit around line 1768 of postie-functions.php and change /usr/bin/identify to /usr/local/bin/identify before the first run or by resetting postie to defaults. If you’ve already installed postie and don’t want to reset the defaults you may need to edit the postie config database (I did) using, for example, PHPMyAdmin and set the value of IMAGEMAGICK_IDENTIFY to /usr/local/bin/identify.

And thus one gets nice, pretty postie thumbnails.

A friend of mine recently sent me a link to a panoramic photography product under development. The sample picture they showed was from burning man and the sight reminded me of a company I started way back in 1997 or 1998 with Steve Schaffran, my brother Dan Gessel, and Ken Peters. Steve did most of the business work, Ken built the circuit, and my brother wrote a stitcher application and a fast viewer in openGL.

We made a couple of panoramic tripod heads together: an automatic one and a manual one. They were designed around the old Kodak DCS 120, a camera with a full MegaPixel of resolution.

The manual version was an indexing head that held the camera fairly rigidly and had a kinematic indexing table so that index points were, in theory, subpixel accurate. Of course that depends on the stability of one’s tripod (something we did not, alas, address).

The automatic version had a similar indexing head, but was driven by a small gear motor. The system ran on 8 AA batteries and communicated with the camera via the serial cable. There were two modes: high and low resolution.

In high resolution mode the circuit would tell the camera to zoom all the way in and then start indexing and taking pictures at each point.

In low resolution mode the circuit would zoom the camera all the way out and take a picture every other index point. We had considered doing 3 modes (with a 3x zoom lens) but the camera did not (primitive device that it was) report the actual zoom so there was no way to seek a point other than the ends.

Like the gigapan project, I found burning man an interesting subject… but that was a decade earlier and the crowds were a lot smaller.

Our camp (dis.org) was, that year, exiled some distance from the main camp, but that is a whole different story.

Why do people use windows for embeded applications? It sucks and costs money! How stupid can you be?

New Scientist had a good article in the 10 April 08 issue about the formative books of the youth of 17 leading scientists. I found the most compelling Sean Carroll’s recommendation of One, Two, Three… Infinity.

It reminded me of a book that I remember reading in 4th grade that had a huge influence on my development: The Curve of Binding Energy.

I was already interested in nuclear physics and was motivated to read it. I think the book either inspired or reinforced many things that have become central parts of me; in particular an appreciation that understanding how things actually work gives one the ability to manipulate reality in a way that people who are less aware of how things work expect. Understanding things is lifetime power and (ever more importantly as I get older) a source of amusement. It illustrated how much fun being able to solve problems could be; the subversive (not merely empirical) value of knowledge.

I also learned how to make a mediocre nuclear weapon. Something that has made me a bit of smart ass ever since: if you know how to make the most fearsome weapon on earth it’s hard to be too intimidated. I wrote a paper in 9th grade describing how to build a weapon based on what I remembered from the book. About that time a student at Princeton got a lot of press for making a model nuclear bomb but using toothpaste instead of U-235, coincidently reinforcing my sense of significance.

After high school and after working as a programmer at a health physics company for a summer (and spending some formative time at a nuclear physics lab at U-Penn in grade school) I was one of a small number of nuclear engineering students on the fusion track at MIT. The Curve of Binding Energy inspired a love and appreciation of Nuclear Physics (and a sense of knowing something special) that only an act of congress could crush. When I was a freshman congress canceled funding for TARA, the tandem mirror experiment at MIT that about half the grad students I had just met were working on. While I dropped my FORTRAN efforts in support of FULIB and turned to robotics and eventually computers, I still ended up getting a degree in physics, course 8, not too far in practice or theory from course 20. And in no small part thanks to John McPhee and Ted Taylor.

Some pretty FEA output for DVR’s Parkfield project.