Subscribe to the RSS feed: RSS feed icon

More secure than my bank’s web site?

Someone once said – and I got this quote from the computer game Sid Meier’s Alpha Centauri, so I’m not sure if they got it from elsewhere – “The pinnacle of military deployment approaches the formless, for if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it.”. I would modify that wisdom to apply to information security: The pinnacle of secure information is the nonexistent, for if it is nonexistent, then even the deepest spy cannot leak it nor the most talented cracker steal it.

I mentioned in a previous post that I was setting up a new web site, dragonsmoke. I set it up because I want to run my own web server at home. Like much of what I create, the final product (the content being served) is less important than the process of creating it (setting up a secure server).

I have been using various automated testing tools to harden my server’s security. The first one I discovered, and the one that has been most helpful so far, is Qualys SSL Labs’ SSL Server Test. I have taken a repetetive-testing approach to web site security: first I got the site running with a Let’s Encrypt HTTPS certificate, then I ran the test, then I fixed whatever it told me to fix, then I ran the test again, and so on. Now I have an A+ rating on that test. A+ is great, but I want perfect.

Out of curiosity, I also ran the SSL Server Test against my bank’s web site: its overall score was identical to mine, A+ but could be better. I did notice one small area where my site did better: On the advice of security expert Steve Gibson, I use OCSP Must Staple. I can see no reason not to; it’s so easy to set up.

I think my score will improve slightly when dragonsmoke gets added to the HSTS preload list. I’ve submitted it for inclusion, now I just have to wait.

The second automated test I discovered was Observatory by Mozilla. It recommended some HTTP headers that I’d never heard of before, which I could configure my web server to send. So that’s a plus. Now dragonsmoke has an A+ rating here too, but again not a perfect score.

I’ve put all this effort into encrypting connections to my web site, making it really hard for any MITM to see or modify any of the data sent between client and server. The most important step in creating information security is not the encryption, though: it is the data itself. The less data there is, the less likely it is for important data to leak. I know that a bank may need to send and receive lots of potentially interesting data: credit card details, names, passwords, PINs, phone numbers, you name it. Dragonsmoke does not need that info, so it provides no means for users to enter that info. No data is collected at all. That is how I know that my site is more secure against data theft than my bank’s site.

I still want perfect scores though. Just because my site is small and niche does not mean I will settle for less.

I love multiple monitors

I got a new monitor today (well, actually a few days ago, but today I put it where I want it).

I heard somewhere that people of my generation (I forget what we’re called, the generation before the millennials) have on average two screens in use at any one time: perhaps a TV and a PDA, or a computer with two displays. I, right now, have four. Plus two more that could be turned on if I wanted to.

  • In use:
    • 1 new 27-inch widescreen LCD computer monitor
    • 1 old ~20-inch 4:3 aspect ratio LCD computer monitor
    • 1 17-inch laptop LCD
    • 1 ~5-inch PDA
  • Not in use but visible from where I’m sitting:
    • 1 old ~21-inch 4:3 aspect ratio LCD computer monitor, currently hooked up to a Raspberry Pi
    • 1 6-inch e-reader

Just a few years ago, I could barely imagine using more than one screen at a time. Now four feels comfortable. Soon I will want more.

Crowdfunding projects I’m backing

As the end of the month, thus payday, approaches, it occurs to me that I’m backing an unusually large number of crowdfunding projects this month. I love crowdfunding: it’s a way that I as a consumer (I can be a consumer when I want to be!) can get a little influence over the products I buy: I spend money, perhaps a bit more than I would at a store, and in return I get the ability to communicate directly with the creators whose products I’m going to receive. Sure I am but one voice among many, but before crowdfunding it was hard to even have a voice. Plus I get the satisfaction of finding and funding products that either never existed before, or were previously too niche to be sold anywhere.

Most of these this month are on Kickstarter. Here they are, in no particular order:


System Shock

System Shock -- Kicktraq Mini

I have fond memories of playing the original System Shock even though I only bought it last year. It stands the test of time thanks to an incredibly well written story, a dark and foreboding atmosphere  (not easy to achieve given the graphical limitations of computers in 1994!) and a truly terrifying villain. I refused to buy System Shock Enhanced Edition because it’s Windows only. With this Kickstarter-funded reimagining of the game, Linux support is the first stretch goal and I have no doubt it will be reached.

Link to project


Zed

ZED -- Kicktraq Mini

Another game I’m buying due to nostalgia. I love the look of Myst. I love first-person adventure puzzle games. This is made by one of the same people who worked on Myst. Plus the downloadable demo supports Linux (but no promise that the full game will).

Link to project


Legendary Showdown: Gamer’s Quest

Legendary Showdown: Gamer's Quest -- Kicktraq Mini

I’m not that into card games, but I am into the comic Ctrl+Alt+Del. I’m really buying this for my brother since this looks like exactly the kind of game he’d enjoy playing. I’ll make it a birthday or Christmas present, depending on when it arrives. I know the estimated delivery date is October, but my experience with crowdfunded projects is that those date estimates are totally unreliable.

Link to project


SilentKeys

SilentKeys: A Keyboard that Protects your Privacy & Security -- Kicktraq Mini

Any hardware that attempts to protect your privacy and security gets two thumbs up from me. This is the only project that I’m funding with no expectation of reward.

Link to project


Earth-friendly EOMA68 Computing Devices

Sorry, no graph for this one!

I have to admit, I’ve never heard of Crowd Supply before. I’m a little teeny bit worried about leaving my debit card data with them, but it’s worth the risk to support these earth-friendly computers. Plus they say they expect their Libre Tea Computer Card to earn the Free Software Foundation’s Respects Your Freedom certification. It hasn’t been earned yet, but the fact these guys are even trying speaks volumes.

Link to project

Thinking myself into a high

So I think I’m thinking myself into a high not unlike that provided by marijuana. I mean, Mary J. makes it much easier to get high, and you definitely get higher, but similar effects can be achieved just by getting into the right state of mind. I’m on a totally natural high right now and I just felt this compulsion to start typing my thoughts. I’m so glad I learned to touch type; it’s much faster than hunting and pecking.

My thoughts are definitely going a bit faster than normal. This is one of pot’s most common effects.

Another effect that I have experienced on pot is the “choppy frame rate” effect – that is, your sense of time is so distorted that you perceive the world as moving in a very choppy way, like those old films Thomas Edison made on his early hand-cranked film cameras. What seems to set me apart is that this effect happens when I’m walking – and then I turn around, and in my mind’s eye I ‘see’ glowing after-images of all the frames I just experienced, in 3D space. I see myself and my friends, snapshotted every second or so, trailing off into the distance.

Which brings me to… well, this. What I like about pot, and what took a lot of getting used to at first, is this sensory effect that I liken to a mirror. It’s like, Mary J. holds up a half-transparent mirror in front of your face so that half of what you perceive is real visual information (coming from the external world) and half is a reflection of yourself. The challenge, for people who aren’t used to being high, is in learning to differentiate which is which. These reflections can be very surprising, and startling for those who don’t know to expect them. The sensory mirror can be a useful tool for self-reflection.

Pot’s sensory mirror doesn’t just apply to your sense of sight, but to all senses. Sight, touch, taste, even balance. I remember one high – probably my second or third true high – where I didn’t trust myself to stand upright and thus was forced to crawl on hands and knees for a few minutes. While I knew logically that I could ignore the imagined reflection and force myself to focus only on my real sense of balance, it was just easier to crawl.

You really do have to pick your location carefully when you plan to smoke pot. Your personality – even when not high – changes radically depending on where you are, who you’re with, what time of day it is, and all these other factors. Since pot accentuates your personality (it makes you more you, if that makes any sense), these differences are also accentuated.

I don’t understand people who choose to take marijuana recreationally every day. I really don’t. I use it very rarely. That way I can keep my tolerance down. Even the cheapest strains are enough for me to get really baked since my tolerance is so low, and I’m sure there’s a fair amount of placebo effect going on too – I’ve already mentioned how I can just think myself into being somewhat high. Actually smoking pot recreationally is the kind of thing that I think should be a rare experience, perhaps a reward for achieving some goal in life, or something you do with a friend you haven’t seen in a long time. It should not be an everyday occurrence – if it is for you, then you need to find a hobby or something.

A piece of advice for newbie pot smokers: Do your research. I think that’s one reason I’m writing this blog post, to document my overall impression of pot. You absolutely do not want to try cannabis without first learning what to expect. If you have friends who smoke, attend a few smoking sessions just so you can see what it does to them. Read experience reports on Erowid like I did. Search YouTube for “marijuana first time high” or “what it feels like to smoke pot”.

I also recommend keeping a computer or some other recording device easily accessible. Video cameras are good since you can just turn them on, hit record, and forget. This might make you uncomfortable since you’d be documenting the fact that you’re high as fuck, but I think it’s worth it. I’m personally very comfortable typing, so my laptop is my device of choice. The reason I recommend this is so that you can make note of any important or funny thoughts. That is, at least, if you can keep them in your mind long enough to put them into words. My friends and I, when we get high (naturally or via pot), often find ourselves writing down things that one person said (not realizing they said it in a weird way) and another person thought was really funny. Out of context, these writings make no sense, but it’s exactly that randomness that makes them fun to read later when you’re sober. I’m laughing out loud right now reading near-nonsense from years past.

This is what free/libre/open source is all about

This is what free software and free culture are all about: the process of invention, of taking existing things and using them in novel ways that the previous inventors never even dreamed of.

"Here we ask those what if questions, and we are free to imagine what the answers look like. We're encouraged to look around us at the things that exist and imagine how we could make them better, how we could take them to the next level, how we could transform them." -Naomi Novik
“Here we ask those what if questions, and we are free to imagine what the answers look like. We’re encouraged to look around us at the things that exist and imagine how we could make them better, how we could take them to the next level, how we could transform them.” -Naomi Novik

This quote is why I do Open Source

This quote – I don’t know how I originally found it – is one of the reasons why I got into Open Source. I remember, several years ago, printing it out and putting it above my bed so I would always have this reminder of why a good person does what he/she/xe does.

"Before our white brothers came to civilize us, we had no jails. You can't have criminals without a jail. We had no locks or keys, and so we had no thieves. If a man was so poor he had no horse, tipi, or blanket, someone gave him these things. We were too uncivilized to set much value on personal belongings. We wanted to have things only in order to give them way. We had no money, and therefore a man's worth couldn't be measured by it. We had no written law, no attorneys or politicians, therefore we couldn't cheat. We really were in a bad way before the white men came, and I don't know how we managed to get along without THESE BASIC THINGS" -Lame Deer, Seeker of Visions
“Before our white brothers came to civilize us, we had no jails. You can’t have criminals without a jail. We had no locks or keys, and so we had no thieves. If a man was so poor he had no horse, tipi, or blanket, someone gave him these things. We were too uncivilized to set much value on personal belongings. We wanted to have things only in order to give them way. We had no money, and therefore a man’s worth couldn’t be measured by it. We had no written law, no attorneys or politicians, therefore we couldn’t cheat. We really were in a bad way before the white men came, and I don’t know how we managed to get along without THESE BASIC THINGS” -Lame Deer, Seeker of Visions

This is how you design a remote!

My family has a bunch of old VHS tapes. Shelves full of them. Most or all of the tapes are TV programs that my mom mostly recorded and then forgot about never bothered to watch never got around to watching. Most of those have labels, and most of the labels are mostly accurate.

So, this year we as a family have made a point of watching our old tapes while we still can. By “while we still can”, I mean “while we can still obtain a working VCR without having to ship it from Lower Slobbovia”. It’s 2015, almost 2016. Who even has a VCR, let alone a working one?

We used to have VCRs. They’ve all died of old age, one by one. These last few months we’ve been using one that used to belong to my grandma. It’s on its last legs. Can’t even get color, except red for some reason.  No way to adjust the tracking: the original remote was lost long ago, and the universal remote we’ve been using doesn’t have tracking buttons. We’ll be taking it to the recycling center tomorrow.

We got two used VCRs for Christmas (in case one doesn’t work). I’ve just hooked them both up. They both work perfectly!

And now to the thing that inspired this post: the remote control. One of our new VCRs came with the remote pictured:

A VCR remote with extraneous buttons hidden behind a flapThis is how you design a remote! Notice how the four most-used buttons – play, stop, rewind, and fast forward – both visually stand out and are easy to find with your thumb due to their large size. Slightly less important buttons – such as power, pause, and record – are also easy to find (though I wish the pause button were bigger and more centrally located). Infrequently used buttons – menu, display, and so on – are present when needed and not hard to find, yet putting them behind the flap makes it immediately obvious that these buttons can be ignored if all you want to do is watch a freaking video. Genius!

It is often said (by my dad) that computer hackers (like me) need to learn how to make interfaces that are actually useful, not just pretty looking. I agree. So, when I encounter something that I feel is an exceptionally good design, I will try to post about it. The above remote design makes using the VCR’s basic functions quick and easy, while also making it obvious where the advanced functions can be found.

Stay happy, stay free, and don’t forget that you don’t need to be a consumer.

Later.

Holiday traditions

December 1-24

Christmas movies every movie night (movie nights being Fridays, Saturdays, and any vacation days we get off work). We take turns choosing which movie to watch each night: Dad would choose one night, Mom the next, me after that, then finally my brother Charles. Movies we see almost every year include Ernest Saves Christmas, National Lampoon’s Christmas Vacation, It’s A Wonderful Life, and one or more renditions of A Christmas Carol (Scrooge is a favorite). No Christmas movies allowed after Christmas.

Any day in December

Christmas potluck with extended family on my dad’s side. This doesn’t happen every year because nobody wants to go to the trouble of organizing and hosting the party. Adults and children bring gifts. Children’s gifts are for specific other children (decided randomly some time before the party, to allow for shopping time). Adults’ gifts are generic, to be piled in the center of the room for a white elephant gift exchange. Our white elephant gift exchanges involve playing a game – decided upon by the party’s host – where the winner gets to either open an unopened gift from the pile or steal an already-opened gift from any previous winner, in which case that person must choose a new gift from the pile. The game repeats until everybody has won. Nobody is allowed to win more than once.

Mom bakes various types of cookies. Peppermint puffs (recipe coming soon!) are an old family favorite.

Winter Solstice

Charles and I each open one gift, chosen by our parents. Due to the extensive re-use of wrapping paper, we both often had two or three gifts with “winter solstice” written on them. It was therefore a bit of a crapshoot whether we would get the one gift that was actually meant to be our WS gift. We’ve stopped doing this now that Charles and I are grown up; it was really just a way to keep us kids pacified until Christmas.

Christmas Eve

Dinner is simple: nachos and cheese. Later, before going to bed, we would all gather near the tree and read A Visit From St. Nicholas The Night Before Christmas and other Christmas stories. When Charles and I were little kids, we would leave a plate of cookies out for Santa. (Interesting side note: I don’t remember when I stopped believing in Santa, or whether I ever did believe. What I do know is how my parents found out that I didn’t believe: One year I decided to sleep by the tree, and they caught me eating the cookies in the middle of the night!)

Christmas Day

As kids, I remember Charles and I wanted to open our presents as early as we were allowed, which meant that our parents had to decide on a time. We weren’t even allowed downstairs before this time (the tree and presents being downstairs and both of our bedrooms being upstairs) unless we had slept by the tree, which I sometimes did as a kid to try and catch Santa. Now that we’re all adults, we still agree on a time to shoot for (10:00 this year), and the gift opening starts when we’re all reasonably awake. One person, generally Charles since he’s the youngest and most energetic, puts on a Santa hat and distributes presents one at a time. Each present is opened upon being received. Gifts marked “for the family” are given to Dad since he doesn’t get a lot otherwise (It’s impossible to shop for him! He never lets us know what he wants, instead preferring to just buy it himself).

After all the presents under the tree have been opened, Mom makes a sausage, egg, and cheese casserole for brunch while Charles and I play and Dad watches. The casserole is served buffet-style, each person taking a plate full of it and eating while we do other stuff. Part of that ‘other stuff’ is opening the stocking gifts, which we all do at our own pace whenever we feel like it.

This year I’ve proposed a new tradition: Since we all know each other so well (being family and all), I’ve proposed that we make a list of patterns we’ve noticed: types of gifts (e.g. Mom always gives Charles and me some kind of puzzle) or things that the giver does with the gift (e.g. I like to play with boxes: putting a small gift in a really large box, or putting presents in joke fake-product boxes), then as we’re opening the gifts, try to guess which ones correspond to which pattern.

Easter

As we’re searching for eggs, we find the one Christmas gift that Mom hid and forgot about. Okay, so this isn’t really a tradition! It happens just frequently enough that it’s worth including.

Tell us yours!

What kind of holiday traditions does your family follow? They don’t have to be Christmas related. Let us know in the comments!

Finished Mimi & Eunice Transcription Project

In the days since fall term ended, I’ve been keeping busy. Busy playing games, programming, basically just doing whatever I feel like. Three of the projects I’ve been working on, which I started at the same time over the summer, are Mimi and Markov, Markov Comic Generator, and the Mimi and Eunice transcripts project.

The transcript project is essentially done. I have transcribed every Mimi and Eunice comic strip yet posted online. If more comics get posted in the future – which I think seems unlikely – then I will transcribe them as well. Until that happens, nothing new will get added to my transcript project’s git repo. I might still make some changes, such as correcting spelling errors or adjusting the position and size of word bubbles.

Out of curiosity, I’ve compiled some stats from the transcripts:

Character Words spoken Sentences spoken Words/sentence
Mimi 5067 966 5.2453
Eunice 3797 767 4.9505
Label 181 88 2.0568
Onomatopoeias 101 94 1.0745
Death 28 9 3.1111
God 26 5 5.2000
Online Commenter 15 7 2.1429
Foreigner 6 2 3.0000
Unknown 4 2 2.0000
Frédéric Bastiat 4 1 4.0000
Karl Marx 2 1 2.0000

“Label” refers to text that doesn’t belong to any characters. It might be considered the voice of a narrator.

Markov Comic Generator is not feature-complete but is definitely usable in its current state. I will do more work on it, I just don’t know when.

Mimi and Markov is entirely automated; I ended any real involvement in it months ago. One of my computers automatically pulls transcripts from the transcript project’s git repo and program code from MCG’s git repo, then runs the program. Pretty simple really. The only thing I have left to do is decide how long to keep the program running. It’ll be a long time before I fill up even the tiny amount of storage space I currently have on this server.