blarg?

As a service to an infirm friend of mine, I recently had to spent some time in a Wal-Mart, and I don’t see how a human being with an ounce of empathy in them can walk out of a place like that and not be on the verge of tears.

The Wal-Mart chain is the Dresden of class warfare. The relationships between education and prosperity, between basic nutrition and prosperity are drawn stark in every aisle, so mercilessly clear that floors seem painted in the blood of the desperate and the resigned. I felt like Noam Chomsky was punching me in the kidneys. The line of doughy, slow-moving, slow-looking people queueing up to the mini-McDonalds near the entrance, the stacks of chocolate snacks and half-height cans of Pepsi destined for children’s lunches at the checkouts put a horrible gloss of inevitability over the experience that I’m still trying to shake.

There are people who protest, sometimes successfully, usually not, the impending presence of a Wal-Mart in a community, saying that it will put local businesses out of business, which it will, that it caters to the lowest common denominator, which it does, and that it will destroy the “civic life” of a community, something that’s never all that well defined, but if it means “getting out of the house, talking to your neighbors and playing some role in the fabric of your society”, yeah, it’ll probably do that too.

But none of that matters, because Wal-Mart is not the disease. Closing all of them, every last one, and all of their Price-Club, Costco ilk, would not change a damn thing. Wal-Mart is a symptom, not an illness, a very late symptom; burning them all right to the ground would feel good for a few people, for a short time, and that’s about it. By the time the conditions exist for a Wal-Mart to take hold in your community, you have already lost. Protesting the opening of a megastore is like treating malignant melanoma with makeup; all you’re doing is marching in favor of your right to keep your head in the sand a little bit longer. That store is a sign that can’t argued or denied that says “This is your fault. You’ve done this to yourself, and now here is the collective result of your decisions. Now get in line.”

Here’s the situation, if you would bear with me for a bit.

  • I’m in the last disgusting, mucus-effusing stages of an industrious cold.
  • Typically, this unpleasant rhume is right on time for this year’s competitive Ultimate tryouts.
  • Being, as I’ve been recently (and I think rightly) called, a “shit disturber”, a few days ago I went over to the OCUA‘s Open Forum and disturbed some shit.


Read the rest of this entry

It’s amazing what you can accomplish with this internet thing. Not sure about how good fingerprits, well why not, I asked myself, just ask somebody who might know?

So I e-mailed one of the world’s premier security gurus, and asked.


From: Bruce Schneier <schneier@counterpane.com>
Subject: Re: Biometrics as unique identifiers.

They're not really unique identifiers. The more research that is done, the
more it seems that they are not unique at all.

However, they are unique enough for many purposes.

Two points, then:

  • I’m now curious about where “good enough” meets “reasonable doubt”.

  • I heart the internet.

A few moments ago, the Canucks pulled their goalie, took it down the ice and tied it up with the Flames, with 5.7 seconds left.

Strangely, I think that was the first time in my entire life I’ve actually seen that play work.

Schweet Baba Jeebus, the hockey this year. Unbelievable.

Whoops, Calgary won it anyway. That was fast.

They’ve cut straight to the sports-cliches. Wow, that was fast too.

I’m reading this and that about biometrics, and I have a quick question – fingerprints, as well as every other biometric method of identification I’ve read about including face-recognition, retina-scanning, and so forth is declared to be a unique identifier; you, and only you, have fingerprints, retinas or a face that looks like that.

Well, says who?

That’s it, really. I’m hardly versed in the science, but I can’t find the bit where it says “yeah, we took several thousand people’s fingerprints, and several thousand other people’s fingerprints, and we checked partials and stuff, and yeah – it turns out they’re actually unique identifiers.” Because, apparently, that information doesn’t exist.

I realise that I’m not qualified to make broad, sweeping generalizations about an entire field, here, but this appears to be true of the entirety of the forensic biometrics field at the moment.

It seems to me that if we’re going to put people in jail for some length of time, an in some places in the world, to death, that we might want to apply some kind of empiricism to the situation.

I read a joke recently, I don’t recall where, that went something like this:

Our Hero is a devout Christian and an inveterate smoker, and one day speaking to a priest, he says “Father, I would like to be a good Christian, but I am a heavy smoker – is it alright for me to smoke while I pray?”

To which the priest replies “My son, a prayer is a conversation with God. It would be wrong for you to indulge such an impure vice at such a time.”

Our Hero thinks about this, thanks the padre and goes on his way. The next week, he returns with another question; “Father, I would like to be a good Christian, but I am a heavy smoker; is it alright for me to pray while I smoke?”

To which the priest smiled, and replied “My son, you may pray anytime.”

This rambles a bit, and it’s pretty nerdy, so if you don’t have a little bit of time on your hands, and those hands happen to be connected to a nerd or nerd-like brain by some apparatus I leave to your discretion, you should probably skip this one.

I’ve got this camera, a Centrios DSC-214, that’s apparently Unsupported In Linux®.The digital camera part works fine, like a normal USB key, but apparently there’s some magical webcam functionality that I’m naively trying to get working, and I’m getting absolutely no love.

This is part of what’s confusing me: step 1, how does USB work?


mhoye@werewindle:/etc/usbmgr$ ls
class host network preload.conf usbmgr.conf vendor
mhoye@werewindle:/etc/usbmgr$ locate usb.ids
/usr/share/apps/kcmusb/usb.ids
/usr/share/hwdata/usb.ids
/usr/share/misc/usb.ids
/usr/share/misc/usb.ids.old
mhoye@werewindle:/etc/usbmgr$ _

All of those usb.ids files are different, and none of them seem to be related to the subdirectories of /etc/usbmgr/vendor/ where the magic apparently really happens.


mhoye@werewindle:/etc/usbmgr$ lsusb
Bus 001 Device 003: ID 052b:1708 Tekom Technologies, Inc.
Bus 001 Device 001: ID 0000:0000
mhoye@werewindle:/etc/usbmgr$ _

The way I understand that this is supposed to work is:

  • I plug in the camera.
  • usbmgr realizes I’ve plugged something in.
  • usbmgr associates that device with a driver.
  • usbmgr then points the /dev/video symlink towards
  • whatever the relevant /dev/video## node is.

Then, I run my webcam programs, whatever they are, point them at /dev/video and all is right with the world. What really happens is a lot of nothing, because none of the video nodes in /dev appear to think they’re plugged into anything. So I tried this:


cd /etc/usbmgr/vendors
mkdir 052b
cd 052b
mkdir 1708

and in there, in a file called “modules”, I put the the words “usbvideo” and “spca50x”, because
I’ve found some drivers here that have consented, after some wierd Makefile-fixing, to compile themselves and allow themselves to be insmodded on my machine. Tekom’s website is horribly crippled, like someone broke a vintage bottle of Chateau Macromedia ’98 over the bar and slashed its hamstrings, but I’ve managed to extract some information from this page that I found by, we’ll, let’s not talk about that, and some prodding at the windows drivers seems to imply that there’s a SunPlus chip in my oh-look-it’s-rebranded camera.

I suppose I could put that stuff in usbmgr.conf, but that didn’t take when I tried it with some random webcam drivers just for kicks – as in “no news in dmesg”, not “I can’t edit a file” or “hey, surprise, Ooog try hit hardware with random, rock-shaped driver, go crunch fall down.”

But now, of course, because Ooog compile module against source tree with changed extraversion entry in makefile, because that’s what Ooog apparently supposed to do, it fails installation calamitously, tells Ooog his kernel is tainted and dumps a distressing amount of what appears to be binary noise into Ooog’s logfiles:

Apr 15 01:20:17 werewindle kernel: spca50x: version magic '2.6.4-MH1 preempt PENTIUMIII gcc-3.3' should be '2.6.4-1-686 preempt 686
gcc-3.3'
Apr 15 01:20:17 werewindle modprobe: FATAL: Error inserting spca50x (/lib/modules/2.6.4-1-686/kernel^@^@^@^@^@^@^@^@^@...

...for a page or three. So I may have just screwed my system for good. Woot. I'm going to have to get a clean set of kernel headers, recompile, fsck everything and keep my fingers crossed, I guess.

If you're out there, and you've made it this far, I'd like to know:

  • What's up with all those usb.ids files.
  • Roughly speaking, what's usbmgr really doing/supposed to be doing. I can't seem to find any docs on the topic.
  • Why I'm doing this at all.

This is a nice, knockaround digital camera. I like it a lot. But it would be really nice if I could get consumer hardware to work the way people who don't actually code for fun and sysadmin for a living apparently get to.

Whoops: found the joke here.

If you’re travelling with Voyageur in the near future, you should phone them about their schedules. Make sure you talk to a human, and not their automated systems, because it turns out that everything on their website is an outright lie. You’d think that if you’re going to change your schedules, you’d also change the web page people read to find out about those schedules. And, call me crazy, you’d change those two things in precisely the same way.

“When does the next bus leave for Kingston?”

“Err… tomorrow morning. At ten. The last one left a few minutes ago.”

“Uh-huh. The schedule says that it leaves in fifteen minutes.”

“Well, we change our schedules four times a year, sir.”

“The schedule on your website right now says that it leaves in fifteen minutes.”

“Well, what do you want me to do about it?”

Dear Service Industry: when you ask me that question, I am filled with rage; I know instantly that I am dealing with a complete tool.


“The bus stops at Lincoln Fields, doesn’t it?”

“Uh, yeah.”

“Get on the phone and call the dispatcher. Tell the bus driver to wait there for me. I’ll take a cab.”

“Oh. Um, Ok.”

“I’ll wait here until you hear back from the dispatcher.”

“Ok, yeah.”

… time passes. Some other office drone emerges from the back office, to tell him that the dispatcher has left a message for him.

“Sir, they said they can wait ten or fifteen minutes, at most.”

“You didn’t tell the dispatcher where to call you back, did you?”

“I…”

I guess if you’re the kind of person who can solve simple problems you’re overqualified to work in the Voyageur office.

A little over a year ago I said:

In fact, this whole thing might well be that this is what I suspect it to be, that being bald-faced imperialism on the part of the U.S., but that the practical result of it might end up being that the world is a better place anyway. The U.S. is certainly saying that they’re down with the the whole Marshall-Plan-style rebuild-and-reestablish after the war’s over, and who knows, might actually mean it. With the number of lives clearly at stake maybe doing the right thing, or at least the wrong thing with enough positive side effects, for the wrong reasons is the right way to go.

I was completely, entirely wrong. I am ashamed that I ever considered that a reasonable position. Iraq is a complete fucking disaster.

I watch the news, and I picture a slurry of crude oil, black powder, American dollars and human blood, an ocean of it, on fire. And armies of people are pouring more of the ingredients into it, trying to put the fire out.

The world will be paying for this for the next century.

On CNN right now, they’re reporting that I can build my own arcade-game cabinet, at home.

If you’re a Bauhaus fan, and you’re at all concerned about the well-being of Abe Vigoda, then you should check out this page, which contains both up-to-the-minute news on Abe Vigoda as well as one of the best parody/tribute tunes I’ve heard recently. The other one is here: you’re hearing two different Nickelback songs coming out of the left and right speakers, the funniest thing I’ve heard recently. Act surprised.

Shaver is right, it is an interesting paper, though I don’t understand why you would argue that “programming languages should be more like the languages we speak” and then go on to advocate operator overloading. That’s crazy talk; the number verbs and adjectives available wildly outstrips the number of available operators, and contain a lot more descriptive information; overloading just means that when you see thingA+thingB, instead of having to know what things A and B are, you now also need to know what + does. And when that diverges wildly from the expected behaviour, or goes somewhere where no expectation could possibly be said to reasonably apply (like, say, when you start overloading bitshift operators into stream operators) the whole thing is just a blank cheque drawn on the Bank of Obscurantism.

Ask any ESL student how much they like homonyms. Ask anyone how much they like puns. That’s what comes from the same symbols meaning different things. There are some warts on Java, for sure, but the lack of overloading isn’t one of them.

A friend of mine recently had to write an essay about a classic CS paper. I sent him here and here, but if you’re in the market for a straightforward paper that will kick your head all the way off, you should look at this.

I tried a little experiment a few weeks ago with Mozilla’s security certificates, just to see what I could learn. It turns out there’s a bunch of names on that authority list including AOL, Verisign and others, none of whom I actually put in there. Honestly, why should I trust AOL? We’ve never even met. Thawte offers a service right there on the front page that lets you confirm that they are who they say they are, by validating themselves. Verisign offers to let me sign up for a “free trial certificate”, as does BeTRUSTED. For a while, Thawte had a big label on their front page that basically said “for ten thousand dollars, everyone will know they can trust you.” “www.valicert.com” sends me to a web site that’s not Valicert at all, though they apparently still validate certs anyway.

None of these facts fill me with confidence.

And, on top of all that, I can’t revoke any of these master-certs in Mozilla proper. If you delete them in the certificate manager they just stay there. I had to strip them out of the source by hand and recompile to test it out my theory, that maybe I could get by without them, that I could decide for myself who to trust and who not to.

You know what? You can’t. And when people I do trust say that they’re uncomfortable with who’s being trusted, and people whose kung-fu is far more powerful than my own say that it’s all bullshit anyway, I’m ready to get concerned about whose trust I’m unknowingly trusting, and why.

In practical terms, after my trust-no-one, cigarette-smoking recomiple, what happened?

Nothing. Some of the sites I frequent that have a Paypal tip jar in them pop up a dialog saying that my transaction won’t be secure. That’s it. I can’t get rid of it, because in order to trust Paypal I have to choose to trust somebody else on the list, which kind of violated the spirit of the whole thing. It’s goddamned annoying, but that’s all it is.

And so I just don’t know what to do. I’d like to be security conscious, I run nessus on my machines after every upgrade, I keep track of what services are running, I check my logs. Sometimes bad things happen, but that’s life, and I fix it. But I don’t know what to do in the face of this information, given that my options seem to be “ignore it” and “no more browsing”.