gushi: (Default)
Discovered while trying to make an LJ entry from, ongoing over 24 hours.
%telnet 80
telnet: connect to address No route to host
telnet: Unable to connect to remote host
gushi: (Nevar Button)

Today has been awesome.

Going to a home party based on a totally open invite wouldn't normally seem like your idea of fun. However, that's what happened today.

On the most recent Dreamwidth News Post, one of the main coders, Mark, basically said "come and meet us" if you're in the Bay Area. I happen to BE in the bay area, so I responded. As someone who's gotten consistently more frustrated with Livejournal's ad-rot, I think Dreamwidth is something more in line with what I believe to be good about blogging, open source, and communities.

Kat was a bit nervous about my approach, but we got there, and everyone there seemed pretty awesome. It was a small but very friendly group, and I think I was one of the only "out of the blue" RSVPs. Quite a few people there were able to share quite a bit of backstory about various things, about their own feelings and hopes for the site.

Kat came away feeling like she had really met some people she could connect with. As did I. It was a really great evening.

I'd really like to be able to contribute some work to Dreamwidth, too.

gushi: (Ferret Love)

Hello, and welcome to Gushi on dreamwidth. I would have used the user-account tag for that, but I don't honestly know what the tag for it is. Using <lj-user="gushi"> doesn't make sense, does it? It does in a way, kinda, since that would make it compatible with other clients. However, I'd also like a way that I could cross-site link. I've got 300+ friends on Livejournal, and I'd like to be able to link to them there with a tag.

So, here's the big problems thusfar.

  1. First and foremost, I don't have a client for it. I'm going to probably modify jlj for this.
  2. Secondly, while there's a "reading page" here, the DreamWidth analog of your LJ friends-page, but I see no way of adding LiveJournal accounts to that page. Even if one were to add every LJ's RSS feed, that doesn't get you restricted entries. Livejournal claims that if you use an RSS reader that does digest authentication, you can read an individual journal's rss feed, but there's no way to rss-syndicate your friends page AND do authentication. So Dreamwidth would have to log in and trawl each of your friends page under your LJ account. This is probably not possible, and it certainly defeats the purpose of RSS.
  3. Third, looking over some of my entries, they just don't fit in the scaling. For example, this entry is problematic. There's a strong lack of alternative styles.
  4. While there's an import tool, there's no easy way to "unimport" things and reset your journal to blank after an import, nor to tell either via a tag or some other manner which entries were "born here" and which were "adopted".
  5. From glancing over the FAQ, it looks like there's heavy dependence on the admin_console. This makes sense, it's easier to code for, rather than trying to put hooks to do things in multiple places and multiple styles.
  6. No permanent accounts. There was a sale once, but the admins claim they will not hold another. Honestly, I believe in this project, and I want to show more support than the paid account I've already bought, but I would like to be able to hold out hope for this.
  7. No phone support. While I'm not against the "old" mode of voice post transcription, where your friends do it for you, I have literally been able to update my LJ via voiceposts from hospital rooms where I don't know if I'll survive the night. I'm not ready to give that up.
  8. No way to specify that entries are being crossposted. This entry, posted to LiveJournal, has no extra text to mark it as such (other than the tag I set on DreamWidth, "native dreamwidth entries", but that was not set in any crosspost setting, it's just a tag I set to solve another problem above.) Thankfully, it at least LOOKS like when I edit an entry here, it updates the entry on LJ as well.

Sadly, each and every one of those is a show-stopper for me. I believe every one of them is fixable, but it's going to take time.

I haven't managed to figure out yet what I will use to differentiate this between Gushi-here and Gushi on Livejournal. Right now, I'll probably be mostly crossposting, which gives no advantage to my friends to kick it over to here. I'm tempted to be better to this journal than I have to my previous: always using tags, always setting moods, and the like. Perhaps making sure each entry is written syntactically valid, in the same style, with auto-formatting turned off.

I have several invite codes available, let me know if you want one. Other than that, well, in the word of a gryphon: That's about all I have to say about that.

Ferret One Out!

gushi: (Default)

As an experiment, I stripped all my (tag:) tags out of the previous entry, and posted it here under a cut. For anyone really interested, feel free to re-read and see if things still make sense. (I noted a few specific examples in brackets where things made a little less sense, or where I left parens in because they would have been left in by a parser.)

It's under here! )
gushi: (Default)

Jeopardy is on. Kat is watching it while she cooks.

It is the segment after the first break where Alex asks the contestants about themselves.

Kat with sarcastic disdain: "Oh, I hate this part! I don't care about their lives!"

gushi: (Default)

Please comment on this entry, this is something I put a lot of thought into!

I apologize in advance to the non-programmers in the group, who just want to read English. I'm not going to talk much about unix or perl or the other actual programming languages here. What I'm looking to discuss is communications, linguistics, and human perception.

Before I get started, I've seen several humorous emails circulating like these over the years, where a person suggests lingual changes and starts using them as soon as mentioned, deteroritating the language in the essay to their satirical end. I am suggesting lingual changes and using them live, although I'm using them from the start of this entry. I hope to all of you that my result is not as unreadable in the end as some of these. If it is, you all have my apologies.

I find when writing these entries that I tend to tailor my writing for the web and more specifically Livejournal.

Most of you probably do not know that all my posts run through an awesome little filter called Markdown, which takes email-like formatting, and turns it into HTML. Things like __this__ become this. Links are very often automatic. It makes things refreshingly easy for most things. Occasionally, though, when writing something like poetry, I bypass Markdown and write the HTML myself, because HTML ignores carriage-returns. It's a case by case basis, too. Sometimes I use <i>, sometimes I just use the asterisks. Sometimes markdown gets it wrong, like when talking about the apache module: modaccessrbl in a previous post, when I typed mod_access_rbl. I had to go back manually and correct the lj entry on that one.

I should also mention that I haven't found a good word word processor for the unix shell, where ctrl-b, ctrl-i, ctrl-u act as you'd expect them to, or there are formatting menus or options. Even though I'm writing this in a livejournal client, it's really a plain text editor, most of the formatting is either left to Markdown, or myself writing the raw html in the entries.

The point in all this, is that I am already not writing, in what would be considered standard written English, as one would write on a piece of paper.

If I write a postcard to a friend, I don't put <br /> in the closing. There are, whether using Markdown's syntax, or my own, already formatting sigils in place, designed to influence how the reader will ultimately read it. It is a programming language: there are input and output and these are not the same.

I tend to write English as though I'm writing code. I put in asides, in jokes, parentheticals: the tendency is to dump everything I'm thinking on a particular subject, and this only results in more editing later. My essays suffer "feature creep". There are often things I would mention in conversation, to make a subject more clear, and in conversation, it would probably become more apparent if the person understood concepts without overexplantion, or wanted the humorous asides, or was not someone I perceived to have a sense of humor. After all, if the point of communication is to share one's thoughts, why not share all of them?

It was the goal in this entry: to leave nothing out, leave nothing on the cutting room floor, so to speak. Of course, as mentioned in the previous entry, this obscures readability.

Writing like on Livejournal is a broadcast medium. Some of you are technical, some not. Some of you get my jokes, some not. Some of you are familiar with a concept, for others, it requires explaining, and I cannot always be sure which of you have been reading for how long, so I need to make backreferences to older entries and link them. At work, there is the same problem. Some of my coworkers heard me go on about an idea for redoing a project, some not. But in an email or an LJ post, the same dataset is sent to the same people. The only other option is to write two emails, one of which will likely fully include the content of the other. The simple reason is: most people don't read as they would talk or listen. Most people aren't set to bypass and parse the tags that start with X or Y.

I've also come up with a technical, rather than linguistic, problem on LJ: there's no way to target segments of an entry to a particular class of people. Like those reading via a particular filter, or those in a specific friendsgroup.

These problems are related, and I came up with something very cool, that solves them better than LJ: Dynamic CSS.

(as an aside: for people who do not understand the power and flexibility behind what stylesheets can do for you, please go visit the web site right now. They give you a single, static, valid HTML page, and show you the different possibilities that can be done just by altering the stylesheet. In all cases, the HTML is untouched.)

Imagine if you will, that you defined () as a tag in HTML, just like <> are. Lingually, parens are pretty close to what a tag is in HTML. Except instead of telling the browser how to format and display it, you're telling your target audience whether or not to read it.

Once you formalize the parens as a tag, correctly written entries could show only the raw text to those who wanted it, or the parentheticals and asides, all by simply altering the "stylesheet". Consider that you could use (XXX:) as your tag. Which means when talking about some things that need expansion (for example: this, that, and the other thing), that's a tag that could be shown. However, when talking about more tangential topics (funny story: I once wrote a whole linguistics entry on a tangent), such things could optionally be omitted by the parser/displayer. It's already in somewhat-use. (For example: I'm sure other people have written with this "tag".)

Your audience could choose which format they're most comfortable reading. You get the benefit of knowing that your thoughts are out there, and if your audience understands you, tends to follow your particular mode of thinking, they may be able to safely turn off tags (like: (e.g.:) or (i.e.:) but may want to leave others on. (Such as: (humor:) or (tangent:).) It makes me a stronger writer because it forces me to identify such behaviors, but at the same time, lets me continue writing to a level of technicality I want. (for example: I could define tags like (technical:) and (reallytechnical:)). All my writing would go through an additional filter that checked for unrecognized tags, and would allow me to add them to the stylesheet, or alias them to others (For example: (e.g.:) may be aliased to (for example:) or (example:)).

One more semantic is that in writing such a parser, it makes sense to define a tag to include the trailing space before a paren, so that if a tag were omitted by the parser, sentences would still end with a period directly following a word (such as: this one).

Nested tags would not be parsed. Parens without a colon-tag would be passed-through as-is, although might optionally trigger a warning in the parser. Perhaps this would require "real" parens to be written as "(:whatever)" to indicate a null-tag, but probably not. After all, there are cases where you need normal parens. Either when quoting original source that contains them, or in situations like: Sen. George Johnson (D, Kansas), or typing out equations.

The goal of this is that the language would be still parse completely validly, and be completely readable and syntactically valid either with or without the tags.

To be completely geeky, I should be able to take this whole entry, put it in a text editor, and find-and-replace the perl regular expression "\s\x28.*:.*?\x29" with "nothing", and it should all make sense. It may need a little more logic than that to handle nested tags, though. Note carefully the \x28 and \x29 are the parens, in hex. Otherwise the expression itself would not survive the substitution. But because I put them like that, anyone else here can try it with a smart enough text editor that understands wildcards, too. (aside: I should probably invite [ profile] calmingshagoth to come up with a better regex, or just tell me outright it's not possible.)

They may make concepts harder or easier to grasp, but they let me write to multiple audiences as well. Like all standards, this entry is actually written in it. (aside: the author of Markdown wrote their documentation in Markdown's own format.)

For those who understand the C programming language, this is entirely like a lingual #IFDEFINE. Most programmers consider them to be somewhat "dirty", but very often they are the only option when writing or adapting code that needs to be understood by a wide variety of systems of varying age and standard. (humor: Gee, look where I work!)

As stated before, LiveJournal suffers an issue like this. There's no easy way to address people reading via a specific filter, via a specific page (for example: reading an entry directly on its own page as opposed to your recent page or even their friends page), or a person who meets certain lists.

Livejournal could certainly benefit from this. "I am pregnant. I don't want to discuss the sex of it publicly. (friends: It's a boy!!!)". Livejournal has already caused users to learn a subset of HTML that only works on Livejournal, and even then somewhat inconsistently. (ranting: Why is it that LiveJournal can't just send me an email when I post an entry with "irreparable markup"? LJ's behavior is to spew out the RAW html to my friends list and say "owner must fix". Wouldn't it make more sense to put broken entries behind a cut, or set them private?). On livejournal specifically, you have certain things defined: you know who is reading, people are usually logged in, and they could have the ability to set preferences for which of a person's lingual tags they want to read.

Imagine for example the following text on LJ: "I was in san francisco this weekend (friends:at the folsom street fair!), and it was awesome. I met up with my friend Jeff (interest=furry:[ profile] aatheus) after that." One sentence. Four distinct targets. This is more complex because it requires the LJ framework to work, and isn't readable in standard English, but that's the point. I don't write <lj-cut> when I run out of space on a postcard! I don't use "@jacel: thanks for the compliment" on LJ. They are different media, and can afford to have different syntax. At the very least, such a concept could make people smarter about saying things that could get them into trouble. (aside: anyone remember Jag's ban from Anthrocon and the whole room 909 problem?)

In conclusion, English is a fluid language. It evolves over time. Unlike HTML or CSS or C, there's no standards body to determine how it's to be used, parsed, and worked. I don't know if it will ever evolve to the point where people will write in this syntax constantly, or where people will be able to constantly read and expect this raw syntax. However, in the case of Markdown, it evolved from a pragma people were already using: the way we had adapted a plain text medium to carry formatting information. And while Markdown is relatively new, that concept, within email, dates back long before HTML was invented, let alone was possible in an email. (aside: You can blame Microsoft for that one).

If I ever get around to writing my own blogging software, there's one more feature I would put that is complimentary to this, but that is to be discussed in a different entry, as I'm trying to strongly embrace the one-concept-per-text rule, both for the sake of brevity, as well as to give each concept the attention they deserve. After all, if I believe in these ideas, I owe them that. (sarcastic: And yes, this has all been all one concept.)

One last thought, added after I posted this: I somewhat-intentionally overused these concepts here as an illustrative point. I doubt in regular writing that I would do so, but part of my goal for this was to allow me to integrate stream-of-consciousness writing. Even with the tag format, there's still a balance.

Once again, comments extremely welcome.

gushi: (Default)

aakin: hey.. up for giving me some creative feedback? me: you mean by that, feedback on your creative efforts, as opposed to formatting my own feedback with glitter and macaroni pictures, right?

gushi: (Default)

Language is an important thing to me.

I have a few language problems in my writing style, and I feel they reflect flaws in my thinking style.

Specifically, I tend to interlude heavily in standard writing. I tend to insert references, or jump to asides. I tend to use commasplices, even where correctly done, in sentences that don't need them. For example, a "correctly done" commasplice is where the segment between two commas can be removed and the sentence will still make sense, such as 'even where correctly done' in the previous sentence.

I think more quickly than I can write, and I struggle to get my ideas down on paper.

I tend in email communication to make messages far longer than most people's "tl;dr" filter (too long; didn't read).

I've done a few things to combat this, especially at work:

1) At my manager's insistence, I've turned on the pine option "do not send flowed text", which means basically that my email goes out hard-wrapped wherever the composer wraps it. Apparently I am the only person whose email goes all the way across the screen, otherwise. Now, in my brain, that would mean "your window is the wrong size, then", but he's the boss. And pointing out that my mailer, in doing so, was complying with RFC 3676 didn't seem to help. The net result of this is LESS of one of my emails fits on a screen, which makes the next steps more of a challenge.

2) I started using my screen length, which varies depending what system I'm on, as the delimiter for if a message is too long. If it goes beyond screen-length, I seriously consider scrapping it and start over. This isn't a hard and fast rule, but I've discovered some things about people:

  • People are more likely to read something through if they see your signature as soon as they start reading.

  • People aren't in the same frame of mind I am, not thinking the same thoughts along the same lines: if I've forced them to scroll down, this means what I've previously said is off-their-screen, and will be when replying as well.

  • People only tend to grasp one concept per email. If I sent a 10-screen email about various projects I want to do, breaking them all down, it's less likely to get read than if I had sent ten emails, and cautiously timed them throughout the day.

  • The length of your message is inversely proportional to the number of completely-relevant responses you will get (i.e. responses which address all points you have made). I think I can prove this by the number of responses I will get to this entry, versus me making a post where I simply say something short and meme-like, like "Gushi can't enjoy his sandwich". Now, in the corporate world, it's more important. I write messages because I need people to understand why I'm about to do something, why I need to take a server offline, why I need to spend money.

  • The last rule above is less true on my blog. I love knowing people read it, and I love feedback, but I fully expect that the people who will understand everything I write is a subset of the total readership: i.e. on the blog it's more about "get your thoughts out" and less about "make people want to read your message".

3) I worked quite hard, at least in corporate mail, to reduce or eliminate a few overused standards I love:

  • Ellipses I love these things, but I'm trying to mentally...train hear william shatner...when I read them. I tend to use ellipses when I'm unsure of a concept, or when a concept is...not quite right...almost like another problem.

  • Parenthetical asides and other things like footnotes. They basically are the universal symbol for getting off topic for a short while. (All of family guy's humor is based on this concept. See?)

  • The em-dash I don't abuse this as much as I used to. I tend to use it more abusively in fiction -- where I'm trying to describe the stream of consciousness inside a character's head. I guess this means I tend to think in em-dashes. It makes sense.

  • Emoticons and humor. I'm a geek in a company full of geeks. I tend to be laid back, but I need to try and communicate more seriously. I suppose a part of me feels this is necessary as I'm in a new-ish situation at a new job, and I perceive a lot of people as a bit uptight, and don't know them well. I guess in a widely-geographically-distributed company I'm trying to impart the same level of relaxation and gregariousness I'd show in person, but the analog is less than perfect, and I feel it might make me seem less than professional.

Like the "length" rule above, I tend to think the last one is less true on my blog as well. An emoticon can mean the difference between lawsuit-angry and bofh-angry. But being more aware of it in general is not a bad thing.

I find becoming conscious of the above helps me be aware of it. I'm not trying to stop using them entirely, just to realize that if I'm using them, I'm losing the message. I mean, they have their place -- all punctuation does. (Doesn't it? I'm not sure...) Sorry, unavoidable.

4) Syntax checking. As I tend to write in a technical sense, and in a harried fashion, I notice a lot of times where I'll do something like:

We need to check for this syntax (like we did on that other thing, which is important all the time (except in case X)

See above? It's the desired format. It gets the information across, and yes the parentheses are necessary. But just like in programming, it fails to parse because there's no secondary closing brackets. I tend to miss this and endquotes all the time. It annoys me. And there's no good open-source "readability checker" I can filter my mail outbound through.

Ironically, most text editors let me do this for writing code, let me find mismatched or misbalanced brackets, it's just not built into my email client. And above, where should the closing paren be? After the word 'thing', or should it be a double-paren after 'X)'? Only I know, so sending mail out without it is sloppy. And it bothers me quite a lot.

I'm a technical writer, and I try to treat my audience as techical. While I may talk about nontechnical manners like emotions in this journal, I maintain a technical tone. And lets face it, the emotions and nuances of the human brain are infinitely more complex than simple things like computers.

Writing technical is a lot like writing lawyerese. Very often you have to detail several examples of things, and more often than not, some of those examples will have things in common that others do not. The semantic differences between words like "MAY" and "SHOULD" and "MUST" are critical in the world I live in. It involves detailing problems most people don't see, and predicting standards that will be used long after you're gone.

Writing is also an arduous process for me. It tends to be a brainstorming long-write process, then getting out ideas and de-duplicate things. I'll often mention the same idea two or three times, then edit and refine them down, moving whole paragraphs and sentences around. As a quick example, the list above was not written in order at all; #2 was written last.

It means cutting concepts that I think are notable to say but ultimately un-relevant. Above, when talking about there being no unix-based readability checker, I wanted to talk about how I'd see the ideal use of such a thing to be in a spam filter. But it dilutes the topic, and that's bad. For that one, I can mention it here. But on others, dropping those ideas hurts, since I may not know if or when I'll remember to write up a whole separate entry about how cool that would be, and a lot of ideas have merit. Especially when talking about improving an existing system: often you lose scope and want to change the system to make it better, rather than working a single problem. This is hard for a lot of people.

It's definitely not helped by the fact that my work and my life are interrupt driven. In mid-paragraph I might need to get up to handle a "fire", and come back 45 minutes later, and experience a need to reorient myself, which I often don't do as well as I should. Caffiene also makes it worse for me, it makes me more focused on making a post/letter LONGER and more-tangented. My boss is rather famous for saying "I'll explain it because I've had too much coffee".

I'm working on it, slowly. It's not easy. I'm hoping the techniques I've detailed here give insight to anyone else who reads into what goes on in my head, and into what it takes for me to do this. I had someone today say that I was very worth reading, which is awesome. (Thanks [ profile] jacel).
I've been told by several people I should write a tech-blog, but what's the point there? This is me. This is who I am. I am a human who is technical. I suppose the logic of splitting my blogs if I decide to is best saved for another post as well.

Now, if you'd like to talk about tangents: this started off as a post in my other blog, where I share intimate things about my relationship-life. Within two paragraphs, I was off the original topic and talking about writing standards. Since it's a reasonably good chance that everyone who reads that blog reads this one, I'll probably consider this read-first type material.

gushi: (Default)

There is a spammer that has been annoying me. They're doing things halfway legit, so they bypass a lot of filters. They're advertising a site called, mostly telling me about candidates who I'd want to hire who need H1B visas or green cards.

I've complained via SpamCop, and also directly to their ISP (Cogent).

I did a google search for them recently, and discovered that not only are they being blocked by google, but that they're asking on google's forums for help!

I quickly typed out my own reply, which has since been deleted )

And they emailed me back, again asking for help, and seeming somewhat apologetic. )

While one might think I'd don my BOFH hat to handle this, I'm somewhat touched, because I know the answer to this.

My response was long, and almost didn't get to them, because they set their "Reply-To" header to "". This alone indicates a serious case of "you don't know how this works".

My reply is below the cut )

gushi: (Default)

So, I just got this amusing email...

From Thu Jul  2 02:08:05 2009
Date: Thu, 2 Jul 2009 01:07:54 -0500
From: Cody Grunenwald <>
To: "" <>
Subject: I really need help

I saw that you had a crash file that you can crash wc3 users only by whispering
them. Now im a noob with technology and stuff so i was wondering if you could
get on and go to Channel CLAN STN and crash anybody in that channel
with praetor in their name. Long story short they hacked themselves into OP and
were a new clan so we have no shamans or anything and hes holding our clan
hostage. please help us.

Note that they emailed Now, there's only one place I use that. is common, but was ONLY used, for a while, as the ServerAdmin for the domain (as in, ONLY my personal domain). Thing is, it also shows up as the serveradmin for people who use aliases...and a quick google revealed the problem.

A user I had kicked off a while ago, who was using prime as his location for starcraft hacking tools (I know because I heard from Blizzard about it).

Remember fun LJ entries like this?

So, obviously what's happening is people are finding some webpage that links to this, getting a 403, and then EMAILING ME.

Gee, how ever could I find out who this is? Oh wait, look, I have my webserver logs!

%tail -1000000 access_log|grep -i celeron - - [01/Jul/2009:20:48:09 -0400] "GET /~celeron/hacks/ HTTP/1.1" 403 345 "" 
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5" - - [02/Jul/2009:01:56:50 -0400] "GET /~celeron/hacks/ HTTP/1.1" 403 342 "" 
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" - - [02/Jul/2009:02:05:37 -0400] "GET /~celeron/hacks/ HTTP/1.1" 403 342 "" 
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"

So I checked out the tripod page (I especially love that the banners on the webpage are offering a DEGREE IN HACKING), and there they are.

Now, the question is, what to do with them?

  • Tell them "it's a game, there really are more important things"
  • Tell them "STFU NOOB!"
  • Tell them I'll hack THEM for disturbing me! (Mess with the best, die with the rest!)
  • Tell them I'll do it for 1000 gold, sent to the WOW account of anyone I don't particularly like?
  • Forward the tripod hacks page on to Blizzard?
  • Compain to tripod myself, as it's causing me negative traffic, perhaps threatening that if they don't take the page down, I will POPULATE those links?
  • Since they seem so willing to download and run files, send them a nicely wrapped boot sector rewriter?
  • Two words: mod_rewrite.
  • Send them a link to this entry.
  • Do nothing but blog about it, sigh, and shake my head sadly.

Yeah, probably that last one, but you never know. *sigh* *shakes head sadly*

gushi: (Default)

I just made a somewhat accurate reference to my coworker about trying to have a conversation with engineers and asking what seems to be a simple question:

"The Band on Stage!"

It took my coworker only a second to catch the reference and laugh so hard she couldn't talk.

I love this place.

gushi: (Default)

Several people have linked me to this article:

In short, it's a "how do you get all your critical passwords to someone after you die?".

Anyone who knows me knows I consider this a "solved problem".

The article briefly mentions "Shamir's Secret Sharing Scheme" and makes mention that given a password split of 10 pieces, five required, it means any five of your friends could then conspire against you to do this, so the author discards it.

The short answer is: find friends who don't know each other. Don't tell the others who they are. They'll figure it out, probably at your funeral.
It may take a few days. Don't worry, you won't have to wait. And if they don't figure it out, it really won't matter to you anyway. The purpose of this is to give you peace of mind, and to hope that your friends are as smart as you are, not to ensure that data only you care about lives on.

The other point the author makes is to simply split the password in two, and this is the approach I take, except that I do so COMBINED with SSSS.
Basically, even if my friends all conspire against me and manage to decrypt the password, they'll still only have half the data. And the other half, are in places where I'd be aware of its access.

In fact, I could take this one step further, and make it so the system tries to contact me to pre-emptively cancel the other half of the key being mailed out. If I'm alive, I'm still in control. Of course, if I do nothing, the information goes out after a timeout.

Interesting idea there, I may undertake it as well.

gushi: (Default)

So I just discovered a fun apache/firefox bug. It's certainly an edge-case, but what the heck.


I run apache 1.3. The main reason is that I have use of modules that can't or won't run under apache 2.

The biggest of these not likely to ever be upgraded. It's mod_frontpage, and basically ensures that even if I don't use apache1.3 for EVERYTHING, I'll always need a copy of it running somewhere for the three people that can't figure out ftp and think this is a great site

Other modules in the past that this has included are:

  • suPHP (now supports 2.x)
  • proxypass (brute force detector)
  • mod_conn (limited connections from a single IP, I now do this with IPFW)
  • mod_access_rbl (no longer maintained) and
  • mod_bandwidth or mod_throttle (the latter long-gone due to some perceived vendetta on the part of the developer)..

How to reproduce:

Anyway, the error is this:


Yeah, that address? Looks like ipv6, right? It's actually ipv4, in ipv6 format. (It's, in hex). You don't need to be ipv6-enabled to reach it, although prime is. But if any one of you is able to click it and get result, then you prove my point. Before anyone claims that apache1.3 doesn't support v6, I apready know. However, like I said, this is an edge case. Since I'm running 1.3, I can't possibly be listening on a v6 address, right? I'm listening on v4, I'm connecting on v4...and it's reported as malformed

One of two things is happening here:

Either: Apache reads an ipv6 address in the HOST header, which is compliant with RFC 2732 as "malformed".


When entering a v6 url, as above, firefox should be sending a BLANK host header for an ip address, and instead is not.

From RFC2616 (HTTP 1.1):

A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.

In this case, firefox should be sending "Host:", and according to the "Live HTTP Headers" plugin, it appears it's sending:

GET / HTTP/1.1
Host: [::ffff:4809:6582]

Which, unless there's a later RFC, is wrong. Actually, it also does it with true v4 hosts:

GET / HTTP/1.1

However, I wish apache would respond as it does to any other host that points at the IP address but for which it is not configured to serve. In theory apache should give a 400-class answer for the second one too. I think the difference is that apache apparently thinks that some of the :'s in the v6 address are a hostname/port separator, and that's the reason it's malformed. There's probably a possible one-line patch for this behavior, for either client or server.

Mozilla bug report is here.

gushi: (Default)

So I discovered today that I was getting a lot of spam mail that slid right through my filters...most of it by a company called Diversion.

I looked at the headers and found a few interesting things:

1) All the recipients had "real names", and the spam was directly addressed to them, as opposed to being bcc'd or sent to "undisclosed recipients".

From: Diversion Media <>
To: Mark Scribbins <> <-- like that
Subject: Get to Know for Physicians - at Your Fingertips

2) The links on the site, while going through a "Redirector" all matched, and was a sane domain, which corresponded with the link text, and which in turn was the same as the email domain. It wasn't a long subdomain, nor was it loaded with random letters or characters.

3) The text was relevant to the subject line, which in turn was relevant to the content, which was readable instead of the markovian crap I'd expect.

I looked at one of the articles...this one, and it's reasonably well-written and informative. Sure, a bit fluffy, but a decent read.

This didn't smell like spam to me.

I looked over their site, and found a "contact us" link. I called the number for their "advertising" department, and a person answered. Okay, too wierd!

The conversation went like this:

"Hey, how's it going. I seem to be on your mailing list several times, and I wanted to let you know that the whole domain goes to me, and I'm getting several distinct copies of these emails from you. Normally I'd report this stuff to spamcop or whatnot, but it seems you guys are legit. Like, if I were a doctor, I'd probably be interested in this stuff, it's well written and informative. So what I'm guessing probably happened is that you guys bought a bogus list, and I'm just calling to let you know you may want to go back to whomever sold it to you and take it up with them."

I gave them my domain name, and was told "yeah, unfortunately this isn't the first call like this I've gotten", and "thanks a lot, not everyone would have done what you did." (Again, not things I'd expect a spammer to say.)

Now, over time, I've gotten several spams that claim "PHYSICIAN LISTING!!!" or "50000 US MD LISTINGS!!!1!". And chances are, Diversions either bought such a list (how accurate could such a list be?), or someone who seemed more legit bought such a list and re-sold it to them. Welcome to the ponzi-driven internets :)

What this also indicates to me is that there are a number of services out there that "discover" domains that accept all domain-bound email. I suppose, historically speaking, I should look for the first emails sent to those services. (As I keep lots of email, and lots of logs, this isn't hard).

What it also means is that in my quest for better filters, I can now track everyone else who uses those lists, since the list-generators have managed to create a unique fingerprint for their lists. While I don't expect anyone to share with me where they bought it from or whatnot, I suppose if I were in a different field, I could offer to help legitimize these folks -- adding better verp detection, better feedback loop awareness, and the rest. And quite frankly, if I wind up blocking an otherwise legit site like this, because they bought a shitty list...oh well.

Somehow this reminds me of when I was parked in Home Depot, and there was someone running around, putting flyers on everyone's windshields, saying "Advertise in the Pennysaver, call this number!" Huh? If the Pennysaver is such an effective means of advertisting and communications, why do you need to be paper-spamming cars?

I mean, let's face it, marketing data is an asset, and I suspect, as Diversions is discovering right now, you get what you pay for. Or better still, let the buyer beware!

gushi: (Default)

So, because I was curious, I decided to calculate, by hand,'s ip address in decimal. It took me about 10 minutes to do. It took me well over an hour to HTML this entry and draw up and rearrange all the tables, by hand. Maybe you can learn something from it. is:

First step is to reduce each of those to its binary equivalent, as four eight-bit numbers. 8 bits only go up to 255, which might explain to some of you why you could never get more than 255 gems in the original legend of Zelda...

Bit729 101 130
128   X
64X  X  
32   X  
8X X   
4   X  
2    X
1  X X  

That gives us:

01001000 00001001 01100101 10000010 (the colors will become clear in a moment)

Now, for the above, instead of the above table being 8-bits, we translate to their 32 bit values (note that just like in decimal, the numbers on the right are the "low", or "least significant" numbers!

Just like in decimal where you have the "ones place" or the "tens place", in binary you have the "one place (20)" or the "two place (21)", or the "four place (22)" all the way up to the "two trillion, four hundred seventy four million, four hundred eighty three thousand six hundred fourty eight place (231)", which, zero-inclusive, is 32 bits. Astute readers will notice that each column is double the one before it (this is different from decimal), and also that maxing out all the rightmost columns is one less than the value of the next column, so 1000 (8) is one more than 111 (7) in binary: 111 is the max value with three places, just as 1000 is one more than 999 in decimal; 999 is also the max value with 3 places.

It's the same as our number system, once you run out of spaces, you move up one, but each "place" can only count to "one", and just like a "2" in the "hundreds" place means "200" in decimal, a "1" in the "eight" place in binary means "8"

Admittedly, I used a calculator to get all the powers of 2 below:

BitPower of 2Value BitPower of 2Value BitPower of 2Value BitPower of 2Value
 31 2147483648  23 8388608  15 32768 X7 128
X 30 1073741824  22 4194304 X 14 16384  6 64
 29 536970912  21 2097152 X 13 8192  5 32
 28 268435456  20 1048576  12 4096  4 16
X 27 134217728 X 19 524288  11 2048  3 8
 26 67108864  18 262144 X 10 1024  2 4
 25 33554432  17 131072  9 512 X 1 2
 2416777216 X 1665536 X 8256  01

So, we substitute in as above, and then we add up all the numbers with an X above.

In other words, this IP address is the same as saying:
230 + 227 + 219 + 216 + 214 + 213 + 210 + 28 + 27 + 21 OR:

(commas added for readability only)
1,073,741,824 + 134,217,728 + 524,288 + 65,536 + 16,384 + 8,192 + 1,024 + 256 + 128 + 2 OR:

1208575362. Yeah, that's the "real" address there.

We try to open that in a browser (and yes, browsers recognize decimal IP addresses), and...http://1208575362/there you go. The funny thing is, all the above seems complicated, but computers do it in a split second. After all, when you type something in a browser, your computer doesn't connect to a name, or even a dotted-quad IP address, it makes a connection right to the integer...all the dotted quads are just for us foolish humans.

Let's think of another one. I will guess the IP address of your computer, and post it here in binary for the world to see: 01111111 00000000 00000000 00000001

There you go, decode it, to either its dotted-quad (use the top table) or binary (use the bottom one) equivalent!

So, anyone want to try it with ipv6 addresses? They have 128 bits as opposed to the mundane 32 here, and translating them means learning to count up to F!

gushi: (Default)
[Error: unknown template qotd]
Well, I drive when I get the chance, and don't take enough public trans (although I do take some). I tend to like my room COLD when I sleep, so push the AC kinda hard.


Jun. 26th, 2009 11:14 pm
gushi: (Default)

I just let the magic smoke out of [one of my own] systems' power supplies here at work.

Loud POP and, bam, cloud!

Fortunately, if there were any building in the county where I'd expect to find a spare AT-style power supply, this is the place.

gushi: (Default)

So USA is running an "NCIS" marathon that focuses on the character of "Abby", a goth forensic-scientist and geek-girl. This is very nice. The coolest part is, almost everything that comes out of her mouth, all the RIGHT.

...which puts it way above House.

gushi: (Default)

I need to rewrite this LJ client for a couple things.

First, it saves its files looking very much like this:

CGI:       /interface/flat
Profile:   default
Format:    external     (external/jerry/preformatted/none)
Security:  everyone     (everyone/private/friends)
Monkeys:   Monkey
Backdate:  no   (yes/no)
Comments:  yes  (yes/no)
emails:    yes  (yes/no)
Date:      2009-06-11 03:43:30
Subject:   Laughing like children, living like lovers...
---- Edit your event text below this line.  Do not edit this line. ---

The thing is, if I have a postponed entry with an alternate profile, I have no way of flushing the queue to that profile.

Secondly, I think I need to hack in DreamWidth support. Yes, I'm over there. I've imported my LJ, but I may make that more about my pure-coder side and use its crossposting features to syndicate here.

*reads for a while*

Crap. Apparently the author was aware of this:

# login
#   connects to the server, tells who we are, gets community and icon info
sub login
## XXX
## XXX

Damnit. Oh well, maybe he'll accept the patch once I write it.


gushi: (Default)

August 2009

234567 8


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags