September 20, 2018

This site has moved

Why hello there, it's so nice to see you! I moved this blog to my own domain, so if you're the one wacky person in this dauntingly immense universe who actually reads anything I write, you can keep up with me here: (I won't make you subscribe to my newsletter but I do have a handy RSS/ATOM feed over there.)

August 8, 2012

Symmetric Crypto with PyCrypto, Part 3

Now that we have a grasp on how encryption works (from a high-level black box perspective, at least), we concern ourselves with how to generate cryptographically strong keys. I highly recommend reading Part 1 and Part 2 first.

June 23, 2012

Raspberry Pi Serial Console in Linux

My Raspberry Pi arrived in the mail earlier this week. However, work, family, and other commitments meant that tinkering with it had to wait until the weekend. Until today, all that I managed to accomplish was to download a Debian-based OS image, flash it to an SD card, hook the board up to my TV, and squeal with joy as it booted.

Now I'm ready to dig into this diminutive computer and see what's going on inside, but I have a slight problem. The Pi has only HDMI and composite for video output and it turns out that I have nothing in my office which can display video from either of these. (You can supposedly buy an HDMI to DVI adapter, but I don't yet have a DVI-capable monitor either.) This basically leaves me with two choices: Log into the Pi via SSH over ethernet or connect a serial console.

March 12, 2012

How to Sell a Motorcycle on Craiglist

Or more precisely, how not to sell one.

To get a feel for the market and what kinds of bikes are available, I've been scanning advertisements from a variety of sources. The most prolific--and consistently hilarious--has been Craigslist.

Craigslist is a wonderful invention. It allows people in a community to connect so that they can buy, sell and trade all manner of goods and services. The best thing about Craigslist is that it allows anyone to post an ad. However, the worst thing about Craigslist is that it allows anyone to post an ad.

December 15, 2011

Web Frameworks: When Love is Gone

Django and I were not meant to be.

For the last few months I've been trying to throw together a quick little site for my wife's photography hobby. Normally I reach for CodeIgniter (a PHP web framework) when I want to bang together a web site where an existing CMS doesn't quite fit the bill. CodeIgniter simply takes care of all the mundane stuff that you normally have to worry about when developing a web site or application. To use it, you simply extract the CodeIgniter tarball, perform some minor configuration, and point Apache at it. From there, you just add your models, views, controllers, templates, and static files. You can utilize any of the plentiful CodeIgniter helper libraries and classes if you happen to need or want them.

But where I work, Python is more or less the programming language of choice for anything that isn't primarily shell work (bash) or high-performance (C). Since I haven't used Python extensively for Serious Work, I thought I would give a Python web framework a try for this new project. Django came highly recommended, so I went with it. One thing I fell in love with immediately was Django's built-in customizable admin interface based around the app's models. Man, that's slick.

I followed the rather lengthy tutorial in the beginning and was encouraged. At the outset, it looked like Django was going to be a lot like CodeIgniter only "Pythonic" and with many more built-in features. But as dug into it, I found that the authors were explaining less as they went along, which forced me to wade through the Django documentation to get an idea of what was really going on. Now, the Django docs aren't bad per se but to me they read more like system specs than a teaching tool. I'm big on thorough, simple explanation, with plenty of examples. Maybe I'm just a bit thicker than your average Python hacker.

Anyway, tonight I drew the line. Django does not fit the bill for my fly-by-night one-off projects. At this point, I feel I've spent almost as much time reading (and re-reading) Django documentation as I would have in implementing the whole thing in PHP with CodeIgniter from the beginning. And that includes referencing the docs. The last straw was when I figured out a quirk of Django's static file handling by trial and error.

I spent about five hours trying to troubleshoot why the wrong CSS file was being loaded from a static files directory. I pored over docs. Googled here and there. Questioned my own sanity. A wild and almost random stab in the dark finally solved it, but the fact that it took so damn long and that the unexpected caveat doesn't seem to be mentioned anywhere in the docs (or at least, anywhere I thought to look) spoke volumes to me. On top of this, I just had a conversation with a good friend of mine a couple days ago about how highly I recommended CodeIgniter as a starting point for getting most any small- to mid-size app off the ground quickly.

Maybe Django is great for web developers crafting large production sites and who have all the time in the world to read docs and figure out the minutia of their intricate framework. But I don't, so it looks like Django and I will be parting ways, at least for now.

November 15, 2011

Banned from the U.S.A.

Pogo (Nick Bertke) is one of my favorite independent electronic music artists. He's a young, extremely talented DJ who is travelling around the world to do tours and remix movies and culture. His fans alone foot the bill for travels. Here's one video he did while in Johannesburg, South Africa:

I just found out that while attempting to travel to the U.S., Pogo was detained for not having all the proper paperwork. Rather than attempt to remedy their goof, his travel agency cut their ties to him and refused to speak to either him or U.S. customs on his behalf. Pogo sat in a New York jail for three weeks before finally being deported and being informed that he was barred from attempting to enter the country for 10 years.

In light of this situation, I'd like to cordially extend my middle finger to the United States Customs and Border protection and Department of Homeland Security.

October 5, 2010

Symmetric Encryption with PyCrypto, Part 2

This is the second part of my introductory series on cryptography in Python and it covers the AES block cipher with lots of actual code this time. Please read the first part if you're new to this stuff. I consider these articles to be works in progress so don't be surprised if you notice something change between visits. I appreciate feedback and suggestions!

February 2, 2010

Playing with localStorage

This seems to be something of a well-kept secret. It appears that almost all newer web browsers support various types of client storage without the use of cookies. The web storage specification (part of HTML5) describes new facilities that web authors can use to store arbitrary data on the client using a simple key/value store.

January 28, 2010

HOWTO: Backup an Entire Hard Disk to a Smaller One

In my book, one of the best ways to back up an entire disk is to simply dump an image of it to external media. For instance, let's say you have an OS installed on your workstation and you want to try a new Linux distribution. You could repartition the drive, mess with the bootloader, and install the new OS next to the old one. Then, if you don't like it, nuke the new partition, resize the old one, and fix up the MBR to point back to the old OS. This is certainly a common scenario, but it carries with it the substantial possibility that something will go wrong. You could lose your main OS and have to start over from scratch. Or you might end up spending hours trying to recover your old OS that you didn't properly back up before starting the procedure. Because hey, you're a Linux superstar by now, who needs backups anyway?

January 24, 2010

Symmetric Encryption with PyCrypto, Part I

This is a multi-part series on the basics of implementing symmetric cryptography in Python with PyCrypto. By the end of the series, we'll have a program that takes a password plus a file and outputs the encrypted version of the file. (And of course, the reverse.) This first part is mainly intended for the novice. Those already well-versed in encryption or don't care for a refresher should consider skipping to Part 2. Also, I'll attempt to explain concepts as best I can, but you'll want to have a decent grasp of Python in order to make full use of the tutorial.

October 25, 2009

The State of Solid State

So, this guy does some speculative research and comes to the conclusion that mechanical hard disks will still be the dominant secondary storage technology for computers in 2020. Somehow, I'm a bit skeptical.

If you want to see what's going to happen in regard to mechanical vs solid state hard disks, you don't need a crystal ball. Just look at the transition from CRT to LCD displays. It wasn't so long ago that LCD monitors were horribly expensive and that fact (combined with their other drawbacks) made them an unattractive option for most people. I can recall many, many people saying that they would never give up their enormous, power-hungry, failure-prone CRT displays. Now, you can't even buy a CRT computer monitor because LCD quality caught up and surpassed CRTs for most purposes while price plummeted. The same will happen with mechanical disks and SSDs. Maybe it'll happen faster, maybe slower, but it will happen.

Keep in mind also which company this "prediction" is coming from: Seagate lived a long and prosperous career engineering and manufacturing mechanical hard disks. They are a huge company whose entire operation is based around the concept of shipping hunks of metal with rotating platters inside. Since an SSD is just a bunch of memory chips duct-taped together, the memory companies (Transcend, Crucial, Corsair, Samsung, etc) were the first ones with SSDs on the market. The SSD thing likely hit Seagate by surprise and they can see that their run won't last long.

It's not too late for them to start transitioning to manufacturing memory chips, but doing so would be brutal for many reasons. To start with, their decades of mechanical drive development experience, manufacturing facilities, engineers, trade secrets, R&D, etc are mostly about to be worthless. If they start selling this stuff off now while it's still fairly valuable, shareholders are going to do a huge "WTF?" and walk off. Second, the memory companies have a few years head start. Even if Seagate could enter the market and compete with them, the company would be leaving their position as a market leader to be a market newcomer, taking cues from everyone else. (Cue the sound of their last few shareholders stomping out.)

Basically, unless Seagate can buy up a few of the leading memory companies making SSDs right now, they're screwed. Until that happens, all they can do right now is appease their shareholders and put their executives up on stage to have them parrot the lie that their business is going to be viable for a good long time yet. Oh, and frivolously sue all the SSD manufacturers on broad patent infringement grounds.

August 12, 2009

x0xb0x #3

Just finished up x0xb0x #3. All of the basic functionality seems to work and it sounds just like a 303. Well, better than a 303 in my book but I guess I'm probably biased.

They gray knobs were special-ordered from Korg Europe. They were made for the Electribe ESX-1 and EMX-1 but they happen to be perfect for the x0xb0x. I could have ordered the large switch knobs too, but I would have had to hack the encoder shafts even more than I already did.

The top panel is a standard Adafruit x0xb0x clear acrylic panel. To make it awesome, I just sprayed the underside with black paint. I wanted to use vinyl instead, but the paint turned out to be so much easier. Looks great, the only downside is that the panel came with some scratches from the store. Oh, and it's a friggen fingerprint magnet. Next time, I may take a drill bit and scrape out the LED holes a bit so that they light up the laser-engraved letters on the panel.

I used a clear I/O panel this time, so the innards can be seen without taking the x0x apart. I think I'll go back to metal unless I can devise an easy way to get an LED or two in there for show. All I have left to do on this one is tune it, perform a full function check, and hack in a power switch and then it's eBay time!

I posted the innards of this x0x in a previous post here and did a writeup on x0xb0x #2 here. I hope to put together a video of me rocking the x0x sometime this week or next.

August 11, 2009

x0x #3 Almost ready!

I'm almost done with x0xb0x #3.

This one is being quite the problem child, actually. Two note LEDs flat-out didn't work, so those had to be replaced. The TEMPO LED had to be replaced because I scratched it to hell and back. The TEMPO encoder was replaced because the first one didn't work. (Talk about a wild goose chase there.) The USB chip wasn't talking to the microcontroller, which was fixed by cleaning up and reflowing the teeny-tiny SMD pins of the FT232 chip. The MIDI-in port still isn't working as I write this, despite the fact that I've already swapped the resistor that I assumed was causing the trouble.

On the upshot, I did a nifty thing with the control panel faceplate, so this one should look fully bad-arsed once it's all working and put together. Pics will be forthcoming for sure. I was hoping to have the unit done and sold in time to buy myself an EMX-1 for my birthday, but it doesn't look like that's going to happen at this point.

May 28, 2009

On not coming in last

Not content with making it as difficult as humanly possible for a person to enter back into his or her own country, now the U.S. Customs and Border Patrol want to scan and store the fingerprint profile of every person exiting the border, even U.S. citizens.

And incredibly, they can't even state why this would be a good security measure:

Michael Hardin, a senior policy analyst with the US-Visit Program at the United States Department of Homeland Security told a Biometrics Institute conference today that the DHS will use the data from the trial to "inform us as to where to take [exit screening] next."

Seriously. He actually said that the only reason they're implementing it to begin with is because they want to see how much they can get away with. If I didn't know any better, I'd say that they only seem to be interested in keeping tabs on citizens' whereabouts...

"We are trying to ensure we know more about who came and who left," he said.

C'mon, Michael! You're not even trying!

You know, there were other countries that pulled stunts like this. Ones that ended up having such a tight grip on their borders and citizens that travel and free movement was effectively impossible. Countries that, if I am not mistaken, we either went to war with or fought against in other ways because we did not want to see the world becoming that kind of place. We did not want America to be the last bastion of freedom. I guess it proves that you have to be careful what you wish for. An anonymous poster on Slashdot said this:

You know, I'm a Canadian, and ten years ago, I would have voted to join the US. I felt that Americans recognised the value of their freedoms and that they had, and would fight to keep, a more free society than just about anywhere else on Earth. Today, I won't even travel there. It reminds me of all those B movies just after WW2 "Achtung! Show me your papers". How could y'all have just let this happen?