John Doe's personal blog

It was kind of amusing, when Snowden came forward and confirmed all the things I’d been telling my friends for years. They used to laugh at me – I was crazy, paranoid! – but now, no one thinks its crazy anymore. Well, OK – maybe they still think I am crazy, but they’re laughing a lot less.

I still tell them that privacy is a dead concept, and they still think I’m a bit crazy; a recent paper by Yan Michalevsky, Dan Boneh, and Gabi Nakibly once again shows that just because I’m crazy doesn’t mean I was wrong. As the paper’s abstract declares:

We show that the MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (<200Hz). Nevertheless we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech. Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone.

Saturday.

Map information is here.

Be there at 1pm. If you can bring your $15 with you, that’d be great.

This will not be a private session – those cost like an extra $100. But when I spoke to them earlier this morning, they had no other groups lined up for this time slot, so maybe we’ll get lucky.

I had promised some time ago to post this, and am just now getting around to it – unfortunately, some of the content has been lost in the interim. Below is the only version my review “A Person, a Painting, and a Play” from the TrekWest5 segment “Joey’s Culture Corner.”

Taking it from the end, the play is Steven Sondheim’s Sunday in the Park with George, the Painting is A Sunday Afternoon on the Island of La Grande Jatte, and the Person is the painter, the French Post-Impressionist and the father of Pointillism, Georges Seurat.

On its surface, “Sunday in the Park with George” is a play about the birth of Pointillism – specifically, about the painting of the “A Sunday Afternoon on the Island of La Grande Jatte” – but I think that this is Sondheim’s most deeply personal piece. It’s all about the cost of dedication to an ideal, and about the trade-offs we make every day. “Work is what you do for others – art is what you do for yourself!” decries one of the characters early in the play, and Seraut himself – who is clearly a stand-in for Sondheim – tells one of his critics “I do not paint for your approval”. Last year, Sondheim published the first of two volumes where he talks in depth about his musicals and their lyrics…I think it’s telling that the title he selected for this book is Finishing the Hat. While “Sunday in the Park” was not much of a critical success – and was a financial failure – it is one of only eight musicals to ever win the “Pulitzer Prize for Drama”. I give this musical the strongest possible positive recommendation. Probably my favorite thing about the musical is how Sondheim incorporated the musical technique of “Pointillism” – see the musical number Color and Light for an excellent example.

The painting, “A Sunday Afternoon on the Island of La Grande Jatte” is probably my favorite painting NOT by Monet, and is probably the most famous example of Pointillism. The painting is 6’10” x 10’1” – a MASSIVE work, it took more than two years to finish. An absolutely fascinating principal of Pointillism is that it uniquely engages the brain in a behaviour known as “Neuroplasticity”, which refers to the ability of the human brain to change as a result of one’s experience. In his 2003 book The Mind and the Brain: Neuroplasticity and the Power of Mental Force, Jeffrey Schwartz wrote:

If your mind has been primed with the theory of pointillism…then you will see a Seurat painting in a very different way than if you are ignorant of his technique. Yet the photons of light reflecting off the Seurat…are identical to the photons striking the retina of a less knowledgeable viewer.

Seurat himself, and his impact on the world at large, is nothing less than astounding. There are very few places in this world today we can turn without seeing the influences of the theory behind divisionism and pointillism – film and photos, televisions and computer monitors, airbrushes and spray paint, digital cameras and cell phone screens – these all operate on the same basic principles of pointillism. The theories of color and vision that were explored in the work of Seurat and his contemporaries have had a profound effect on every part of our modern world.

So – Georges Seurat, “A Sunday Afternoon on the Island of La Grande Jatte”, and Sondheim’s “Sunday in the Park with George” – I heartily endorse them all.

It took me a long time to figure this out, I didn’t want it to end up locked in my head, so here’s a rough guide on how I managed to get a pylons 0.9.7 project to do LDAP authentication. All of the below is done in config/middleware.py.

The key points are:

1. “import ldap” (for the obvious reason) and “from paste.auth.basic import AuthBasicHandler”
2. Wrap the stacked WSGI ‘app’ object in the AuthBasicHandler you just imported: app = AuthBasicHandler(app, 'The value you want to appear on the browser dialog box', yourAuthFunctionHere)
3. Define an auth function “yourAuthFunctionHere(requestEnvironment, username, password)”. Some tricky bits:
   1. If this function returns “True”, the request will proceed and there will be a new key in the Request object named ‘REMOTE_USER’ that contains the passed username.
   2. If this function returns “False”, the user will be prompted again until it succeeds. (I should probably find a way to limit these so people cannot just keep guessing.)
   3. Python’s LDAP has some strange behaviours:
   • Do ldap.initialize outside the auth function or you will swamp the LDAP server with bind requests
   • Use synchronous bind (‘bind_s’ as opposed to ‘bind’) – asynchronous bind in the WSGI middleware layer caused some really bizarre behaviour here, including segfaults
   • Trap ldap.INVALID_CREDENTIALS and return False when it is raised, or watch all invalid logins crash the server process
   • bind (and bind_s) return a tuple, if the first item in the tuple is int(97), the bind worked – otherwise, they might have bound but as an anonymous user, and we need to fail
   • the second item in that tuple is a list of messages from the server – I’m not handling those at all today, becuase in the sole case we’re interested in (97, or “auth”), the messages appear to be blank in our environment – there’s no reason to believe this is consistent, and I should probably research this further at some point to provide meaningful feedback to the user on failed auth.
4. You can’t touch the session from within the WSGI middleware layer

All of this was done because a new server in our datacenter doesn’t have packages for the old build of Apache that we used to configure our LDAP auth back in the day. I’m actually quite pleased at how the new system works, and am glad to be rid of that Apache+PHP millstone that’s been lurking as a dependancy in all of our Pylons projects simply for the LDAP authentication solution.

As most of you know, December 2nd is Peter Nash Day. I thought I’d share some of the photos that are pouring in from around the world demonstrating how Peter Nash Day is celebrated – feel free to add a link to your own Peter Nash Day celebration photojournal in the comments! More will be added as they come in, so keep watching this space.

I have a project at work where we are using Pylons/paster as the web service provider. One of the “clients” of this service is written in Flex/Flash, and had as a component the AlivePDF AS3 library for generating a static PDF of the Flash content.

Unfortunately, because Flash cannot save content locally, in order to actually GET this PDF content back to the user, AlivePDF posts a byte array to the service and expects the service to bundle that as a PDF and send it back. They provide a “content.php” file as an example – which, frankly, is some pretty inscrutable code until you manage to figure out what it’s working around. So when one of my employees (the one who selected AlivePDF in the first place) sent me the PHP file, it took as long to understand what he wanted as it did to come up with a Pylons solution. You can find the latter bit below – replace ${service} and ${controller} with your actual values through-out, and trim the ellipses (they are there to indicate there may be additional context on either side of the line I’m giving you):


${service}/config/routing.py:
def make_map():
… map.connect(’/${controller}/create.php’, controller=’${controller}’, action=‘pdf’) # put this before the default routes, if you have any
…

${service}/controllers/${controller}.py:
Class ${controller}(BaseController):
… def pdf(self): response.headers[‘Content-Type’] = request.environ[‘CONTENT_TYPE’] response.headers[‘Content-Disposition’] = ‘inline; filename=”%s”’ % request.GET[‘name’] return request.environ[‘wsgi.input’].read(int(request.environ[‘CONTENT_LENGTH’]))
…


If you have been using SSL or SSH to access any of your joeysmith.com, hashphp.org, or homestarmy.com services, please be aware that our previous certificates and keys have expired. I have generated a new one, and your software should prompt you on connect to approve the certificate/key.

SSL information:
SHA1 Fingerprint: 3261 57CE 794D 216D 7411 AB45 19EC F2CE 254A FD9B
MD5 Fingerprint: 850A 6195 5B5D EA5D 9D0F 36B4 9FC1 F819

SSH Fingerprint:
4e:6d:6f:6b:53:1c:50:f7:1b:dc:98:9c:c8:49:8b:cf

If you feel you need to contact me to verify this post, please don’t hesitate to use my Google Voice information or my personal cell phone.

I’ve recently been reading through SQL and Relational Theory by C.J. Date, who was deeply involved in the original formulation of relational model. Working my way through the book, I discovered that O’Reilly and Associates have also produced a series of videos where Date lectures on the content of the book, and I’ve really been enjoying it. You can purchase them outright for about $300 USD, or you can subscribe to one month of Safari via their “Library” plan for ~$43 and stream them from there. All together, the videos run just over 16.5 hours – here’s a breakdown of the topics and the durations.

1:19:07 Setting the Scene
1:18:08 Types and domains
0:57:28 Tuples and Relations, Rows and Tables
0:50:47 No Duplicates, No Nulls
1:04:56 Base Relvars, Base Tables
3:15:15 SQL and Relational Algebra I: The Original Operators
1:19:06 SQL and Constraints
0:56:26 SQL and Views
2:04:04 SQL and logic I: Relational Calculus Part 1
0:46:39 SQL and Logic II: Using Logic to Write SQL Code
0:20:56 Further SQL Topics
0:38:53 The Relational Model
0:32:21 A Relational Approach to Missing Information
1:08:31 Database Design Theory

If you work with databases for a living, I really think it would be worth your time to sit through these.

I see what you did there, Mr. Belichick.

I don’t normally go in for Abstruse Goose (I’m more of an XKCD man myself), but I really enjoyed this comic I found in his archives:

If you listen to the TrekWest5 podcast, you know we’ve been promoting the podiobook trilogy "7th Son" for some time now. I’m really glad to announce that as of Oct. 27th, you’ll be able to buy this book in print (in fact, you can preorder it now). To quote the email JC sent me:

This is huge news for me (the trilogy was also optioned for film development by Warner Bros.), and for podcasting. Considering that 7th Son was rejected by dozens of publishing pros before I released it as a podcast, we have accomplished something extraordinary with its publication.

To celebrate the release, he’s announcing a number of new promotions that I wanted to make all of you aware of:

- A brand-new podcast recording of the "print edition" of the novel (with new scenes, twists, and character tweaks)

- A prequel audio short story anthology called 7th Son: 7 Days. (I am currently listening my way through this and am really enjoying it)

- Serialization of the novel in PDF and and the text at Cory Doctorow’s BoingBoing.net

There’s a lot to like about the 7th Son series of podiobooks, and for those of you not inclined to partake of them in the audio format, I hope you’ll pick up a copy of the deadtree edition.

Came across this meme on a friend’s blog, and it sounded kind of interesting, so I thought I’d give it a try.

The rules, as I got them, are as follows:

1. Put your music player on shuffle
2. Press forward for each question
3. Use the song title as the answer
4. NO CHEATING!!! What you get is what you get!

I’m more than a little bit disturbed by the pattern that began to develop as the experiment wound on…fortunately, I can point it all to the fact that I didn’t have very much music loaded on my ipod when I did this, so maybe I can try it again later with a broader selection of my music and it will end up feeling a bit less like my ipod is trying to question my sexual orientation.

I don’t think I’ve kept secret my admiration for what Jeff Atwood does over at codinghorror.com. One of his most recent entries really appealed to me.

One of the (many) unfortunate side effects of choosing a career in software development is that, over time, you learn to hate software. I mean really hate it. With a passion. Take the angriest user you’ve ever met, multiply that by a thousand, and you still haven’t come close to how we programmers feel about software. Nobody hates software more than software developers. Even now, writing about the stuff is making me physically angry.

He quotes an interview where someone suggests that “One bad programmer can easily create two new jobs a year.” Having recently discussed a tangential subject with my TrekWest5 co-host, Peter, and given my on-going involvement in Freenode’s ##PHP channel I’ve been thinking a lot about this issue. Once upon a time (in the early 90’s), there was an attempt by a group known as advogato to provide web-of-tust like metrics to certify a programmer’s skill. Given the explosion of social networking in the intervening period, I’m wondering if any of you have ideas on how we can really bring some muscle to bear on this?

Reading this article on “rootkits” for Javascript has really got me thinking about the kind of evil you could do by poisoning the base datatype Prototypes in a javascript environment. I recommend you read it if you do a lot of work with Javascript.

What is CouchDB?
CouchDB is a new kind of database system. Instead of tables, columns, and rows, it’s just a collection of JavaScript (JSON) documents.

Design your own Kindle (and win it) with Engadget, Amazon, and Adafruit Industries!
The Amazon Kindle is an awesome “Electronic Book” device. We’re getting closer to having a PADD.

Upgrade Rules for Windows 7 RC Users
If you’ve been using a Windows 7 Release Candidate, you need to be aware of these.

Survey says most companies won’t deploy Windows 7
Not really news, but good information to have in your pocket.

The ‘R’ Programming Language
‘R’ is a programming language and software environment for statistical computing and graphics.

Build a 10 Terabyte Storage Solution for ~$1000USD
The guys Tom’s Hardware are always looking for the next edge – I certainly could put 10TB of space to use!

1TB Hard Drive for <$80 USD @ TigerDirect
The Tom’s Hardware article sent me looking for this – this is really good news!

Google Releases ‘Remote Desktop’ Software Based on NX
NX is an attempt to make the Unix X Windows system a more viable solution for remote desktop display. When Google announced their upcoming Chrome OS operating system, a lot of people were trying to figure out what their new display system would be – the common thinking now is that it will probably be this NX implementation.

Video interview with author of O’Reilly and Associates book: Programming Collective Intelligence
Examples of Collective intelligence might be Amazon’s or Netflix’s “Recommendations” services, or the all-powerful Wikipedia – where the body of knowledge becomes something more than the sum of its parts. If you’re not sure why Collective Intelligence is important, I urge you to read the excellent book Wikinomics: How Mass Collaboration Changes Everything.