Pablo Averbuj

Turning cursor visible in Terminal.app

This is a quick tip. Since switching to Mac, one of the minor annoyances was that when my ssh sessions were terminated when I was running an application that disabled the cusors (usually mutt), I would be stuck without a cursor. I expiremented with stty and tset for a while until I ended up with old trusty escape codes. I created a shell function called ‘ssh‘ that looks like this:

function ssh { /usr/bin/ssh $*; echo -n '^[[?25h'; }

The trick is to make sure the “^[” is an escape character. Put vim into insert-mode, hit CTRL-V, escape where that character is supposed to be.

Writing Your Pin (kinda-securely)

The following is a description of a simple technique my parents taught me to encode a PIN directoy on a card and have it only be usable by you. The technique involves choosing a 10-letter key, for our example let’s say our key is “subverting”. Then you taken your pin and do a letter substituion based on position: if our pin is 4321, the encoded string is “vbus” and you can write that on your credit card. It’s probably easier to treat a 0 in your PIN as position 10 unless you’re a programmer. You can use the same key repeatedly with relative security. Of course if your secret is compromised all your PINs are compromised. If a PIN is compromised it would simplify discovering the key. I think this technique is fairly secure (i.e., secure enough), the biggest weakness I can think of is that you narrowing the keyspace down. In our case it’s reasonable to determine that there are no duplicates and thus reduce the keyspace from 10^4 to 10*9*8*7 which is about 50%. It gets worse if you have a duplicate number (e.g., 4232) the keyspace becomes 10*9*8*3 which is a 78% reduction in keyspace. Clearly: don’t repeat a number in your PIN.

The next problem is coming up with a key (it can’t have any letters more than once). It’s actually a kind of fun mental exercise. In the 10-15 minutes I was thinking of this article I only came up with a couple. However, given a dictionary it’s fairly easy to find 10-letter words that meet the criteria. Here’s the code I came up with:


perl -lne 'next unless(length == 10 and !/\W/); $a = join("", sort split(//, lc)); $a =~ tr/[a-z]//s; print if(length($_) == length($a))' /usr/share/dict/words


Where /usr/share/dict/words is your dictionary. My dictionary had 392 of such words, and you can also do 2-word combinations (e.g., “dutchovens”) but those are harder to come up with.

I should also add that it is possible to extend the cipher to be more complex/secure but the idea is to make it simple enough to translate from letters to numbers to liberate you from using the same PIN for everything. Also, here is a related to story on why banking PINs are 4 digits [via Bruce Schneier].

Anniversary Weekend

This weekend was our first wedding anniversary and we celebrated on the beach. Leigha’s mom volunteered to watch Anna for the weekend, so we accepted her offer to spend some time by ourselves. We explored the options, we considered New York City, but there was too much to do in too little time. Instead we decided to go to Virginia Beach. Ideally it would be quiet and uncrowded and low-key. Saturday morning we did some last minute packing, loaded up the convertible and hit the road around 9am. We were in no rush to get there so we stopped and had lunch along the way. We checked into the hotel around 2 or 3pm and went to explore the beach.

Continue reading Anniversary Weekend…

Life Copies Art: Discover Card Watches “Office Space”

I am just doing my weekly mail/bill review and I get a nice note from Discover Card (which I only rarely use) telling me about changes to my agreement. A rough look says nothing is in favor of the consumer. But this is the gem that prompted me to write this blog entry:

We are changing how we determine your Cashback Bonus. When we calculate your Cashback BOnus at the end of each billing period, we will round down to the nearest cent, rather than rounding to the nearest cent.

I believe I saw this scheme in Office Space. I believe it ended up with building being burnt down. Most of the other changes in the agreement are equally shameful and one-sided. The late fee now depends on your balance. If it’s less than $250, your late feel is $19, otherwise $39.

I don’t particularly care. I carry it for the same reason I carry Visa. There do exist places that only take Discover (interestingly, City of Arlington is one of these). I also use these when I need to make a set of purchases I want to track separately. If I go on vacation or a business trip, I’ll (try to) use only my Discover Card. That way at the end it’s easy to see how much I spent without doing special tracking.

My approach to commenting

I’ve previously discussed how I don’t really get what comment spam is supposed to accomplish. I wanted to document how I configured WordPress to let good comments through and keep bad comments out. The “trick” to realize that most commenters don’t usually leave links. To that end I’ve configured this website to allow comments without links through without moderation. All other comments must be approved. And of course, I use Akismet which is great. In total I think maybe two or three spam comments enter the moderation queue every month. And non-spam comments never have, but then again, how many comments have been left? (Answer: 21!)

The setting is simple. Under “Options / Discussion” I’ve set it to e-mail me on all comments and e-mail me when there’s a comment held for moderation. I leave all three of the “Before a comment appears…” checkboxes blank, along with the blacklist box. Finally, and most importantly, I put a “1″ in the box for “Hold for modeartion if a comment as [ 1 ] or more links.”

That’s it. I’m sure this is earth shattering. Enjoy.

Vonage Voicemail Transcription Hilarity

I had in my queue a post celebrating Vonage for their voicemail transcription service. This is actually a pretty clever idea and very useful. The idea is to save me a call and some button pushes or a few mouse clicks (I already get voicemail as an email with .wav attachment), but when I already know who called and when (from the email) the extra step of actually listening seems tedious and redunant. That’s what I had *planned* to do. The service worked great for a few weeks, but clearly the original trained foreign labor has been replaced either with machines or untrained foreign labor. I’m considering posting these transcriptions weekly because they make me angry and laugh at the same time. I’ve already communicated this to Vonage, but they replied with a nigerian-spam looking email asking me they’d love to help me if I just provide the following details …

(I’m not making that up).

So first, let’s seem some of these hilarious feats of English:

“Hey. It’s ethnic i think you know. if she’s also going to come over tomorrow between wanting to. And she’s going to be. Bringing you to call. Bottom baked beans. And i’m going to bring it. Either tennis out led by process out. So i think so much for everybody has crashed your house. And You know crash a pool party. What i. Hope you have a wonderful day. In the c my. Bye spice.”

That’s probably the best one so far.

“(Elias?), it’s (Erin?). It’s about 7:15. Was trying to phone call. Where do we get this? Give me a call. I’m on my way to my mom’s, but I self service majority of the way. So, just (??) to you. All right. Bye.”

My hobby is coming up with elaborate scenarios under which someone might leave a message like the following:

“Hey staff i was just calling. I’m i was on the other line area and i can get over. talking enterprise so.”

Finally, I’ll include the Nigerian spam I mentioned. Now, for bonus amusement I add the following: I sent this email from my account control panel after having logged in.

I received your email requesting assistance but I am unable to assist you until I can first validate you are the account holder.

For your protection and to ensure that your account is not compromised, please reply to this email and include the account information listed below. I look forward to your reply so that I can assist you.

[snip]

Account Information Needed:

1. Vonage Account number.
2. Email address registered on the account.
3. Billing address on the account.
4. First and last name on the account.

Who wants to be the one to tell Vonage the if my account was comprimised, asking for this information doesn’t really prove anything? Makes me proud to be a Vonage stockholder! *flush*

How I Lost My Thumbdrive

Well, so as a technology, thumbdrives didn’t last long, at least not for me. I can’t exactly remember when I bought my first one, it was probably around 2001-2002 (sadly I still have it), it was a 64mb beast. My latest purchase was an impulse buy, a 1gb sandisk cruzer micro at Office Depot some time ago. Today I virtually eliminated any need to use one. I had known about this for some time, but I was too cheap to act until this past week. As previously written, I have a T-Mobile SDA (HTC Tornado) which has support for miniSD cards. This past week I bought a 2gb Sandisk Ultra II miniSD for $23 off some random vendor (Blue Proton) on Amazon. I have to say that their turn around was impressive. I ordered late Thursday morning, they shipped Friday and it arrived Monday. That’s PCMall turnaround for $5. At any rate, I wasn’t expecting for days and Leigha didn’t know I had ordered so she inadvertently kept it hidden from me until this morning.

I had done the research before placing the order and it seemed like 2gb was the largest size the phone would safely accept. I saw a lot of problems by people with 4gb cards and decided to avoid the issue, if it works I can always upgrade later. I chose the 2gb Ultra II because it seemed to perform well and when it becomes cellphone obsolete I can use the included MiniSD -> SD adapter it should continue it’s useful life in my camera.

So back to our main story, I had already installed in my phone the requisite software. It’s called WM5torage. It only works with Windows Mobile 5, I’m not sure what, if any, solutions are available for WM6. After I installed the card and ran the software I got the error 57 as mentioned. I did a quick search for “windows mobile registry editor” and came up on the simply name “Mobile Registry Editor“. I did not have .NET 1.1 installed so that was the first hurdle. I kept getting “permission denied” errors which seemed like the “access denied” errors described in the FAQ but the cause turned out to be that I was running the app off a network share which caused issues. When I copied it to the hard drive it ran fine. After I added the registry entry as described on the WM5torage page, it still did not work. Oh wait, it’s Windows, reboot. Reboot fixed and it came back up and worked. So now, as long as I have one of the ubiquitous mini USB cables, I can connect my phone to a computer in mass storage mode, and it’s one less gadget to keep on my keychain.

A Weekend with Rails

Friday afternoon I started my first project with rails. Ok, technically it’s my second project. I tried doing rails for the sake of rails but I never get anywhere that way. I need a real project with a real purpose (if it succeeds) but not so important that I can’t live without. I found the right project on Friday surfing the web, and basically spent all of Friday night and the vast majority of Saturday working on it. The rest are my impressions.

As for ruby itself, I’m pretty pleased with it. It has a lot of the trappings of perl, particularly the array and hash methods behave identically. I can’t say the language ever really caused a problem. Rails itself is fairly nice. The scaffolding provides a great way to prototype without having to do a lot of coding on the un-important areas. So far I’ve also written no SQL code, at least not in ruby. I created a handful of views in the database, but that’s about it. The trouble I’ve have/had, and I imagine the limitation most people bump into has to do with the models. The expectations are rigid and I haven’t solved for certain problems yet. Like how do I get to extra data in a link table? And how do I deal with tables that have no primary key? I’m sure these are documented but I’ve only run into those troubles in the latter part of yesterday.

The documentation for ruby and rails is excellent. The rails API and the Ruby core documentation are easily navigable. The errrors seem to be less well documented. Some of my biggest frustrations have come in tracking down errors thrown by the app. The other rough spots have been when the rails table guessing regime hasn’t worked out. As an example, I had a table called passes, and a class called Pass. When I declared an association of “has_many :passes” the software guessed my foreign key as “pas_id” (the right answer was “pass_id”). The last bit I haven’t figured out yet is how to layer in authentication and authorization. Currently the app doesn’t require rigorous authentication – all of the users are trustworthy – but that’s just a coincidence.

The default scaffolding is functional but not robust, in any sense. It doesn’t allow you to navigate relationships. I was directed towards ActiveScaffold project. It’s largely a drop-in replacement for scaffolds but it exposes much more of the relationships. In some cases too much. For example, in my application suppose there are users and passes in a many-to-many relationship. A user should be selecting which passes he owns (modifying a link table) not modifying the passes themselvs. ActiveScaffold exposes both with no easy way to suppress the behavior. I’ve been using the ‘subform’ control to control which fields get displayed in the subform context, and that’s a quick middleground, but again, my users are very informal.

The ActiveScaffold recommendation came by way of the nice folks in #rubyonrails on irc.freenode.org. Unlike the more popular web development platforms (perl or php), there is an unusually low frequency of stupid/easy questions and a high tolerance for such occurrences. I attribute this to lack of widespread ruby adoption, I think popularity brings in the unwashed masses, and the masses destroy the tolerance, but that’s for another day.

Overall I’m fairly impressed with Ruby. The touted ability to start see and make progress with small amounts of code is not hype. When you throw in ActiveScaffold you even have something that looks largely pretty. The real question becomes how challenging it is to replace scaffolding with real code and from what I’ve seen it’s on par with php or mod_perl. Perhaps even a little better with the built-in concept of layouts (templates basically). The application in question is no small case either. Currently I have 26 tables, 15 models, and 14 controllers. Not bad for a day and a half.

The Mac Zeitgeist

This isn’t particularly new, but a recent event reminded me I haven’t posted about it yet. My computer usage is schizophrenic in a sense. I’ve been using Linux for over a decade now, but I abandoned it on my desktop around 2000 in favor of Windows 2000. I’ve felt for a long time that Linux is not ready for the desktop. Ubuntu is probably the best attempt I’ve seen to date, but they all the distributions suffer from the same shortcomings: fonts suck, app developers suck at UI, lack of useful applications, and even the window managers are fairly ugly. Now it’s  been improving, certainly since 2000, but at a crawl. And all along, despite the abuses suffered at the hands of Windows, I’ve stuck with it because even that was better than Linux on the desktop.

Back in 2000, or even a few years back,  I never would have guessed that I’d be running Mac OS as my desktop OS, and not even slightly begrudgingly. I’ve had a Mac now for 5 or 6 months, I actually lovingly adopted Mike’s when he left AOL. I was expecting a long adjustment period but it turned out to be ridiculously easy. The primary thing to get used to is where the hotkeys are and for what they are used. For example. in Firefox I was used to Ctrl-T now it’s Apple-T. That took less than a week to get acclimate. The lack of a second mouse button on the laptop is also fairly frustrating and I don’t really understand the resistance. Everything else was cake, which was in part due to the Unix underpinnings of the OS.

I was not a trailblazer by any means. Lots and lots of my co-workers were using Macs before me, and I was among those poking fun at them. In particular, I mocked the “Mac walk of shame” wherein you walk through the halls with the lid open because there isn’t, by default, any method to tell Mac OS not to go to sleep when you shut the lid. (This is in contrast to Windows where you can define specific behaviors for when you close the lid and when you hit the power button. This is another area in which I find the OS lacking).

Vlad in particular likes to deride Mac users and owners, and it’s not anything I take offense at, but much in the way he changed his mind about iPhone (I also thought/think it’s hype) I think with actual use he’d change his mind about Mac OS as well, but I digress.

The primary reason for writing about this is that there seems to be a clear change in preference for an interesting selection of users in favor of Mac OS. I was in an architecture council meeting and I looked around the room, all but 2 laptops were Macs. The 2 PC’s belonged to the facilities guys who manage power and space for the datacenters. Every other architect used a Mac. My last 3 bosses have used Macs. Most of our operations team uses Macs. A significant number of our developers use Macs primarily (they keep PC’s for software testing).  This is the trend that I find so encouraging, that I bring to your attention.

Finally, the event that reminded me to write this post. My brother was in the process of replacing his PC laptop and was asking me about Vista. I suggested he stick with XP for the time being. He ordered a laptop from Dell (I believe it came with Vista, no choice), and realized that he could actually buy a MacBook for less. Last I talked to him he was still deciding whether to cancel his Dell order and get a Mac instead, which was my suggestion to him. If he really hates it, he can just install XP instead.

The TLA Files: WRT, WPA, AES, PPTP

For over two years now I’ve had the wireless network configured in a reasonably satisfying way: The main wrt54g has a public IP (wan), segments the lan and the wireless lan (wlan), provides dhcp to both, and provides pptp (vpn) on the wlan. The wlan was wide open, no encryption, broadcast ssid. You could connect but you couldn’t get anywhere until you VPN’d. This is very similar to the way we ran the wlan at work.

Eventually I got a second wrt54g, and I set it up in the living room. Frankly, at this point the configuration got too complicated to explain in a blog entry. Suffice it to say, lan was 10.0.0.0/24, wlan was 10.0.1.0/24 and devices connected to the lan segment of the wrt in the livingroom were on 10.0.2.0/24. Routing hilarity ensues.

When we moved in January the office also splintered off the wired lan which introduced it’s own issues. I broke out the ancient powerline ethernet bridge giving the office a whopping 10mbps. Yesterday I bought Doug’s old wrt54g (v1.1!) for $5. After 10 minutes of thinking about routing tables it was clear that starting a 10.0.3.0/24 segment was not going to make my life happier. After some consultation, I decided to use wpa2/aes to secure all traffic, and run the client wrt’s in bridge mode.  Commence slamming head into desk.  The difficulties of doing wpa2 in combination with bridged (wet) mode are reasonably well documented. You have to break the  bridge (separate the wlan from the lan) and then run software to do the traffic routing. Very lame.

After a few hours of banging my head into that wall I decided that wpa2 wasn’t buying me enough to justify the annoyance (you also lose multicast) and I dropped all three devices down to wpa/aes. I just finished reconfiguring the last of the devices and everything is at least talking to each other.

Along the way I tried HyperWRT (including various flavors thereof: tofu, tomato, thibor) and they generally seem abandoned and less featureful than OpenWRT, so I went back.

The real question is whether this will improve network performance or not. Earlier on I did some speed testing with the encryption and it was at least on par, if not slightly better than the powerline. It feels like a lot of effort just to come out even, but I’m happy to have only 1 subnet for the entire house.