Apple FaceID

Avatar
by Lisa

The irony of facial recognition — the idea is that you trade some degree of privacy for enhanced security. There are 10k four digit codes – a 1:10000 chance of any specific code unlocking your device. Apple touted a one in a million chance of facial recognition unlocking your phone.

So you trade your privacy for this one in a million super secure lock. Aaaaand a Vietnamese security firm can hack the phone with a mask. Not even a *good* mask (like I take a couple of your pictures, available online, synthesize them into a 3d image and print a realistic mask).

This feat wasn’t accomplished with millions of dollars of hardware. It took them a week and 150$ (plus equipment, but a 3d printer isn’t as expensive as you’d think).

Boyd v. United States or Riley v. California provide fourth amendment protection for phone content … but that only means the police need a warrant. Fourth amendment, check. Fifth amendment … Commonwealth of Virginia v. Baust  or  United States v. Kirschner says that you while cannot be compelled to reveal a passcode to allow police to access your phone (testimonial) … a fingerprint is not testimonial, it is documentary. And can be compelled. As with a lot of security, one can ask why I care. If I’m not doing anything wrong then who cares if the police peruse my phone. But if I’m not protesting, why do I care if peaceful assembly is being restricted. I’m not publishing the Paradise Papers, so why do I care if freedom of the press is being restricted? Like Martin Niemöller and the Nazis – by the time they get around to harming you, there’s no one left to care.

Pumpkin Pie Poncho

Avatar
by Lisa

I bought Candy Castle Pattern’s Pumpkin Pie Poncho pattern when it was first released. I finally made one today. It is a quick project. The pattern piece get cut up and isn’t really reusable. Saves paper if you are just making one, but requires extra printing or tracing if you are making multiples of the same size.

The pattern says it needs 1.25 yards of a 60″ wide lining fabric for a size 6. Problem is – I only had one yard of the flannel lining, and it was 42″. Looking at the pattern piece for the main body is not a rectangle – one side is a lot narrower than the other. Instead of folding the fabric in half and cutting two pieces along the folded line, I folded the fabric just enough the poncho body fit on the part with two layers. Cut one piece along the fold

Then unfold the fabric fold the *other* side down — there will be parts where there is only one layer of fabric – where the first piece was cut. Align the pattern piece so the widest section is away from the cut section. The narrow section of the pattern fits on the fabric with two layers. Cut the second poncho piece.

Unfold the fabric – there is a odd shaped bit adjacent to each poncho cutout – these can be used to cut the hood piece (or cowl). Voila – poncho lining from one yard of 42″ wide flannel.

When I started fitting the pieces together, I realized this could be done as a reversible poncho. Doing so required modifying the process a bit — the main piece fabric and lining were still aligned right sides together.

I used clips instead of pins, so Anya was able to ‘test’ the poncho as it was being constructed.

Serged along the bottom curve, turned right way about, and top stitched. The pocket fabric was still sandwiched between to attach it.

The top stitching runs right along the serged part, so it’s a little bit stiff and puffed up.

Then the fabric and lining along the arms were stitched separately – leaving the seams encased inside the ponch. The two pieces of each hood were serged together. The two hoods were nested inside each other, right sides together, and serged along the front. Turned the hood right side out and top-stitched along the front. The two fabrics, at this point, are free along the neckline. The main fabric of the hood was lined up, right sides together, along the poncho neckline and serged just to the main fabric poncho body.

The lining fabric was the tricky bit. The same basic process – line the fabric up, right sides together, with the poncho body lining material and serge it together. *But* it cannot be completely stitched on the machine a the stitching reduces the hole through which you are sewing the material. I serge it for all but about 5″ – moving the still-opened hole along the seam being sewn. I then turned the remaining edges over and hand-stitched the remaining bit that is right along the front neckline. Anya doesn’t like hoods that wrap around her neck (although she’ll wear a scarf, go figure!), so I modified the hood to have a small gap along the front.

The process is a little more difficult, but we’ve got a pawprint poncho and a snow leopard one. There’s no pocket on the flannel side — mostly because I didn’t have enough fabric 🙂 But she keeps her arms on the inside and uses the snow leopard pocket.

 

Ray Moore

Avatar
by Lisa

I assume the crux of the support for Moore’s alleged behaviour is consent. Doesn’t explain why anyone would need to trot out virgin births as an example of how OK underage sex is (uhh, *virgin* birth). Doesn’t speak to how non-consensual pussy groping is OK either.

Thing is – consent is a challenging with younger people. I remember *being* a 14-18 year old girl feeling urbane and sophisticated because some older guy was interested in me. Exactly as WaPo put it – “flattering at the time, but troubling as they got older”. Especially when I was older and saw other underage girls expressing the same pride in their relationship. However much some 30-something guy is willing to smile and nod while a young teen prattles on with her deep thoughts, intellectual stimulation was NOT what the guy is after … and it was dismaying to realize, in retrospect, the same logic applied to me.

The entire point of statutory rape is that people under whatever bright-line age of consent exists in the jurisdiction don’t have the wherewithal (i.e. experience with life) to provide consent. Modern society is moving that way — NY enacted resolutions over the summer that move the legal marriage age up to match the consent age: 17 (before that legislation, having the court/parents sign off on a marriage was an end-run around statutory laws). Someone who wants to argue that Moore’s actions were acceptable *because* the kids were OK with it … would they be willing to put forth legislation eliminating both balancing tests and bright-line ages??

OpenHAB Cloud Installation Prerequisites

Avatar
by Lisa

We started setting up the OpenHAB cloud server locally, and the instructions we had found omitted a few important steps. They say ‘install redis’ and ‘install mongodb’ without providing any sort of post-install configuration.

Redis
# This is optional – if you don’t set a password, you’ll just get a warning on launch that a password was supplied but none is required. While the service is, by default, bound to localhost … I still put a password on everything just to be safe

vi /etc/redis.conf # Your path may vary, this is Fedora. I've seen /etc/redis/redis.conf too

# Find the requirepass line and make one with your password

480 # requirepass foobared
requirepass Y0|_|RP@s5w0rdG03s|-|3re

# Restart redis

service redis restart

Mongo:
# Install mongo (dnf install mongo mongo-server)
# start mongodb

service mongod start

# launch mongo client

mongo

# Create user in admin database

db.createUser({user: "yourDBUser", pwd: "yourDBUserPassword", roles: [{role: userAdminAnyDatabase", db: "admin"}]});
exit

# Modify mongodb server config to use security

vi /etc/mongod.conf

# remove remarkes before ‘security: ‘ and ‘authorization’ – set authorization to enabled:

99 # secutiry Options - Authorization and other security settings
100 security:
101 # Private key for cluster authentication
102 #keyFile: <string>
103
104 # Run with/without security (enabled|disabled, disabled by default)
105 authorization: enabled

# restart mongo

service mongod restart

#Launch mongo client supplying username and connecting to the admin database

mongo -uyourDBUser -p admin

# it will connect and prompt for password – you can use db.getUser to verify the account (but you just logged into it, so that’s a bit redundant)

MongoDB shell version: 3.2.12
Enter password:
connecting to: admin
> > db.getUser("yourDBUser");
{
        "_id" : "admin.yourDBUser",
        "user" : "yourDBUser",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}

# Create the openhab database — mongo is a bit odd in that “use dbname” will switch context to that database if it exists *and* create the databse if it doesn’t exist. Bad for typo-prone types!

use yourDBName;

# Create the user in the openhab database

db.createUser({user: "yourDBUser", pwd: "yourDBUserPassword", roles: [{role: readWrite", db: "yourDBName"}]});

# You can use get user to verify it works

db.getUser("yourDBUser");
exit

# Now you can launch the mongo client connecting to the openhab database:

mongo -uyourDBUser -p yourDBName

# It will prompt for password and connect. At this point, you can use “node app.js” to launch the openhab cloud connector. Provided yourDBUser, yourDBUserPassword, and yourDBName match what you’ve used in the config file … it’ll connect and create a bunch of stuff

 

Strange spam

Avatar
by Lisa

We have been getting spam messages with the subject “top level quality of paint bucket” both at home and at work. I get that it costs essentially nothing to send a million junk e-mail messages, so it doesn’t take a lot of sales for a campaign to be profitable. But are there seriously people who buy their paint buckets from cold e-mails? Especially e-mails that I thought were trying to sell me buckets of paint.

And how lazy is a spam campaign that uses static strings in the subject field?

The Politics Of Anger

Avatar
by Lisa

Michael Kruse interviewed people out in Johnstown PA who had voted from Trump last year to see what they think of his performance thus far. Objectively, someone who campaigned on Muslim bans, enormous walls along the Mexican border, bringing back the steel mills, and bringing back coal mining … well, just another politician promising the world and delivering nothing. But these people still love Trump. And would vote for him again. Why?

It seems like voters want someone to be angry along with them. There is no easy solution, there is no painless solution … but no one wants to hear the truth. Or hear hard answers. But someone who obviously lies to them but conveys a story of their own victimization … that’s where they’re voting.

Coconut Almond Chocolate Bars

Avatar
by Lisa

I made a homemade dessert inspired by Almond Joy bars. It’s got three layers – coconut, sliced almonds, and either chocolate or carob.

For the coconut layer, combine the following in a food processor and pulse until you’ve got a somewhat creamy well blended mix.

3 cups unsweetened coconut flakes
1/4 cup coconut oil
1/2 cup coconut cream
1/4 cup maple syrup

Line a pie pan with clingfilm and press coconut mixture into pan. Top with sliced almonds.

I then made both carob and chocolate sauce to spread on top. Melt 1/4 cup of coconut oil. Add 2 tablespoons of maple syrup. Then stir in either cocoa powder or carob powder until the mixture has the consistency of melted chocolate.

Spread chocolate or carob (I made it with half chocolate and half carob). Refrigerate for an hour so the chocolate sets.

Containerized Development v/s Microservices

Avatar
by Lisa

While both monolithic and microservice applications can be deployed in containers, there is a significant difference. Understanding that difference can save time/money/effort decomposing an application into microservices when the benefits you desire can be gained through simple containerized deployments.

One of the touted benefits of microservices — the ability for different teams to use different internal practices, different coding standards, hell even different languages and still have a functioning application because the interface is static and well documented … well, that sounds like a nightmare to me.

A company with which I worked a decade ago had teams of developers devoted to different components of the application — essentially your team owned a class or set of functions. The class/functions were had well documented and static interfaces — you wouldn’t change void functionX(int iVariable, string strOtherVariable) to return boolean values. Or to randomly add inputs (although functions were overloaded). Developers were tasked with ensuring backwards compatibility of their classes and functions. The company had a “shared libraries” development team who worked on, well, shared libraries. Database I/O stuff, authentication frameworks, GUI interfaces. A new project would immediately pull in the relevant shared functions, then start developing their code.

Developers were able to focus on a small component of the application, were able to implement code changes without having to coordinate with other teams, and consumers of their resource were able to rely on the consistent input and output of the functions as well as consistent representation of class objects.

When a specific project encountered resource shortfalls (be that family emergencies reducing workers or sales teams making overly optimistic commitments), the dozens of C# programmers could be shifted around to expand a team. In a team with an outstanding team lead, employees could easily move to other groups to progress their career.

What happens in a microservices environment? You’ve got a C# team, a Java team, a Python team. You get some guy in from Uni and he’s starting up a LISP team because Lisplets will get his code delivered through Tomcat. The next guy who comes in starts the F90 team because why not? Now I’m not saying someone with a decade of experience in Java couldn’t learn LISP … but you go back to “Google up how to do X in LISP” programming speed. There are language nuances of which you are not aware and you introduce inefficiency and possibly bugs to the code.

What’s my point? Well, (1) business practices (we program in this language, here’s our style guide, etc) are going to negate some of the perceived benefits of microservices. The small gain to be had by individual teams picking their own way are going to be outweighed by siloing (some guy from the Java team isn’t going to move into a lead role over on the C# team) and resource limitations (I cannot reallocate resources temporarily). But (2) you can architect your project to provide, basically, the same benefits.

Microservices make sense where an application has different components with different utilization rates. A product that runs a Super Bowl commercial may see a huge spike in web traffic — but scaling up thousands of complete web servers to handle the load is an inefficient use of resources. There’s a lot of product browsing, but shipping quotes, new account creations, and check-outs are not all scaling linearly to web hits. Adding tens of thousands of browsing components and only expanding the new-account-creation or checkout services as visitors decide to make purchases can be done more quickly to respond in real-time to traffic increases.

Applications where each component gets about the same amount of use … I use Kubernetes to manage a cluster of sendmail servers. As mail traffic increases, additional PODs are brought online. It’s a configuration I’d like to mirror at work — we currently have nine sendmail servers — to provide physical and site redundancy for both employee mail traffic and automated system traffic. With Kubernetes, three servers in each of the two sites (six total) would provide ample resources to accommodate mail flow. Automated systems send a lot of mail at night, and the number of pods servicing that VIP would increase. User mail flow increases during the day, so while automated mailflow pods would be spun down … user mail flow ones would be spun up. With a 33% reduction in servers, I’ve created a solution with more capacity for highly used functions (this function could be the primary usage of all six servers) that is geo-redundant (one of the current systems is *not* geo-redundant as the additional two servers in the alternate site couldn’t be justified). But I didn’t need to decompose sendmail into microservices to achieve this. Simply needed to build a containerized sendmail.

Load Runner And Statistical Analysis Thereof

Avatar
by Lisa

I had offhandedly mentioned a statistical analysis I had run in the process of writing and implementing a custom password filter in Active Directory. It’s a method I use for most of the major changes we implement at work – application upgrades, server replacements, significant configuration changes.

To generate the “how long did this take” statistics, I use a perl script using the Time::HiRes module (_loadsimAuthToCentrify.pl) which measures microsecond time. There’s an array of test scenarios — my most recent test was Unix/Linux host authentication using pure LDAP authentication and Centrify authentication, so the array was fully qualified hostnames. Sometimes there’s an array of IDs on which to test — TestID00001, TestID00002, TestID00003, …., TestID99999. And there’s a function to perform the actual test.

I then have a loop to generate a pseudo-random number and select the test to run (and user ID to use, if applicable) using that number

my $iRandomNumber = int(rand() * 100);
$iRandomNumber = $iRandomNumber % $iHosts;
my $strHost = $strHosts[$iRandomNumber];

The time is recorded prior to running the function (my $t0 = [gettimeofday];) and the elapsed time is calculated when returning from the function (my $fElapsedTimeAuthentication = tv_interval ($t0, [gettimeofday]);). The test result is compared to an expected result and any mismatches are recorded.

Once the cycle has completed, the test scenario, results, and time to complete are recorded to a log file. Some tests are run multi-threaded and across multiple machines – in which case the result log file is named with both the running host’s name and a thread identifier. All of the result files are concatenated into one big result log for analysis.

A test is run before the change is made, and a new test for each variant of the change for comparison. We then want to confirm that the general time to complete an operation has not been negatively impacted by the change we propose (or select a route based on the best performance outcome).

Each scenario’s result set is dropped into a tab on an Excel spreadsheet (CustomPasswordFilterTiming – I truncated a lot of data to avoid publishing a 35 meg file, so the numbers on the individual tabs no longer match the numbers on the summary tab). On the time column, max/min/average/stdev functions are run to summarize the result set. I then break the time range between 0 and the max time into buckets and use the countif function to determine how many results fall into each bucket (it’s easier to count the number under a range and then subtract the numbers from previous buckets than to make a combined statement to just count the occurrences in a specific bucket).

Once this information is generated for each scenario, I create a summary tab so the data can be easily compared.

And finally, a graph is built using the lower part of that summary data. Voila, quickly viewed visual representation of several million cycles. This is what gets included in the project documentation for executive consideration. The whole spreadsheet is stored in the project document repository – showing our due diligence in validating user experience should not be negatively impacted as well as providing a baseline of expected performance should the production implementation yield user experience complaints.

 

Curried Salad

Avatar
by Lisa

I made a really good curried salad based on a recipe I found online. I omitted the sriracha from the sauce and used a little of Penzey’s Bangkok Blend to add a little flavour and heat. I also poached a salmon filet (for Anya and I) and some chicken (for Scott). Flaked / shredded the meat and coated it in the sauce. Then I made the salad (without cilantro), drizzled with the curried peanut sauce, added the meat, and topped with some crunchy noodle things.