I will be away for a while. Find me at http://soylentnews.org
I will be away for a while. Find me at http://soylentnews.org
The following is my prepared answer for anyone who asks me this stupid fucking question in any interview in the future.
func modBool(modulus: Int) -> Bool
return (self % modulus).boolValue
for x in 1...100
print((x.modBool(3) ? "" : "Fuck ") +
(x.modBool(5) ? "" : "You") +
((x.modBool(3) && x.modBool(5)) ? "\(x)" : ""))
SSDs already use wear-leveling technology that effectively turn all file-updates into copy-on-write operations.
If SSD devices would keep track of the old copies so that an operating system or SSD-vendor-supplied data-rescue-utility could easily treat non-overwritten data as if it were a "shadow copy"
if the SSD would hide that data from the host computer unless a particular switch or jumper was set,
it would aide in data recovery after a ransomware attack.
Why hide it from the host when the switch is not set? If the "shadow copy" IS visible to the OS, all the ransomware has to do is write to the disk until the data it wants to erase is no longer there in the "shadow copy." If it is invisible to the host, the ransomware has to write enough data to overwrite all existing "shadow copies" to guarantee success.
Why would a user have the switch on all the time? Backups.
Having a hardware-based "shadow copy" mechanism that the backup software or host OS understood would make backups easier without the necessity of the host OS or filesystem having to implement a shadow-copy system of its own.
I don't think I've written this down anywhere before, so here's my story about the first time I had a face-to-face conversation with Steve Jobs.
I was working for Richard Kerris in Apple Worldwide Developer Relations, on a group called the SWAT team. I was the Cocoa expert on that team, and I had colleagues who had expertise in UNIX internals, Windows development, and the Metrowerks tools.
Our role was to help third-party developers bring their products to Mac OS X, whether they were coming from Windows, Solaris, Mac OS 9, etc. We would look over their code, and consult with them on how to go about porting and/or rewriting their products for the new platform.
I went to Fred Anderson's retirement party which was held at Cafe Macs in Building four of the Infinite Loop campus. I saw Steve there, and I went over to introduce myself. I said "Hi Steve, I'm John Randolph. You may or may not recognize my name, but I used to flame you from time to time before I worked here." He asked me "Why did you stop?" I told him "Well, I work here now, and I respect the chain of command."
At the time we had this conversation, there was a big fight going on between the foot-dragging laggards who wanted to keep using the old Mac Toolbox API (which had been cleaned up considerably and put into a framework we called "Carbon"), and those of us who wanted to get everyone using the NeXTStep-derived "Cocoa" frameworks,
At the previous WWDC, Steve had started the keynote with a bit of theater: a coffin had risen up through a trap door on the stage, in the midst of a cloud of dry ice fog. Steve had opened the coffin to show a big Mac OS 9 box, and he praised OS 9 in a eulogy, to make the point that Apple developers should consider it dead and gone.
So getting back to our conversation.. I told Steve what I was doing on Richard's team, and I said "I know that you can't do this politically, but I wish you could have another coffin on the stage at the next WWDC...." and he said: "With Carbon in it?"
He was grinning. At that point, I realized that I could quit worrying about where Apple's development environment was heading. Steve knew what we needed to do, and in the years that followed, Apple has kept the best of NeXT's technology, and let go of what we didn't need.
We miss you Steve, but we're doing fine. Thanks for the things you made happen.
Updated 2016-07-08 (the day after a multi-criminal police shooting in Dallas, Texas, USA, leaving 5 police dead, 7 other police injured, and 2 non-police civilians injured)
#IAmDallas - remembering the fallen of 7/7/2016
Updated 2016-04-25 (temporary/for a few weeks)
Ed D., rest in peace my friend, 1968-2016, you were a true fan's fan.
All your e are belong to Mother Nature.
Earlier today, I read an account of a little girl getting a severe sunburn while on a school field trip, because of an unconscionable policy prohibiting children from possessing sunscreen while at school or on school activities. I looked up the name of the spokesman who had the nerve to try to defend this policy to the press, and wrote her the following e-mail:
Miss Chancellor, you and the pinheads you serve in the Northeast Indecent School District are a tragic example of the kind of abject incompetence that pervades American public schools in the past several decades.
I would urge you to resign and pursue employment in the janitorial services industry, but youâ(TM)re obviously too goddamned stupid to be trusted with cleaning supplies.
Well, it would appear that Miss Chancellor was offended by my criticism, and she replied thusly:
Your comments do not warrant an intelligent response. Clearly - you do not have all the facts.
Now, it's rather unusual for an apparatchik in a shitstorm to bother to respond to any of the angry e-mails they get, so naturally I have replied:
On Jun 6, 2014, at 10:26 AM, Chancellor, Aubrey wrote:
>Your comments do not warrant an intelligent response.
Since youâ(TM)re entirely incapable of an intelligent response, that just works out fine and dandy now, doesnâ(TM)t it?
>Clearly - you do not have all the facts.
The fact is that when you screw up like this, the thing to do is apologize and promise the parents, the child, and the rest of the community that it will never happen again. You donâ(TM)t double down on your idiotic policy of depriving children of sunscreen.
When children are entrusted to you by their parents, your paramount duty is to ensure their safety and well being. it is NOT to sacrifice their welfare to your psychotic need for obedience.
More on this as it develops. Start the popcorn.
Last post to FB:
In the time since I created this Facebook account in 2006, I found a bunch of old friends, met many new ones, wasted a whole lot of time, had some arguments that never would have happened in real life, and been frequently annoyed by the business decisions FB has made.
This post will be my last. I will delete this account 48 hours from now. Those of you who want to keep in touch can reach me as always at firstname.lastname@example.org, which I've had for at least a decade.
All's well that ends. I wish you all peace, love and happiness.
It feels like leaving high school. There are people there that I will always care about, some that I love, some that I barely know, some that I have no idea how I met in the first place or why they're in my FB friends list.
A very smart friend of mine is working on changing social media from a site and a vendor that sells the users' info to advertisers, into a protocol that would operate on a peer-to-peer basis, with strong security to ensure that what we write goes to those we wish, and no one else. I hope he succeeds, and I look forward to making a fair bit of cash shorting FB when the writing appears on the wall.
I will thank my friends who worked on FB, and every user there who ever shared a heartwarming, interesting, inspiring, or even outrageous bit of information that I wouldn't have found otherwise. Congrats to all the FB millionaires and worker bees, I wish them all the best.
I'll still be NSResponder here on
Storing a private key "in the cloud":
Key is K1. Key is thousands of seemingly-random bits, probably based on a pair of 1024-bit-or-larger prime numbers. You typically store K1 on your computer using a good encryption algorithm. Your password to decrypt the key is P1. P1 is typically tens of characters. Decrypting K1 with P1 is a fast (in human-time-scale) operation, under a second.
Although K1 is typically used to encrypt or decrypt data, for the purposes of this document, K1 is the thing to be encrypted. It will not be used to encrypt or decrypt anything.
How to safely store a backup of key K1 online such that the end user can access it from any device if he has both the password P1 and something else that is not mathematically related to K1.
Method 1, the "something else" is a one-time pad:
Create a random one-time pad, R1, which is the same size as K1.
"Encrypt" (XOR) K1 with R1 then encrypt both with P1, creating the safe copy S1. Store S1 online.
Print off a copy of R1 such that it can be easily photographed and re-constructed. Store R1 or an encrypted version of it in a safe place, such as a safe-deposit box or distributed in parts to trusted secret-keepers.
Without R1 it is provably impossible to extract K1 from S1, so S1 is "safe."
R1 by itself is useless.
R1 with S1 constitutes a compromise but it will mean the attacker has to either guess P1 or exhaustively search for it.
If the person loses their local copy of K1, they can use R1, P1, and S1 to reconstruct K1.
Method 2, create a file S2 which from which is computationally hard to extract K1 without P1, acceptably moderately difficult to extract K1 with P1 and no other information, and easy to extract K1 with P1 and "something else" not related to K1.
For example, create a one-time pad R2 which consists of P1 combined with some random-ish filler-number B2 whose size is dependent on how "moderately difficult" it can be to extract K1 given only P1.
If this pad R2 is at least as long as K1, proceed on as in Method 1: "Encrypting" (XOR) K1 with R2 and encrypting both with P1, creating a safe copy S2. As neither P1 nor B2 are known or predicatble, S2 is safe.
The time to recover K from S2 with only P1 will be the time it takes to go through all (or, on average, half) of the possible values of B2. Since the length of B2 was chosen in advance based on how hard this decription should be, K1 will be recoverable in a predicable, acceptable amount of time. With B2 and P1 recovering K1 from S2 is quick.
If the pad R2 is not as long as K1, one option is to re-use the one-time pad and as such will not satisfy the goal o being "comptationally hard to extract K1 without P1," but it may be good enough for some applications.
A different solution is to encrypt K1 with P1 (the file that is normally stored on the person's local computer will qualify) then encrypt the result with either B2 or some combination of P1 and B2 to create S2. The difficulty of extracting K1 from S2 with only P1 depends on the time it takes to go through all (or, on average, half) of the possible values of B2. Depending on the lenghts of P1 and B2 and the encryption algorithms used, this may not be safe enough. With B2 and P1, recovery is quick.
This method has the advantage that the "something else," B2 in this case, need not be kept at all.
A typical scenario where the "B2" method would be preferred over the "R1" method is where it is acceptable if key K1 becomes unavailable for an extended period of time in exchange for a zero-risk that an adversary will acquire or discover R1.
A self-proving identification card:
Display in human-readable and computer-readable form:
Identifying information such as name, card number, issuer/certifying agent, expiration date, face or thumbprint, signature, etc.
Display the same in a computer-readable form. For easy-to-scan things like letters and numbers that are on the card in a pre-defined layout, the human-readable form and computer-readable form may be identical.
For things like a photo, the computer-readable form may be a simpler version, such as an 8- or 16-color 64x64 bitmap.
Have the comptuter-readable form be digitally signed by the issuer/certifying agent and have the signature on the card in both a computer- and human-readable form.
Have the scanning device display the computer-read data in a human-readable form so that a human being can compare what is on the screen with what is on the card.
The same human being would compare what is on the card with either another form of ID or, if the card had a picture or thumbprint, with that of the person presenting the card.
Some information on the card could be encrypted and require a password or other authentication token to decrypt.
Other than this optional part, the card would be "self proving" provided that the public key of the issuer/certifying agent was available to the authentication terminal.
Invisible Internet Project...
I2P is best described as a cross between Tor and Bittorrent. That is to say, the onion routing benefits from the fact that most participants contribute to the available bandwidth. It does also come bundled with a bittorrent client and email service. A number of other I2P apps are available including i2P-Bote, a new server-less email system based on DHT.
Qubes is a desktop OS based on a customized Xen hypervisor. It ships with Fedora 18 to provide Linux desktop functionality, but can also host Windows and other VMs. The philosophy here is that paravirtualization, VT-x and VT-d are all employed in concert to reduce the system's attack-able surface to the base minimum while still providing the functionality of a desktop.
My choices in this area amount to a pretty short list because each one is comprehensive in its approach to privacy and security. I2P keeps everything encrypted and anonymous end-to-end without the worrying about app-specific encryption settings (PGP, OTR, HTTPS, etc) which leads to inconsistent usage. That means using mostly I2P-specific apps, though Firefox for I2P Web is the current exception. Qubes OS secures the system by keeping the high-risk subsystems - IP, firewall and X11 - in their own read-only VMs, and also runs my apps in separate domains according to the trust/risk levels I assign to them. For example: a 'banking' appVM to access bank accounts in Firefox, a 'personal' appVM for email, chat and personal files, an 'untrusted' appVM for general roving around the unsecured Web and multimedia entertainment, an 'i2p' appVM for the growing amount of anon/private communications over I2P, etc. The Qubes project goes so far as to claim "strong security" and I believe them... this is not your run-of-the-mill VM system.
More about some of the interesting features in these puppies later...
E-mail to Neal Martin, E-trade's vice president of customer service:
I doubt that this message will actually get to you personally, but what the hell.
After the fracas over the last few weeks in which e-trade failed to issue me a second ATM card, I finally got around to transferring the bulk of my shares to a competent broker.
The automatic mail from e-trade notifying me of the transfer included this paragraph:
E*TRADE strives to achieve best in class service and is focused on meeting all of your financial needs. We would like to understand your reason for your transfer out and see if there are any improvements we can make to serve you better in the future. If you have the time to discuss, please call us at 1-800-ETRADE -1 (1-800-387-2331).
The fact is, after going around with your underlings a few times on my requirement for a second card, and having told each of them several times that this was a deal breaker, I know that the claim that youâ(TM)re âoestriving to achieve best in class serviceâ is nothing but marketing drivel. Indeed, my direct, personal experience has shown me that my business isnâ(TM)t important enough to get on the radar of anyone who would actually solve the problem.
I had already planned to find another broker, but the thing that made me hurry up and do so was receiving your oh-so-thoughtful gift of an e-trade gym bag. So, after refusing my very simple request, you apparently assumed that Iâ(TM)d be satisfied if I just got a bag to advertise an incompetent financial institution to my friends.
Looking at the transaction log, I see that e-trade has charged me $25 for the privilege of taking my property elsewhere. Now, Iâ(TM)m sure you have something in your fine print that allows you to do that, but itâ(TM)s still kind of shitty on your part. Given that youâ(TM)re not even capable of issuing two cards on one account (as you had done for the previous decade or so), waiving that fee is probably entirely beyond the capabilities of the fifth-rate keyboard monkeys in your so-called âoeIT departmentâ, so you can go ahead and keep it. Iâ(TM)m getting a nice welcome gift from your competition, which I didnâ(TM)t even ask for.
Would you like the gym bag back?
Got this from some minion at E-trade, since the VP I wrote to was apparently too busy to answer a customer personally:
Good Morning Mr. Randolph,
We received your email inquiry to our VP of Customer Service, Neal Martin on 8/5/13. We regret that we are unable to accommodate your request for two ATM cards for your account. We appreciate your feedback and it has been shared with management and our product teams for review. If you have any additional questions or concerns feel free to contact me at [phone number deleted]
Corporate Support Manager
E*TRADE Securities LLC
[phone number redacted]
Manager? Yeah, right. In a functioning company, a manager is someone who takes the initiative to solve a problem.
I left the VP's name because he fully deserves to have this come up when someone googles him in the future.
You might mention to Neal Martin that when a customer responds to an email message that has his name on it, itâ(TM)s rather poor form to pass the buck to someone else unless that other person is capable of solving the problem.
I was a more-or-less satisfied customer of E-trade for over a decade. I will be transferring my assets to another broker in the near future, as soon as I determine which of your competitors can demonstrate the competence that E-trade has abandoned.
I've been a customer of theirs for over a decade, and I've had two ATM cards for the same account for many years. Recently, I needed to cancel one of the cards and instead of just replacing that card, they cancelled both of my cards. I just sent the following message to Neal Martin, VP of customer service at E-trade.
I got a call from one of your employees this morning, Meagan something, who told me that after looking into it she wasnâ(TM)t able to find a way to issue a second card for my account. Her suggested workaround was that I should open another account, and get an ATM card for that account.
So, because of your IT departmentâ(TM)s refusal to fulfill a very simple request, E-tradeâ(TM)s âoesolutionâ is that I should give you MORE of my business, and incur whatever additional costs are associated with having a second account. Not to mention that using a second account means that if I lose a card while traveling, Iâ(TM)ll either be dead in the water for a day while funds get transferred to that second account, or Iâ(TM)d have to have money parked in that second account already.
Now, Iâ(TM)m a software engineer myself with a fair bit of experience in financial systems. In my Wall Street days, I worked at JP Morgan, Salomon Brothers, and UBS/Warburg. I know that there is indeed a way to solve the problem at hand, even if it requires manually editing a database to make it happen. If my business is important enough to you, youâ(TM)ll direct your IT department to do so.
In the meantime, I suggest your inform all of your employees in customer-facing roles that âoesecurity policy" is not an excuse for incompetence.
The message above was a follow-up to this one:
I have been an E-Trade customer since 2002 or thereabouts, and I currently have about [redacted] in assets on deposit with e-trade.
Iâ(TM)ve got to say, Iâ(TM)m on the verge of taking my business elsewhere and itâ(TM)s because of something that should be trivial for you to solve.
Iâ(TM)ve had two debit cards for my account for a decade or more, and Iâ(TM)ve just been told that I can only have one now. This doesnâ(TM)t work for me, because I travel quite a bit, and I like to keep one card in the safe in my hotel room, and have the other one on me. If I lose a card while traveling, I do not want to be stranded without a way to access my funds.
Yesterday, I spoke with a representative who told me that he had figured it out and was sending me an additional card, but this morning he called me back and told me that he couldnâ(TM)t do it after all. Just now, I spoke with another representative from your âoeCorporate Relationship Managementâ team, and heâ(TM)s looking into it.
Iâ(TM)ve generally been happy with E-trade up to this point, but if you canâ(TM)t issue me two cards as before, itâ(TM)s a deal breaker. I hope you get this figured out.
Also, donâ(TM)t put your name on an e-mail address that doesnâ(TM)t go to you directly. Itâ(TM)s insulting.
The upshot is I did some shopping around and found that Scottrade's fees are lower than E-trade's. The first brokerage company I find that can issue two cards on one account will get my business.
For the last two years (almost), I was back at Apple working on the UI frameworks that the ProApps and the iApps use to give them their distinctive look. Interesting work, nice people to work with, and now I can say that there's some of my code in most of Apple's Pro and consumer apps on the Mac.
To everyone in PhotoApps, ProApps, Frameworks, and Dev Tools, thanks much! I enjoyed working with you.
The surviving Boston Bombing suspect has not read his rights and as of Monday April 22, 2013, it's been several days since his arrest. Law enforcement has already said they believe the two bombers were acting alone. It would be one thing to press a suspect for information if you catch a guy and think an accomplice is about to set off another one within hours but anything after that is trampling on the Constitution. Therefore we petition the White House to only use the "imminent threat" exception to the Miranda warning when the threat really is imminent and getting information now is more important than preserving the Constitution.
White House Petition URL:
A man is known by the company he organizes. -- Ambrose Bierce