Adam Katz Musings

It all started a few months ago. Our building decided to put a restaurant in downstairs. From my conversations with the head chef (who doubles as the building super), it's going to be a nice restaurant with some fantastic lunch options and a full bar. The problem is that it's being constructed on quite the budget, which means little is done outside of the work day. My office is directly above the construction. Over the last few months, I've had to deal with dying equipment, racket and vibrations at my feet, the moving of my doorway, and oh, the network closet... (More)

An open letter to Facebook and Blogspot:

I am writing about a Facebook page (app?) called "See WhoHas Viewed You" which brands itself as ProfileSpy ("see who views your facebook profile").  The page begins by requesting users click "Like" on the page, after which further instructions follow.  The javascript code offered for the service is incredibly obfuscated (I break it down below).  Assuming you install it anyway, all visitors to your Facebook profile will automatically do (with no knowledge or consent) all of these items: Suggest the ProfileSpy page, invite all(?) of their friends to use it, and then load the http://profilespy.blogspot.com website in a frame.  This site (purposefully not linked here!) includes all of the user-tracking code.  It appears to also visit some other pages and submit forms on them so as to be more profitable and potentially collect more of your information. Updated 2010-05-31. (More)

Two weeks ago, I jumped on eBay to get a microSD card for my phone.  I found a ridiculously cheap brand-name 16GB card … from China … and decided to risk the purchase (final price: $17.66, free shipping).  It arrived today.  The box it came in was made of a flimsy cardboard not much stronger than paper and included a piece of flimsy plastic shell around the card and its SD adapter. After some quick jumping around Google Images (including searches limited to .tw, .hk, and, of course, .cn sites), I concluded that it didn't look like the legitimate product.  If it didn't look or feel like the real thing, it was time to ask a professional. (More)

It's annoying living on the Eastern edge of the US Eastern time zone. During the winter, the sun sets before 5:00pm. It's also annoying —and dangerous— to endure the phase-shift of Daylight Saving Time (DST). Here's a simple proposal, with economic, safety, political, and practical reasons behind it: Move New England to permanent Daylight Saving Time (UTC -0400, the Atlantic time zone). (More)

This might be confusing because I just wrote an article on using the MD5 hash summary algorithm in JavaScript, but I'd like to address another use of the word hash (sorry, you can't smoke this one either), relating to lookup tables that can make code significantly easier to develop. Bash (a shell scripting language I try to stay away from in favor of more conservative POSIX shell code) is really good with arrays, but a loop is still needed in most cases while a dynamic lookup table based on keys (like the hash type in perl) would alleviate that need. It occurred to me not too long ago that facilitating this in Bash wasn't actually that hard.  (More)

There's a long-standing debate over what to call this UNIX-like operating system that runs the GNU userland, Xorg windowing system, and a thousand other things atop the Linux kernel. The Free Software Foundation (FSF), of which I am a dues-paying associate member and big advocate for, insists upon calling it GNU+Linux or GNU/Linux ^[1]. I used to "tow the party line" and go along with it (though I never actually corrected people on usage, or if I did: sorry ^[2]).

Nobody ever argued that a kernel alone comprises an operating system, and GNU is no longer a required piece while Linux is ^[3][4]. We call the operating system "Linux" and we call the kernel "Linux" ^[5]. If there's confusion, we clarify with a quantifier when needed, but that would be "Linux distribution" and "Linux kernel" rather than "GNU/Linux" and "Linux." Even the FSF uses the term "Linux kernel" rather than just "Linux" because even they realize the confusion ^[1].

The GNU projects are an undeniable part of the operating system's history, without which the kernel would have died while still an experiment, and GNU is still important to the system today. However, I don't live in "The United States of Freemason/America" ^[3]. (More)

Basic JavaScript (whose formal name, ECMAscript, isn't really used) lacks much by way of cryptography. It even lacks basic checksum methods, making it difficult to verify the integrity of a piece of data, handle passwords (no good implementation actually stores your password in the clear, they always store it as a hash). Here I'll explain what hash sums are and why we need them, then I'll reveal the few JavaScript MD5 hash implementations I found online, and I'll compare their efficiency head-to-head.

 (More)

This is the conclusion to my exciting rant about CAcert's inefficiencies, moving from speculation on where they could go to fix their problems and even perhaps prosper to what this could do in the long-run.  It's not even really specific to CAcert; anybody could implement this idea.  CAcert just has a good base upon which to build.  The idea is a simple one; bring web-of-trust to social networking. It's almost there already, and especially needed given how Facebook is quickly losing our trust.

 (More)

This blog is powered by LifeType, which may or may not be the right choice for it (there are a few features I don't need, like the ability to host more than one blog and therefore the extra piece of the URL, and there are a few bugs like the fact that I can't change the time of a post, be it a future post or a past one, despite that changing the date is trivial). LifeType uses PHP Smarty for its templates, which I've gone and tweaked as I do everything. In this article, I explain how I added syntax highlighting for code blocks in this blog.

 (More)

Over the years, the publishers of Dungeons and Dragons (D&D) have struggled. While poor decisions have been made in the past (a TV show, firing the co-creator while he was still the industry's figurehead, over-saturating the market, piling on debt, ...), the game always seemed to survive. Third edition was like striking gold, and its new backer had near infinite funds so as to prevent many of the problems suffered in the past.

Competing with online games like World of Warcraft and simplified games like Magic: the Gathering, D&D has new challenges. Fourth edition aspired to attract fans from those other genres, even offering numerous software companion products (a big taboo to my eye). It failed to meet expectations.

Since third edition had a free licensing scheme and third-party development was encouraged, this presented an additional challenge for fourth edition. Paizo, a company spun off from D&D's manufacturer and headed up by the Editor-in-Chief of D&D's premiere magazine, decided to continue developing third edition products for their Pathfinder world and even revise the edition so as to compete with fourth edition head-on.

Paizo is winning.

January saw our second beer tasting, this time featuring "winter brews" of many different types. True to my word, there were smaller samples of fewer beers and simpler scoring. Again, the format was a blind presentation of beers. The order our eight beers were numbered and served in was:

Long Trail Hibernator, Blue Moon Full Moon Winter Ale, Dogfish Head Midas Touch Golden Elixer, Sam Adams Winter Lager, Magic Hat Black as Night Winter Lager, Harpoon Winter Warmer, Smuttynose Winter Ale, and Leinenkugel's Fireside Nut Brown.

Read on for the detail:

 (More)

Just did a quick blind taste test between a US market aluminum can of Coca-Cola (sweetened with corn syrup) and a Mexico market glass bottle of Coca-Cola (sweetened with cane sugar).  Michelle and I both agreed that the bigger difference was the glass versus can.  Unless looking for the tinny can taste, neither of us could distinguish between the two drinks (which were served in identical glasses).  All things considered, we both preferred the Mexican drink.  Ditto when we added rum (our suspicion was that rum's cane sugar origins might play favorably with the Mexican Coke's cane sugar).

This confirms the philosophy shared by Coke snobs worldwide:  glass > can > plastic > fountain (the last of which can't have its ratio of soda-water to syrup properly regulated). The difference was so stark that it prevented us from testing sugar versus corn syrup.  It also reminds me that the Caribbean-marketed Coke has its own differences -- it's slightly sweeter and slightly less carbonated, which somehow contributed to a less satisfying taste, though perhaps because of my location and the ubiquity of its top-notch rum, I had other things on my mind (and palette).

As to Coke versus Pepsi?  No contest.  I used to live with a few Coke snobs.  One of them bought a 24-pack of Pepsi because it was significantly cheaper than the 12-pack of Coke.  The other yelled at him for it.  A day or so later, he regretted making the purchase.  The "Pepsi Challenge" generally yields a preference of Pepsi to Coke because Pepsi is sweeter, but regular drinkers seem to unanimously prefer Coke. Since my workplace has unlimited cola (including a spell where we were Pepsi-only) and I drink like a camel, I've become a Coke snob like my former housemates ... and my CEO.

CAcert was (if I recall correctly) the first provider of free SSL certificates, enabling anybody to offer encrypted versions of various internet services like secure websites and email. It's a great premise; this is one of many industries that is cobbled together on the notion of selling something virtually free of cost for enormous prices. These high prices have recently been dropping due the lower threshold for serving your own site, the fact that nobody has money anymore, and --in no small part-- because CAcert and others compete for free.

However, there is some fundamental flaw in CAcert's organizational structure; they still have yet to pass even a basic security audit, and even after that, there's the fact that, barring some big changes, they just can't afford the audit required by Microsoft for inclusion in Windows or Internet Explorer.

Yet there's still a hope. If CAcert can get included in Firefox and Chrome, they can start (or rather, resume) a movement. CAcert is built upon a web-of-trust foundation, and once it has some momentum... Well, let's just leave it with the adage, "if you build it, they will come."

 (More)

I can connect to any system I have access to with a single command, even if it's hidden behind an ssh router (NAT). This is a trick I've been using for years to jump between various networks, be they in the office, at home, or one of several colocation facilities. It uses OpenSSH's ProxyCommand feature to piggyback a second ssh connection connecting a raw TCP feed from the internal target.

This is heavily used at my workplace for our build farm (a network of old and arcane UNIX systems segregated for security purposes). Recently, an update to the TENEX C Shell (tcsh) broke the trick. I figured I'd publish the whole process and the tcsh fix.

 (More)

As somebody who supports a dizzying array of UNIX and Linux systems for build systems, servers, desktops, and laptops, I'm often kept quite busy ensuring that various scripts and hacks work equally on all of them.  As new distributions come out, I need to implement them so the engineering team can develop and test applications on them.  I have a holy-grail array (mostly combed from DistroWatch) mapping the various package versions between distributions so as to determine levels of equivalence and hopefully limit the number of virtual machines I need to configure. Usually, the array is out of date, missing the latest release or two from the distributions that can churn out release faster than I can shake a stick.  Red Hat is not one of them.

When's the last time they were even in the news?  Sure, they've got some neat projects out there, but their core, the Red Hat Enterprise Linux (RHEL) distribution, has dwindled and faded from memory.  I still see it (and by "it" I actually refer to CentOS and other derivatives) at the production-grade level, but every other "Enterprise-Grade" distribution has since come out with a far more recent release, and they're all gearing up for yet another while we still await even just an announcement of a beta of RHEL 6.  While we wait, the industry moves.  We're looking at a world that might not even want a sequel to 2007's RHEL 5, which was a desktop system that could be configured as a server. The industry has its systems all in the cloud, corporations are increasingly interested only in a web browser, and individuals will soon be doing everything on their phones.  Even then, there is a bit of demand for another RHEL, and at this rate, I wouldn't be surprised if a team outside of Red Hat that delivers it.

Read on for my assessment of what this means for Red Hat and what opportunities this presents for the competition.

 (More)