So a cold front has settled in; and I have water a-boiling and tea ready to brew, and an unread (but probably good) book near to hand. Alas, I have not a comfortable chair in which to curl up and read it: my chairs are full of other unread books, so I must make haste to clear them!
*laughs* In point of fact, even assuming a book a day, I'd be hard-pressed to finish them all by the end of the year; and while a book a day is no problem at all for most novels — even Perdido Street Station, six-hundred-odd pages of dense text, took me only four hours or so — my reading list includes A New Kind of Science (which I've already read enough of not to take too seriously), Fearless Symmetry (which despite the numerological-tasting subtitle seems to contain a reasonable introduction to Galois theory), Colloquial Kansai Japanese, and Cheese Primer.
Not that I am so pressed, fortunately; I can take as long as I like to wander around in the complex plane, or the back streets of Kōbe. I suspect I'll need new bookshelves before I'm done, though.
Sunday, November 30, 2008
Saturday, November 29, 2008
Passwords
At my previous job — which, out of fear of misguided prosecution, I will not name here — I had to remember 22 (twenty-two) separate passwords for as many separate systems, and change them at least once every other month.
Of course each system had its own rules for acceptable passwords. One system had a maximum password length of eight characters, as well as the usual three-of-four-character-classes rule; one disallowed certain special characters; one only allowed alphanumerics. I ended up using a character-grid system: I had a small square array of characters that I kept in my wallet, which I regenerated randomly every two months. Then, instead of memorizing passwords, I just memorized simple sequences of characters on the grid:
The grid always had the same class of character at each position, so as long as I chose the initial sequence carefully, that sequence would always have a valid password for the system I associated it with.
This had the additional advantage that I could safely keep a written list of the sequences for systems I rarely used; without the actual grid that I carried on my person, these would be almost useless to an attacker.
(I don't know what the other people I worked with did. I suspect they just wrote down all their passwords. Of course, they had desks with working locks.)
Nowadays, thankfully, I work in a much saner environment: I have all of four passwords to remember, all of which I use daily, and one of which I can use the default Linux generator for.
Of course each system had its own rules for acceptable passwords. One system had a maximum password length of eight characters, as well as the usual three-of-four-character-classes rule; one disallowed certain special characters; one only allowed alphanumerics. I ended up using a character-grid system: I had a small square array of characters that I kept in my wallet, which I regenerated randomly every two months. Then, instead of memorizing passwords, I just memorized simple sequences of characters on the grid:
| _ | _ | _ | _ | _ | _ |
| 1 | 2 | 3 | _ | _ | _ |
| _ | _ | _ | 4 | _ | _ |
| _ | _ | 5 | _ | _ | _ |
| _ | _ | _ | 6 | 7 | 8 |
| _ | _ | _ | _ | _ | _ |
The grid always had the same class of character at each position, so as long as I chose the initial sequence carefully, that sequence would always have a valid password for the system I associated it with.
This had the additional advantage that I could safely keep a written list of the sequences for systems I rarely used; without the actual grid that I carried on my person, these would be almost useless to an attacker.
(I don't know what the other people I worked with did. I suspect they just wrote down all their passwords. Of course, they had desks with working locks.)
Nowadays, thankfully, I work in a much saner environment: I have all of four passwords to remember, all of which I use daily, and one of which I can use the default Linux generator for.
Friday, November 28, 2008
Review: The Master of Five Magics
The Master of Five Magics is a science-fiction novel by Lyndon Hardy (first published in 1980), centering around the travails of Alodar as he studies the five arts of thaumaturgy, alchemy, magic, sorcery, and wizardry.
Yes, I said "science-fiction." No, that's not a spoiler for a plot twist involving Sufficiently Advanced Technology; it's a description of the narrative rather than the trappings. The Master of Five Magics is written very much in the style of classic SF rather than any flavor of fantasy.
While the five arts (I avoid saying "magics" due to the awkward name of the third art) are largely treated as sciences, laws and all — thaumaturges and alchemists especially are referred to, quite accurately, as "craftsmen" — this is only a small part of what makes it SF. Rather, it's the reactions of the characters to everything, and the peripheral details of the culture in which it's set.
It's very much the fantasy of the Age of Reason, in which humanity has set aside its fear of the unknown and hatred of the different. One demon notes "[y]ou mortals pride yourself on your logic." The closest thing to superstition there is in the world is an aversion to looking too long into flames lest a demon try to possess you — and this is in fact a totally valid warning; it forms the foundation of the fifth art, wizardry.
One of the more curious parts (for an alleged fantasy novel) is the complete atheism of the book. As mentioned, there are demons, but a slip of the will when dealing with them yields possession and torment in this world; there's no mention of an afterlife, and certainly no thought of a human being able to enter the demons' realm. Similarly, the concept of gods simply doesn't seem to exist at all, in sharp contrast to the fantasy novels of, say, Robert E. Howard ("By Crom!"), or J. R. R. Tolkien, or, probably, any fantasy author who's ever taken a course in anthropology or classical literature. (Or, alternately, played D&D.) The most common oath throughout the book is "By the laws," in context clearly meaning the laws of nature or of the arts (usually thaumaturgy) — which has more in common with, say, Isaac Asimov's Foundation Series' use of "Space!" or "Galaxy!" than with the preceding two.
Misclassification aside, it's a diverting read. On a scale of 1 to 1, it's easily a 1; despite its late publication date, I have no qualms recommending it to anyone else who enjoys the science fiction of the Atomic Age.
Yes, I said "science-fiction." No, that's not a spoiler for a plot twist involving Sufficiently Advanced Technology; it's a description of the narrative rather than the trappings. The Master of Five Magics is written very much in the style of classic SF rather than any flavor of fantasy.
While the five arts (I avoid saying "magics" due to the awkward name of the third art) are largely treated as sciences, laws and all — thaumaturges and alchemists especially are referred to, quite accurately, as "craftsmen" — this is only a small part of what makes it SF. Rather, it's the reactions of the characters to everything, and the peripheral details of the culture in which it's set.
It's very much the fantasy of the Age of Reason, in which humanity has set aside its fear of the unknown and hatred of the different. One demon notes "[y]ou mortals pride yourself on your logic." The closest thing to superstition there is in the world is an aversion to looking too long into flames lest a demon try to possess you — and this is in fact a totally valid warning; it forms the foundation of the fifth art, wizardry.
One of the more curious parts (for an alleged fantasy novel) is the complete atheism of the book. As mentioned, there are demons, but a slip of the will when dealing with them yields possession and torment in this world; there's no mention of an afterlife, and certainly no thought of a human being able to enter the demons' realm. Similarly, the concept of gods simply doesn't seem to exist at all, in sharp contrast to the fantasy novels of, say, Robert E. Howard ("By Crom!"), or J. R. R. Tolkien, or, probably, any fantasy author who's ever taken a course in anthropology or classical literature. (Or, alternately, played D&D.) The most common oath throughout the book is "By the laws," in context clearly meaning the laws of nature or of the arts (usually thaumaturgy) — which has more in common with, say, Isaac Asimov's Foundation Series' use of "Space!" or "Galaxy!" than with the preceding two.
Misclassification aside, it's a diverting read. On a scale of 1 to 1, it's easily a 1; despite its late publication date, I have no qualms recommending it to anyone else who enjoys the science fiction of the Atomic Age.
Thursday, November 27, 2008
A story fragment
Honestly I expect everyone reading this to fall into at least one of the following three categories:
You wince awake. The sun on the horizon is directly in your eyes, turning the visible sliver of sky an appalling flavor of orange. You try to move your lips, but nothing comes out at first.
You turn your head to one side, and almost throw up in the process. Poison, you think somewhat deliriously. Probably just intended to incapacitate, or else you'd already be dead. The tear in your side might be lethal yet, though.
You stare at the river beneath you for a moment, its waters just disturbed enough by the boat's passage that you can't make out any reflections. The boat's railing wobbles slightly, but unpleasantly, under your shoulder.
Ripe mikan hang from the orderly rows of trees on the bank beyond. You recognize the orchards, or think you do — if you're right, you're already back across the border and well inside. You must be; otherwise it'd be a death sentence to be lying about in the open like this. How long were you out?
You take a few deeper breaths, trying to steady your mind as you consider your own physical state. It can't have been too long; your wound hasn't healed significantly. It's been bandaged tightly, but blood has leaked through. You're also bruised roughly everywhere.
"Hey," she says, quietly. "Are you awake?"
You catch yourself wondering for a moment, but bite back your first response. Hiwa probably wouldn't appreciate a dissertation on Zhuang Zi or illusion techniques and, frankly, you've no ability to give one.
"... I think," you eventually force out. It feels like there's someone sitting on your chest — someone with a predilection for cake and an aversion to exercise.
You turn back, and the glutton in question gains about twenty kin as you meet her eyes. They're not the eyes you knew.
"... where's Akira?" you hear yourself asking. Demanding. Accusing.
She doesn't flinch. You wouldn't have expected her to, golden child of her family that she is... but there are tears. There have been tears, you realize; and as she closes her eyes for a moment before replying, her face is briefly familiar again.
"It was him or you," she says softly.
Suddenly you can't meet those eyes anymore. She turns away, mercifully hiding them, leaving you staring at the stylized white-and-red fan on the back of her happi.
There are probably words to be said, but neither of you can find them.
- People who won't get the underlying reference, because it's from before their time.
- People who won't recognize the surface context, because it's from after their time.
- Me.
You wince awake. The sun on the horizon is directly in your eyes, turning the visible sliver of sky an appalling flavor of orange. You try to move your lips, but nothing comes out at first.
You turn your head to one side, and almost throw up in the process. Poison, you think somewhat deliriously. Probably just intended to incapacitate, or else you'd already be dead. The tear in your side might be lethal yet, though.
You stare at the river beneath you for a moment, its waters just disturbed enough by the boat's passage that you can't make out any reflections. The boat's railing wobbles slightly, but unpleasantly, under your shoulder.
Ripe mikan hang from the orderly rows of trees on the bank beyond. You recognize the orchards, or think you do — if you're right, you're already back across the border and well inside. You must be; otherwise it'd be a death sentence to be lying about in the open like this. How long were you out?
You take a few deeper breaths, trying to steady your mind as you consider your own physical state. It can't have been too long; your wound hasn't healed significantly. It's been bandaged tightly, but blood has leaked through. You're also bruised roughly everywhere.
"Hey," she says, quietly. "Are you awake?"
You catch yourself wondering for a moment, but bite back your first response. Hiwa probably wouldn't appreciate a dissertation on Zhuang Zi or illusion techniques and, frankly, you've no ability to give one.
"... I think," you eventually force out. It feels like there's someone sitting on your chest — someone with a predilection for cake and an aversion to exercise.
You turn back, and the glutton in question gains about twenty kin as you meet her eyes. They're not the eyes you knew.
"... where's Akira?" you hear yourself asking. Demanding. Accusing.
She doesn't flinch. You wouldn't have expected her to, golden child of her family that she is... but there are tears. There have been tears, you realize; and as she closes her eyes for a moment before replying, her face is briefly familiar again.
"It was him or you," she says softly.
Suddenly you can't meet those eyes anymore. She turns away, mercifully hiding them, leaving you staring at the stylized white-and-red fan on the back of her happi.
There are probably words to be said, but neither of you can find them.
Wednesday, November 26, 2008
Zebra Crossing
... usually, in this context, spelled ZXing.
ZXing is, at its heart, a barcode scanner for mobile phones implemented in software. This is very useful to application writers: I believe ShopSavvy (mentioned previously) includes a copy of ZXing internally in order to scan barcodes. ZXing is also capable of creating barcodes that other devices can then read off of the phone's screen. It's a nifty library, with a lot of potential uses.
However, ZXing (named simply Barcode Scanner in the official standalone version on the Android Market) seems also to have aspirations of direct use as a social application. In at least the Android version of the app, code exists that will, at the request of another application, read one's contacts list and display a barcode on the phone's screen representing a contact's information.
This is not really a good thing, for several reasons.
It's not that the act of sharing contact information is inherently bad. Barcodes are probably a more secure method than most to do so, at that: they're relatively difficult to intercept from across the room, which isn't necessarily true of even encrypted Bluetooth. It even implicitly contains the promise of eventually being able to do so in a cross-platform way, so that iPhones and Android devices can share contact information with relative equanimity.
But letting a common library — which Barcode Scanner is — have access to contact information isn't really safe. It's possible that it could be tricked into returning contact information, or some other variant of a confused deputy situation. It doesn't appear to verify that the calling application has any sort of access to the contacts list, either.
Furthermore, seeing "read contacts, write contacts, full Internet access" in the permissions-request list — with no explanation given in the application description — should be setting off warning signals in the user's head, as it did mine: "wait, you want to do what?" I'm aware that the vast majority of users invariably ignore message boxes, but I'd really prefer they not have reason to do so.
This would all be easily resolvable simply by separating out the contacts-access code into a separate application from the barcode-reading/displaying library: the former would request and declare reading and writing of contacts, and the latter would have and need no permissions beyond camera access.
(In point of fact, as ZXing is open-source, I was able to browse the code and confirm that the potential security issues remain potential rather than actual. But I really shouldn't have had to.)
ZXing is, at its heart, a barcode scanner for mobile phones implemented in software. This is very useful to application writers: I believe ShopSavvy (mentioned previously) includes a copy of ZXing internally in order to scan barcodes. ZXing is also capable of creating barcodes that other devices can then read off of the phone's screen. It's a nifty library, with a lot of potential uses.
However, ZXing (named simply Barcode Scanner in the official standalone version on the Android Market) seems also to have aspirations of direct use as a social application. In at least the Android version of the app, code exists that will, at the request of another application, read one's contacts list and display a barcode on the phone's screen representing a contact's information.
This is not really a good thing, for several reasons.
It's not that the act of sharing contact information is inherently bad. Barcodes are probably a more secure method than most to do so, at that: they're relatively difficult to intercept from across the room, which isn't necessarily true of even encrypted Bluetooth. It even implicitly contains the promise of eventually being able to do so in a cross-platform way, so that iPhones and Android devices can share contact information with relative equanimity.
But letting a common library — which Barcode Scanner is — have access to contact information isn't really safe. It's possible that it could be tricked into returning contact information, or some other variant of a confused deputy situation. It doesn't appear to verify that the calling application has any sort of access to the contacts list, either.
Furthermore, seeing "read contacts, write contacts, full Internet access" in the permissions-request list — with no explanation given in the application description — should be setting off warning signals in the user's head, as it did mine: "wait, you want to do what?" I'm aware that the vast majority of users invariably ignore message boxes, but I'd really prefer they not have reason to do so.
This would all be easily resolvable simply by separating out the contacts-access code into a separate application from the barcode-reading/displaying library: the former would request and declare reading and writing of contacts, and the latter would have and need no permissions beyond camera access.
(In point of fact, as ZXing is open-source, I was able to browse the code and confirm that the potential security issues remain potential rather than actual. But I really shouldn't have had to.)
Tuesday, November 25, 2008
The G1
So you've probably at least heard of the G1, possibly by its more common epithet "the Google phone". And, well, it is what it is; it's a phone-sized computer with a phone attached, and now I can play Zork anywhere, at any time. At least until I get a phone call, or need to make one.
The G1 is the first modern phone that I've owned: my last phone was a Motorola RAZR, whose UI was painful for anything but making calls by dialing the number. I've never texted much (see previous post); honestly I got the G1 mostly for a) mobile access to maps, b) mobile access to the Internet, and c) geek cred. (Yes, technically b subsumes a.) So far, in the month or so that I've had it, I've used it just enough not to be sure whether or not the additional $25 charge for the data plan is actually worth it. (I'll give it a full year and see.)
The touch-screen itself is consistent, but kind of irritating at times: the mechanism it uses apparently is heat-sensitive as well as touch-sensitive, since tapping it with a fingernail or stylus yields no reaction. (Although I just ran a DS stylus under hot water for a minute or so and tried that, and still got no reaction; this demonstrates nothing, since the stylus probably wasn't up to body temperature, but.) For all that, it is generally responsive when you actually want it to be. It's single-touch, not multi-touch like the iPhone, but I don't feel the lack.
The third-party applications currently available are a mixed lot. Too many are painfully unprofessional and unpolished. Worse, many of them request completely inappropriate things: ZXing, a barcode scanner application (listed simply as "Barcode Scanner" on Android Market), requests read and write access to one's contact list, as well as full internet access. Why does a barcode scanner need these things? (Answer: it doesn't, and I'll cover what's up with ZXing in detail in my next post.) However, there is still the occasional gem, such as Twisty (alluded to above), a Java implementation of the Z-machine, or ShopSavvy, a program that — given a barcode in the camera view — looks online for the best prices for that product near your current location.
The camera isn't, to my admittedly unprofessional eye, of very good quality: everything seems to be consistently reddish, and somewhat grainy, at least as displayed in the full-screen preview. (It's possible that actual pictures turn out better; I haven't done any serious testing on it.)
All in all, it's definitely an improvement over my old RAZR; as an early adopter of Android, I suppose I can't ask more than that of it yet. On a scale of 1 to 1, I give it a tentative 1.
The G1 is the first modern phone that I've owned: my last phone was a Motorola RAZR, whose UI was painful for anything but making calls by dialing the number. I've never texted much (see previous post); honestly I got the G1 mostly for a) mobile access to maps, b) mobile access to the Internet, and c) geek cred. (Yes, technically b subsumes a.) So far, in the month or so that I've had it, I've used it just enough not to be sure whether or not the additional $25 charge for the data plan is actually worth it. (I'll give it a full year and see.)
The touch-screen itself is consistent, but kind of irritating at times: the mechanism it uses apparently is heat-sensitive as well as touch-sensitive, since tapping it with a fingernail or stylus yields no reaction. (Although I just ran a DS stylus under hot water for a minute or so and tried that, and still got no reaction; this demonstrates nothing, since the stylus probably wasn't up to body temperature, but.) For all that, it is generally responsive when you actually want it to be. It's single-touch, not multi-touch like the iPhone, but I don't feel the lack.
The third-party applications currently available are a mixed lot. Too many are painfully unprofessional and unpolished. Worse, many of them request completely inappropriate things: ZXing, a barcode scanner application (listed simply as "Barcode Scanner" on Android Market), requests read and write access to one's contact list, as well as full internet access. Why does a barcode scanner need these things? (Answer: it doesn't, and I'll cover what's up with ZXing in detail in my next post.) However, there is still the occasional gem, such as Twisty (alluded to above), a Java implementation of the Z-machine, or ShopSavvy, a program that — given a barcode in the camera view — looks online for the best prices for that product near your current location.
The camera isn't, to my admittedly unprofessional eye, of very good quality: everything seems to be consistently reddish, and somewhat grainy, at least as displayed in the full-screen preview. (It's possible that actual pictures turn out better; I haven't done any serious testing on it.)
All in all, it's definitely an improvement over my old RAZR; as an early adopter of Android, I suppose I can't ask more than that of it yet. On a scale of 1 to 1, I give it a tentative 1.
Monday, November 24, 2008
The Purpose of this Blog
I hate writing.
This is probably due to the fact that it takes me half of forever to get words on a page. This is partially due to a lack of typing skill (50-60 WPM on a good day) but more from never being satisfied with a sentence or a paragraph or a letter; I continually revisit and revise, adding or shifting comments, until I eventually tire of the mess and hit either Send or Print — leaving in some places dangling parts and participles, ill-turned phrases, and jagged fragments of thought not safe for human consumption, and in others a baroque festoonery of nested adjectival clauses, indefinitely conjoined sentences, and simple purple prose.
So, I hereby make the following promise to you, O Internet: to write at least one blog entry every single day for a full year, each about a specific topic, each containing at least one hundred twenty-eight unique words — doubling halfway through. (And you're full of scary, scary people, O Internet, so I'd better keep that promise, hadn't I?)
I'm also going to set myself the following ground rules, because if I don't I'll talk myself into letting them slide sooner or later.
*And by "we" I probably mean "me".
This is probably due to the fact that it takes me half of forever to get words on a page. This is partially due to a lack of typing skill (50-60 WPM on a good day) but more from never being satisfied with a sentence or a paragraph or a letter; I continually revisit and revise, adding or shifting comments, until I eventually tire of the mess and hit either Send or Print — leaving in some places dangling parts and participles, ill-turned phrases, and jagged fragments of thought not safe for human consumption, and in others a baroque festoonery of nested adjectival clauses, indefinitely conjoined sentences, and simple purple prose.
So, I hereby make the following promise to you, O Internet: to write at least one blog entry every single day for a full year, each about a specific topic, each containing at least one hundred twenty-eight unique words — doubling halfway through. (And you're full of scary, scary people, O Internet, so I'd better keep that promise, hadn't I?)
I'm also going to set myself the following ground rules, because if I don't I'll talk myself into letting them slide sooner or later.
- A picture is worth exactly zero words, as are embedded objects, markup, and quotations of other people.
- Unique word-count is measured by
cat | tr -c '[:alpha:]' \\n | tr A-Z a-z | sort | uniq | wc | awk '{print \$2}'after the above are removed. - No days missed except in case of illness or computer failure.
- No Internet memes.
- No self-reference or reflection on the fact that I'm writing and that this is a blog, except on May or November 24th, unless it's directly affected my life in a notable way —
- — and, very specifically, no complaining about how hard it is to meet these restrictions, nor about my own writing at all.
- No more than one footnote in any seven-day period (except for citation of references).
*And by "we" I probably mean "me".
Subscribe to:
Posts (Atom)
