July 2008 Archives

I'm incredibly moved by Randy Pausch's "Last Lecture" video a touching survey of his career, being alive, learning, and technology. This lecture becomes more poignant with his passing. Dr. Pausch was a heavy wieght in VR and had a particularly charming manner. His goals were holistic and joyful.

He's most recent project legacy is Alice; learning software to teach programming through building virtual worlds. I love this! I spent so many hours playing Rocky's Boots [2] on the Commodore64. Rocky's Boots, a 2D "virtual reality" program, allowed you to run around a "dungeon room" environment. Each room had circuits and a written lesson on the circuit.

The trick with Rocky's Boots was to drag all the generators and circuits into the final room so that you could build really complicated machines. We would NOT reboot the computer so that we could keep the room's state. You can play it on an emulator still :)

I like engineering learning software. I cultivate fantasies of creating kinesthetic software for choreagraphers and first person shooter games for learning taxonomies (biology, chemistry, history...). This software was important to me where it was available; Rocky's Boots, Math Invaders, Letter Invaders. 2nd life is making its way into universities fast (including ours). I believe much of my learning all through school could have been massively accelerated. Quoting Dr. Pauschs's Lecture, "[...] particularly with middle school girls, if you present it as a story telling exercise, they are perfectly willing to learn how to write computer software." Being a boy, commanding "robots" around with the boot, was gratifying. But maybe stories and relationships are better for girls. It's about finding the right context; statistically for a group and individually for a person

Dr. Pausch was inspiring; dreams, life, learning, and engineering. He did it all and, I believe, left an indelible mark at the beginning of a great journey.

You know SSL is the murkiest IT market out their. It's jargon laden. The technologies are obfuscated. The very goal of the industry, security, tends toward limiting knowledge.

If you've played with intermmediate certificate authorities (like godaddy), then you probably know some of the pain of configuring certs for different applications. You usually test with your browser and are frustrated with continual "Invalid Certificate" prompts. Here's a command line way to check your SSL negotiation for HTTPS (or an SSL over TCP).

 echo GET | openssl s_client -connect www.google.com:443 -state

This sends and HTTP GET request to www.google.com on TCP port 443. The output helps you analyze the certificate chain and certificate contents. The output looks like this.

CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQPI06ZO4Y3RtzC6GS7viYGzANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wODA1MDIxNzAyNTVaFw0w
OTA1MDIxNzAyNTVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcw
FQYDVQQDEw53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAmxntXaVWr0lm23n9whx4Tk8RpYqs4pTu4+JLwAMlp5nMZeHslK6u8KeZvBDX
7YcwR81Q+a/T0/QLjUeKLuLOU5uRmX8eXPkb1umTZ+NK+M/EjAxo0ZdURw4KJDCn
gpSu3q4/v7oUxviykI42reHQvhaas15yOEnadKE//9KHge0CAwEAAaOB5zCB5DAo
BgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATA2BgNVHR8E
LzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU0dDQ0EuY3Js
MHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3Rl
LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRv
cnkvVGhhd3RlX1NHQ19DQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUF
AAOBgQAxCmyinulUGRZomZHWQ8trtMxszLD78e6BvwArb1ASxq8CKjbBKN7FTFYg
bfU9QrkYgSCy3Vdd674yhFBFUW7N5C4qOIifUu0o//yNV7WtZK5NDg7ZPay4/mZM
FY9EUvp8PATtfzdhBP7V6bmwnv6lEWnJY9ZGgW8A2HIvgjdEwQ==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 1765 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: FA90A39B0BD274C71247A40506D5BBA3B1107CB1C5FE7C246B0354D703ED405B
    Session-ID-ctx:
    Master-Key: 04DC328CB4B2D392FE9FFC5B85015311456C5EF6412F9A47BBFBB4D6E38B9721
51080984DD8A6E52872AE5E773C149E1
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1216690549
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

From the Pwnie site

The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community. It is also very, very funny.

Wordpess was nominated for the "Mass 0wnage" category. Note the link to Common Vulnerabilities Exposure data. Wordpress has had like 50 in the last year. Movable type has had four in their entire history. This on the heels of my switch to MovableType is reaffirming.

Using my scanner, I did a whole bunch of old pictures via the sheet feeder. Someday I'll post how I rev-engineered that device to run my custom scan handlers. These images aren't fantastic quality, but at least they are online and out of the box. The originals are safely sealed up in the crawl space. The scanner only feasibly does PDFs (with jpg compression, the irony). So this bash for loop that calls ImageMagick's "convert" is a handy way to split up the pdfs into a jpg per page.

for i in *.pdf;do echo $i
    convert -quality 100 $i `echo $i | sed -e 's/\.pdf/-%d\.jpg/g'`
done

It says for every PDF use convert at 100% JPEG quality. The nasty backtick echo at the end converts FILE.pdf to FILE-%d.jpg. %d is convert's way of numbering the pages. If you don't use %d you'll just get a single jpg from a multi page pdf.

Nial Kennedy has a nice post on setting up google site maps for your blog. I extended his example by including more than just the blogs. I added my own static pages to the XML feed. I also use the MT markup to include my MT pages (as opposed to entries). Here it is. If the code wrap is ugly on a smaller screen, then click the permalink.

<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://google.com/schemas/sitemap/0.84">

<url>
<loc><$MTBlogURL encode_xml="1"$></loc>
<priority>1.0</priority>
</url>


<url>
<loc>http://jimweller.com/jim-weller/jim/dbsgmlqs/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>

<url>
<loc>http://jimweller.com/jim-weller/jim/java_proc_sched/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>

<url>
<loc>http://jimweller.com/jim-weller/jim/palmdevqs/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>
<url>
<loc>http://jimweller.com/jim-weller/jim/titrax/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>
<url>
<loc>http://jimweller.com/jim-weller/jim/lfw/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>
<url>
<loc>http://jimweller.com/jim-weller/jim/wedding/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>
<url>
<loc>http://jimweller.com/jim-weller/jim/vc98asmqs/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>
<url>
<loc>http://jimweller.com/jim-weller/jim/dbxmlqs/</loc>
<lastmod><$MTDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
</url>


<MTpages lastn="9999">
	<url>
	<loc><$MTPagePermalink encode_xml="1"$></loc>
	<lastmod><$MTPageModifiedDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
	</url>
</MTpages>


<MTEntries lastn="9999">
	<url>
	<loc><$MTEntryPermalink encode_xml="1"$></loc>
	<lastmod><$MTEntryModifiedDate utc="1" format="%Y-%m-%dT%H:%M:%SZ"$></lastmod>
	</url>
</MTEntries>

</urlset> 

After all the security problems I had with my wordpress site, I did a little research. Wordpress is not very secure. I switched over to Movable Type (MT). MT uses a static publishing model which is inherently more secure (no dynamic database code run by the internet user). The import was pretty easy since movable type can import wordpress' export format. So all the stories were a snap. MovableType's skinning & templating took maybe 2 days. MT's skinning framework is reasonable if a little scattered. I had to move my "recent" lists over to postgres. Thankfully I got to recycle a lot of my plugin code because MovableType can execute php code. My personal php is easy to secure since it is so simple.

So, I'm up with the font page facade. There are still a lot of broken links to deal with (mostly with rewrite rules). Then sit back and wait for the crawlers to catch up.