Tophography

I had to start learning Perl this week for a little project that I was assigned. I spent most of Tuesday reading out of Programming Perl, and then spent all of Wednesday porting a Bourne Shell script over to Perl. Even though reading from the Camel book for 8 hours in one day was not particularly enjoyable, I now feel like I’ve finally gotten over the hump. Okay, now that I’ve shared that gem of a pun with you, let me also share the real reason for this post. I’ve found Perl to be somewhat artistically inspiring, and in honor of the language, I’ve created this fine piece of art that I now present to the world.

And remember,
Real Men use strict;

Whenever I’ve listened to somebody give an explanation of RAID, they always emphasize the point that “RAID is not a backup.” It’s a good point to make because people often assume otherwise. I just read an interesting article (also) about a Swedish hacker that set up a bunch of TOR exit-nodes, and sniffed the traffic. That’s right, TOR is not encryption. We all know what happens when we assume, and assumptions are especially unacceptable when making important decisions about security.

I’m sure that I had a lot more to say about this when I stuck this in my draft section almost 3 months ago, but it’s been so long that I think I’ll just be done with it.

Last night, I found myself wandering the unfortunately named Provo Towne Centre Mall. Firefox knows my locale, which, as far as I know, is also the same locale of the mall in south Provo. Because of this, Firefox is sufficiently intelligent to inform me that I spelled both “Towne” and “Centre” incorrectly, given my locale. Every time I see a sign owned by a person who apparently believes that British-izing their spelling makes things quaint or chic, I feel the need to offer the public the same courtesy that Firefox gives me, and spray-paint a large, red, squiggly line underneath the offensive words.

Perhaps I shouldn’t be so judgmental. For all I know, the mall might exist is some “Little Britain” district of south Provo. It’s possible that in March of 1962, there was a great cod scarcity in the Atlantic, brought about the conceivable over-fishing of cod during the previous decade. This conceivable over-fishing could have been due to certain advances in frying techniques that might have been made in 1953, making the old, British standard of fish and chips even more popular. It’s logical to assume that if this potential string of events did, in fact, occur, that it could have lead to a great rise in a unemployment in those who worked in the fishing industry, leading to a possible exodus of British fishermen ending up in south Provo, and working for Geneva Steel, and thereby justifying the spelling on the Provo Towne Centre Mall’s sign. I have very little reason to believe that such events actually took place, but I really don’t have reason to believe that they didn’t.

I imagine that if you are still reading this, it’s only to discover what on earth all of this has to do with colonial jurisprudence. I’ll explain. Finding myself in strange and disagreeable surroundings, I sought out something more akin to my natural habitat. That, of course, would be WaldenBooks. I had about 30 minutes until my group’s table would be ready and I would have to return to the restaurant, so I spend about 35 minutes in the bookstore. This led to a small amount of philosophical introspection, which I promise will eventually explain the title of this posting.

Lately, I’ve been spending quite a bit of my time reading and browsing through bookstores. Some of the books that I’ve acquired over the last month include a collection of Ayn Rand’s early works, Origin of Species, 3 Theodore Roosevelt biographies, and a collection of food articles by Mark Levy. Not only am I spending more time reading, but I’m also reading more widely. I thoroughly enjoy it, and I also appreciate everything that I’ve learned and the different set of ideas that I have to contemplate, but I also am worried that maybe this isn’t the best use of my time. To reference two talks by Elder Oaks, sometimes I wonder if I could be labeled as one who is “ever learning, but never coming to a knowledge of the truth,” or even one who is sacrificing great things in order to busy myself with things that are just good.

This all leads up to the latest manifestation of my possibly unhealthy interest in reading. That would be me, curled up in my bed on a Saturday afternoon, reading about colonial jurisprudence from a copy of “A History of American Law,” which I bought last night at WaldenBooks, in the Provo Towne Centre Mall.

Ever since I first started to to explore the Internet, I’ve come across quite a few writings discussing what it means to be a nerd. The wording is different, and sometimes I’ve even seen pieces completely focused on distinguishing the terms geek, nerd, and dork. The first write-up that I remember reading was a rather adolescent essay called, “The Conscience of a Hacker by somebody with the rather pretentious moniker of, “The Mentor.” Every so often, another piece would show up on Slashdot, many of them from people within the FOSS (Free/Open Source Software) movement, like Eric S. Raymond.

Most of the things I’ve read have been entertaining, for a nerd/geek like myself, but still rather broad and obvious. I came across a new one today (when I should have been finishing my programming project) that I found to be rather insightful. I identified with a number of points that the writer made. I especially enjoyed his comments about “The Cave” that nerds will use as a retreat/workspace. After reading it, I realized that, during the past month, I’ve caught myself spending quite a bit of time trying to turn my bedroom into a suitable Cave.

So, have a look-sie, and get to know your nerd (or yourself) a little better. Not every nerd will fit neatly into this mold, but I think that most of what he has to say is generally applicable.

In case you missed the link, this was the whole reason behind this post.
http://www.randsinrepose.com/archives/2007/11/11/the_nerd_handbook.html

I found myself in Harmon’s last week. Harmon’s is the best (as far as I know) grocery store in Utah county. It’s one of my favorite places around Provo, along with Borders, the used-book store on Center Street, and (occasionally) Bed Bath & Beyond. During this trip to Harmon’s, I focused all of my attention on just two areas, the meats, and the cheeses. For the past month, I’ve been eating an unusual (for me, anyway) amount of cheese and sausage. Mostly Italian sausages and bratwurst, not those 3-foot long beef logs that you get for Christmas.

I suppose the cheese thing started at our Freakishly Fantastic Fun-Filled Fischer Family Fiesta in July. My sister and my brother-in-law, Duben (a self-described cheese-lover), organized a cheese night for us. One of the cheeses that they served was called Dublin, from an Irish cheese-maker called Kerrygold. It was delicious. In fact, it IS delicious. I’m snacking on a bit of it right now (don’t worry, it’s a new block). Well, the cheese night was fun, and that was that until the first weekend in October. On the Friday before General Conference, I found myself craving delicious food. If I had a girlfriend, we would have immediately left for Carrabba’s. As I don’t, and I’m not one to dine out alone, I went out to forage in Provo’s grocery stores. Three grocery stores and 25 dollars later, I came home with a wedge of Parmigiano Regiano, two different kinds of Irish cheese, and some spicy, Italian sausages. I deemed the evening a success.

So, back to Harmon’s. After the Kerrygolds and Parmesan, I wanted something even more interesting. And what’s more interesting than a cheese that you’ve never even heard of? I found a couple strange cheeses, like the local varieties (who knew Utah had a cheesemaker?), and a couple others. I finally settled on a small wedge of something called Morbier. It was the perfect choice, I had never heard of it before, it was a semi-soft (I’m not very familiar with anything but hard cheeses), and it had a line of blueish-green stuff that ran through the middle of it. After a quick perusal of the meat selection, I also discovered that Harmon’s makes its own sausages. I felt patriotically obliged to buy a package labeled, “Greek Chicken Sausage.”

During my time as a missionary in Puerto Rico, there was a certain smell that I grew accustomed to while traveling on country roads. This specific smell was that of the occasional bloated, dead dog that one can always find along the roads of the Puerto Rican campo. This smell is also very similar to that of an unwrapped piece of Morbier cheese. It was amidst memories of biking along dusty, country roads that I steeled my nerves in preparation to place the smallest piece of this cheese into my mouth, all while my olfactory system was telling my gastrointestinal system that my muscular system was about to do something very stupid. Well, no surprises here. It tasted like it smelled, and that sums up my entire relationship with Morbier cheese.

Feeling rather dejected after being defeated by a 7 ounce wedge of French cheese, I opened my package of Greek Chicken sausages, and grilled them on balcony. After my first bite, I felt that the evening might yet be saved. My tongue’s attention was completely distracted by the taste of Feta, chicken, and various herbs. I smiled, and went back for more. It wasn’t until my third or fourth bite that my tongue fully regained its senses enough to inform me that the sausage was extremely dry. I have a small suspicion that I tend to overcook my sausages, but I don’t think I can take all the blame for the poor condition of this one. By the time I moved on to my second piece of sausage, the only thing that kept me going was my deeply rooted sense of obligation to certain nameless, starving children in China. I think it is horribly tragic that, with our advances in agricultural techniques, anybody is allowed to go starving, and that anybody could create such an unfortunate piece of sausage.

A rather long time ago, I started doing some research into a network attack technique called “arpspoofing.” My proof-of-concept attack consisted of my laptop attacking my lab workstation. As my workstation requested the BYU home page, my laptop would drop the request before it ever left the lab, and send an altered version of the webpage back to my workstation. Instead of sending my username and password to BYU, they would just be sent to my laptop.

This took me a very long time. Instead of looking for some high-level way to do this, I got down and dirty with pcap. It was very interesting to implement, and I learned quite a bit about Ethernet, ARP, IP, and TCP. Unfortunately, it was mostly one big dirty hack that was locked into attacking my workstation, and only serving up a bad BYU home page.

Months later, as I was working on a poster to inform people about how to avoid such attacks, I came up with a way to do the same thing with Squid. It only took me a few hours, and I had similar attacks set up for BYU, Washington Mutual, and Hotmail. Later, I was even able to produce an attack on BYU’s old “Secure Sign-In” page by subverting one of the javascript files that it referenced (this is why we don’t mix secure and insecure content on our webpages, children).

So, I later finished my poster (after a copy was sent to BYU’s IT dept.), and it stayed up for about a week. If you look at it, you’ll notice that it lists a few vulnerable websites at the bottom of the poster. A curious student happened to read the poster, and then call up his bank (most likely WaMu) and tell them that their website is insecure (it still is). Of course, the tech at WaMu told the student that there was nothing to be concerned about. Somewhere in the conversation, the student said that he had seen a poster at BYU that said this and that about their website. Eventually somebody at WaMu called somebody at BYU, and that somebody called the CS department, and then my poster was no more.

But, some good did come out of it. This morning, one of my lab-mates emailed me this link. BYU as locked down their “Secure Sign-In” link, and now they’re going to get rid of the completely insecure login form that’s been on their home page for years. Yea-ah.

So there you go. That was a rather long rant. Also, if you’re curious about WaMu’s website, yes, it’s insecure. It’s not a HUGE problem, but here’s what can happen: When I’m plugged into a network, I can point my attacking program against any other machine on the local network, and if that person logs into WaMu’s homepage, I’ll get their password, and they’ll have no way of knowing. The victim logs in just fine without any hiccups. I’ve also be told that this attack can work over wireless too. If you want to be sure that you’re not being attacked, just submit an empty form, and it will take you to a secure page.

Telnet is a wonderful tool for sysadmins and network application programmers. If you ever find yourself wearing either of these hats, you’ve got to know how to use telnet. Though, sometimes telnet requires a little too much from the user in order to get anything done. Netcat to the rescue! This is a tool that I’ve seen used before, but only recently really looked in to. Netcat (’nc’) can be used as a server or a client, Netcat can be used to transmit files, Netcat can even be used as a port-scanner. Once I found myself trying to debug a web server with telnet. It was a pain to type in all the HTTP request headers by hand. If I would have known about Netcat, I could have just done this each time:
nc host 80 < request.txt
and just edited the request.txt file each time I wanted to try something different. Go read the man page (man nc), it’s actually well-written.

Now for the next cool tool! Ever wanted to do some testing on a server that uses TLS/SSL? Telnet obviously isn’t the answer. OpenSSL to the rescue!  s_client lets you have the simple power of telnet, but it takes care of all the overhead of TLS/SSL.  You can use s_client to test a server to find out if it will allow SSL2 sessions, or find out what happens if the client only requests certain ciphers.  s_server gives you similar control from the server side.

Here at UTOSC (the Utah Open Source Conference), I’ve found some very reliable evidence for which editor is better. After examining the sticker table, I found that the Vim stickers completely disappeared, while there are still a large number of Emacs stickers. I’m sure you all agree that this can finally end the debate.

I’ve always heard that the hot springs around Utah Valley are frequented by naked hippies. Fortunately, this is wasn’t the case last night. I do have a soft spot in my heart especially set apart for hippies, but only for those hippies who are properly dressed. Preferably in some stylish tye-die apparel.

But getting on to the point. We had a fun little jaunt down to Spanish Fork on Friday night. There was a bit of concern, initially, about whether or not the mountain was on fire, but I suppose that we lucked out. We also benefited from the experience of Ms. Vernon, who had previously been to the hot springs before. It’s always nice to be looking for something with somebody who has a good idea of how to find it. This contrasts somewhat with the time I went to search for Nutty Putty caves, and drove around for a couple of hours looking for it, before we finally gave up and went home.

The hike in was easy, though it did take us around an hour. I’m sure that those in a hurry could easily do it in half the time. We only saw two or three other groups at the hot springs when we got there. We had passed a few groups on the trail that were heading out. The first spot we looked at was actually a bit too hot for our liking, so we went downstream a bit, and found a nice little pool that was goldilocks-ion perfection. We discovered a rather slimy moss on some of the rocks under the water that we affectionately named, “Dragon Snot.” The discovery of which, being the highlight of the trip (for me, anyway).

For those interested in the springs, here’s a link to a google map that I think shows the correct trail. Just watch out for those hippies. I’ve heard too many rumors to completely disregard.

My friend Victoria went to a 3-year-old’s birthday party over the weekend, and had decided that lucky birthday-girl needed a Hello Kitty cake in order to properly celebrate. I didn’t think it was going to be a big deal, but I didn’t think it was going to be that fun either. She left Friday night, so we started working on it around 1:00p on Friday. Earlier that week, I had baked a cake in a cookie-sheet to see how it would come out. Some of you may be thinking, “Duh. What did you think it was going to do?” But I had never seen it done, or heard of it being done before. It came out looking fine, even though I forgot the oil, so I decided that cookie-sheet cakes would work.

Anyway, I’ll hopefully put up some sort of tutorial on how it all played out, and some suggestions I have for an even smoother operation, but for now, I’ll just present you with the finished product. By the way, it turned out to be a whole lotta fun, even though it took about 6 hours.