~/traviscj

I’ve finally gotten all of my Brazil trip stuff together, I think! I needed to get a checkup for the Concurrent Enrollment forms, which was far less intense than I had expected. The doctor basically told me I had already read on the CDC website, prescribed me several pills(typhoid meds, cipro in case I got a bug down there, an albuterol refill), typed up what I had just scribbled out onto the CE form, and said ‘Have a nice trip!’

Next up, I bought some insurance at Cultural Insurance Services International(CISI). I spent about a week waiting around for the policy number, but since the CE form was due like two weeks before this, I called the IPE office and asked them if I could just get it to them later, which was no big deal. So, a couple of days later I finally got on normal human being schedule(aka, able to deal with insurance people before 5pm EST) and called them about why I hadn’t gotten the policy number yet. They said it often gets caught in spam filters and sent it off again. I got it submitted to the IPE office, so I think that’s set to go!

Somewhere  in the midst of all of that, I managed to finally fill out my Brazilian Visa application and FedEx it(along with my passport, drivers license, etc) off to Travel Visa Pro. I dropped it off at 4:10pm Wednesday, and it was in San Francisco by 9:15 the next morning, and walked into the Brazilian Consulate. I’m due to get that back by the end of this month, which gets it here with about 2 weeks to spare.

I think that means I’m back out of crisis mode and back into ‘Wait for awesomeness’-mode. Here’s hoping that visa comes early and doesn’t induce anymore stress over being late!

So, I’m working on a expiration scheme for the GenHosts setup I’ve got at work. I figured the best way to do this would be to model what we’re currently doing as part of my MATH381 project, then use that model to evaluate the best way to expire hosts(in terms of minimizing hosts that need to propagate through the system after the initial propagation, while still not allowing hosts to sit around forever.

I had my moment of insight at some point by realizing that this was basically a cache expiration scheme, which is all very well documented in just about every Operating System or Computer Architecture textbook.

Anyways, here’s the first draft of the proposal I’m probably going to be turning in on Monday:

A group of servers maintained by T. Johnson currently use a multi-tiered security approach based on: A username and password for a web-based interface, an IP address-based whitelist scheme, a separate username and password for a secure file upload facility, and a computer change-root scheme to limit access if all of the above were breached. Currently, the IP address-based whitelist is appended to upon successful login to some of the project websites, so that these users can upload files in a secure manner. This scheme has dramatically reduced our susceptibility to random attacks.

However, many website logins are from dynamic IP addresses which should not be indefinitely allowed to connect to our servers for security reasons. Conversely, there is a time-delay associated with whitelist propagation through our servers which is very annoying for repeat users which we would like to minimize. Our proposed project has two prongs: First, we would like to take existing login data to generate a model which predicts behavior of users connecting to the servers(duration between their addition to the whitelist and first login, duration between subsequent logins). Next, we would like to generate an expiration scheme which takes into account the number of times the websites are accessed from each IP address, under the assumption that the more times a user connects to the server from that IP address, the more likely it is that they will access it again, even if there happens to be a longer duration between subsequent logins. We will test this expiration scheme using the model we generated, and make a recommendation to the other admins of the server, and probably actually implement it.

And yes, I know this is a little rediculous for what it is. But it should be fun anyways!

This past weekend I had the honor of being the Best Man at my sister Crystal’s wedding. It was a beautiful wedding at Silverlake Winery in Zillah, WA. I highly recommend it to anyone looking for a pretty spot like that, and it was definitely adequate for our relatively small 120 person party. Also, the wine was excellent. I enjoyed their Chenin Blanc most of the night, though I tried everything about twice, and ended up going home with some of their Reserve Chardonnay.

I had what I what I wanted to say for the speech typed up, so it wasn’t a whole lot of trouble to polish it off with a little bit of typesetting  and post it here. It received unianimously good feedback, and was a great moment for me. I feel a little bad, because I sorta feign unassuredness to hear how good it was again, but so far everyone seems pretty happy to oblige. On a distantly related note, I’d really like to get in the habit of speaking more often. I might look into Toastmasters when I get back from Brazil. Anyways, here’s a link to the speech:  A Toast for Jared and Crystal Mathey

Ray(the boss) and I were chatting about how we should implement our secure upload page. The way it should work is, an IP is added to the genhosts database, it sets up a 5 minute wait, and at the end of five minutes, redirects to the data upload page, at which point the computer is allowed to connect, since the new IP has propogated into /etc/hosts.allow(via a cronjob that takes MySQL entries and parses them(via HTTP and XML) into the standard /etc/hosts.allow format). It’s basically working, but we’re having a bunch of trouble getting IE and Firefox to redirect, since IE apparently detects my window.location.href and location.replace calls as popups, and blocks them

My first reaction was, ‘I wonder if there’s any way we can completely eliminate the wait?’ I can’t really come up with anything though, aside from sudoing to run the genhosts.py command, which is somewhat of a vulnerability since the commands are running as root. This got me thinking, though, that my MySQL -> XML scripts are totally not up to par security-wise, so I looked around a little bit for a good checklist and ended up finding Rob’s PHP Security Guide. It’s a great little guide.

I’m trying some more to think outside of the box on this one, and so far all I’ve really come up with is a somewhat more complicated system of:

1. Admin creates some sort of token, emails the uploader a link to a page(perhaps automatedly).
2. The uploader enters the token and his email address.
3. The web server validates the token, adds the IP address, and waits for genhosts to run(ie, for the IP to show up in /etc/hosts.allow. This way we only require read access by apache on /etc/hosts.allow), then emails the user the link to the regular uploading page.

I think this would be pretty sweet, and would also let us cross-reference specific authorizations (by the tokens) to certain IP addresses in the database, and it sortof removes that whole aspect of having the user sit at his web browser and wait for a countdown.

A more probable solution, at least for tonight, is to run a progress bar that’s not tied to anything in particular, since that’s what Ray wants.  It actually seems to work okay in this configuration, assuming that our users have enough patience to wait for the meta refresh… Time will tell, I suppose!

One of my tasks at work is to write up a security checklist of sorts, and from one of Ryan’s notes, I happened across the NSA’s Red Hat Enterprise Linux 5 guide. It’s pretty cool and covers basically everything. Have a look:

http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf

This is going to be sortof a short post with not much worldwide applicability, but I just learned a couple of weeks ago that Odegaard’s Copy Center will bind a packet of papers for fairly cheap, it turns out. They do it with a clear front cover and a back cover of your choice, plus binding you pick out from their samples. They do it while you wait and have good hours. I had no idea they offered this service, and was very impressed with their output.

Incidentally, I used it on Doug Girard’s and my report on Hopfield Neural Networks, a relatively simple form of content-addressable memory, which is pretty neat stuff. I’d like to write up some more about it at some point, both about what it is and what our experiments with it showed. I really miss doing this sort of experimental programming projects, hopefully I’ll have some time to persue it in this summer’s mathematical modeling course.

I was talking to  Sharvil today about startups and doing something, and sortof said some stuff that had been trying to congeal itself in my mind, which was that no matter how tempting it is to go looking for some project tomorrow morning, what is really ideal is to just absolutely master everything. How ingrained in our mind is basic algebra? How much less so are things like linear algebra, real, complex, and vector calculus, DE solution techniques, and some of the other ‘high math’ fundmentals that a heap of other stuff depends on. I don’t feel like not having these things down to the point of mindlessness has really inhibited me, but I love it when things come automatically, without thought. I guess this is sorta why I got those Schaum’s outlines: I want a bunch more practice with it. But I digress. I’m pretty tired, I think I’ll need to crash now.

June 3 was a fantastic day, though I didn’t know it at the time. The reason? My biggest bitch about Firefox has finally been fixed. The big problem is that Firefox’s OSX program has the default behavior of saving PDFs to Desktop and starting Preview with it. Which isn’t a huge problem, except that if you download the file several times, it just downloads a file with -N appended. This is sortof a pain because in college a lot of teachers call files hw5.pdf, which means that I pretty much have to go to the website each time, or look through about 5 files each time.

But no more. Someone FINALLY wrote an in-browser PDF viewer. This means no more downloading, no more pain. If Firefox’s success wasn’t based on shipping a very good HTML parser with a great extensible framework while stripping most unnecesary stuff, I would say that they should have included it in the standard Firefox. I guess I can let it slide, but it’s seriously a must-have tool for all OSX Firefox users.

Serious. Go and get it, now. Here’s the link: firefox-mac-pdf

So, I finally got fed up with never having a screwdriver when I needed it unexpectedly. Perhaps this was due to the recent MacGyver watching binge, but either way, I’m calling it excess frustration. It seems like it always throws me off when I’m trying to do something at work or at a friend’s house to their computer or… whatever. I had started to carry my little red Swiss Army knife a while back, and it came in handy at least a couple of times a day, so I decided it was probably worth further investment to get one with a real screwdriver on it.

Unfortunately, the Swiss Army Cybertool is completely underwhelming. And none of their other offerings seemed to be much different. So, we went down the line and checked out what else they had. I’m generally more a fan of Gerber’s ‘Press-and-flick’ action for multitools than Leatherman’s ‘Doubleunfold’ approach, but this one caught my eye enough I decided to look at it anyways. It’s a fair bit smaller than I remember the older Leathermans being, but maybe I’m just bigger than when I had last held it. It’s also a good weight–solid, but light.

The blade has a one-handed outside-opening with lock(which is definitely a good thing, I’ve learned!). It’s also easy enough to close with either hand. Folding it open, each side snaps into place solidly, and the curve makes it fit my palm very nicely. Opening it just halfway exposes the screwdriver. It’s a little bit off-axis, which is slightly frustrating, but an engineering tradeoff that works well enough anyways. The screwdriver bits are flattened

Finally, it has a really nice carabiner clip that  doubles (unexpectedly!) as a bottle opener. It works pretty smoothly, and without flipping or doing anything other than pulling it out of your pocket.

Here’s a couple of low-res pics of mine I took with my iPhone:

I’m a little bit late announcing this, but…. I BOUGHT MY BRAZIL TICKETS!

It ended up being like 1300 bucks,  and I have a 13 hour layover in Atlanta on the way there…. but I think that’ll be okay.  It’s actually enough time that I think I might go in and see the world’s largest aquarium, the CNN headquarters, and the World of Coca Cola.

We’re going to be staying somewhere called El Misti Hostel, and make up about 70-80% of the residents there. It’s right off of Copacabana Beach, which is very, very exciting.

After I had finally convinced myself to get out of bed this morning to go to my ACMS seminar, I quickly checked my email and my heart sank a little. Today’s talk was on SAGE. Don’t have anything against SAGE, but I thought it was just a big pile of open source packages in a big, heavy install. Sorta cool, but worthless, in other words.

Turns out, I was pretty wrong about that. It is that, but it’s also ~70k new lines of code that does a whole bunch of exciting stuff. Near the end of his talk, William Stein mentioned that they had created a new tool called Cython. (Well, extended Pyrex, but… whatever.)

Cython is pretty neat. It’s a compiler that takes Python code and outputs C code. This C code is in turn compiled by GCC into a shared library… which in turn can be accessed from standard python code. Which sounds like a lot of trouble for not much gain. Au contrair, amigo. Trivial changes from Python -> Cython give 10x improvements. Converting some Python lingos into slightly more C-like syntax gives 100x improvements. Even 1000x improvements are not unheard of. This is incredible stuff. It’s also really important to SAGE… it’s how they write in mostly python but maintain that speed.

Anyways, back to me. I’m pretty much a compiler dork, so this stuff gets me pretty excited. I went up and talked to him afterwards, and he told me that there’s money to be made with this stuff. Very, very exciting. I’m gonna start diving into it very soon, and I’m sure I’ll have more to say about it soon.