The absurdity of it all

I’m working hard against an important contract deadline, and I hit this painful bug. I bang my head on it for a while and then decide trying to print out the offending values as ASCII. It turns out that I’m attempting to interpret a list of Monty Python sketch titles as an inode.

At times like these, you just have to go take a little walk before you can take anything seriously again.

NB: A list of Monty Python sketch titles makes a fairly plausible inode when you’re looking at it in gdb.

The code monkey’s guide to cryptographic hashes for content-based addressing

At long last, I’ve written and published the “compare-by-hash for programmers” article everyone’s always been asking for. You can read it chopped into 17 pieces and partially obscured by floating ads here:

(My editor says: Please please complain about this! No one believes me when I say this is bad!) Or you can read it one piece with full size tables, etc. here:

I’m always looking for new article suggestions, especially for the Kernel Hacker’s Bookshelf (search down the page for the entry). Writing is fun!

The part of the article that Edward Tufte would be most proud of are the two tables about hash function life cycles:

Stages in the life cycle of cryptographic
hash functions
Stage Expert reaction Programmer reaction Non-expert
(“slashdotter”) reaction
Initial proposal Skepticism, don’t recommend use in
Wait to hear from the experts before adding to OpenSSL SHA-what?
Peer reviewal Moderate effort to find holes and
garner an easy publication
Used by a particularly adventurous
developers for specific purposes
Name-drop the hash at cocktail
parties to impress other geeks
General acceptance Top-level researchers begin
serious work on finding a weakness (and international fame)
Even Microsoft is using the hash function now Flame anyone who suggests the function may be broken in our lifetime
Minor weakness discovered Massive downloads of
turgid pre-prints from arXiv, calls for new hash functions
Start reviewing other hash functions for replacement Long
semi-mathematical posts comparing the complexity of the attack to the
number of protons in the universe
Serious weakness discovered Tension-filled CRYPTO rump sessions! A full break is considered
Migrate to new hash functions immediately, where
Point out that no actual collisions have been
First collision found Uncork the
champagne! Interest in the details of the construction, but no
Gather around a co-worker’s computer, comparing the
colliding inputs and running the hash function on them
Explain why a simple collision attack is still useless, it’s
really the second pre-image attack that counts
Meaningful collisions generated on home
How adorable! I’m busy trying to break this new
hash function, though
Send each other colliding X.509
certificates as pranks
Tell people at parties that you always
knew it would be broken
Collisions generated by hand Memorize as fun party
trick for next faculty mixer
Boggle Try to remember
how to do long division by hand
Life cycles of popular cryptographic hashes (the
“Breakout” chart)
Function 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007
SHA-2 family                                    
Key Unbroken Weakened Broken
Hash Function Lounge
has an excellent list of references for the

Vonage, voicemail, and crash-only software

I happened to accidentally check my Vonage voicemail page and discovered that I had 13 voicemails piled up since September 21st from various people such as, oh, my tax consultant, a potential client, and my sisters. I set up my voicemail so that my cell phone picks it up first, and my Vonage voicemail only picks up when my cell phone voicemail is broken. Then Vonage is supposed to email me and text me the .wav and text transcript of the message (for 25 cents!). It’s this last step that was broken. I called customer service and guess what the solution was? Reloading my settings. It’s like crash-only software, but without the bit that detects the part that’s broken and reboots it. Nngh!!! And yeah, there’s the broken dial tone when you pick up the headset that tells you if you have a message, but I’m so used to ignoring that because I usually don’t delete the voicemail for a while, and it can’t tell when I’ve played the .wav or read the text message.

Anyone with experience with Comcast VoIP doo-dah? I really like Vonage except for the reliability bit.

Best. Apartment. Ever.

Lina found the best best best apartment ever. In classic San Francisco rental fashion, we had to decide whether to sign a 16 month lease within 4 hours of seeing it or else face fierce competition from the open house. It’s a fabulously beautiful renovated Victorian on the south edge of the Mission (for reasons of preserving Lina’s sanity, it is NOT located on the north edge of Glen Park). I didn’t really believe we had the apartment until we had the keys in our sweaty little hands.

I think this photo of the shower head in my bathroom says it all:

If you are not a stalker, email me and I’ll send you the rest of the photos and the Google maps link so you can use Street View.

Moving to San Francisco

The word is on the street: I’m moving back to San Francisco around Dec. 1st. Several of my friends heard the news through the grapevine and are wondering if I’m not telling them in hopes of pretending I still live in Portland and can’t come over to watch their vacation slides. The reality is that announcing the move is fraught with implications and knotty social problems. To wit:

  • What do I say when people ask me why I’m leaving Portland only a few months after I went?
  • What if something horrible goes wrong and I don’t actually move?
  • What if people are tired of invitations to my going-away/house-warming parties and want me to stop emailing them about my moves?

My plan was to wait until I got an apartment (courtesy my wonderful roommate-to-be, Lina), but that’s taking a little longer than anticipated. Man, the rental market in San Francisco is tough! They want all THREE versions of my credit report!

Anyway, I’m moving to San Francisco, I’m mildly embarrassed about it, and you’re still my friend. Announcement of going-away/house-warming parties to follow.

Truth in advertising

This morning, the phone rang (a rare occurrence in my household). I picked up my VoIP phone with caller ID, and saw:

1408(don't remember)

Wow! A telemarketer with a descriptive caller ID and a valid-looking 408 phone number! It’s like receiving spam entitled: “SPAM: Unsolicited commercial mailing” with a valid From: address. The apocalypse must be near.

Naturally, I didn’t answer.

Lazyweb: Laptop acceleration chirper

Dear Lazyweb,

I would like a program that checks the acceleration sensor on my laptop’s hard drive. When it experiences especially intense vibration, as of being slapped on my hip repeatedly as I run for the train, it chirps the PC speaker or plays a sound clip or otherwise audibly notifies me that my laptop is not, in fact, suspended. (At least modern hard drives no longer die when I do this.) Alternatively, it can chirp periodically when the lid is closed but AC is not connected. (Yes, I like to close my lid without suspending – sometimes I compile kernels while driving.) Something with a nice applet front-end for XFCE would be ideal. Thanks!