Every time some new social network site springs up one of my many friends or colleagues just has to invite me. And of course I have to try it out to see if there is really anything special about it. So far I'm not too impressed. I'm on Myspace, Orkut, Linkedin, Yahoo 360, Facebook, etc. Pretty much all of them. Have been since the beginning. I never send invite requests to my friends. I'm afraid it might be annoying to them. Most of the kind of people I hang out with don't appreciate having their email addresses given to third parties without their consent. I get nearly a thousand spams a day now so I don't blame them.

I know lots of people visit these sites and some have market valuations in the billions. And if there were just one and everyone used it I might be more into it. But I just can't see using the site as my only means of communicating with people. I hear some folks do all of their messaging etc through it and they consider email to be out of style. I suspect these people are high school and perhaps college kids. It might work for gossip and kid communications but I suspect that for getting stuff done in the real world email has little to fear.

And what's up with the horrible page design and user interface? It seems everyone has to customize their page and make it impossible to read with lots of widgets and play a really sappy song in the background when you load it up. I'm not whether my ears, my eyes, or my browser are more strongly offended. I recently found an article somewhere lamenting this same problem but alas I cannot for the life of me recall where it was to link to it.

And now I have clients saying they want "social networking" added to their website designed to sell widgets because they hear about it all the time and think it will attract people to their site and sell more widgets. *sigh*

Dane-geld
(A.D. 980-1016)
Rudyard Kipling


IT IS always a temptation to an armed and agile nation,
    To call upon a neighbour and to say:—
“We invaded you last night—we are quite prepared to fight,
    Unless you pay us cash to go away.”

And that is called asking for Dane-geld,
    And the people who ask it explain
That you’ve only to pay ’em the Dane-geld
    And then you’ll get rid of the Dane!

It is always a temptation to a rich and lazy nation,
    To puff and look important and to say:—
“Though we know we should defeat you, we have not the time to meet you.
    We will therefore pay you cash to go away.”

And that is called paying the Dane-geld;
    But we’ve proved it again and again,
That if once you have paid him the Dane-geld
    You never get rid of the Dane.

It is wrong to put temptation in the path of any nation,
    For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
    You will find it better policy to say:—

“We never pay any-one Dane-geld,
    No matter how trifling the cost;
For the end of that game is oppression and shame,
    And the nation that plays it is lost!” 

2. Quantum instantaneousness. Two particles can be put into a quantum entanglement, such that their states depend on one another, even though they have not 'picked' a particular state yet. You can separate the two particles (even by a huge distance), collapse one particle into a state and the other particle collapses instantaneously into the corresponding state.

Your explanation is as I have read many times and seems to be good physics to my untrained thinking. If you have a particle and I have the corresponding tangled particle and we are separated by a great distance and you collapse yours mine will collapse also. I don't know what state yours collapsed to and cannot tell anything from what state mine collapsed to. But I *do* know that you collapsed yours. Isn't that information? What if you and I each have a vast number of entangled particles ordered in a line. You start collapsing your particles with a certain timing. Say, for example, morse code. Particle collapses 1 second apart are dits and 2 seconds apart are dahs. Now don't we have a means of transmitting information faster than light? Surely this is not possible, right? But I don't understand why not.

Update: The flaw in the above is that there is no way to tell if my particle has collapsed to any particular state or not because when I measure my particle it will cause it to collapse causing my partners entangled particle to collapse to some state also making it useless for communication. Heisenberg was a real bastard.

For decades they have tried and for decades they have failed. You simply cannot completely secure a digital computer against its owner and prevent the owner from copying data in that computer and giving it to anyone they want. Not while preserving the basic freedoms which we enjoy such as freedom of speech.

The numbers depicted here are the secret code needed to decrypt the new high definition DVD's. The movie industry spent lots of time and money coming up with this silly scheme and truly brilliant hackers had it cracked in no time. And every time they do this there will be truly great people lining up to meet the challenge. I have never seen any industry repeatedly fail to learn from history for as long as these guys have.

I find myself agreeing more and more with the idea that DRM stands for "Digital Restrictions Management" and that DRM manages rights the same way jail manages freedom. Yet another reason why I have not bought a CD in years and I have never in my life bought a movie on DVD. The current system of copyright is totally corrupt and damaging to both our economy and our culture. We pay taxes to support the copyright system which is established by the Constitution of the United States of America to encourage creation of artistic works so that eventually these things fall into the public domain and we can all enjoy them. We do NOT have a copyright system so that artists get paid. That is only a means to an end. And until these things fall into the public domain we are entitled to Fair Use.

Copyright was originally set at 56 years. More than long enough for the artist to recoup his investment. The media companies are constantly extending copyright. It has been extended twice now, each time a bunch of content from the beginning of the movie entertainment age was about to fall into the public domain. Currently it is set at life of the author plus 95 years in the case of corporate created works such as Mickey Mouse. The copyright on Mickey Mouse will expire in 2061 unless they extend it again which seems quite possible. Walt Disney is long dead and gone. How is providing further protection encouraging him to create more artistic works?

But in addition to constantly expanding the term of copyright protection so that nothing falls into the public domain the movie and music industries are doing their best to remove our rights to Fair Use under the Copyright Act of 1976 (17 U.S.C. Section 107). The Digital Millenium Copyright act is only the most recent successful attempt at chipping away at our rights.

Information does want to be free. In the same sense that water wants to run downhill. Not so much as to anthropomorphize information as to state a basic tendency. Or to put it another way, you can't put the genie back in the bottle.

It has been a fun month. First my friends Stephen (kimihia on Freenode IRC network) and Alan from New Zealand showed up. Myself and coworker Mike flew up to Las Vegas in the 210 to spend a day seeing the sites and then fly them back to San Diego to see the sights here and meet the rest of the #kernel-panic crowd. It's always fun to see what's new in Vegas.

I don't think I've ever mentioned #kernel-panic on my blog before. It is the IRC channel of the Kernel-Panic Linux User Group. I can be found there using the nick tessier. Stop by and say hi.

After flying back to San Diego Stephen and Alan saw the usual sites such as Sea World, San Diego Zoo, etc. Then christel of Freenode/Gentoo/FOSS fame arrived in town from the UK. I have known christel for many years and talk to her on IRC often. She covered quite a bit of what happened during the last couple of weeks on her blog. It happens that we all have interest in and experience with guns so we took a field trip to the local gun range. I try to make it out to the range every so often. I have a friend with an impressive gun collection which he makes available so we spent an evening blasting targets with various noisy calibers, 45 and 50 being favorites of mine but 223 will work also.

After flying back to San Diego Stephen and Alan saw the usual sites such as Sea World, San Diego Zoo, etc. and christel took care of a lot of business relating to the upcoming FOSSCON convention here in San Diego which she is organizing.

Everyone wanted to go check out TJ so I obliged them. TJ is a funny place. Where else can you get shaken down by cops like you were a common criminal, have a lap dance, drink tequila (none for me, thanks), and then have a nice seafood dinner all within the space of an hour? Here's a pic of me getting searched by a TJ cop. Alan took this pic without flash so the cop didn't notice. christel took a pic with flash and nearly got her camera confiscated. Something about drug dealers wanting to kill them. We happened to be visiting during the week that the TJ cops had their guns confiscated by the Federales so they were unarmed. Something about local cop guns being used in crimes. ¡Bienvenido a Tijuana, puto!

Too soon it was time to take Stephen and Alan back up to LAX for their flight back to New Zealand.

Myself, christel, a friend of christel's who goes by SportChick on IRC, and linagee from IRC all piled into the 210 with our ski gear and flew up to Mammoth for a few days of skiing. Had a blast. Every time I go skiing the mountain seems less steep. Actually did some black diamond runs this time.

During an all-night geekfest at the local Dennny's some folks were a bit incredulous that we could just jump into an airplane in the middle of the night and fly around San Diego without ever talking to ATC. So christel, SIGFPE from #sdcolleges, Nethaniel and his sister, and myself all met up at Montgomery Field around 10pm. It was a beautiful starlit night. No clouds and no wind. We went for a very nice night flight around San Diego in the 210 and never talked to ATC. Perfectly safe and legal too. Depart from Montgomery heading west climbing to 3,500 then hang a left at Mount Soledad, fly over Lindbergh, down the bay to the border, east at the border to Otay Mesa, north along Otay Lakes, Sweetwater lake, to El Cajon, then west to Lake Murray for a landing back over Montgomery. All this and only .7 on the hobbs. Around 30 minutes in the air for a complete tour of San Diego county.

Couldn't ask for a better month.

A friend of mine in Vietnam had cablemodem installed in her place a few months back. Unfortunately the person who installed it was a very unprofessional young man. She is a hot chick and he was gawking at her the whole time, asking her personal questions, etc. He had to come back once or twice before the cablemodem finally worked properly. Then he started IM'ing her. He started knowing things he should not. Eventually it was determined that while he was setting up the cablemodem he had installed spyware including a keylogger onto her computer and basically took over her whole online life. What a nightmare! She complained to the cable company and the guy got fired but that does not get her information back. Now they are just waiting for the extortion letter. No joke.

The moral of the story is do not use any free webmail service for anything even remotely important. This may seem obvious to many people but many more still don't seem to realize the implications. Do not store or send any info on a free webmail service that you would not want posted on the bulletin board at work.

The big problem is control. Who has the real ultimate control over your webmail account? Whoever owns the hardware it is hosted on which is invariably a big corporation who doesn't give a care about you the individual. My friend emailed yahoo a number of times about getting her account either restored to her or deleted entirely but they get a million requests like this every day and completely blew it off. There is no reliable way for her to prove who she is to yahoo. She set a "security question" years ago to be used in such an event when she created the account but no longer remembers the answer.

So what is the answer? The answer is to only use email accounts with someone you can hold directly accountable. When using free email they are under no obligation to do anything for you. When you use your local ISP's email account you can always show up at their office with your ID and prove your identity and have them reset your password. Or if you are technically inclined (most of the people who read my humble blog probably are) you can do like I do and run your own mail server. Or you can ask a trusted friend for an account on their email server which they are likely to happily provide as it costs them nothing.

Which leads me to the second part of my rant: Windows is a completely insecure piece of garbage which I will never use for anything. And I am determined never to enter my password into any sort of Windows box again since you can never tell if a keylogger has somehow been installed. I am looking into some sort of one-time password system to use as well. This is where you carry around a list of passwords in your wallet and the system accepts each one only once and then it is never to be used again so it does not matter if someone snoops it. Then I could occasionally enter my password on a Windows box and not have to worry about it being stolen. Since the keylogger incident my friend has started migrating to Linux. She finds it relatively easy to use for her common tasks but needs some hardware upgrades to run Fedora Core 5 seeing as how she has been running Windows 95 or 98 which has more modest hardware requirements.

Today I took a trip to the Mekong Delta. We visited the town of My Tho (pronounced more or less as Me Taw with a slight up and down tone/waver in the voice on the My if you want to get the tone right), took a boat ride up the river, had lunch, visited with local people, heard traditional music, saw how coconut candy was made, rowed traditional boats up the various small tributaries, and had a good time.

On the bus ride back to Saigon our tour guide, Mr Tung, entertained us (in somewhat broken english) with his war stories. He served in the Viet Cong in the tunnels at Cu Chi which the US carpet bombed the hell out of, probably killed a few Americans, and took two bullets himself. One in his upper left arm (he showed us where his arm is still missing some chunks of flesh and is badly scarred from the entrance and exit wound) and one in the leg one night while above ground from a helicopter gunship. Among other things he told us some traditional eastern medicine remedies. Since I have some fans of eastern medicine reading this I thought you might be interested.

Cure for rabies:

Mr Tung told us that a crazy dog would sometimes bite a man and cause the man to go crazy. I can only assume he was talking about rabies. To cure this, he says, you go out to the forest and find a toad. A really big one. And make sure it is not a frog. Toads have rough skin and don't jump very far but frogs are slippery and can really jump. Frogs and toads are "same-same but different". I can't help but smile whenever I hear a local say "same-same" but it seems to be a common expression. Anyhow, he made very sure to explain to us to get a toad and not a frog. Then you burn the toad very completely down to charcoals. Grind up the coals really well and dissolve them in water. Make the afflicted person drink this mixture. In a couple of days they will be better.

Cure for diarrhea:

Take a piece of paper and draw three hungry dogs on it. I suppose you have to be a bit of an artist for this cure. I can't draw a very good dog and I'm pretty sure I can't draw a hungry dog. But draw three hungry dogs on a piece of paper. Burn up the paper. They are big on burning things around here. I see people burning little bits of paper by the side of the street all the time. Take the ashes from the burned paper, mix them in water, and drink it. The hungry dogs will eat up whatever is causing you to have diarrhea and you will be better.

Cure for hemorrhoids:

Mr Tung says that when you have find it painful to use the toilet and you have "flesh coming out of your anus" (they don't hesitate to talk about their bodies here) you should try this remedy. I assume he meant hemorrhoids. [darn, I have forgotten the hemorrhoid cure! Well, I know where I can contact Mr Tung if I ever need it.]

Cure for cancer:

Here it is folks! The cure the drug companies don't want you to know about because it's so cheap! To cure cancer you have to go to the snake salesmen and find a cobra. Not just any snake but a real cobra. The biggest one you can find. Drain the "juice" from the tail of the cobra. I'm not sure what constitutes juice or how exactly you define the tail of the cobra but that's what he said. Drink it. Voila, cancer cured. He cautioned us against using chemicals to cure cancer (chemo, I assume) because all that does is make your hair fall out.

Well, there you have it folks! This was all told with a straight face to my tour group of around 50 people on the PA system of the bus on the two hour ride back to town. I shit you not. We are in the east and it was told to me by an older Asian man so it must be honest to Buddha eastern medicine!

Oh, and after over two months of living here I learned something interesting about local bathroom habits today. First some background: In every Vietnamese home bathroom there is a shower head on the wall. But no shower tub or enclosure of any sort. The floor is all tile. You just shower right there on the bathroom floor and it all goes down a drain in the corner. Yes, everything gets wet. So don't put anything anywhere in the bathroom you don't want to get wet. Beside the toilet (which you stand right next to as you shower) there is another smaller sprayer on a hose. Just like the kitchen sink sprayer many of us have to spray down dishes. With a little handle on it you push and everything. Vietnamese don't normally use toilet paper. They use this sprayer and their fingers to blast the turds off their backside. Sort of like a bidet. Apparently they have been providing toilet paper (in a little plastic container so as not to get wet easily) as a courtesy but I guess I'll have to give the sprayer a try next time I go number 2.

They are still celebrating their April 30th defeat of the Americans aka Liberation Day. There is a very loud concert going on in the park behind my place right now. They are singing something about Sai Gon.

I sent the following to the bugtraq mailing list. The moderator of the list replied with basically a shrug of the shoulders and bounced my post back to me.

------------------

Subject: The utility of bugtraq
From: Tracy R Reed <treed@ultraviolet.org>
Date: Mon, 26 Jun 2006 14:35:38 -0700
To: bugtraq@securityfocus.com

I have been a subscriber to bugtraq for over 10 years. I made the
acquaintance of Aleph1 and I think maybe he turned me onto the list, I
don't recall. When I first subscribed I read every email that came
across the list because it was probably something that applied to one of
the UNIX's I administered and could affect me. Many emails contained
actual exploit code which was very interesting in understanding what was
really going on.

But the list has changed a lot since then. Now it seems like every
platform is fair game for the list even though no one person cares about
more than a very small percentage of those platforms. We have tons of
XSS exploits being posted for webapps that nobody has heard of. We even
have XSS exploits being posted which are unique to individual websites.
What is the point of posting those? What are the rest of us going to
learn from a site-specific XSS exploit for blacksingles.com that we
didn't learn from the previous thousand XSS exploits and why should we
read over a thousand emails a month about such things?

I don't know if the change in the population of the Internet in general
is responsible for the change in utility of the bugtraq list or if it is
due to the new ownership of the list but it went from being an
indispensable tool for the system administrator to being a massive
source of useless noise. I guess it's time for this old UNIX fogey (and
I'm just 31!) to move on.

Having spent so much time in VN the past year I have learned a lot of interesting things, not all of which I like. I have witnessed first-hand what I recall a friend referring to last year as the "crab mentality". The idea is that one crab in a pot will easily escape. But three or more crabs in a pot never escape because they are all constantly pulling each other down due to their complete lack of cooperation. Sometimes it seems as if the Vietnamese really are pulling each other down. It's as if there is no sense of cooperation or spirit even though lip-service is often paid to these things in the government propaganda. In reality it is every man for himself. Bribery is rampant. I am almost ashamed to associate with wealthy vietnamese because the only way to get that way is to participate in the corruption. Those with nice houses probably have them because they were confiscated from someone else. The old-boy network is bigger in VN than anywhere I have seen. There are many well-educated Vietnamese who knows the difference between right and wrong but unfortunately the others around them make them feel forced to play the same game by the same rules.

It's odd: The Vietnamese language has so many pronouns to refer to yourself and others depending on the situation to show the proper respect. If the person is a teacher you call them "tha^`y" and yourself "con". If it is your parent you call them "ba'" and yourself "con". If it is a professional situation you refer to yourself as "to^i". A male older than you (like your brother) is "anh" or a female older than you (like your sister) is "chi." and when referring to yourself (being younger) you are "em". When referring to someone younger than you they are "em". Someone significantly older than you (old enough to be your parent) you refer to as "co^" for female and "chu'" for male. A very old person (like grandparents) you refer to as "ba`" for female or "o^ng" for male. There are more, but that is only what I have learned so far. Very complicated. When receiving something from an elder you always accept it with two hands. Take off your shoes when you enter a house. They treat each other with such respect.

Until they get out on the streets and are dealing with other Vietnamese who are not their family or friends, just anonymous people. The well educated and polite Vietnamese do ok. But the rest behave like animals. Pushing and shoving, cutting in line, cursing and swearing, ripping each other off, it's terrible. It seems so selfish to only treat people with respect when you have something to lose or gain (such as reputation or favor) and treat them so poorly when you know you will never see them again. How we treat others when we have nothing at stake says a lot about ourselves, I think.

I have nearly been compelled to bust some heads on a couple of different occasions this past week. I nearly caused a scene in the airport in Hanoi when some guy tried to cut in line between me and my friends by muscling his luggage cart between us. It's not like cutting in line will make his flight depart any sooner. But they just don't get it.

I have recently visited some very sacred pagodas in the buddhist religion. No westerner ever visits these places unless they were shot down over them. I got quite a few looks of surprise and many comments were made when people saw my white face climbing the long (several kilometers) and very steep trail to the top of the 1000 meter mountain. And when I finally got to the top after a 4 hour hike I found a mass of people perched on the tiny flat spot around the pagoda pushing and shoving and throwing their trash down all over this otherwise beautiful mountain top. They laughed at me for carrying my trash around in my backpack until I got to a place with a trash can. I had always assumed they would have more respect for their holy places than to litter them with trash but apparently they show their respect in some other way.

My friends told me I needed to learn to be Vietnamese. I explained to them that this is how animals behave and I refuse to believe that Vietnamese are animals. Just like crabs in a pot. They seem to have no clue what an ideal or a principle is. They rationalize poor behavior by saying that everyone else does it. It seems that their society would get a lot farther if they could just learn to cooperate and not think only of themselves. It is amazing to me that these are the same people who caused the world such troubles in the 60's and 70's.

I also see the general ignorance of the world of the people making them easy to repress and manipulate. The Internet and satellite television are changing that to some degree but being the only country on earth that speaks Vietnamese makes it very difficult for the average Vietnamese to get outside information. Suffice it to say that their government has given them a very "interesting" version of the history of the last hundred years.

Despite all of this the people who I dealth with directly on a face to face basis were all very nice and hospitable to me and I am very grateful to them. I never ran into a single instance of anti-Americanism or discrimination, other than having to pay double for tickets to anything because I am a foreigner. :)

"Không, tôi là người Việt!"

I had intended to do a lot more writing about what I saw while in Vietnam while I was actually there but for some reason that never happened. I had the opportunity to travel from Can Tho in the southern Mekong Delta all the way up to the provinces north of Hanoi. I paddled a native canoe in the Mekong and took pictures in front of Ho Chi Minh's tomb in Hanoi. I was there for the 30th anniversary of the victory of the Communist North over the Republic of South Vietnam as well as for Tet also known as the lunar new year or "Chinese New Year".

Overall it was quite an experience.

People always say "How was Vietnam?" and all I can say is that it was "different". The thinking of Vietnamese and the way they live is so different from the way we live in the US that there is no easy way to explain it. The people in general were quite friendly. The countryside is quite beautiful. The weather is very hot and humid. 100F and 100% humidity. The rainy season is wet but the rain is warm and the lightning is beautiful.

Nobody drives cars in Vietnam. I met many people in Vietnam and only one of them (a multi-millionaire family) was rich enough to own a car. They were some sort of rich communist government head-honcho family. The average Vietnamese earns a dollar a day and a car there costs three times what it costs here in the US due to import taxes among other things. So unless you are super rich, a taxi driver, or a delivery truck driver, everyone there drives 100cc motorcycles or scooters. But you don't really want a car there anyway. The traffic is so congested that it is much faster to get around the city on a far more maneuverable motorcycle. Many of the roads and alleyways and other spaces you have to drive in will not fit a car. I bought a Yamaha Nouvo bike for transportation and put over 2000km on it. It was quite fun actually. I might have to get a bike to drive here in the US. A bigger one of course.

Being a socialist country, nobody owns land there. The government owns all of the land. Theoretically "the people" own the land and they are embodied by the government but we know how that works out in reality. I do not understand how building codes work in Vietnam but the government seems to mandate that you build your house in the silliest way possible. That is to say that they do not have ranch-style homes like we do. Or even duplexes or apartments. They must build their homes in a long very narrow rectangle which is not very big which requires them to build up instead of out. The narrowness of the plot results in requiring a very steep narrow winding stair going up to the next level. Very different from anything else I have seen in the world. The city blocks consist of many alley ways which go deep into the interior of the block where they intersect with other alleyways where many more houses are built. Few houses actually face an actual street in the city. Any street facing property is used for retail space with families living above and behind. Nobody has a yard or a driveway. It is very difficult to estimate how old any building there might be. Some are ancient, others are only 10 years old but look ancient. The weather is hard on everything there.

It is very difficult to navigate in the city. Since you can generally never see past the end of the block due to being in a narrow street with 4 story buildings on each side there are no landmarks visible from far away. Here in San Diego we have the mountains on the east, ocean on the west, and freeways that run north and south and plenty of room to look out upon the horizon to orient ourselves with. In Vietnam every narrow brick building looks the same if you aren't very good at reading Vietnamese. There are few streetsigns. There are innumerable nondescript alley ways which one must inevitably travel. Vietnamese seem to have no idea which way North, South, East, or West are. You can't buy a compass anywhere and you have to go to a tourist bookstore to get a map. They have lived there all their lives and never need to give or take directions. By the end of my time there I was able to navigate somewhat reliably without a map but it took months.

Many Americans seem to still think there is a war on over there. There is not. The Communists have been at relative peace over there since 1975.

Yes, they eat many things that are strange to our western tongues in Vietnam. Yes, they eat dog. Yes, I tried it. No, it's not half bad. Dog meat, barbecued dog, dog soup, it's all actually pretty good. I had barbecued iguana too. Turns out they don't eat barbecued iguana in Mexico a la 'I wish I was in Tijuana eating barbecued iguana' from that song "Mexican Radio". It does taste like chicken. I also tried this stuff which is literally "bug juice" on a sort of vietnamese noodle. I don't recommend it. And that's not the half of all of the crazy foods I have seen or eaten in Vietnam. They do have some really good fruits that we do not have in the US like chom chom and mang cut. Unfortunately I don't know the english names for them.

I studied Vietnamese for a few months at the local university a block away from my office in Saigon Trade Center. It is a very interesting language. They use many small worlds put together to form concepts. Every word is single syllable. Very difficult to pronounce. It is a tonal language. I really like how verb conjugation works in Vietnamese. To conjugate something for past tense you just put a word in front of the verb that means "in the past". Similar for the future and various other tenses. No irregular verbs or exceptions or all of the other quirks that Spanish and English have in verb conjugation.

The Vietnamese bathroom is somewhat different from a western bathroom. Only a few times did I ever see the traditional "squat" toilets. Most have the western style toilets now. But there is no bath tub or shower. Not once did I see one. Instead the bathroom is always tiled from floor to ceiling and there is a shower head on the wall. You just shower right there in the middle of the bathroom floor. Don't put anything in the bathroom that cannot stand to get wet. Also, there is what looks like a kitchen sink dish sprayer beside the toilet. That is to wash your ass. They generally don't use much toilet paper. They consider the western habit of using toilet paper to smear it around repulsive and unclean.

I visited many Buddhist temples and learned much about Buddhism. Some of the pagodas were easy to get to being right in the middle of the city. But for others I had to climb mountains, row up rivers, and descend into caves to find. The Vietnamese are a very superstitious people. Far more superstitious than even the Mexican Catholics. Like the Chinese, they believe that red is a very lucky color. You must plan important events such as weddings, opening of businesses, etc. on "fortuitous" days which basically comes down to numerology. Around 10% or so of the people there consider themselves Catholic. But they still worship their ancestors and do other things that the Pope would definitely not approve of.

The question of the war inevitably comes up and whether Vietnamese hate Americans. In Vietnam it is known as the "American War". The government still seems to slightly encourage dislike of Americans (mainly because they still need some enemy to rally against) but they want our money also. It is apparent that like much of the failing Socialist world they are torn between their political aims and their need for money. Most seem to have lost their belief in Communism (but never say so for fear of being branded a traitor to the country) but the rich want to stay rich so they don't want things to change and happily continue to support nationalism and brainwashing. Relations between the US and Vietnam were normalized in 1995 and several trade agreements opened the Vietnamese economy to US and other investors although there are still many restrictions on doing business. Everyone was very nice to me and not once did I see any sign of dislike of Americans.

But I was very surprised to find that Vietnamese in general do not know anything about the history of the war. They only know the little bit their government wants them to know. Information about anything else was destroyed or they are forbidden access. They think the US wanted to annex Vietnam and kill Vietnamese. And that is all. Period. That simple. They do not understand the cold war, the domino effect, the threat of nuclear weapons, the complication of the Soviets, etc. They do not know about the Cuban Missile Crisis. They do not know that the Viet Cong were just as ruthless in trying to win the war as anyone else. Most have no idea what the rest of the world is like. Most can't even see it on television or in the movies because they can't afford those things.

There is a huge difference between the traditionally anti-Communist Vietnamese that we have living here in the US and a Vietnamese who grew up and lives in Vietnam. I would hesitate to even say that they are the same people or culture. Being the only country on the planet who speaks the Vietnamese language and a government that censors really isolates them from the rest of the world. After having to worship their idol Ho Chi Minh daily in school and take many classes preaching his greatness and that of Socialism one could say that they are quite well brainwashed. They are taught that they have freedom but are also taught that there are many things which they must not do such as speak freely. Many are masters of Orwellian double-think. The few Vietnamese who know much of the outside world readily admit (although in somewhat hushed voices) that Socialism has been a failure and realize that they are slowly making their way towards becoming a republic and having a healthy free economy. But it will be many years before this happens. A whole change of culture must happen first.

So there you go. I would be happy to return as I had a great time meeting the people and learning about life there. The hardest part of living in Vietnam for me was that I can't get a carne asada burrito anywhere! More on Vietnam to come...

I have talked with some of you about this in recent
meetings. It used to be that hardware was too slow to support
functional programming or really any high level language. LISP was the
first functional and high level language to be used. LISP was conceived
of in 1956 and fully implemented and useful by 1962. The performance of
LISP on the hardware of the day seems to have given the whole class of
languages a bad name and doomed them to obscurity. Other than AI
research and some universities, almost everyone dumped LISP for C and
similar languages. But the benefits of this method of programming
combined with much faster hardware which renders the overhead of high
level languages irrelevant seems to be causing a comeback. I think it is
time to take another look at functional programming and many people seem
to be doing so. The amount of functional programming activity in the
FOSS world these days is pretty impressive. It is definitely a different
way of thinking about programming so it will take some getting used to.

Functional programming in general has appeal for a number of reasons.

The first is that it is primarily based upon the mathematical idea of a
function. As computers are inherently logical/mathematical devices I
find this appealing. Specifically it involves lambda calculus and the
idea that you can implement the equivalent of Turing complete
functionality using the composition of functions.

They are functions in the sense that they always produce the same and
only one output for a given input, just like the mathematical definition
of a function.

There are no side-affects which can make your programs non-deterministic
and hard to debug. You never say things like a=b. Instead you evaluate a
function which returns b whenever you would have otherwise used a. But
even this does not really explain it properly. You will have to do some
reading on your own to get it. The book "The Little Schemer" is a pretty
good introduction to the theory of functional programming. It is mind
bending and enlightening at the same time. Having finished that book I
am now slowly working my way through "Simply Scheme" after which I hope
to tackle "The Structure and Interpretation of Computer Programs". Once
done with all of that I should have a pretty solid grounding in
functional programming in Scheme and be able to take on other functional
programming languages.

These ideas together mean you get code that is much more likely to do
what you intended and only what you intended which makes it great for
mission-critical applications which require stability and high
availability. They also mean it is closer to being possible to
mathematically prove the correctness of your programs. You still can't
actually prove it for anything but the simplest of programs but it gets
us closer and I think that is a worthy goal.

With functional programming you describe the problem itself rather than
an implementation of the problem and the computer works the rest out for
you. I find this pretty amazing. And because of this programs written in
a functional language tend to be much shorter. A program written in an
imperative programming language tends to be 5-10 times the length. Less
code means less opportunities for bugs and debugging.

With cpu's getting faster and getting wider in terms of parallelism due
to multi-core designs functional programming is in a prime position to
take full advantage of the capabilites of the new cpu's. Parallelizing a
functional program is easy because the nesting of the functions clearly
delineates what depends on something else and which things can be run
safely in parallel.

I have been reading about Lisp, Scheme, Haskell, and Erlang. Note that
Lisp is not a "purely functional" language in that you can also do
imperative programming with it. But the rest are purely functional. Some
day I am going to have to pick one for serious learning. As I mentioned,
I have a few books on Scheme already so it is in the lead. But the
succinctness and mathematical foundations of Haskell are appealing. I
just recently began learning about Erlang. Erlang was written originally
created by Ericsson and they use it on their phone switches and other
devices that need high reliability. It seems to have the advantages of
Haskell plus it has very strong concurrency support (threads done in a
safe and sane way: no locks or shared memory, only message passing), has
an emphasis on highly reliable code, you can patch it on the fly without
stopping the program (nice for upgrading those switches that require 5
9's of uptime), can be used to do distributed programming in a
transparent way, and has built in support for a distributed database
called Mnesia. That is pretty much all I know about it so far, haven't
written any code yet. But I look forward to trying it out. We really do
have an embarrassment of riches when it comes to programming languages.

I never really appreciated the value of RSS until I got the Sage plugin
for Firefox. Now I get a very useful feed of info from a number of good
sites. One of these sites is: http://lambda-the-ultimate.org which
always has lots of very good discussion on functional programming and
language design. I found out about Erlang through this site. Check out
http://lambda-the-ultimate.org/node/197 which has direct download and
torrent links to "Erlang The Movie". They demonstrate some rather neat
features of the language. The video itself, made in 1990, reminds me of
an episode of Fawlty Towers or Are You Being Served? Watch it and I
think you will see why. :)

"Hello Joe. Hello Mike. Hello Mike. Hello Robert. Hello Joe, Hello Mike.
Hello."

I am working on a wiki page with lots of links to functional programming
resources. I will post a link to it when I have it a little further
along. I will post some functional programming examples here eventually
also.

This song is from jonathancoulton.com and can be freely distributed thanks to Creative Commons licensing. There really is some cool music on the net. Turn off whatever crap Clear Channel is programming your brain to like this week and tune into some real music!

Pretty funny stuff to anyone who has ever had a Manager Rob or hot receptionist in their life.

I know it was on slashdot last week but I bet most of the people who read my humble blog don't read slashdot and besides the website was completely crushed by the number of people who visited from slashdot and only recently became available again.

At first glance, "Silence on the Wire : A Field Guide to Passive Reconnaissance and Indirect Attacks" by Michael Zalewski does not look like a book on computer security. All black, not too flashy. What the heck is passive reconnaissance and indirect attacks anyway? But it's from No Starch Press so it should be something cool. I would say this is a different kind of computer security book. This book does not give you the standard advice such as avoid buffer overflows and turn off unnecessary services, etc. It takes a more fundamental look at our hardware, software, and protocols and examined the problem from the lowest level working up. The book basically focuses on how to get information out of a system in ways the designers did not anticipate. Not through any sort of brute force "hacking" (in the negative sense of the word) but by much more subtle means such as observation from a distance without ever letting the target know what is going on through the use of various sorts of data leaks and covert channels. Information is an interesting thing. Lack of information is indeed information itself. All of these things are examined and explained.

The book consists of 18 chapters and 281 pages and I think that is just the right length to cover some of the more interesting ground that others have not covered a thousand times before. Rather than summarize the book let me tell you about a few of the parts that I found interesting.

The information presented on timing attacks and entropy etc. was all very interesting but then in chapter 2 we encounter around 20 pages about boolean logic, logic gates, basic machine architecture etc. This information, while interesting, left me wondering where the author was going with all of this. 20 pages is a bit long to leave the reader in the dark. We ultimately find out how the hardware relates to timing attacks and computational effort analysis.

I found the in-depth discussion of the OSI model and the byte-level dissection of the various protocols that make up the protocol stack in our networks to be very interesting. I have read Richard W Steven's book on networking (a long time ago) but this was a very nice review. During the explanation of the various protocols and layers we learn a few things about the quirks of each of these layers and how they can reveal information. We find out how the RFC's (the standards which specify the protocols/languages which computers use), while specific enough to allow different machines to talk to each other, are often not completely without ambiguity and leave room for variance in the various different implementations. These variances can be observed and used to determine what OS a machine is running among other things.

Page 109 in chapter 8 is particularly interesting to me. Imagine my surprise when, just sitting in bed reading along one night, I came across my own name in a computer security book! It turns out the author ran across my work in "war-flying" back in 2002 and found it interesting enough to include in his book.

During the section discussing TCP we learn about TCP sequence numbers and the need for solid entropy in their generation. Some pretty pictures are presented which show the probability distribution of the generated TCP sequence numbers for various different OS's. I remember seeing these pictures and reading the paper back in 2001 when the author first published them. You can actually determine what OS a machine is running by looking at a picture of the distribution of the TCP sequence numbers it generates. This relates back to the passive OS fingerprinting. The TCP specification says sequence numbers are to be used but says nothing about what algorithm to use to generate them.

Overall I found the book quite satisfying and it clued me into a number of areas of information leakage that I had not been aware of and techniques which can be used to exploit them. I liked how the author presents several real life stories from his own personal experience where something very strange and interesting was discovered. This is the only real computer security book I own. Most other books just seem too cheesy or unoriginal or out of date to bother with. This book is not only original but it focuses on fundamental ideas that will continue to be valid for many years to come.

So I quit my job with Telepacket. Long story. I am rejuvinating Copilot Consulting and getting in touch with all of my old clients. I have migrated everything off of the old server onto a new server and moved it to less expensive bandwidth. While I am at it I am redoing my website. I'll be posting again about the cool new technology that has gone into this new server.

If you are sending a reply to a message or a posting be sure you summarize the original at the top of the message, or include just enough text of the original to give a context. This will make sure readers understand when they start to read your response.

Every now and then I fire off a lengthy rant to someone which all too
often is only read by me and the other person. Sometimes I get to
inflict my rants on a mailing list but that is only sometimes. Now that
I have a webpage where I can post stuff like this I am going to be
copying and pasting any interesting rants here as well. Today I sent an
email to a webserver administrator complaining about how they give the
user the option of using SSL or not with the justification being that
SSL is slower. I think this is silly so I sent them an email suggesting
the just make SSL the default and make things simpler since any speed
difference is very negligable, especially on modern hardware. My email
was bounced back! Apparently their mail server uses a DNS based block
list (often called an RBL or Realtime Blackhole List) which is a rather
controversial setup. I emailed them from a different account to which
they replied. My followup with them is as follows:

On Sun, Jan 09, 2005 at 09:03:32AM -0800, David Timm spake thusly:
> 1. We block about 85% of our incoming email at the client level. This has
> saved thousands of dollars in bandwidth costs and stops most of the big
> volume of Spam -- zombie machines sending messages from subscriber networks.
> It has been extremely effective for us and I think it is a really good idea.
> I know there are two major camps in this war -- one that accepts then scans
> the email and the other that blocks first. We choose the latter. I have
> white listed your server, which should eliminate any further problem for
> you. If you do have any further problem, you can also send messages to us
> via the web at: http://answer.timesync.com?action=contact or click 'contact
> technical support' at the bottom of any schedule master page.

I do this too. However to block solely on the basis of someones IP being
in a list is a very bad idea. I learned this lesson the hard way:

http://www.e2ksecurity.com/archives/001028.html

Summary: An otherwise respectable RBL shut down in a silly way and caused
mail servers all over the world to start bouncing ALL mail.

There are actually three camps in this war: The two you mentioned plus
those who use something like spamassassin.&nbsp; The proper way to block spam
(IMO) is to use something like spamassassin which calculates a score based
on a number of factors including whether the IP appears in a list. For
example, the email you sent to me scored like so:

X-Spam-Status: No, hits=-4.9 tagged_above=-999.0 required=5.0 tests=BAYES_00

So it did not have any spam like qualities at all. Your IP wasn't on any
lists, the content of the email did not look like spam according to the
bayesian filter, and there was no other funny business going on. It
actually had a few positive things going for it which made the spam score
negative. I have my system configured such that a score of 5 is required
to be labelled as spam and sorted into the junk folder. I never outright
reject mail because false positives (such as when I emailed you) can be
injurious to a business. But a really spammy email looks like this:

X-Spam-Status: Yes, hits=38.6 tagged_above=-999.0 required=5.0 tests=BAYES_99,
BigEvilList_92, DATE_IN_PAST_96_XX, DATE_SPAMWARE_Y2K, DCC_CHECK,
FORGED_MUA_OUTLOOK, FORGED_RCVD_NET_HELO, HTML_90_100, HTML_IMAGE_ONLY_02,
HTML_MESSAGE, KOREAN_UCE_SUBJECT, MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,
MISSING_MIMEOLE, NORMAL_HTTP_TO_IP, RCVD_IN_DYNABLOCK, RCVD_IN_SORBS,
SUBJ_ILLEGAL_CHARS

This email has many words in common with spam according to the bayesian
filter, the date was screwy, the MUA was forged, The RCVD line was forged,
etc. etc. PLUS it was listed in a number of lists such as Dynablock and
SORBS. Every so often I go through my junk folder and casually glance over
the emails to make sure there are no false positives (I have found 3 in
the past year and a half and they were from a very suspiciously configured
mail client so it's debatable but overall an astoundingly good rate) and I
get perhaps a couple of actual spam emails through to my inbox with about
300 being blocked per day for an accuracy rate of 99.6% and a false
positive rate of much lower.

Last weeks spam stats:

[root@copilotconsulting log]# grep "Yes," maillog.1 | wc -l
7938
[root@copilotconsulting log]# grep "No," maillog.1 | wc -l
12892

So 20830 emails of which 7938 were spam. I have a lower spam ratio than
most because I am on a LOT of legitimate but very high traffic mailing
lists (such as the linux-kernel mailing list) which boosts the amount of
good traffic I get. So I have the best of both worlds: No arbitrary lists,
very little spam or false positives.

> 2.&nbsp; SSL is slower (google 'ssl performance') but my concern might be a bit
> dated with today's newer hardware.&nbsp; I'm sure you are aware that the browser
> and server both take a performance hit.&nbsp; It may be small enough to default
> to ssl now.&nbsp; I'll consider that.&nbsp;&nbsp; Thanks for calling it to our attention.

Certainly there is some sort of performance hit when using SSL but I have
administered an enabled SSL web server since 1997 (was Netscape Server
back then although I have been all Apache for years now) and even back
then I didn't notice any significant performance hit using hardware and
browsers of the day. Even doing simple RSA operations with PGP was pretty
quick. And of course the time to use a symmetric encryption algorithm such
as that used by SSL on something as small as a webpage is miniscule as
well.&nbsp; We really need to encourage a culture of computer security and
secure defaults if we ever expect to improve the current miserable
computer security situation.

--
Tracy Reed http://copilotcom.com
This message is cryptographically signed for your protection.
Info: http://copilotconsulting.com/sig

On Sun, Jan 09, 2005 at 10:41:21PM -0800, David Timm spake thusly:
> Hi Terry,&nbsp; I'll look into Spamassassin -- I've been meaning to, and your
> message gives me another push, thanks. I've been reluctant to use anything

You are welcome. FWIW I use the killer combination of
postfix+amavisd-new+spamassassin+clamav for my spam and virus scanning
needs. I also use something called my_rules_du_jour (which I think may be
an add-on, not sure if it came with spamassassin or not) run from a
cronjob nightly to keep my spamassassin rules up to date. clamav also has
a daemon which definitely does come with it called freshclam (heh) which
keeps the virus definitions up to date. I never would have thought I would
see a good open source virus scanner just because of how boring it would
be to keep the definitions up to date but the clamav guys do an impressive
job.

I don't recall if this is the exact howto I used to set it up but it was
pretty easy:

http://mail.x-si.org/articles/av.html

--
Tracy Reed http://copilotcom.com
This message is cryptographically signed for your protection.
Info: http://copilotconsulting.com/sig

After several years of admiring the software from afar I have finally
dived into zope/plone/python. I have a number of big projects in the
works, several of which will require a website with some pretty
sophisticated web applications so it is the right time. I figured the
best way to learn it is to just dive in and immerse myself so the first
thing I am doing is converting my personal website over. I will be
doing all sorts of experimenting and customizing here so expect changes
and occasional periods of brokenness. The migration also meant that
several personal sites were down for a few days until I got around to
configuring apache to do url rewrites for those sites so they got
served out of the apache document root instead of being proxied to zope.

Last week I had a catastrophic LVM failure on the server which hosts my
websites and email so it was down for a while then too, I am working on
getting more redundant systems up to make everything more reliable
although that is more for company stuff and not the personal site.