On Monday I successfully defended my PhD dissertation. It's been 5 months since I passed my comprehensive exam so I missed this development cycle entirely, but I'm looking forward to getting back to hacking and mapping.
Since I've completed my stint in Clemson, I will soon be moving to my house in Virginia. I'm a little wary of starting my new job on the 31st, but it will be an interesting change from being a graduate student. I'm looking forward to my parents, my brother, and his fiancee visiting next week to celebrate our birthday. Since my parents will be moving to Europe soon, I'll hopefully be able to meet some of my Gnomies from across the pond.
Wednesday, August 19, 2009
Friday, June 19, 2009
Lockpicking and Security
No doubt in the past day or so people have seen on boing boing a Wired article about Marc Tobias picking Medeco's "high security" locks. From the article, the claim high security means something specific in the industry, being able to withstand compromise for 10 or more strictly 15 minutes. These locks have been specifically hardened to resist attacks and you have no doubt been wondering about the security of the lock on the front door of your home.
Before you run out and buy a more "secure" lock for your home, let's discuss some security concerns that affect your purchasing decision.
Do you have windows made from bullet proof glass on your home? If so, the lock on your front door may be your weak point. If not, consider that a non-savy criminal can defeat your multi-hundred dollar/pound/euro lock with a cheap brick or a rock from your landscaping (maybe you want to reconsider leaving break in tools around your front yard). This goes double if you have another exterior door that's glass or that a similar high security lock can't be affixed to. Remember that unless you have a facade constructed entirely of thick, well mortared masonry, a persistent attacker could easily cut through your wall with tools available at any home improvement store. Any system is only as secure as its weakest point.
Let's also consider the rate of home break ins. The US Department of Justice provides statistics on historical trends of household burglery defined as "Unlawful or forcible entry or attempted entry of a residence." The following chart shows the national rate of burglery per 1000 homes from 1973 - 2005 (clicking through will take you to the numerical data).
Since this is a national average, you can reduce the rate of incidence by your choice of neighborhoods/areas to live in.
If we assume that your chances of actually being broken into are small, 29.5 per 1000 homes in 2005, and your locks and windows are actually insecure and only useful for keeping the honest honest, is your money better spent upgrading insecure locks, windows and walls or limiting the consequences of such an unlikely event? By all means, lock your doors and windows, but also make sure you carry an appropriate home or renters insurance policy and have documented what you own and their approximate value. This evidence should be stored, like your backups, in a secured off-site location such as a safe deposit box. You could also opt to store this material in a heavy, fire and flood proof safe in your home. Keep in mind that safes can also be cracked, but the walls of the safe are more hardened than the walls, windows and locks of your home and you're trying to raise the cost of acquiring the contents beyond the value of the contents (much like the premise behind using digital encryption). If you opt for a "fire proof" safe keep in mind that many of them work by removing oxygen from the enclosure with a foam or such and not by limiting the heat delivered, which can erase magnetic media.
In closing, "Don't Panic." Be prudent, but keep in mind the actual rate of such attacks on your home's security and take appropriate steps that will aid you in the event of any catastrophic event in your home.
Before you run out and buy a more "secure" lock for your home, let's discuss some security concerns that affect your purchasing decision.
Do you have windows made from bullet proof glass on your home? If so, the lock on your front door may be your weak point. If not, consider that a non-savy criminal can defeat your multi-hundred dollar/pound/euro lock with a cheap brick or a rock from your landscaping (maybe you want to reconsider leaving break in tools around your front yard). This goes double if you have another exterior door that's glass or that a similar high security lock can't be affixed to. Remember that unless you have a facade constructed entirely of thick, well mortared masonry, a persistent attacker could easily cut through your wall with tools available at any home improvement store. Any system is only as secure as its weakest point.
Let's also consider the rate of home break ins. The US Department of Justice provides statistics on historical trends of household burglery defined as "Unlawful or forcible entry or attempted entry of a residence." The following chart shows the national rate of burglery per 1000 homes from 1973 - 2005 (clicking through will take you to the numerical data).
Since this is a national average, you can reduce the rate of incidence by your choice of neighborhoods/areas to live in.
If we assume that your chances of actually being broken into are small, 29.5 per 1000 homes in 2005, and your locks and windows are actually insecure and only useful for keeping the honest honest, is your money better spent upgrading insecure locks, windows and walls or limiting the consequences of such an unlikely event? By all means, lock your doors and windows, but also make sure you carry an appropriate home or renters insurance policy and have documented what you own and their approximate value. This evidence should be stored, like your backups, in a secured off-site location such as a safe deposit box. You could also opt to store this material in a heavy, fire and flood proof safe in your home. Keep in mind that safes can also be cracked, but the walls of the safe are more hardened than the walls, windows and locks of your home and you're trying to raise the cost of acquiring the contents beyond the value of the contents (much like the premise behind using digital encryption). If you opt for a "fire proof" safe keep in mind that many of them work by removing oxygen from the enclosure with a foam or such and not by limiting the heat delivered, which can erase magnetic media.
In closing, "Don't Panic." Be prudent, but keep in mind the actual rate of such attacks on your home's security and take appropriate steps that will aid you in the event of any catastrophic event in your home.
Thursday, June 11, 2009
GPG Key Transition
A signed version of the below message is available at http://www.gnome.org/~sadam/sadam-KeyTransitionStatement-2009-06-11.asc
Thu Jun 11 11:43:50 EDT 2009
For a number of reasons, i've recently set up a new OpenPGP key, and
will be transitioning away from my old one.
The old key will continue to be valid for some time, but i prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust. This message is
signed by both keys to certify the transition.
the old key was:
pub 1024D/7108E308 2002-01-14
Key fingerprint = D86C 9E6D AA49 FBD2 33C6 7EF9 8D4D 6868 7108 E308
And the new key is:
pub 2048R/18F94934 2009-06-11
Key fingerprint = F4AE 5B6B 29A4 355A 0EC1 0B4C AC5D 54B8 18F9 4934
To fetch my new key from a public key server, you can simply do:
gpg --keyserver pgp.mit.edu --recv-key 18F94934
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg --check-sigs 18F94934
If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint 18F94934
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key:
gpg --sign-key 18F94934
Lastly, if you could upload these signatures, i would appreciate it.
You can either send me an e-mail with the new signatures (if you have
a functional MTA on your system):
gpg --armor --export 18F94934 | mail -s 'OpenPGP Signatures' adam.schreiber@gmail.com
Or you can just upload the signatures to a public keyserver directly:
gpg --keyserver pgp.mit.edu --send-key 18F94934
Please let me know if there is any trouble, and sorry for the
inconvenience.
Cheers,
--sadam
Thu Jun 11 11:43:50 EDT 2009
For a number of reasons, i've recently set up a new OpenPGP key, and
will be transitioning away from my old one.
The old key will continue to be valid for some time, but i prefer all
future correspondence to come to the new one. I would also like this
new key to be re-integrated into the web of trust. This message is
signed by both keys to certify the transition.
the old key was:
pub 1024D/7108E308 2002-01-14
Key fingerprint = D86C 9E6D AA49 FBD2 33C6 7EF9 8D4D 6868 7108 E308
And the new key is:
pub 2048R/18F94934 2009-06-11
Key fingerprint = F4AE 5B6B 29A4 355A 0EC1 0B4C AC5D 54B8 18F9 4934
To fetch my new key from a public key server, you can simply do:
gpg --keyserver pgp.mit.edu --recv-key 18F94934
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg --check-sigs 18F94934
If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint 18F94934
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key:
gpg --sign-key 18F94934
Lastly, if you could upload these signatures, i would appreciate it.
You can either send me an e-mail with the new signatures (if you have
a functional MTA on your system):
gpg --armor --export 18F94934 | mail -s 'OpenPGP Signatures' adam.schreiber@gmail.com
Or you can just upload the signatures to a public keyserver directly:
gpg --keyserver pgp.mit.edu --send-key 18F94934
Please let me know if there is any trouble, and sorry for the
inconvenience.
Cheers,
--sadam
Monday, April 20, 2009
Summer of Code Accepted Students Announced
Congratulations to the accepted students. We received over 140 proposals this year and it was indeed a competitive process. The admins would like to thank all of the GNOME mentors that made our (the Admins) lives easier by participating in the commenting, scoring, and selecting process.
This year we were unable to get the students (accepted and rejected) email addresses from the system so our acceptance and better luck next year emails have been sent to the gnome-soc-list. If you were accepted and haven't yet subscribed to that list, please do so ASAP as emails concerning accounts and such will be coming out soon. Also, contact your mentors. They're waiting to hear from you and get you started on your way to being integrated into our fantastic community.
Thank you to all the students that applied and watch this space and the lists for continuing SoC updates.
Saturday, April 18, 2009
Short Timer
Yesterday, I officially became a short timer at Clemson with the successful defense of my PhD research proposal. The next several months will be filled with the remaining work to complete my research and write my dissertation.
Monday, March 30, 2009
Ph.D. Proposal
I'm excited because my Ph.D. Proposal is off of my desk and has been sent to my committee. Presentation preparation is to ensue.
Thursday, March 19, 2009
Salsa on the installment plan
I was at the home improvement store yesterday and decided to try my hand at some container gardening. Here's a picture after I got everything planted.
GNOME Accepted For GSoC 2009
We've been accepted as an organization for Google's Summer of Code 2009! If you want to help judge applications and/or be a mentor, go to http://socghop.appspot.com/ and sign up.
NB: Right now the interface to accept people as mentors only shows your "link id" or "username" filled out in your profile to the admins and not your "Display Name". Please enter something recognizable, either your nick from GNOME/IRC or firstnamelastname.
Wednesday, March 11, 2009
SoC Organization Application
GNOME's application has been submitted and developers and maintainers will be able to sign up when/if we are accepted.
Remember to continue suggesting project ideas at our ideas page. We're going to start triaging ideas this weekend but will continue to triage as they come in.
Watch this space for more details as they come in.
Remember to continue suggesting project ideas at our ideas page. We're going to start triaging ideas this weekend but will continue to triage as they come in.
Watch this space for more details as they come in.
Tuesday, March 10, 2009
Dear Blockbuster,
I no longer find your service to meet my needs. I expressly chose you over Netflix because I could exchange DVD's in the store and while the next items in my queue were shipping, I would have something to watch. I don't have a cable TV subscription and thus watch a lot of movies and TV on DVD. Your new policy of counting my store rentals against my total number of rentals and not shipping the next items in my queue until they're returned defeats the purpose of subscribing to your service. Netflix is less expensive per month, has free streaming with their unlimited plan that works with Linux, and has faster DVD turn around rates (anecdotal evidence from nearby friends with Netflix). The cure for bad service is not worse service. I will be cancelling my subscription with you as soon as I figure out how to migrate my queue to Netflix.
So long,
Adam
PS:
Lazy web - So far I've found no easy way to migrate my queue from one to the other. Please let me know if you know of one.
Netflix - If you're listening, other Blockbuster Total Access members that heard this policy explained to them in the stored sounded just as peeved. You could have a windfall if you provided an easy way to import my queue from blockbuster, say CSV or such.
Update: The streaming doesn't work on Linux as I've now found out. mea culpa.
So long,
Adam
PS:
Lazy web - So far I've found no easy way to migrate my queue from one to the other. Please let me know if you know of one.
Netflix - If you're listening, other Blockbuster Total Access members that heard this policy explained to them in the stored sounded just as peeved. You could have a windfall if you provided an easy way to import my queue from blockbuster, say CSV or such.
Update: The streaming doesn't work on Linux as I've now found out. mea culpa.
Tuesday, February 17, 2009
Signingparty update 2
I recently found that the order in which our DBus interface spits out the display name of a selected key had changed from name (comment) <email> to name <email> (comment) which produced garbled output from the signingparty tool I wrote. I've fixed it but if it changes again it will need to patched again.
Here it is: signingparty.c
And the command line magic to compile it:
Here it is: signingparty.c
And the command line magic to compile it:
gcc -o signingparty signingparty.c `pkg-config --cflags --libs gtk+-2.0` `pkg-config --cflags --libs dbus-1` `pkg-config --cflags --libs cryptui-0.0` `pkg-config --cflags --libs gio-2.0` -D LIBCRYPTUI_API_SUBJECT_TO_CHANGE -g -Wall
Thursday, February 12, 2009
Google Summer of Code 2009 Call for Ideas
Devs, Hackers, Code Monkeys, Lend us your ideas!
The time is upon us once again to prepare for Google's Summer of Code.
Pages have been prepared on the wiki for this event, but your ideas
appear to be missing [1,2]. Students will be able to start proposing
their projects on March 23, but we'd like to make sure there are
plenty of projects from them to choose from and have mentors ready to
volunteer their time.
Please visit [2] and enter your project ideas under the "New Untriaged
Ideas" section. A committee will be formed up later to triage the
ideas prior to the opening of the proposal period.
If you would like to volunteer your time to mentor but don't have a project
idea, surf over and claim one. Mentoring is an awesome way to get more
involved with the community and introduce someone to it.
If you would like to throw your hat in the ring for the triaging or
selection committees and other GSoC related tasks, pop on over to
#soc-admin, join the soc-mentors-list and let one of the
administrators for the program know you want to be involved in making
GNOME rock.
This year's administrators are Adam Schreiber, Daniel Siegel and Sandy
Armstrong.
Cheers,
The GNOME Google Summer of Code Administrators
[1] http://live.gnome.org/SummerOfCode2009
[2] http://live.gnome.org/SummerOfCode2009/Ideas
Tuesday, February 10, 2009
Update
I just realized today as my dad was asking my brother and I about how to increase his online presence and searchability that I hadn't made a post since Election Day. Wow... The main reason is I'm a PhD student trying to finish my dissertation up in time to graduate in August. Here's a quick run down in bullet form of what I've been up to.
- Improving my local OpenStreetMap data. I've traced the two lakes above Hartwell with the Lakewalker plugin to josm and finished Hartwell itself. These are enormous lakes! I've also added data for the Appalachian Trail from the beginning to about Knoxville, TN, more to come I'm sure.
- Writing and researching are my two main daily tasks. Hopefully in the near future we can add measuring to that list.
- February 3rd I gave a very long presentation on Seahorse at the CLUG meeting. We're having a key signing party at next week's meeting along with a gent from Fedora who is bringing a couple of XO laptops. If you're in the Clemson area next Tues, stop on by.
- Sporadically working out.
Subscribe to:
Posts (Atom)
