Joe Auricchio

Another personal post. Last weekend (8-10 Nov) I went with UCSD’s Outback Adventures to Joshua Tree National Park for a weekend of rock climbing. Joshua Tree is a world-renowned destination for climbers, and it’s easy to see why: the northwestern part of the park seems to be composed solely of steep and interestingly-textured rock faces to climb up and beautiful vistas of the high desert to look out upon.

The Outback Adventures folks were experienced, taught us what we needed to know, encouraged us to do our best, and generally had their stuff together. I would strongly recommend any of their outings based on my experience.

I’m still very new to climbing. This quarter I started going to the climbing gym on campus once a week with a friend, and a month ago I went on a day trip with OA to Mission Trails park and climbed on actual rock. This weekend was the test for me: is climbing something I’ll keep on doing once a week at a gym, as a form of exercise I enjoy much more than lifting weights? Or is this a serious hobby I’ll put time and effort into? The answer is clear to me after this weekend: I really like climbing, and I want to do it as often as possible. To that end I’ve purchased a harness and shoes (thanks Craigslist!) and I’ll try to go to the gym twice a week.

The next step is to find a climbing partner who has the equipment and experience to set up top ropes on actual rock. It seems to me the rope and protection gear would cost $300-500 (new list price), and that’s an investment I’m not ready to commit just yet. I wouldn’t know how to use it either. So I have to find someone willing to set up climbs and teach me how to use the gear. To show me the ropes, if you will. Sorry.

On a more introspective note, I’m still amused by my newfound enjoyment of The Great Outdoors. My family was never the outdoorsy type, and we never went camping or hiking or anything like that. Until this summer I’d never been camping at all. But so far, I’ve been enjoying it a lot. Was I always an outdoorsy person, but I never knew? On the other hand, it’s possible that I’m developing a taste for camping simply because I’m experiencing it at this time of my life, going with these people, doing these things. Were I occasionally dragged on yet another family camping trip all throughout my childhood, would I have a different opinion? Nature versus nurture: am I a person who likes camping and hiking but never discovered it until now, or do I like camping and hiking because of the ways I’m experiencing it now? It’s unknowable, of course.

Dear California:

I’m ashamed to tears to live in this state. Yesterday, 4.8 million of my neighbors voted against civil rights and equal protection. Proposition 8 was never about homosexuality, or religion, or the traditional marriage ceremony: it was about government adjudication of who can engage in domestic partnership, and the answer of the people is: “Not everyone”. The beliefs of a few about things that don’t affect them have now been turned into laws trampling on the rights of many. Congratulations, California, you just passed a miscegenation law.

To everyone who thinks this is a religious issue, to all Christians who voted yes on Proposition 8 because you interpret Leviticus 18:22 as declaring homosexuality a sin and calling you to take positive action to prevent same-sex couples from being happy in such sin, may I draw your attention to the New Testament: Luke 6:36-37, Colossians 3:13, 2 Corinthians 3:6, Galatians 5:14-15, and Galatians 3:19-28 for starters. You can think homosexuality is a sin, if you want to ignore the new covenant, follow all the laws of Leviticus, and declare putting meat and dairy on the same plate a sin as well, and miss the entire point of Christianity. But even if you do that, don’t you dare condemn other people for what you call a sin. Next time, try listening to what good old JC actually said before you try to do something in his name. Hint: it’s about forgiveness and love, not about legalism.

To all of you Yes on 8 campaigners who claimed this was about protecting the marriage of straight couples from some sort of degradation of society, or about what our children would be taught in schools, or that kids need both a mother and a father or they’ll grow up to be criminals and/or homosexuals, or especially anybody holding one of those signs that said “Prop 8 = less government”, come see me sometime, and I’ll send you to whatever hell you wish. You lied through your teeth to convince otherwise reasonable but tragically uninformed people that Prop 8 was something it wasn’t. I’ve been trying to keep my feelings today mostly in disappointment and not hate: but I really really really don’t like you.

My hopes and whatever feeble prayers I dare offer are with the ACLU, Lambda Legal, and the National Center of Lesbian Rights, who are currently challenging the constitutionality of Prop 8 in the California Supreme Court; and that the Court will do the right thing and protect the rights of all people.

I should be happy with the outcome of the Presidential election. The candidate I supported won, and I think the country sent a message that we’re not happy with the way things have gone. The power of the people is passing to a younger generation and we’re going to make some changes. I should be happy, but today I just can’t be. More than anything else, I’m shocked that this happened here. This is the West Coast, the land of hippies and greenies and crazies of all sorts. If this is what 47.9% of Californians believe, what does that say about the rest of the country? How can the same country elect Barack Obama and ban gay marriage? I just don’t understand.

All right. Back to infrequent natterings about technology.

P.S. Hey, Santa Clara county, where do you think you’re going? You come right back here. Santa Clara County, you screwed up big. 33.7% of you voted against BART. What the hell?! Who voted against BART? You’d better hope there are 5,000 more uncounted absentee votes for Measure B hiding somewhere. If B finally fails when every vote is in, I will find all of you and I will beat your ass back into the real world where we need BART in the South Bay so bad it hurts.

Full disclosure on my political & religious positions: I’m an atheist who sees a lot of value in the best teachings of Christianity and all religions; the teachings that nobody can always follow because it’s actually difficult to be a good person. I have strong respect for civil liberties and the rights of individuals. I’m a bit left on welfare issues. On the other hand, I don’t trust the free market as we know it today. I’d love to, but it proves itself time and again to be a terrible servant of the public good.

My friend’s cousin (we’ll call him P., because that’s his initial) added me on Facebook. I know P from a camping trip a few months back.

After confirming P’s add, I took a look at his Facebook wall and recent actvitity. He’s connected to other members of the extended family: my friend, my friend’s little sister, cousins and aunts and uncles from all around the family. There’s a running conversation on his wall with a cousin of the same age from a different side of the family¹. P’s status is “looking forward to tomorrow to find out if we are going to have a boy or a girl. :)”. I fully expect he’ll post the news, and potentially an ultrasound picture.

Families usually keep in touch like this with periodic phone calls. I suppose the white-collar 20-35 demographic uses email too, since we’re so used to it in school and business. But I wonder if this is an isolated case of a family using Facebook, or the first I’m seeing of a larger progression. Rushi has pointed out that he has seen high school friends’ parents online, connecting with their high school friends.

Addendum 22 Oct: This is Why You Don’t Friend Your Boss on Facebook. That kinda changes the workplace dynamic, I suppose.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13

It upsets me how many product names other than Chrome are in there just because stupid JS tries to guess what the browser can do. Next time, we need a new way to detect browser capabilities. I suggest we detect the actual capabilities, not try to guess based on who shipped what feature first in 1997.

It’d be cool if the browser vendor cartel got together one day and decided all User-Agent strings would be simple again, like “Chrome/0.2.149.27 (Windows NT 5.1; en-US)”. And any jankety-ass copy and paste image rollover script from 1997 that breaks if the string doesn’t start with “IE” or “Mozilla” can get stuffed.

I’ve had a Dreamhost account for just over a year. I was lucky to catch one of their one-day promos, so I got a deeply discounted rate for the first year. But now the second year is starting, so they sent me a brief email to let me know that it was time to pay them. I signed in to the account control panel and checked my billing info. It said I owed them $114 or so for 2008-9. So I poked around the billing section a little more, and I saw an option to change the contract length. The longer the contract, the cheaper it is, to the tune of $1/mo less per additional year. So I switched my plan to three years, since I’m content with DH so far. To my surprise, I now owe them $0. In 2011 I’ll have to pay them $286, but for now my account is clear. That’s right, I asked for more service and they are giving it to me without being paid. Interesting. That’s not usually how business works.

My only guess is that their business model is predicated on a sufficient percentage of customers’ bills coming due each month; given that certain revenue, it doesn’t matter when any given customer actually pays. They have virtually zero marginal cost per customer and virtually zero recurring cost per customer-month. Their capital is servers and disk arrays, which are divided among a few hundred customers per cluster; they build a new cluster every month or so (week?), to accommodate incoming customers, but once a cluster is built it costs almost nothing to maintain. Power, cooling, salaries, office supplies, rent, and fiber connectivity are amortized over all their thousands of customers. So, as long as some bills come due every month, they’ll make salaries and rent. It doesn’t particularly matter when any single customer pays. They probably can’t even make good use of a surplus… it just goes into the bank account until it’s time to build the next cluster.

This makes me several intellectual kinds of happy. Patent application #20070078663

Why are my most productive days in terms of code also the days I read the most interesting blogs & news?

I’ve always wanted a Trac for the world. Rwanda: wontfix. China: worksforme.

Apple just “fixed” CVE-2007-4703.

The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

I am utterly speechless. Shouldn’t the firewall have been built by a security team? Not a bunch of monkeys smashing their keyboards with a femur then committing?

I’m not sorry if I’ve offended you. If you work for Apple, and the Firewall code passed through your hands, YOU DESERVE TO LOSE YOUR JOB.

Letting any root process listen no matter what is like a bank security guard letting nobody except ex-convicts in after hours. The history of Unix security from Robert Morris up to today is that a single chink in any root daemon’s armor means your entire system is laid bare to anyone who knows what Metasploit is. It is inconceivable to me that someone being paid to write security code in 2007 would turn off all firewalling for any root process—and make it impossible for users to specifically request it.

There are those who say firewalls and network security are solving the wrong problem. At DefCon 15, Bruce Potter made the compelling argument that the right way to improve security is to fix the buggy code, and that “defense in depth” is just a band-aid. That may be, but for today, we still have buggy daemons, and sometimes we want to hide them from the world.

Again: I hope someone at Apple lost his or her goddamned career for this.

Or, a brief exercise in physics for those who still remember it (I don’t)

Yesterday at work I had to solve the following problem.

There is an FPGA chip that dissipates 5.7 Watts under full computation load. The chip is in an enclosure whose walls have effectively zero capacity to absorb heat. At one end of the enclosure, there is an aperture 11 mm tall and 11 cm wide, through which air flows at a rate of 40 LFM (linear feet per minute); the temperature of this air is 60 C. All the air exits at the rear of the enclosure through a similarly-shaped aperture. Assume the air becomes thoroughly mixed and thus homogeneous in temperature. Find the temperature of the exiting air.

Today, Kyle said to me:

So, you know that whole hd dvd key thing? Everyone and their grandmother knows it now, or knows where to find it. But I don’t think anyone knows what the heck to do with it.

Why did the HD-DVD key become such an issue?

Content providers: Takedown letters are not the way to stop piracy. Still less are they the way to squelch people with an agenda.

Bloggers, Diggers, etc: Copying and pasting a couple dozen bytes does not equate to taking to the streets in glorious revolution. The key’s been public for months. Those who needed it to do business (software developers and pirates) had it long ago.

Forgive me if I sound reactionary. I’m on the bloggers’ side on the whole. Certainly I’m no friend to the MPAA and RIAA. I just thought we’d been through all of this back in 2002 when DVD-Jon went to trial. It’s the same DMCA, same technology (video DRM), same fair use and anticircumvention issues. Of course, none of these issues actually came up in Johansen’s trial; they were just discussed to death on the net. I’m annoyed that this all came back a few days ago, but glad everybody shut up at the end of the day.

TMBO had a photo (sorry, no link) of a guy who tattooed the key to his chest. He’s going to feel really silly next year when nobody remembers or cares anymore, and even sillier in five when the next-next-gen formats arrive with the same folks backing them.

(I hope he feels silly already because back when we had the export restrictions fifteen years ago people did the same with strong crypto algorithms.)