Done yesterday (20100927 Mo)

[mdlbear]

0927 Mo
  * up 6:30; W=197.6; drugs, nose, teeth; coffee, breakfast
  @ U.S. Wants to Make It Easier to Wiretap the Internet - NYTimes.com
    Somebody needs to explain Diffie-Hellman to these idiots
  $ hsx: $15 from Lee @work
  * lunch @ Sr. J's with (coworker) Jake after smashing bug all morning
    (Jake's upgrade interacting with my use of `pwd` for symlink targets.
  % aha: maybe I don't do things like music because they're "fun", and there
    are two many not-fun things that need doing.
  * Some actual _work_, as in programming.  About time.
  * need 3-way bulb for new torchiere
  @ gmcdavid - First Observation of Hawking Radiation
  @ REI - Packing Smart: Tips and Checklist
    Travel Preparation Checklist
    Astounding Arches In Pavilion of 33,000 Beer Crates (Photos) :
    TreeHugger
  & Pidgin, OTOH, doesn't seem to be working.   Network Manager idiocy.
    -> needs -f to force it to ignore the stupid netmanager
  * much of the way through the left-hand paper pile on the desk
  . track down paperwork for Wendy:  * W2's, * stmts from Wells, * pay stubs,
    stmts from both retirement acct's (current, old)
    * 2009 W2 missing - check attic -> what were the folders doing _there_?
    x o T. Roe Price    o Ricoh    * Hartford (sort of)

OK, yesterday morning was pretty insane. An implementation decision that I made ages ago, basically applying best practices and using /bin/pwd to compute the absolute path for a symlink target, blew up in our faces when /home got moved to a bigger disk by changing the symlink. Oops. Bind mounts to the rescue, and we managed to get it all diagnosed and temporarily fixed before any of the trial users got caught by it. Just barely. Kudos to the QA team for promtly reporting the problem.

In the afternoon I actually got some work done, finally. And made considerable inroads on the huge pile of paper to the left of my keyboard. (Looking for some bank statements that mostly didn't get found, so hopefully we can get away without them.)

The day's major insight: I tend not to do things like music that I know I'll enjoy. Could that be because I know there are so many things I know I won't enjoy that still need doing, and that are "more important"?

And now the U.S. Wants to Make It Easier to Wiretap the Internet -- somebody needs to explain the implications of Diffie-Hellman key exchange to these idiots.

Some more, and more fun, links under the cut.

Comments

[pocketnaomi.livejournal.com]

I refer to things like your dilemma over making music as the "bottled water fallacy."

I don't usually buy water, I usually carry a water bottle and fill it from fountains or sinks. But every once in a while, I am caught out without a drink and need to buy one, and what I really feel like drinking is water. I have, however, a heartfelt belief that paying for water, at least in regions of the world which have safe and tasty tap water, is stupid.

But since I can't access our safe and tasty tap water at that moment, and I must buy a drink, I have two choices: I can feel stupid buy paying for water, or I can actually act even stupider, by paying the same amount of money for something I want considerably less than I want the water, just in order not to pay for water.

You're in a bit the same position with your time. You're gonna be spending time. At any given moment, you may well know with relative certainty that, even if you ought to be spending that moment working on stuff which urgently needs to get done, you aren't likely to make that happen. In that case, what is better to spend the time one... the music you really want, or something you want less and which will still not get anything useful done anyway??

If you are able to make yourself apply seat of pants to chair (or car seat, or wherever else it needs to be) and Get Those Things Done, then I say skip the music for the time being and go for it. (This applies to any time being during which you are able to make yourself do it.) But if you're not going to do the stuff which needs doing, and so you're about to "waste time" (a phrase I hate; I don't believe time is ever wasted) by doing something useless in practical terms, does it make sense to spend the wasted time on something you like and want to do, or something you don't like and don't want to do?

Or, should I buy a soda I won't even enjoy, in order not to spend my money on water, or should I buy the water I really want even if it feels all wrong to spend money on it?

Usually, I buy the water, in such conditions.

[mdlbear]

Excellent point. I have to work on this one, clearly.

[thnidu.livejournal.com]

Um... would you mind explaining Diffie-Hellman key exchange and its implications to those of us who don't know what it is?

Do you mean that if you and I exchange keys in advance and encrypt our communications with them, it's impossible (either in fact or in practice) to decrypt them without the keys?

Because from what I heard on NPR news, what they're trying to get is access to communications via devices and services (at least some of) which are readily available, are not currently effectively tappable, and do not (out-of-box) support encryption.

Not that that makes the government's request any more or less acceptable.

Cryptography...

[aerowolf.livejournal.com]

In cryptography, "Diffie-Hellman(-Merkle) Key Exchange" is a protocol for two independent entities to exchange information which allows them to independently generate the same symmetric key, knowing knowledge they already have and the information they received. It essentially allows two people to use hard math to calculate the same result, which is used as the session key.

This is done using a specific math problem that has two important properties:

1) The best solution to the problem that would need to be solved by anyone who could see the actual messages but not in the message flow -- i.e., an eavesdropper -- is currently believed (but not proven) to be "polynomial time" -- meaning, it is between 'linear' and 'exponential'. This is the same way that 1024-bit RSA is considered to give about 117 bits of entropy, by the NIST -- essentially the same amount of probability that would cause any two independent runs of 117 independent coin-flips to occur in *precisely* the same sequence from beginning to end.

2) The same problem is faced by someone who wishes to maliciously spoof messages to either recipient, and it's made less tractable because of the more contemporaneous need for the key. (However, it is possible for malicious Mallory to create two separate and independent protocol interactions, one each to Alice and Bob, and convince each that he is the other, unless Alice and Bob authenticate themselves by some other means once the channel is established.)

Once the channel is established, either side can state what the channel parameters are to the other, and without the addition of a "message authentication code" (essentially a seed to a secure hash function and its verification on every message received) it is possible to end up with a "man in the middle" who is listening to everything that you say.

Diffie-Hellman-Merkle is used in later versions of Transport Layer Security (formerly called SSL) to negotiate a secure channel with "perfect forward secrecy", meaning that if the key is broken for a past interaction, the security of all succeeding keys remains intact.

On its own it doesn't say *anything* other than you're talking to someone who knows how to speak the protocol; the session key must be authenticated in some other manner. This can be performed many ways, such as via asymmetric key certificates (such as found in PGP or X.509), or by proving that the same obscure piece of information is known to both parties (which is the general technique used by an IM-service agnostic system called "Off The Record", available from http://www.cypherpunks.ca/otr/ ; it can run as an AIM proxy for you to use the original AIM client, or it can run as a plugin for such free software as Pidgin (Windows/Linux) or Adium (MacOS X)).

Wikipedia has a really good article at http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange , that says it best: It "is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel."

Essentially, its implications are that it is possible for anyone, at any point, to establish and enforce a policy in any communication across a known-insecure channel such that the content of the messages between the parties cannot be recovered without corruption of either endpoint, blind luck, or a lot more computing power and time than can possibly exist in the universe.

Participating in the protocol relies upon the introduction of two specific mathematical concepts: exponentiation and modular arithmetic. Explaining it usually requires pre-algebra. See Wikipedia for more details.

[phillip2637.livejournal.com]

The security backdoor requirements are in the news up here because of Research In Motion being a semi-local success: India and the U.S.A following in Saudi Arabia's footsteps...hmmm.

[siliconshaman.livejournal.com]

*headdesk*

Right, because federally mandated security loop holes would make things Soooo much more secure!

[septemberlilac.livejournal.com]

I knew from the start that the Obama administration wasn't really going to be the answer to anyone's dreams - but I did expect better of them than this. Sigh. Not being too sure what a Diffie-Hellman key exchange is, I looked it up. Quite fascinating. I understood one word in five, but I'm reasonably certain I have a better grasp of the concept than the people floating this proposal. They really are idiots, aren't they?

3-way Bulb

[idea-fairy.livejournal.com]

need 3-way bulb for new torchiere

Are 3-way bulbs available in other technologies besides incandescent?

Re: 3-way Bulb

[mdlbear]

Yes, what I have is a compact fluorescent. I'd prefer full spectrum, but I'll settle for soft white, which was all I could find. The power saving is huge.