timmc: (Default)

Yesterday I realized that my skill in Stupid Chiral Face Tricks is asymmetric:

  • I can raise my left eyebrow independently, but not my right [1]
  • I can sneer on the left side, but not the right
  • It turns out I can, upon attempting it, ever so slightly flare just my left nostril, but not my right (I can flare both at once quite easily)
  • I can wiggle my ears, and although I can't wiggle just one, I feel like I know how I would try to wiggle just my left one but would have no idea on the right
  • I can flip my tongue one direction but not the other

So the left side of my face is apparently way more expressive! That's cool, and weird, especially since I'm right-handed. It only seems to apply to chiral motions (motions that have left/right handedness to them) so it's not like I just have more limited range of motion on one side of face. Clearly what this calls for is... a poll!

Poll #18450 stupid face tricks (public)
Open to: Registered Users, detailed results viewable to: Just the Poll Creator, participants: 8

Handedness? (if it's complicated, just answer according to your actual hands)

1 (12.5%)

7 (87.5%)

0 (0.0%)

Briefly list any chiral facial muscular skills

Your chiral facial muscular skills are:

I don't have any :-(
4 (50.0%)

Totally symmetric (perform equally on both sides)
0 (0.0%)

Consistently asymmetric (can only use left side for all, or right for all)
0 (0.0%)

A mix
4 (50.0%)

Do your chiral facial skills correlate with your handedness?

Yes, more skilled on same side as dominant hand
0 (0.0%)

Yes, more skilled on opposite side as dominant hand
2 (28.6%)

No clear correlation
2 (28.6%)

N/A due to ambidextrous / not spending enough time in front of the mirror doing silly things
3 (42.9%)

(For reasons, I am making this a public post, but the poll answers will only be visible to me; I will then strip off usernames and post the responses in a followup. There doesn't seem to be a way to automatically publish poll results minus usernames.)

[1] I can sort of raise my right one, but only by raising both while lowering my left one.

timmc: (Default)

I have a server I use to host Jabber instant messenger for brainonfire.net. I currently use an SSL cert from StartSSL, but they're known to be sketchy and I don't know how long various IM clients will continue to trust them. I'd like to set up the server to use certs from Let's Encrypt, but it's not clear to me what the least worst way of doing this is, given that the website for that domain is hosted elsewhere.

I host www.brainonfire.net on nearlyfreespeech.net, which has a nice little utility to automatically get and install certs from Let's Encrypt. The cert files end up in a place I can SSH to. The home server I host Jabber on (named kibble) just has Jabber-related ports open, and in particular ports 80 and 443 on that IP go to a different server, named toster. Here are the options I can picture:

  • Manually copy the certs over every 30 days. (I could start with this.)
  • Have kibble automatically SSH into my web host and grab the certs periodically, then install them into Prosody. (I would be *really* leery of doing this -- that SSH environment in my web host has a ton of access, and this would require passwordless SSH keys.)
  • Point the A record for brainonfire.net to toster, which would use haproxy or nginx to forward brainonfire.net requests to kibble, which would just intercept ACME challenges and otherwise send redirects to www.brainonfire.net just like nearlyfreespeech.net would normally do. (This is awful in several ways.)
  • ETA: Have a cron job on the web host copy the keys directly to kibble, into a limited user directory, and then have a cron job on kibble pick up the keys and install them. (This... might work?)

I don't think I can manipulate brainonfire.net's DNS from any of my servers (this is a good thing) and I don't think my web site can see the cert files in order to serve them up to kibble via an authenticated request (this is probably *also* a good thing). I don't want to host my website on kibble, and I can't host Jabber at nearlyfreespeech.net. Are there any other options I've missed?

Edit 2: A coworker suggested what sounds like the right way: Generate the key on kibble, sign a CSR with it, transfer the CSR to the web host. Then periodically use the CSR for cert generation, copying the results back to kibble, as in the last idea above. Much safer!

Edit 3: Success! Here's what I did:

  1. Generate a private key and a CSR on the Jabber server:
    mkdir -p /opt/keys/prosody/brainonfire.net/
    (umask 077; openssl genrsa -out /opt/keys/prosody/brainonfire.net/privkey.pem 4096)
    openssl req -out /opt/keys/prosody/brainonfire.net/csr.pem -key /opt/keys/prosody/brainonfire.net/privkey.pem -new -sha256 -subj "/CN=brainonfire.net"
    cp /opt/keys/prosody/brainonfire.net/privkey.pem /etc/prosody/certs/brainonfire_net.NFSN-LE.key
  2. Copy the CSR to the web host.
  3. Set up the dehydrated ACME client config with an appropriate BASEDIR -- certs will go in here, as will registration.
  4. Register with Let's Encrypt: /usr/local/bin/dehydrated --register --accept-terms --config path/to/dehydrated.config
  5. Create a script (create cron job to run once a month) that will ship the certs off to the Jabber server:
    . "$CO/dehydrated.config"
    mkdir -p -- "$BASEDIR"
    /usr/local/bin/dehydrated --signcsr "$CO/brainonfire.net-csr.pem" \
                              --config "$CO/dehydrated.config" \
                              --domain brainonfire.net \
                              --full-chain \
                              > "$BASEDIR/latest-chain.pem"
    /usr/bin/scp -i /home/private/sync/cert-oracle/ID_certs-to-kibble \
      -P 8443  \
      "$BASEDIR/latest-chain.pem" \
  6. On Jabber server, create a script (set to run daily) that will install the cert and restart Prosody if it has changed:
    function install {
      hash_src=`sha256sum < "$1"`
      hash_dest=`sha256sum < "$2"`
      if [[ "$hash_src" = "$hash_dest" ]]; then
        echo "Not installing file, hasn't changed: $1 -> $2"
        return 2
      echo "Installing file: $1 -> $2"
      touch -- "$2"
      chown prosody:prosody -- "$2"
      chmod o= -- "$2"
      cat < "$1" > "$2"
      return 0
    if install "$src_dir/latest-chain.pem" "$dest_dir/brainonfire_net.NFSN-LE.chain.pem"; then
      echo "Restarting prosody"
      service prosody stop
      service prosody start
      echo "Nothing to do"
timmc: (Default)
If you're looking to delete your old Livejournal posts now that you've moved to Dreamwidth and LJ continues to pile on the suck, I've written an honestly kinda crappy tool that does the job:


It's repurposed from ljdump and it walks all your journal entries and sets the subject, body, and various metadata fields to "wiped". If someone would like to improve it (there's a TODOs list at the bottom), patches are welcome.

If you find or write another tool to do this, please feel free to link to it in comments.
timmc: (Default)

Has anyone had success recently in authenticating to LiveJournal's API? In particular I'm trying to use the getevents call with cookie auth, but all I get is this:

curl http://www.livejournal.com/interface/flat -H "X-LJ-Auth: cookie" -H "Cookie: ljsession=$LJ_COOKIE" -d "ver=1&mode=getevents&user=$LJ_USER&auth_method=cookie"

Invalid password

(I'm trying to write a script to go back through my LJ posts, and for each one replace the contents with the string "deleted" and then delete the post. I stopped crossposting a month or two back and now it's time to clear my history there as best I can...)

ETA: "clear" auth (plaintext username and password) works. Hashtag YOLO. (It's not like any of this was over HTTPS anyhow so whatever. I'll just change the password later.)

timmc: (Default)

For a few months now I've been running a Sandstorm server, which effectively produces a website with an app store. Invited users can install apps and create instances of them ("grains") in a couple clicks, including dropboxes, chatrooms, concurrently-editable documents (Etherpad), and photo galleries. There are some pretty cool sharing features, with granular permissions.

I'd like to offer this as a service to my community -- friends, housemates, neighbors, maybe a couple degrees out. I still have some work to do in making the service "safe to use" (automated backups, own TLS cert, etc. -- there's a checklist.) Beyond backups, I don't think I'll be able to promise any particular level of Availability, running it on a residential internet connection, but I do want to put some work into the other two main infosec categories: Confidentiality and Integrity.

But there's also one big step remaining: Picking a domain name! Right now I'm using the free sandcats.io service because it offers wildcard DNS and TLS certs (Let's Encrypt won't work, here). I don't want to change the domain *after* offering the service around, because Sandstorm doesn't have a way to automatically redirect if called with the wrong domain name, and I don't want to set up the necessary nginx or haproxy redirect, with the concomitant cert wrangling. Gotta do it now.

I'm thinking something like https://apps.timmc.org. Sandstorm is an unusual product, so I want to communicate "this is a lot like phone apps". (Actually, a lot more secure than phone apps, since all the apps are sandboxed away from each other.) Or maybe https://community.timmc.org since it's a community offering. AT suggested https://sandstorm.timmc.org -- make it really specific. Anything else I should be thinking of?

timmc: (Default)
...everyone should celebrate at solar midnight, not the midnight of their time zone. Set off fireworks. You'd hear the roar coming towards you at several hundred miles per hour, and set off your own, and hear it recede around the curve of the Earth.

ETA: Hahaha, wait, this depends on your latitude! Let's do some math. Let your latitude be the variable lat°; the speed of sound at 0° Celsius is sSnd = 330 m/s; the radius of the Earth at the equator is rEq = 6.4e6 m. At what latitude will the speed of midnight (sMdn) move at the speed of sound? The radius of the circular section of the Earth at our latitude (rLat) is defined by cos(lat°) = rLat / rEq. The speed of midnight at our latitude is (2 * PI * rLat) / (24 * 60 * 60 s), the circumference divided by a day. We can set that equal to 330 m/s.

sMdn = sSnd
(2 * PI * rLat) / (24 * 60 * 60 s) = 330 m/s
rLat = 330 * 24 * 60 * 60 / (2 * PI) m
rLat = 4.5e6 m
cos(lat°) = rLat / rEq
lat° = acos(4.5e6 m / 6.4e6 m)
lat° = acos(0.703125)
lat° = 45° (or 0.79 rad)

So here at 42° midnight moves faster than sound, but more than a few hundred miles north of here it would work. :-)
timmc: (Default)

I really, really want to move off of Livejournal. Here's my vision:

  1. My friends make Dreamwidth accounts and post there instead, set to crosspost to LJ.
  2. Eventually everyone's posts are on both sites.
  3. Then we stop using LJ, since everyone is on DW as well.

(Why do I want to stop using LJ? Well, I don't want my private journal posts going over plain HTTP instead of HTTPS, where anyone in the café, ISP, and massive government surveillance apparatus can read them; Livejournal feels like it could die at any time and take the community with it; Livejournal's owners are sketchy and tight-lipped and I don't know who is being given access to my journal.)

So would you consider making a DW account?

  1. Sign up for a free account
  2. Set up crossposting to LJ
  3. Optional: Create access filters that match the names of your LJ access filters (otherwise cross-posts will just be friends-locked)
  4. Post so that people know your new account name!

I'm "timmc" on Dreamwidth. Friend me and let me know who you are!

DW is still rolling out TLS, so the crosspost link is still HTTP -- but for people using the HTTPS Everywhere browser extension, you'll be redirected to HTTPS when you click it.

timmc: (Default)

You probably know about the 4 ballot questions for Massachusetts this upcoming election (slot machines, charter schools, animal cruelty, marijuana) -- did you know that Boston will have a 5th Question? It hasn't been talked about much!

It's about the Community Preservation Act, which would establish funding for affordable housing, parks, and preservation projects out of a 1% increase in property tax (with certain exemptions) plus matching state funds. Below I've copied the text from page 5 of the Boston ballot questions PDF:

Question 5 )

And here are some resources and articles I dug up, since I don't know much about it myself:

...and that's all I've found so far, although I need to check in with one of housemates who I think has more details.

timmc: (Default)
One of the criticisms of self-driving cars is that they may be open to remote control by the authorities or crackers. (They definitely *will* by the latter, since existing cars have already been hacked. I mean purpose-built interfaces for slaving the car to a different set of controls.) Watching fire trucks try to navigate through the city this evening, I came to the conclusion that the way this will be marketed to the public is as a public safety measure to allow emergency vehicles to get through traffic more easily (instead of using a local-control model that does not involve handing over control.) So watch for that, I guess.
timmc: (Default)

I'm thinking of hosting an afternoon or evening event where people bring crafts they've been meaning to work on or items they've been meaning to repair. For instance, I have some pants to patch, a wooden tortilla press to build, and a chair whose seat needs re-caning. By holding an event, I'd like to arrange for three things:

  • If I bring together people who like building/repairing things, they will be able to pool knowledge and tools to mutually support each other's projects.
  • There would be social pressure to actually get shit done instead of getting distracted by YouTube and the like. (There's no TV in our living room, and I would ask people not to use their pocket TVs either.)
  • An excuse to have relaxed social time with friends.

So, this post is to gauge interest and work out scheduling. Here are some prompts; answer as many or as few as make sense to you.

  1. Would this be of interest to you? (What about some variation that you think would be better?)
  2. What are your scheduling preferences? (Weeknight, weekend morning/afternoon/evening.)
  3. What sorts of projects would you like to bring? What sorts would you like to help with?
  4. Are there any tools you would need that you don't have? Are there any tools you could bring that someone else might need?

This would be in the 2nd floor living room at our house in lower Allston. We also have a basement work area, complete with bandsaw of unknown usefulness and a random assortment of hand tools.

I'm also sending this out as an email, but I actually don't know either the LJ/DW names or the email addresses of many of my friends and acquaintances! So I've almost certainly left out some folks by accident -- if you know a friend who didn't get this and really should, feel free to pass it along!

timmc: (Default)
A thought popped into my head today regarding this weird overestimation Americans have (or at least the American popular press has) of the President's ability to get shit done: Perhaps it is easier for people to praise or blame a single person rather than a group (Congress). If the executive branch were headed by a triumvirate, would there be less of a laser-like focus on its importance?

I'm not much of a political scholar, so I'd like to know if this idea has any relation to reality.
Page generated Oct. 17th, 2017 08:20 pm
Powered by Dreamwidth Studios