November 28, 2007

Bad Health

Filed under: Uncategorized — Tags: , , , — alsuren @ 10:53 pm

It seems that I have a leaky lung (Pneumothorax, for those who care). It means that it hurts to breathe too heavily(so no dancing for a while, and walking anywhere fast is a route straight to fail), but they’re hoping that it can fix itself.

They want me to go in tomorrow(thursday) to see if it’s getting worse or better. That’s quite annoying, because I was planning to do my full technical report today/tomorrow, and go to the careers fare on friday.



November 27, 2007


Filed under: Uncategorized — Tags: , , , , , — alsuren @ 12:09 am

I spent today drifting, and failing to do anything. I think this term is slowly killing me. Can’t wait for it to be over.

I have also been chatting with Alex about the “Microsoft Imagine Cup” (Herbert challenge) and I reckon it would be hilarious if it could be solved using a rainbow table. The outputs (equiv. of hashes) would be 625 bits long, and the input (equiv. of passwords) would be valid H programs.

Goes something like this:

while (still space on disk) and (length of program < 100 bytes):
    #Be sure to generate shortest/most likely programs first. This is a greedy algorithm
    bit[25][25] grid={0,0,0,0...} #25x25 bit array. 1=travelled, 0=not travelled
    while (still interesting things happening): #how to decide this?
        grid[x,y]=1 # see note
        if grid not in sqldb, or sqldb[grid].length < h_program.length:
            sqldb.record(grid, h_program) #be sure to record the length in bits as well.

Then, to get the best solution to a problem:

for grid in (paths which will solve this problem): # see note
for program in programs:
    if program solves problem:
        return program

What if we go over a grey square (resets all squares we’ve covered)? Should we:
create a new blank grid each iteration of the generator loop (cost of this might be quite large),
or store the order in which we last travelled across squares (this may help to spot infinite loops),
or just search for a few grids that might not be valid? Is there a better way of representing the state of the grid?

If someone wants to make an order of magnitude estimate of how long this would take, or how much memory (I don’t know how much memory a sparse rainbow table would take), or suggest any optimisations, feel free. I suspect that the most costly thing will be the sql transactions. I also suspect that the best algorithm will be the one with the nicest representation of grid, and has the best trade-off between time spent in the generator loop, and time spent in the search loop.

There are a bazillion ways of profiling and optimising to make it go fast (eg. by recognising discarding programs that will be rubbish, doing things in-memory before writing them to the database on disk). Writing something that can be distributed on the web, (using BOINC or the engineering dept’s gridengine) could also speed things up, but only if it looks like it won’t be able to find adequate solutions before the competition deadline. This is probably the kind of thing that you just have to leave running for a few days, generating the table, and profiling itself, then check how well it’s doing, and see if you can think of things that will speed it up if it’s still only finding really shit solutions to easy problems.

November 14, 2007


Filed under: Uncategorized — alsuren @ 5:00 pm

So it seems that I lose at buying stationary. It took me 3 tries to get pencil leads (once I forgot my card, and only had a very small amount of cash. I asked the girl at checkout to keep my stuff safe and when I came back… that’s another attempt failed, but third time is always lucky.

Anyway: I’m not sure who should win the German Engineering award. It will either be Lamy or Faber-Castell.

Lamy for making a very simple fountain pen that feels really good to write with. It kinda feels a bit cheap, but at least it doesn’t have any of that chromed die-cast metal that parker pens all have. Hopefull it will stand the test of time

Faber-Castell seem to have perfected the automatic mechanical pencil idea that I mentioned in . I don’t know whether it will still work in a year, but I will try not to take it apart and bugger it, like I seem to have done with two of my staples ones. It seems to be better at feeding new leads than the Staples ones, which is a big win.

Only time will tell.

November 9, 2007


Filed under: Uncategorized — alsuren @ 12:05 am

So it seems I’m using wordpress now. I’m also using drivel (a gnome app), rather than the web-based interface. It’s a bit ugly: give me an email interface any day, but it’s better than using a web based thing.

On the other hand, I expect it will mangle my posts a little less than email does, so I won’t complain too much. I’ll just have to try writing a plugin for kontact that makes it upload your “journal” to wordpress.

November 3, 2007

[Proposal] Debian/Ubuntu "web of trust" packages.

Filed under: Uncategorized — alsuren @ 1:02 pm

[background] on Linux, sensible people *never* install programs that haven't
been digitally signed. This is how linux users avoid most malware bollocks:
Each time you sign a package, you give your word (generally trackable back to
the name on your passport) that it isn't malicious. Signing a malware
package, as a trusted developer, would get your name pasted all over
slashdot, and you would be flamed about it for years. (and possibly even sent
to prison, like a virus writer would) [/background]

Most of us on debian have (at some point) tried to install something, and it's
not been signed with a trusted key (one used by a trusted person). We then
have to go and get the key from a keyserver, in order to avoid error messages
each time we install a package signed by this person. This is ugly for a few

a) How do you know that the key is trusted. You just got it off an arbitrary
webserver. None of your friends told you that it could be trusted.

b) Can anyone *ever* remember the command for importing keys, and telling apt
that they're trusted?

This is also a problem that alexreg and I identified as a requirement for our
windows apt-msi project, if it ever got off the ground. I think I have a
potentially elegant solution to this problem. Read on.

1) Create a package called trust-<name>-<fingerprint>-1.0.deb, which
automatically imports your key.

2) Make all of your packages depend on >=trust-<name>-<fingerprint>-1.0

That way, anyone who installs your package will only get warned once (if they
get warned a second time, then they can start to worry, in the same way that
ssh server keys work). This scheme *should* work without any special support
from apt.

Also, if you know a trusted developer, and they have you on their web of
trust, you can ask them to sign trust-<name>-<fingerprint>, and put it in
their repository. This way, users (or smart package managers) can install the
trust- package first, and proceed without having *any* "unsigned package"

One thing that could be a little tricky is trust revocation. It might be
possible to create a package called trust-<name>-2.0 which revokes trust in
the key, but an attacker could create a package called trust-<name>-3.0 that
foils this scheme. On the other hand, getting onto someone's web of trust
generally means that they have seen your passport, so creating a situation
that required a key to be revoked would necessarily involve identity theft.

What do you all think? Could it work?

November 2, 2007


Filed under: Uncategorized — alsuren @ 11:45 pm

*while playing anaconda*

"It would be quite interesting to play this on an infinite plane."

Blog at