Bad security from SpeedDate.com

The problem with having my first initial and last name as my email address is that I get a lot of email from other people. The other day, I started getting messages from SpeedDate.com. Not wanting to keep Barry from true love, I looked for a support address. There wasn’t one, so I tried going to the site by clicking the link. Imagine my surprise when I had full access to Barry’s profile.

Since I was in a good mood, I didn’t pretend to be Barry. I simply deactivated his account so that maybe he’d notice. The next day, I got another email saying a woman was interested in me Barry. Once again, I clicked the link to take me to the site. This time, I unchecked all of the notification options and put in a unused email address. I was interested to see what I could do if I were a bad person, so I looked at Barry’s profile information. He didn’t have much filled out, but he had his date of birth and his ZIP code. From which, I could use an online phone book to find his address and phone number.

That’s plenty of information for a social engineering attack. Considering he couldn’t enter his email address correctly, I’m willing to bet that if I called pretending to be from his bank, library, local police, etc. that I could get even more information out of him. Identity theft city, folks. It’s lucky for Barry that I’m generally a nice guy. Though it’s not really Barry’s fault that SpeedDate.com is stupid enough to allow unauthenticated access to user settings. I’ve tried to contact SpeedDate.com and have not yet received a response, so I’m opting to shame them publicly.

But ladies, if you’re looking for Barry, he’s not here.

What a sysadmin can learn from hurricane corner cases

One thing I’ve been focusing on lately is avoiding “It Works Well Enough” Syndrome. Maybe it’s because of the systems design classes I’m taking, or maybe it’s due to my frustration having to fix something that was done months or years ago because it no longer works well enough. Sysadmins are particularly vulnerable to this trap because we’re often not trying to develop software, we’re just trying to solve an immediate problem. Unfortunately, things change over time and underlying assumptions are no longer valid.

A relevant example from the world of tropical weather came up earlier this month. The National Hurricane Center’s 45th discussion for Hurricane Katia contained some very interesting text:

NO 96-HOUR POINT IS BEING GIVEN BECAUSE FORECAST POINTS IN THE
EASTERN HEMISPHERE BREAK A LOT OF SOFTWARE.

It makes sense that software focused on the Atlantic basin would only be concerned with western longitudes, right? It’s exceedingly rare for Atlantic tropical systems to exist east of the Prime Meridian, but apparently it’s not impossible. Whether it’s NHC or commercial software that the forecasters are concerned about is irrelevant. Clearly positive longitudes break things. It makes me wonder what broke when Tropical Storm Zeta continued into January 2006.

Sidebar — It’s not our fault/everyone else does it, too

I don’t mean to demonize sysadmins or lionize developers in the first paragraph. There are plenty of sysadmins out there who want to take the time to develop robust tools to solve their problems. Often, they just don’t have the time because too many other demands have been placed up on them. By the same token, developers who methodically design and implement software still end up with a lot of bugs.

On September 11: my memories and the role of technology in never forgetting

I really hadn’t intended to write a 9/11 post here. It doesn’t seem to fit with whatever this blog is supposed to be. But it’s all over the newspaper and it’s all over Twitter, and I’m sure if I turned on the TV I’d see 9/11 all over again. Even the Sunday comics were more touching than comic, so I guess it’s fitting that I share my thoughts.

The morning of September 11, 2001 dawned. I’m not sure how it dawned, because I was still sound asleep in my room at Purdue’s Cary Quadrangle. My alarm went off at some point to tell me to wake up and go to class, and I ignored it. A few weeks into my collegiate career, I had already decided that 8:30 chemistry lectures were optional. I didn’t wake up again until my roommate Carl came back from his morning classes. “Dude. One of the World Trade Center towers collapsed,” he told me. “Fuck off, Carl,” was my reply. I was barely awake, and I was convinced that Carl was bullshitting me.

So he turned on the TV.

I don’t remember what time it was. I don’t even remember where in the timeline it happened. All I know is that for the rest of the day, Carl and I sat on Lucy the Couch and watched CNN. We couldn’t look away. I don’t even think I left to go to the restroom until about 2:00 that afternoon. And that’s when I first started to realize the magnitude of what had happened. There were about 40 guys on my end of the floor, mostly freshmen and sophomores, and it was rarely a quiet place. Without air conditioning, we all kept our doors open to get air flow. But as I walked down the hall to the bathroom, I realized that all I could hear was the sound of everyone’s televisions.

That night, Carl and I went to go get dinner. I don’t think we went with friends as we normally did. It was more of a “we haven’t eaten all day and there’s no new news, let’s go grab a bite real quick” decision. The Cary dining hall, one of the most popular eateries in all of University Residences, was subdued. The kids of middle-Eastern decent looked nervous and ate quietly and away from everyone else. Were they afraid of misplaced retribution? To my relief, I never heard of such an occurrence at Purdue. The same could not be said for other college campuses.

Life returned to normal fairly quickly for us. No classes were cancelled. Homework was still there. Most of us, being generally Midwesterners, had few ties to New York City. While the news was horrific, it didn’t impact our daily lives. And here we are 10 years later. The political climate is soured. Our troops are still in Afghanistan. Laws passed to aid the fight against terrorism have been used largely to combat domestic drug crimes. And yet we maintain this promise to never forget.

And so I think about the other events that we, as a nation, have sworn to remember. The Alamo, the Maine, Pearl Harbor. Each of these events were a rallying cry for a moment in time, a common thought that drove the people toward a goal. But as time has passed, we seem to remember them less. The events are still recalled, but with no more clarity than a history lesson. The personal stories are fading, and continue to do so as a an ever smaller percentage of our population has first-hand stories to tell.

A decade on, the September 11 attacks are still remembered. Will they be in 2101? Certainly the history and political science texts will have much to say. But what will our national conscious say? Does the fact that the victims were civilians instead of military personnel make this more enduring? Will the digital age help preserve our stories? Or will time simply wash this event from our collective thoughts?

As a technology enthusiast, I am intrigued by the role that technology may play in our shared history. Although social media didn’t really exist in 2001, it now provides an opportunity for shared reflection. People are able to interconnect in ways that were not possible on December 7, 1951. We’ve seen the role Twitter and Facebook can play in driving revolution in oppressive regimes. What will our Tweets, our statuses, and our blog posts do to ensure we truly never forget?

Book review: Version Control by Example

A few weeks ago, I heard that Eric Sink was giving away copies of his new book Version Control by Example. Since I like free things and know just enough about version control systems (VCSs) to be dangerous, I figured I should get a copy. Turns out that was a wise decision. I use Subversion at work and Git with Fedora and personal projects, so I haven’t been able to get really good at either system. After reading this book, I’m still no expert but I’ve got a little more competence (and, more importantly, a handy reference).

As the title suggests, this book is centered around actual examples. In walking through Subversion, Mercurial, Git, and Veracity, Sink uses the same example scenario, making it easy to understand the similarities and differences between the systems. Although he clearly favors the distributed VCSs, the book gives Subversion a fair treatment, discussing situations where a centralized VCS is more appropriate (for example, when it’s necessary to have path-based access controls.

The best feature of Version Control by Example is the writing style. Much like the “for Dummies” series, the writing style is light and humorous. This makes it a very easy book to read through, and certainly aids my focus. The only downside to this book is that it lacks a detailed treatment of advanced topics. Still, as an introductory book this is excellent. Given that Sink seems insistent on not making any money off this book, I encourage anyone who uses version control in any capacity (or anyone who doesn’t but should!) to have a copy. Details on the free book offer can be found at http://www.ericsink.com/entries/vcbe_print_edition_free.html.

Purdue football predictions — 2011 edition

I was much more enthusiastic at this time last year. Many people are quick to explain away Purdue’s lousy 2010 season with the inexplicable rash of injuries, and there’s no doubt that the ever-growing list of disabled players was a significant factor. Unlike some, though, I haven’t absolved Danny Hope of blame. There have been too many questionable decisions and failures of fundamentals to think that this season will be as rosy as Hope seems to think. While there are some very talented players on the roster (Ricardo Allen may be the most exciting member of the Purdue secondary since Stu Schweigert), but there are a lot of questions hanging over this team.

Perhaps the largest is one of offensive identity. Despite the loss of Rob Henry to an ACL injury, Hope insists on running a two-quarterback scheme. I just don’t see that big of a difference between Caleb TerBush and Robert Marve that would justify this. Pick the best one and go with him until someone else is better. We’ll see how it plays out, but I have serious concerns and hope that Hope will settle this sooner rather than later.

In the meantime, let’s look at the schedule and see how badly I do. Admittedly, I’m surprised that I came up with six wins here. I figured 4-5 would be more likely.

Vs Middle Tennessee State: MTSU is 0-2 against the Big Ten, including a loss to a comically bad Minnesota squad last year. Still, they did make a bowl game last year, something that Purdue can’t claim. There’s no reason that Purdue should lose this game, but there is a recent pattern of losing at least home game against a team that should have been an easy victory. Purdue should win this one by double digits, but the game will be closer than the scoreboard indicates.

At Rice: A long road trip to hot conditions have some fans scared. Rice is no Texas juggernaut, and if Purdue shows up to play, this should be a win. The big concern is that the team isn’t well-hydrated and everyone falls over from cramps sometime in the 3rd quarter. The large Purdue contingent in Houston should give the Boilers a boost.

Vs Southeast Missouri State: If Purdue loses this game, I’m calling Morgan Burke.

Vs Notre Dame: It pains me to say this, but the Domers may be pretty good this year. Last year in South Bend, the Boilers looked incredibly lackluster, perhaps due in part to the fact that Robert Marve was still getting used to playing football again. Purdue hasn’t lost the Shillelagh four straight years since the mid-’90s, but I don’t have much hope for this game.

Vs Minnesota: Gopher fans have to be pleased with the fact that Tim Brewster is gone. Jerry Kill has beaten Purdue before (as the head coach of Northern Illinois in 2009), but he doesn’t have much to work with. Purdue’s defense might get tested a bit, but this game should be a win.

At Penn State: The first Leaders division game is a doozy. Penn State looks to be competing for the division title (especially if aOSU ends up with a post-season ban from the NCAA), whereas Purdue isn’t. Last year’s Lion squad was a bit of a disappointment, but I like them to be an 8-9 win team this season. It’s not out of the question, but I can’t see Purdue winning this one.

Vs Illinois: You can never tell what the Illini will do. Ron Zook is eternally on the hot seat, only to have his team do well enough to keep him around one more year. Last year, Purdue absolutely crapped the bed in Chambana, and I’d hope the coaching staff will remind them of that. Even in down years, Purdue tends to do well against the Illini at home and especially on homecoming. This will not be an easy win, but I expect it will be a win.

At Michigan: Brady Hoke was a smart hire for the Wolverines, but he still has to clean up from the RichRod era. If Michigan’s not bowl-eligible by the time this game rolls around, this might seal the deal. No matter what may be happening in Ann Arbor, the fact that Purdue has only won there one time in forty years does not bode well for the Boilers.

At Wisconsin: Wisconsin has outscored Purdue 71-13 in the past two years and Bret Bielma has not developed a reputation for mercy. The Badgers will contend for the Big Ten title and potentially be in the national title picture. Coming away from this game without being embarrassed will be about all Purdue fans can ask for.

Vs Ohio State: Last year’s game in Columbus was an atrocity. It was to be expected after the upset Purdue pulled in 2009. Will this year’s game in Ross-Ade be a repeat of said upset? There’s at least a chance, as it remains to be seen how the Buckeyes respond to their off-season drama. No matter what the rest of the country hopes, this won’t be a terrible team. Although Purdue has a chance to win, they probably won’t.

Vs Iowa: According to Jim Delaney, the Hawkeye’s are Purdue’s Most Hated Rival. Without Ricky Stanzi, Iowa is less of a threat. This team won’t be a failure, but assuming Purdue hasn’t all of the skill players again, the Boilers should win this game.

At Indiana: I hate saying anything good about IU, but the fact is they have the Bucket right now. Hoosier fans have good reasons to feel positive. Although they won’t have a great team this year, they seem to be headed in the right direction. They haven’t won the Bucket in two consecutive years since ’93-’94. Purdue will want this game, but here in September, I’m not convinced that Purdue will have enough at the end of November to win in Bloomington. It will be a close game, and either team can win, but I think IU gets this one. I sure hope I’m wrong.

Overall record: 6-6

Conference record: 3-5

Leaders division record: 1-4

 

Homemade pasta sauce

I’m not a foodie. I enjoy food, but I have an unrefined palate. Even so, I do appreciate home-cooked meals. One of my favorite things is making eating homemade pasta sauce. Back in the old days, I’d make it with a can of tomato paste and two cans of tomato sauce. It’s nice, because you can make it come out exactly how you want. The spices meet your mood for that meal.

Then I started going to the Farmers’ Market. As you’d expect, the fresh vegetables are way better. So it was only a matter of time until I started making my sauce from scratch. What I’m sharing here is not a recipe, because I don’t use one. Consider this post a set of guidelines.

The first thing to know is that it takes a great deal of tomatoes. Tomatoes have a high water content, and generally pasta sauce doesn’t. From about 10 pounds of tomatoes, I was able to get about 5 1/2 pints of sauce. Fortunately, tomatoes freeze well, so you can collect them all summer and make a big batch at the end of the year (assuming you have enough space in your freezer). If freezing tomatoes, be sure to give them a chance to thaw a bit so that you don’t freeze your hands off.

The next helpful bit of information: this is a messy process. Whether the tomatoes are fresh or frozen, you will get a lot of liquid all over the counter, and the floor, and your shirt, and so on. One thing that helped when working with previously-frozen tomatoes was to squeeze them out a bit over the sink (just try not to lose any of the flesh). I found a blender is an excellent way to get the tomatoes all chopped up in a quick manner. If your particular blender makes it easy to strain away some of the water, so much the better.

Once the tomato goop goes into the pot, it’s time to boil. Depending on how much liquid you were able to strain off, this step could take a long, long while. Fortunately, this gives you time to chop up whatever you want to add. Peppers, garlic, mushrooms, whatever. Now’s the time. Once that’s done, I add my spices. What and how much I add is dependent on my mood, but brown sugar is an under-appreciated additive (and yes, I know it’s not a spice).

Finally, after what feels like forever, the kitchen is miserably warm and the sauce has finally reached a sauce-like consistency. If you’ve been tasting as you go, that’s the end of the line. If you haven’t you may have some desperate flavor balancing to do (and also you’re probably not human). Once you’re satisfied with the result, you can eat it right away or save it for later. Mason jars are your friend in this case. The sauce freezes well, or if you have a pressure canner, you can can it to save space in your freezer.

Happy eating!