Jason’s musings

A new season of the British sitcom, the IT Crowd, set in an IT department/basement has just started showing on TV. It’s from Graham Lineham (the same guy as Father Ted). I must admit that first time round I didn’t find the series that funny (and neither did many people), or at least not laugh-out-loud funny; but the new series I’m glad to say had me in stitches. The characters are all basically still the same, but their production values seem to have increased massively. The first episode wasn’t set in the office, so maybe that had a large part to do with the hilarity.

If you can’t get it on TV, then fear not, it’s all over the interwebs. Check out stage6 or youtube.

Just like Gareth, I lead a very fragmented life online.

Del.icio.us - where I put all my bookmarks of interesting and useful stuff I find on the web.

For social messaging: Twitter, Jaiku and Pownce.

Facebook - my social network of choice, I also have stagnant Bebo, Orkut and MySpace profiles.

I also have Flickr photos, youtube videos, Plazes, Last.fm, allconsuming and 43things. No doubt I’ve missed a few, and some of these I barely use, such as digg and reddit accounts.

Obviously this list will save private investigators plenty of time.

I was looking at this beautiful image today in Firefox and made it my desktop background, but then I noticed that it looked even better as a background than in the Firefox window. A little more investigating revealed that (at least on mac) Gecko doesn’t render images as vibrant as Safari.

Webkit (Safari) vs. Camino (Mozilla):

Just something to keep in mind next time you’re Flickring.

The polls will close in ten minutes for the Irish general election. Unfortunately I am outside my constituency and cannot return as it is exam time (and I also didn’t have a chance to move my vote or do a postal vote). A few people have mentioned that the government scheduled the election at this time because they knew students would be away from home doing exams now, and students are generally thought to be for change (some people also comment that Sinn Fein has a large student support these days due to their socialist policies). At least we’re better off than in the UK, where because of first-past-the-post, the Lib Dem voting students at home have almost no effect nationally.

It will be interesting to see how it goes anyway. We might be electing the people that will see this country’s economy collapse, even though none of them acknowledge that it will.

At this junction in my life, and I don’t really know where either path will take me. Both paths are one way only. The decision will soon be taken however.

So I’m at home for easter, they just got broadband; and I decide it’s time to try second life (even tho I’ve been slagging it for ages). Anyway, it’s actually pretty neat. Where do I decide to go when I’m in Second Life? - Dublin of course! I discovered that someone used a TCD photo I uploaded to Wikipedia:

Keep reading →

What’s been bugging me lately?

The disappointing residence network setup in TCD. They decided to use NAC (Network Access Control) technology to ensure “endpoint compliance” (manufacturer buzzword). What does that mean? It means that computers that want to connect to the network are placed in a quarantined VLAN and have to run software to check their computer for patches, anti-virus, etc. Next, on every boot, you are in another quarantined VLAN and must authenticate using your username and password, which then switches you to a more open VLAN (although it is still a private network). Also, periodically, you are placed on yet another VLAN and must ‘remediate’ using the software, again checking for patches and anti-virus, almost the same thing as registering.

In theory, like all things, it sounds like a great idea. Enabling people to connect themselves to the network. However, there are many problems with the system, and last weekend I had no net access because of it.

Let’s begin with registration, the software ‘works’ on windows, mac, and linux. Personally, I run a linux box on the network, and the software is actually just a script, which contains within it a gzipped binary! Once the script is run, it deletes itself! The binary is i386, and therefore cuts out all other users of linux systems (even amd64 if they don’t have 32 bit glibc). Last week, I had to remediate using the script, so I thought I’d run it in a knoppix virtual machine, as I definately do not want to be running random binarys on my authenticated software only Ubuntu box. I decided to do a packet trace of what it does:

GET /remediation/common/SMARegistration.jsp?regMethod=LDAP&uid=[intentionally blaned]&defaultUrl=http://NESSUS1:8080/remediation/Success.html&hw_ip=&mac=[intentionally blaned]&hw_desc=eth1&hw_ip=&mac=[intentionally blaned]&hw_desc=eth0&&hw_name=localhost&os=Linux%202%2E6%2E15-27-amd64-k8%20%231%20SMP%20PREEMPT%20Sat%20Sep%2016%2001%3A57%3A42%20UTC%202006%20×86_64&deviceDesc=Linux+Client&serverIP=tcd-rem.org HTTP/1.0

User-Agent: BSC Agent
Yes, that’s right, all it does it send a HTTP GET request! That request then sends back a status html page which is displayed in a web browser.

This means that anyone could simply just send a well formed request and be registered/remediated, even if their box is a malware infested windows machine. In my opinion, this is not security. Sure, perhaps users with viruses won’t ever know this, but that’s still security by obscurity.

My own problem was that the mac address the script sent back would be different from that I registered with, and that seemed to confuse the crapware that the system runs. Thankfully however, the computing service people are very friendly and the problem got solved.

There are many more complaints about NAC technology being a network manager rather than a security system

The vendor that our people went with is Bradford networks (take a look at the other Universities that use them, not exactly world class). I don’t want to know how much it cost. Strangely, I think they might be ripping off Cisco, as the software they provide is called CSA.exe/CSA.sh which is quite similar to Cisco security agent.

Ok, so other than it not being secure, and troublesome in fringe cases, what is wrong with the system for the average user. Well, the authorization system is a big pain in the butt, every time you boot your computer, you must sign in, and wait almost a minute for the VLAN to be switched and to be assigned a new IP address. It would be interesting to calculate the collective amount of time wasted waiting to connect to the network. That is not what computing is about.

Some other complaints about computing in college:

• Requiring XP Professional, but not even using active directory (do they have some sinister deal with Microsoft?)
• Switching from open source well performing products to expensive one-box appliance solutions, for instance the proxy server went from Squid to a Blue Coat systems proxy
• Sending email off to Microsoft to be scanned for spam, again expensive
• Tiny email quotas 60MB (compare with Google Mail’s ~3000MB and it’s a free service)
• Restrictive firewall rules, yet they still allow all udp traffic inbound
• Being very restrictive about who can have a website under the trinity subdomain. Compare with say http://www-tech.mit.edu (although this might be related to awful Irish libel laws)
• Not evaluating Vista (even though it came out last November), and requesting manufacturers to supply laptops to students with XP

So, what is the major problem here?

If Trinity seriously considers itself to be a world class University, then it needs to start acting more like one in terms of internal infrastructure. Spending lots of money on third party solutions just doesn’t really cut it. I don’t know how good the is service people are at their jobs, but what I definately think is needed is to divert the money to bring in some top notch network engineers, and act a little more like the bigger Universities do.

Update: They now plan to roll the service out to the wireless network (which is already based on LEAP ANYWAY!); to enable lusers to connect without attending a ‘clinic’ (their jargon, which happens to be a member of the HELPDESK institute, what ever the fuck that is). This is even more shit, as often around campus, one wants to just flip open the laptop to check something real quick. Bastards.

Incidentally, LEAP is an unsecure bitch. I’d use another system, but they only use Cisco, and Cisco use LEAP, so I’m forced to be potentially realeasing my username and password evertime I connect. What fucking good is a NAC in that scenario anyway. Stupid fucks.

I used quite a lot of swearwords there, but I have to show my now comtempt for the situation. If an attacker gets my username and password, it would basically allow them to completely steal my identity, within and without college.

Probably if you know me, you are aware that I’ve been a vegetarian since I was 4 years old (17 years without meat). Here I just want to clarify my current perspectives on the matter.

The first reaction I often get when I tell people I’ve been a veggie since 4 is “Your parents are vegetarian too then?”. Quite the opposite, I became a vegetarian against the behest of my parents. My household is of the meat as a main food variety.

I first became a vegetarian because, quite simply, I didn’t like the taste of meat products. Coming from a farming family may have served to make me feel a little repulsed at the idea of eating animals too. But, I’ve never really had an ethical problem with eating meat, and I consider it perfectly natural for humans to be carnivores (factory farming I do have ethical problems with). Humans have been farming animals for so long that evolution has had time to occur and in the scheme of things, those animals really do exist for human consumption. I’m not going to go into details here, but that’s what I take from my limited knowledge of evolutionary biology.

So, why am I still a vegetarian? Quite simply, that’s just who I am. I now consider it part of my identity, not in some superficial way, and I would definately eat meat if it was required to survive. Perhaps I am revulsed also by the idea of eating an animal, and there is still a taste factor. I also think that it is a good health choice, as there is no doubt that meat should only be consumed in limited amounts, again due to evolution when homosapiens were hunter gatherers and meat came once a month. I do have difficulty however keeping protein intake high enough, but I’m addressing that problem.

An interesting experiment would be for me to try red meat and see what kind of mental effects it may induce, given my inexposure to many of the chemicals that it contains. Would I suddenly have a massive burst of testerone production or similar effects? I can only wonder.

Niall and I were recently looking at support for functions that return functions in different languages (our test being a function that takes a function and returns the derivative function).

Here is the python he was talking about (not using lambda would make it a lot more readable):

def D(f):

    return lambda x: (f(x+0.0004)-f(x))/0.0004D(lambda x: x**2)(3)

Since I’ve been learning lisp recently, from Graham’s ‘ANSI Common Lisp’, I decided to have a go at it in Lisp too. Currently I don’t know of any way to avoid using funcall.

(defun D(f) #'(lambda(x) (/(- (funcall f (+ x 0.0001)) (funcall f x) ) 0.0001) ) )(funcall (D (lambda(y) (* y y))) 3)

Update: I only noticed the section on closures in the book 2 days after spending time doing this. D’oh.

Please watch this video if you can, it’s a documentary abour Arundhati Roy’s words, someone I’ve admired for a long time and would align myself closely to her values and humanity. It’s got a great soundtrack too. (Download it to watch full-screen: link)