Jason’s musings

I just need a little time

Beauty of Mathematics

with 2 comments

While posting videos is not something I do very often at this blog. I came across this one particular documentary film that really struck me. It’s called Dangerous Knowledge and it’s about four thinkers — Georg Cantor, Ludwig Boltzmann, Kurt Gödel and Alan Turing who destroyed any hopes we would ever have for certainty in knowledge. The film is especially powerful to me right now as I have for weeks been obsessing with the limits of knowledge, undoubtedly to unhealthy levels. This film does not tell me anything new of course, but it presents it in a light that shows how very deep these problems were to these great mathematicians. The commentary for the documentary was also well chosen — Gregory Chaitin and Roger Penrose among those talking. At one point I was almost reduced to tears by the beauty that was hinted at.

Written by jasonmc

September 5, 2007 at 11:57 pm

Posted in mathematics, Video

IT Crowd series 2

leave a comment »

A new season of the British sitcom, the IT Crowd, set in an IT department/basement has just started showing on TV. It’s from Graham Lineham (the same guy as Father Ted). I must admit that first time round I didn’t find the series that funny (and neither did many people), or at least not laugh-out-loud funny; but the new series I’m glad to say had me in stitches. The characters are all basically still the same, but their production values seem to have increased massively. The first episode wasn’t set in the office, so maybe that had a large part to do with the hilarity.

If you can’t get it on TV, then fear not, it’s all over the interwebs. Check out stage6 or youtube.

Written by jasonmc

August 29, 2007 at 10:25 pm

Posted in television

Gecko engine does not render vibrant images on the mac

with 6 comments

I was looking at this beautiful image today in Firefox and made it my desktop background, but then I noticed that it looked even better as a background than in the Firefox window. A little more investigating revealed that (at least on mac) Gecko doesn’t render images as vibrant as Safari.

Webkit (Safari) vs. Camino (Mozilla):

Render

Just something to keep in mind next time you’re Flickring.

Written by jasonmc

July 8, 2007 at 12:23 am

Posted in Macintosh

To be on a cruddy campus network

leave a comment »

What’s been bugging me lately?

The disappointing residence network setup in TCD. They decided to use NAC (Network Access Control) technology to ensure “endpoint compliance” (manufacturer buzzword). What does that mean? It means that computers that want to connect to the network are placed in a quarantined VLAN and have to run software to check their computer for patches, anti-virus, etc. Next, on every boot, you are in another quarantined VLAN and must authenticate using your username and password, which then switches you to a more open VLAN (although it is still a private network). Also, periodically, you are placed on yet another VLAN and must ‘remediate’ using the software, again checking for patches and anti-virus, almost the same thing as registering.

In theory, like all things, it sounds like a great idea. Enabling people to connect themselves to the network. However, there are many problems with the system, and last weekend I had no net access because of it.

Let’s begin with registration, the software ‘works’ on windows, mac, and linux. Personally, I run a linux box on the network, and the software is actually just a script, which contains within it a gzipped binary! Once the script is run, it deletes itself! The binary is i386, and therefore cuts out all other users of linux systems (even amd64 if they don’t have 32 bit glibc). Last week, I had to remediate using the script, so I thought I’d run it in a knoppix virtual machine, as I definately do not want to be running random binarys on my authenticated software only Ubuntu box. I decided to do a packet trace of what it does:

GET /remediation/common/SMARegistration.jsp?regMethod=LDAP&uid=[intentionally blaned]&defaultUrl=http://NESSUS1:8080/remediation/Success.html&hw_ip=&mac=[intentionally blaned]&hw_desc=eth1&hw_ip=&mac=[intentionally blaned]&hw_desc=eth0&&hw_name=localhost&os=Linux%202%2E6%2E15-27-amd64-k8%20%231%20SMP%20PREEMPT%20Sat%20Sep%2016%2001%3A57%3A42%20UTC%202006%20x86_64&deviceDesc=Linux+Client&serverIP=tcd-rem.org HTTP/1.0

User-Agent: BSC Agent
Yes, that’s right, all it does it send a HTTP GET request! That request then sends back a status html page which is displayed in a web browser.

This means that anyone could simply just send a well formed request and be registered/remediated, even if their box is a malware infested windows machine. In my opinion, this is not security. Sure, perhaps users with viruses won’t ever know this, but that’s still security by obscurity.

My own problem was that the mac address the script sent back would be different from that I registered with, and that seemed to confuse the crapware that the system runs. Thankfully however, the computing service people are very friendly and the problem got solved.

There are many more complaints about NAC technology being a network manager rather than a security system

The vendor that our people went with is Bradford networks (take a look at the other Universities that use them, not exactly world class). I don’t want to know how much it cost. Strangely, I think they might be ripping off Cisco, as the software they provide is called CSA.exe/CSA.sh which is quite similar to Cisco security agent.

Ok, so other than it not being secure, and troublesome in fringe cases, what is wrong with the system for the average user. Well, the authorization system is a big pain in the butt, every time you boot your computer, you must sign in, and wait almost a minute for the VLAN to be switched and to be assigned a new IP address. It would be interesting to calculate the collective amount of time wasted waiting to connect to the network. That is not what computing is about.

Some other complaints about computing in college:

  • Requiring XP Professional, but not even using active directory (do they have some sinister deal with Microsoft?)
  • Switching from open source well performing products to expensive one-box appliance solutions, for instance the proxy server went from Squid to a Blue Coat systems proxy
  • Sending email off to Microsoft to be scanned for spam, again expensive
  • Tiny email quotas 60MB (compare with Google Mail’s ~3000MB and it’s a free service)
  • Restrictive firewall rules, yet they still allow all udp traffic inbound
  • Being very restrictive about who can have a website under the trinity subdomain. Compare with say http://www-tech.mit.edu (although this might be related to awful Irish libel laws)
  • Not evaluating Vista (even though it came out last November), and requesting manufacturers to supply laptops to students with XP

So, what is the major problem here?

If Trinity seriously considers itself to be a world class University, then it needs to start acting more like one in terms of internal infrastructure. Spending lots of money on third party solutions just doesn’t really cut it. I don’t know how good the is service people are at their jobs, but what I definately think is needed is to divert the money to bring in some top notch network engineers, and act a little more like the bigger Universities do.

Update: They now plan to roll the service out to the wireless network (which is already based on LEAP ANYWAY!); to enable lusers to connect without attending a ‘clinic’ (their jargon, which happens to be a member of the HELPDESK institute, what ever the fuck that is). This is even more shit, as often around campus, one wants to just flip open the laptop to check something real quick. Bastards.

Incidentally, LEAP is an unsecure bitch. I’d use another system, but they only use Cisco, and Cisco use LEAP, so I’m forced to be potentially realeasing my username and password evertime I connect. What fucking good is a NAC in that scenario anyway. Stupid fucks.

I used quite a lot of swearwords there, but I have to show my now comtempt for the situation. If an attacker gets my username and password, it would basically allow them to completely steal my identity, within and without college.

Written by jasonmc

February 5, 2007 at 11:59 pm

Posted in Computing

Fun with lisp

leave a comment »

Niall and I were recently looking at support for functions that return functions in different languages (our test being a function that takes a function and returns the derivative function).

Here is the python he was talking about (not using lambda would make it a lot more readable):

def D(f):

    return lambda x: (f(x+0.0004)-f(x))/0.0004D(lambda x: x**2)(3)

Since I’ve been learning lisp recently, from Graham’s ‘ANSI Common Lisp’, I decided to have a go at it in Lisp too. Currently I don’t know of any way to avoid using funcall.

(defun D(f) #'(lambda(x) (/(- (funcall f (+ x 0.0001)) (funcall f x) ) 0.0001) ) )(funcall (D (lambda(y) (* y y))) 3)

Update: I only noticed the section on closures in the book 2 days after spending time doing this. D’oh.

Written by jasonmc

January 24, 2007 at 11:31 pm

Posted in Computing, Programming

Arundhati Roy ‘We’ documentary

with one comment

Please watch this video if you can, it’s a documentary abour Arundhati Roy’s words, someone I’ve admired for a long time and would align myself closely to her values and humanity. It’s got a great soundtrack too. (Download it to watch full-screen: link)

Written by jasonmc

January 2, 2007 at 1:52 am

Posted in humanity, Politics, Video

Python implementation of “The Generation of Optimal Code for Arithmetic Expressions”

with 3 comments

We recently covered the paper “The Generation of Optimal Code for Arithmetic Expressions” in compiler design class, so I thought I’d implement the first two algorithms described in it in Python.

The one and two functions are the names that he calls his procedures.

Read the rest of this entry »

Written by jasonmc

December 3, 2006 at 1:24 am

Posted in Computing