idlethreat

I got a Kindle 2 for Christmas.

Did you know that Google has books in the public domain scanned in, and you can download them in EPUB format, load them right on and go to town? Isn’t that just awesome?!

Consider this: Right now, Google has over 7.5 million books scanned written in English and in the public domain. If I could read those at a rate of one per minute, for 16 hours a day, I’d be finished in… roughly 21 years. And that’s just the free ones I actually can understand. I’ve been threatening to learn to read Japanese and Russian for a while, but if occurs to me now that if I do, I’ll have yet more books to read.

As it is, I already have over 200 books on the thing. Most of them science fiction paperbacks. If you stacked them one on top of another, they’d reach 12.5 feet high. I haven’t had to charge it in a month. Pretty impressive for something that’s only a third of an inch thick.

In a single copy of the New York Times, there is more information than your average medieval peasant was exposed to in their entire life. In the Information Age, you will not be characterized by the amount of information you have available to you. You will be characterized by the quality of information you receive, the choices of what you take in.

Think about that next time somebody sends you another email with a LOLcat in it.

crickel Amusing

Hi everyone! A friend of mine convinced me that I should be putting technical items up on a blog. So without further ado:

Everyone knows that transmitting private data using https is far more secure than using http. But how secure is it, really? There are many different encryption methods that https has available to it, especially in a default configuration. Sometimes, however, you may not have the configuration available to check. And even if you have access, even when you’ve modified your default configuration to be secure, rogue included configuration files may change the ciphers settings on a site-per-site basis. The best way to be sure that your website is configured to use strong ciphers is to test it.

There are many fine tools out there that already fill this need. Some of them, such as Foundstone’s SSLDigger, can even generate and save attractive reports to hand to the administrators. (Red ink is optional.) The fastest way to test your cipher strength, though, is right within your reach at the command line.

There are two applications I’m going to cover here, curl and openssl.

openssl

openssl has many useful commands when it comes to using ciphers. Right now, I’m only going over the two we’re concerned with. The first, of course, is the ‘openssl ciphers’ command, which can fetch you a list of ciphers available on the server. If the cipher isn’t in this list, you can’t even configure your system to use it, so doublecheck what LOW, MEDIUM, and HIGH ciphers you have available first!

openssl cipers -v 'HIGH'

The second command is the openssl s_client. It has a couple quirks. Here’s an example:

echo 'GET HTTP/1.0' | openssl s_client -connect gmail.com:443

Notice that the line starts with an ‘echo’. When s_client connects to a host, it then waits for user input for what it sends to the remote host. It needs to send an appropriate ‘GET’ string in order to fetch data. So we feed that input to it in a pipe, it’s happy, the remote server’s happy, and everybody gets what they’re looking for.

This little command is quite versitile and robust. For instance, you can fetch a remote certificate and check the dates on it like this:

echo 'GET HTTP/1.0' | openssl s_client -connect www.google.com:443 2>/dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
openssl x509 -noout -subject -dates

What we’re interested in, though, is testing out ciphers.

echo 'GET HTTP/1.0' | openssl s_client -cipher HIGH -connect gmail.com:443

The -cipher option takes a cipherlist and uses only those ciphers. For the the nitty gritty details about what constitutes a cipher list, check ‘man ciphers’ - but you should already have a good idea on this. Remember to make sure and use ‘openssl ciphers’ to check your server specifically if you’re having problems!

curl

One thing that’s important to note is that we’ve found through testing on multiple servers that the curl command does not always use the ciphers given in the arguments. Sometimes it fails and simply continues on with the strongest ciphers available instead. That said, if it DOES use the proper ciper (and you can tell if it does in the verbose output!) it’s more convenient since you don’t have to pipe things at it.

curl --ciphers HIGH -v https://www.google.com

Note that if you’re trying to pipe output to a file, more or less, curl uses STDERR for all its verbose output, and STDOUT for all the. You’ll need to redirect both of them in order to get the whole story.

curl --ciphers HIGH -v https://www.google.com &> test.txt

Using the pipe is even more fun. This redirects STDERR to STDOUT and then lobs them both through the pipe:

curl --ciphers HIGH -v https://www.google.com 2>&1 | less

There are many more options available to curl that can be found in the manual, including authenticating with usernames and passwords, POST variables, change the user agent and even limit the speed to simulate real user scenarios.

Using these commands, you can quickly and easily test your webpage performance under realistic scenarios and record results from ciphers on the command line directly, without having to break out your GUI and get your hands dirty.

crickel Code

Wow. it’s been a while since I posted anything on here. Here’s hoping this one is worth the wait.

I recently came across Synplant and have been using it in its three-week testing mode to see if I liked it enough for purchase. Short and sweet, it’s a pretty damned interesting a fun plugin to explore music.

While digging around in the software, I run across the fact that the Synplant patch files (called .synp) are nothing more than text with minimal formatting and settings for the Synplant application itself:


SynplantPatch: {
Version: 10
Implementation: 10
Name: "AZ Quartet"
ModWheel: 88.18897605 %
Rotation: 0.00000000 degrees
Tuning: +0.00000000 ct
Atonality: 7.26197660 %
Effect: 29.45638895 %
Release: 1.23537318 s
WheelScale: 41.46341383 %
VelSens: 50.00000000 %
Volume: -9.32751660 dB


“Well damn,” I thought to myself “I can probably write up a random sound generator with that”. So, with a bit of hacking and some Python, I did.

The resulting application is named GeneticModification for Synplant. It seems to work pretty much 100% with v1.0.1 (154) with no crashes or problems with the synth.

If you want to download and check it out, please get it from [[right here]]. You will need Python 2.6.1. To make it work, run the script by itself. It will create a new, randomly named patch for you in the current directory. Keep running the script over and over to make more patches to play with.

If you just want to check out some of the patches that GeneticModification makes, I’m also making available a set of free randomly generated Synplant patches. You can download the patches from [[download patches]]

That should be enough to get you running. Remember this script is extremely early in its development cycle, so check back to see if and when I get new features for it.

Enjoy the new sounds that it makes! If you end up making some great stuff, send me a copy!

Cheers,

tom

Quick Edit!

Since Python isn’t default on any Windows systems, I’ve lovingly hand crafted up a GM For Windows. This can help you out if that happens to be your OS of choice. MD5 is 67da86bce4841dc028bc48d1199029a1 and I’ve personally tested it on 32 bit XP without any issues.

Enjoy!

tgiles Uncategorized