March 2007

wednesday night / a site for sore eyes
choose one: a few recent posts; links to embarassing things; rss was for robots.

March 5, 2007
always bring me home

i think this is a useful script; shaver would probably do it without the temp file, though.

you put it in ~/bin, and symlink rpmbuild to it. then, whenever rpmbuild fails because some rpm isn't installed, it installs them (using rum, of course), and then runs the command again:

#!/bin/sh app="/usr/bin/${0##*/}" if [ ! -x "$app" ] ; then echo >&2 "specinst: $app not found" exit 1 fi errfile=$(mktemp -q) if (( $? )) ; then echo >&2 "specinst (${0##*/}): could not create temp file" exit 1 fi if ! "$app" $@ 2>"$errfile" ; then rpms=$(awk '/is needed by/ { print $1 }' < "$errfile") if [ ! "$rpms" ] ; then cat "$errfile" >&2 rm -f "$errfile" exit 1 fi rm -f $errfile echo "specinst (${0##*/}): installing $rpms" sudo rum in $rpms && "$app" $@ fi

also it probably only works in english locales. it has not been tested extensively.

* * *

March 6, 2007
way to go ohio

a transcript of a pbs show on the GM Streetcar Conspiracy as it relates to cleveland's streetcar system.

one of my fondest childhood memories might be going to mcdonald's for lunch on occasional fridays with my mom; before they renovated the mcdonald's they had a bunch of old tyme pictures of streetcars and stuff going through cleveland heights. i wonder where all those pictures ended up?

* * *

March 8, 2007
Mesh-Ane-Pada taught me how to sulk and love nothing

i'm really hoping weird al does a bloc party parody called Cuneiform.

* * *

March 10, 2007
break all codes

uhhh.... pass?

* * *

March 14, 2007
i have never been more terrified of the future

on the heels of an article on container shipping, a recent (i'm behind again) economist article discussing corporate r&d had this disturbing premonition from a microsoft researcher on "media applications":

[Steven Drucker] envisages a world where people will take telephone calls from their television sets, ... and receive relevant advertisements.

where do i sign up?

first of all, who would want to use their tv for a phone? i'll give you a hint: nobody. if anything, the trend for phones over the last, oh, 50 years, has been to more portability and the ability to use them concurrently with other things: first, with long cords, then with cordless phones and mobiles. i don't even think there needs to be a secondly.

this other bit was in there:

And although Google's engineers can devote 20% of their work-time to their own projects provided it helps the company, the footsoldiers roll their eyes and admit that such time is usually found on Sunday afternoons.

* * *

March 15, 2007
this is it

the bruins' schedule over the last next weeks is pretty intense:

THREE games against Montreal (one spot ahead in the east)
TWO games against Ottawa (i hate chris neil)
TWO games against the Rangers (tied with Montreal)
TWO games against Pittsburgh (they could win their division)
SOME other games

those are a lot of points against teams ahead of them! of course there aren't many behind...

* * *

March 17, 2007
super awesome post-shoveling breakfast

this is how it's done:

1 tall glass each of orange juice, limeade, and water
2 extra jumbo eggs
4 slices wholest wheat bread (there should be largs nuts and stuff in it)
4-6 slices of the thickest-cut bacon you can find. i suggest asking a vegetarian who works at the store where you could find "ribs"
2 jams, jellies, preserves, marmalades, or other toast topping of your choice

the first two slices of bread should be toasted and dipped into the egg yolks. ideally, the yolks should be first pierced by slices of bacon, but it wasn't ready in time today. this should be enjoyed with the glass of orange juice while walking around with some good music on, and as time permits the first few slices of bacon.

the other two slices of bread should be toasted (if you do two toasting cycles beware: the second group might come out a little burnt) and topped with the spread of your choice. today, i enjoyed a lemon pear marmalade, and a raspberry jam. the rest of the bacon should be interspersed here, along with the limeade.

as you finish the last few bites of either the toast or the bacon - the raspberry jam i had was so good i saved it for last - get cracking on that water. you might be getting pretty full by now, but persevere: you just ate a pound of bacon.

get your roommate to do the dishes.

that's why we hate LA

* * *

March 19, 2007
if your last name is not Schwan, you may wish to return tomorrow

Lyricist Neil Peart read ten books about the Manhattan Project before writing the lyrics so that he had a proper understanding of what the Project was really about.

-- wikipedia

* * *

March 20, 2007
i <3 ne

hmm, today is the 20th, you say?

i went to bed last night with it snowing outside. i woke up this morning and it was warm enough to go for a run in shorts and a t shirt. a shivering bird told me it's going to be in the teens tomorrow.

the following is a summary of why yesterday was not an awesome day:

i have been putting off trying to get my luggage fixed since it was damaged by air canada almost two months ago. but the repair claim is only valid for 60 days (exceptions must be made), so it's time to get to it.

the damage claim only had toronto-area repair places. so i spend a good half-hour trying to find a phone number, or a list of repair places on air canada's web site. not much luck. so i think at this point i call one of the places in toronto; maybe they know. they said to call the 888 number, as if i should know it by heart. after he reads it to me, i notice that it's the 888 number printed on the damage claim. ok.

so i call air canada and eventually get a offshore call center. the woman seems pretty confused by my story ("your luggage was... damaged?"), but manages to provide a name and phone number. i call them up, they're in pittsburgh, and don't know anyone to call in boston. so i call air canada back.

the guy tells me that i can drop it off at any fed ex drop off location, and they will send it out to get fixed. he stressed that i should be sure to include a note saying where it should be returned, and that unfortunately he could not help me find a fed ex drop off location. i said i could probably manage that part, but to where do i send the luggage?

"just drop it off at any fed ex drop off location; they know where to send it."

i have dealt with fed ex before, and they are nowhere near that competent. does he actually believe that fed ex has become not only sentient, but omnipotent? he probably doesn't even know what fed ex actually is. i ask. he doesn't understand the question.

i ask how fed ex knows where to ship them. "they have a list." what fortune! this is precisely the list i'm calling to find out about! maybe he could tell me what places are on this list? before i go and humiliate myself at fed ex trying to explain how they're just supposed to know where i need my package sent?

he gives me the name. it's the place in pittsburgh. i hang up and sigh.

* * *

March 20, 2007
i couldn't have said it better myself

I had so many people to watch, that today you don't have that anymore.

bernie mac, on comedians today (such as himself)

* * *

March 21, 2007
this one is also for his imperialness

...the Republicans were nowhere. Their most popular candidate, by this measure, was Ron Paul, an obscure outsider from somewhere in Texas.

-- the economist, on candidates' popularity with the myspace crowd

this is the typical no-nonsense, objective, keep-your-smarmy-comments-to-yourself writing style that i enjoy each week from the economist.

frustrated by the daunting list of bands that play boston each week, of which i have heard of maybe 1 every three months, i've decided on a new policy. at some yet-to-be-decided interval - between weekly and monthly - i will likely purchase a new record based solely on its cover.

there is more logic in this than was immediately apparent to me: there is not quite as much released on vinyl these days, so that which is was probably loved a little bit more by someone than whatever new cd is out. and the whole point of cover art is to try to sell something to me, so why not let it do its job.

yesterday's choice was lymbyc systym's new album love your abuser. i picked it up because they had a track on it called pittsburgh left. you see, in pittsburgh, when the light goes green, traffic going straight usually pauses for a couple of cars to turn left without an arrow.

it works well there, but since then i've been terrified by the thought of pittsburghers trying to take their act on the road, expecting others to be as kind. i can't imagine them pulling it off in boston.

i decided to not even look them up on wikipedia before listening to the record, in order to not prejudice my opinion. in fact, i was delighted to find that the album was not only tolerable, but i actually liked it. it was kind of like boards of canada turned up a couple of notches, with hints of awesomeness, but not really peaking. which sounds maybe lame, but it's nice to listen to while reading about shipping containers.

it turns out they were just here (twice!), and they have some stuff on the etree, including a heights show.

i can't tell whether this week's success should have me encouraged for next week, or whether i'm just setting myself up for disappointment.

also the new apostle of hustle finally reached the states, and i've been enjoying it.

* * *

March 21, 2007
even more boring

my mozilla friends have broken the osuosl mirror, presumably, so i set out to get rum to start using the kernel.org one. i wrote a script to generate a nice repos file for me. it uses advanced shell techniques such as numerical (C-like) for loops and arrays!

* * *

March 24, 2007
a retarded monkey's guide to effortlessly running your own CA with apple keychain

i hate x509 certs so much, it is no secret.

when my email was down last night, i decided to take advantage of the opportunity and finally migrate my home email/dns/dhcp server from my ppc mac mini to a core duo one. the install went cleanly, of course, and installing darwin ports went well. i was delighted to find that they added launchd scripts for the three daemons since the last time i updated things.

i copied all of the data over from the old machine, got dns and dhcp going quickly, but Mail.app complained that the imap server's cert didn't specify a CA. i could not find where the CA cert was installed on the old machine, and since the cert was for the wrong hostname i figured i'd start from scratch.

so, open keychain access, and go to File -> New Keychain... to create a new keychain for your CA. if you are clever, you will use a different password for this one, and then forget it, and have to do this again. then, fire up the awesomeness with Keychain Access -> Certificate Assistant. if iTunes is the best windows app ever, then perhaps Certificate Assistant is the best app on os x.

first, Create a Certificate Authority (CA). this cert will be self-signed. i recommend using a special email alias here - such as ca@example.com, which will be detailed later. for the Common Name, i use the name of the CA (not my name). make sure you make the cert valid for like, a thousand years, otherwise things will break and you will be sad (how's it going, shaver?).

i used all of the default settings for the rest here, although perhaps i wanted to disable the signature capability. make sure you save it in your CA keychain! this is just to make your life more simple. you'll be prompted for your keychain password.

you'll want to accept certs issued by your CA, so drag your CA cert from keychain access to your desktop. then, double click on the CA.cer file, and add it to the X509Anchors keychain. i had to restart keychain for it to now think that my CA cert was valid.

now it's time to make a cert for your service. run Certificate Assistant again, and this time create a certificate for yourself. you do not want to self-sign this one, and again use an email address you don't normally use, perhaps a root@ or admin@ one. the Common Name should be the hostname for your service (for example mail.87k.net). after clicking continue, you should choose the CA cert from your CA keychain for your issuer. again, i used all of the defaults and saved it in my CA keychain.

now to get your cert out of keychain so you can install it on your machine. first, select your new service cert and File -> Export... it as a .pem. note that if you want to use the hostname as the file name, be sure to include the extension in this dialog, otherwise it will drop the last bit (.net). do the same for your CA cert.

here it gets just a little tricky. since we've been using apple software, there's of course one small thing it won't let you do. in this case, it's exporting your private key in pem format. (un)fortunately, the openssl "tool" can help us out here, dispite its best efforts.

File -> Export... your new cert's private key as a .p12 file. you don't need to specify a password for the key, but you can if you want. then, open up Terminal and run the following commands:

$ openssl pkcs12 -in hostprivkey.p12 -out hostprivkey.pem Enter Import Password: (the password you used above, or just hit enter) MAC verified OK Enter PEM pass phrase: (your favourite four-letter word here) Verifying - Enter PEM pass phrase: (repeat above phrase) $ openssl rsa -in hostprivkey.pem >> hostcert.pem Enter pass phrase for hostprivkey.pem: (type your pass phrase) writing RSA key $ cat CA.pem >> hostcert.pem $ rm CA.pem hostprivkey.p12 hostprivkey.pem

your host cert is now ready for deployment! i'll leave installing the cert on your machine for you to figure out, but including the CA cert at the end there is nice because then it's easy for people to add your CA to their trusted CA list. you can use the command openssl s_client -connect imap:imaps to check that things are all set up correctly.

btw if you get a cert signed by a CA that you don't (yet) trust, Mail.app won't let you see the CA cert. since safari does, you can use it to install the CA cert. go to https://mail.87k.net:993/ and view certificate; look at the CA cert and drag it off and install it as above. don't get me started.

now to explain the little mystery: the reason i advised against using your real email address for the certs above is that Mail.app actually has built-in s/mime support. using Certificate Assistant again, you can create a cert using your email address and your name for the common name. then, if you compose an email from that address, Mail.app will add some new ui elements for signing and encrypting your mail:

i didn't know these were here

to be able to encrypt mail, you'll need to add their cert to your keychain. there's no link between keychain and addressbook here, which is where i first looked for how to add their certs.

if i don't need to recreate my CA/user certs, i'll link to them here so that all of my friends can start sending me encrypted mail (it's 2007, remember?). not for legal reasons, of course:

Sure, you can have a file that is strongly encrypted. And then an officer of the court will order you to type your pass-phrase to unlock it. And either you do so, or you go to jail.

-- jwz

all in all, this was orders of magnitude easier than i remember strictly using the openssl tool being. hopefully having this page here forever will this process even less painful the next time i need to do it.

* * *

March 26, 2007
i did not intend to shoot that man

rob: yeah this happened to me too:

* * *