Week 14

It was pointed out to me that I forgot to post my weight this week. On Monday, I was 229 pounds – up one pound from the previous week and down 17 from baseline. I don’t feel too bad about that, as 5 days last week were at the beach, not excercising and basically eating like a pig. That I only gained 1 pound under those circumstances ain’t too bad. I’m back to riding the bike to the train every day now and hopefully will drop some this week.

Ask Mr. Bike

Today I go to test ride the Specialized Crossroads that they built for me at Turin Bikes. I liked the one I test drove last week, but the frame was just a little short for me so they have one that should be better for me. As we were discussing it around the office, a coworker had some suggestions that come from a friend of his, known as “Mr. Bike”. One was that when you get a brand new bike, immediately wrap some duct tape around it in places. It makes it look older and reduces the “stealability” of it. He said there is all kinds of this stuff in his book Urban Biker Tricks and Tips and that he runs a website Ask Mr. Bike. From the upcoming appearances on there, I see that he’ll actually be at Turin Bikes a week from tomorrow leading a discussion on how to get from recreational to utility bicycling and doing a book signing. All cool stuff.

IE Security Hole Opens New Backdoor

Good lord almighty, Internet Explorer has been found to have a security hole so bad that loading websites with malicious JavaScript can allow attackers to take full control of a PC. According to that story:

Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.

How many things like this does it take before people stop using IE altogether? Being told that just normal usage of a program may lead to your compter becoming a zombie and getting hijacked by scumbags is enough to make me not use that program. If you are using Windows, for god’s sake install Firefox and be done with it.

Life 2.0

One of my coworkers saw a reference in Wired to this book,
Life 2.0. He thought of me when he read it, because it is all about people moving to places where the cost of living is cheaper and doing their job.This is stuff that consumes me, so this book is of great interest to me. It must be to other people as well – the book isn’t going to be published for another month and yet it is still at sales rank 1500.

Ed Felten on Bayesian Spam Filtering

BoingBoing points to a post by Ed Felten on a possible poisoning attack that spammers could execute. In essence, he is saying that by choosing certain words to throw into the mess of words that spam frequently contains, spammers can incite people to train that word as a “spam word.” Says he:

Now suppose a big spammer wanted to poison a particular word, so that messages containing that word would be (mis)classified as spam. The spammer could sprinkle the target word throughout the word salad in his outgoing spam messages. When users classified those messages as spam, the targeted word would develop a negative score in the users’ Bayesian spam filters. Later, messages with the targeted word would likely be mistaken for spam.

This attack could even be carried out against a particular targeted user. By feeding that user a steady diet of spam (or pseudo-spam) containing the target word, a malicious person could build up a highly negative score for that word in the targeted user’s filter.

I have to say that I don’t think this attack is as realistic as Felten does. In the first place, these bayesian filters don’t work off of single words. You’d have to have a hella score on that one word for the single word or even a combination of a few to be so negative that they drag the whole message down when the rest of the message is legitimate (hint, my friends occasionally use the word “viagra” in email to me and they don’t get spam filtered.) Second, even if this attack could be executed successfully, it is a short-lived one. Every Bayesian spam thing I’ve seen that lets you train messages as spam lets you train them as non-spam. After the first one gets flagged as spam erroneously and gets retrained, the words in the attack become less effective or ineffective in getting an arbitrary message categorized as spam. Third, this does point to the fact that it’s a good idea to not have your spam filtering solely dependent on a simple Bayesian word file.

I use SpamAssassin and POPFile. The latter is a simple Bayesian classifier but it gets fed into the former, which is based on many things including checking online blacklists of hosts, doing heuristic tests for porn and Nigerian phrases, etc. As tough and one-shot as the attack would be anyway, it would be that much tougher to get through this system. Even making POPFile classify as spam is far from sufficient to get a message qualified as spam for me. If it lacked any other spammy features (not listed in Razor or Pyzor, not from a spam host) it probably won’t get tagged.

This also suggests to me that Bill Yerazunis is on the right track with CRM114. Because it works on Bayesian analysis of combinations of adjacent words, it is less susceptible to things like this as well. It gets closer to filtering by meaning rather than by simple presence or absence of a word. I ran it for a while but found the performance was a little lacking – large messages would take so long that procmail would freak out. I thought the accuracy was great, though.

I’d even be willing to experiment on this with Dr. Felten. I can provide a list of words that frequently occur in my legitimate email. He can set up a fake email address and send me spam of just the kind he describes. In fact, he can take actual spam and just add in the words he is attacking me on. Ideally, this would come from similar sources to real spam. He could find some open relays in some ORBs and bounce it off that, directed at me. I’d suggest sending me about 50 of these a day – there is a little lag between me getting spam and it getting trained into spam. I can keep up with the SpamAssasin and POPfile scores on all legitimate mails that contain the attack words, and measure those over time. We can see just how it goes. My prediction is that possibly he could affect the POPfile ratings but that even trying like a mother that he can not make one of my legitimate mails get measured as spam. Dr Felten, if you are interested send me a mail. I’m confident that it won’t get filtered out.

Update: I’ve been thinking about this on and off all day. After cogitating a while, I think that pulling off this attack in the real world is even less likely than I originally thought. That’s because in most Bayesian systems like POPfile, you train on errors. For this attack to be successful in a wide variety of systems, you would have to send spam that contains the attack words, is unambiguously spam such that the user will run it back through the filter training, yet is sufficiently un-spammy that it will slip through the filter first. In other words, to successfully attack the Bayesian filters the attacker must be able to evade them at will. If they could do this, then the filters wouldn’t be useful because they wouldn’t be stopping things. I think this is an interesting idea but it just plain doesn’t translate into a real world attack because of the train-on-errors method most commonly used with Bayesian filters.

Dream Job for Some Dork

LucasFilm is looking for a software engineer to build internal tools for their organization. They want C or Perl skills and DB integration, so I imagine they are doing some sort of productivity web interface stuff. This will be the one job interview where talking about how you built your own working lightsaber from discarded toasters won’t get you escorted out by security. Enjoy!

CajunBot

On the plane trip I brought some of my magazines that have been stacking up for a while. I only brought ones I didn’t want to archive, so I could read them and then trash or recycle them as I finished. One of the ones I had was a few months old La Louisiane. It had a cover story about the UL-Lafayette entry in the DARPA Grand Challenge – an impressive looking piece of machinery called CajunBot! As I read the article, I saw a photo and realized that the guy behind the project was one of my professors in grad school – Arun Lakhotia and another one, Tony Maida is also involved. It’s all interesting stuff and there is even a CajunBot weblog (no RSS that I can tell, though.) Even though it was knocked out relatively early, I’m sure that with another year of tweaking it will kick some ass next year. Go Arun, go CajunBot!

The Beach

It’s been a long time, too long, that I sat on a proper beach and cavorted in the ocean. The Chicago beachs are fine and pretty and all but the water is cold and it never seems right to not have that salt taste in your mouth. We spent part of the afternoon loafing in Huntington Beach, south of Myrtle Beach. It’s the least touristy beach I’ve seen in a long time, a state park and thus not full of drunken frat boys who have just staggered from their hotel. A little sun, a little sand, a little surf – I feel my batteries recharging! Not only that, but we got an upgrade to a convertible Mustang at Hertz, so we rode around with the top down on a nearly perfect day – warm but not too hot, sunny but not oppressive. All in all, I couldn’t be happier. Tomorrow we have to be on a plane at 6:10 AM EDT (!!?!?!!), but all fun things must end. This has been quite a weekend, about which more later.

The Terminal

For the first time in my life, I spent the night in an airport terminal. It seemed like a good idea at the time, after missing by a few minutes a connection at 11:30 PM and being booked on a flight that left at 7 AM. I figured that if we went to a hotel, we’d be there only three or four hours before we had to get up and back to the airport. Since our luggage made it but we didn’t, we had no clean clothes so even a shower would be somewhat lost on us after we put back on the previous day’s stinky garments.

It seemed alright to start, getting blankets and pillows from the airport staff and then finding rows of chairs without armrests on which we could lay out. At 3 AM, though, some power glitch made the alarm on every door in the entire terminal start sounding, which it did for the next 35 minutes. This is your standard fire alarm sounding thing at standard volume, ie earsplitting. When it finally got shut off, we actually did get a few hours of sleep. I’m not sure if it was the right or wrong decision but I can say that my one shot at this is not something I have much desire to repeat any time soon. There were a lot of bleary eyed looking folks wandering Hartsfield-Jackson, Terminal D this morning. What a suckass night.

Jack Ryan on the Defense of Marriage

The Jack Ryan/Barack Obama race is my local Senatorial contest so I’ve been following it with some interest. This issue about Ryan’s divorce records has been going on since the primary. Over that whole time, he has wrapped himself with the cloak of “protecting his son”. This led me to believe that perhaps what was in those records was something sensitive with his son that put strain on the marriage until finally they divorced. I was surprised and shocked that what he wanted kept sealed were the allegations that he tried to coerce his ex-wife into swinging sexual activity. I’m going to discuss them the rest of the post – keep in mind that they are allegations and might not be actually true but they were what was in the records. I’m not going to put “allegedly” in front of every mention, but add them mentally.

I personally don’t believe this is really my business to know this, but now that I do it makes sense to put his policy beliefs in this context.
He is strongly pro-Bush and strongly anti-gay marriage. From his own website:

I believe that marriage can only be defined as that union between one man and one woman. I am opposed to same-sex marriages, civil unions, and registries.

Ryan believes in the union between one man and one woman, but he doesn’t mind if that union occurs in a leather sling in front of a crowd of onlookers. It’s pretty galling to hear one of the “sanctity of marriage” crowd talk when you know that he has some kinks. My position is that the kink is in fact perfectly fine. I don’t think that precludes him from being a Senator in and of itself. What does is that he supports bad policy, and that bad policy is made ironic by the fact that in his personal life he comports himself differently than many would consider “normal.” Even so, he doesn’t find normality in gay people who want nothing more than to monogamously commit to each other under marriage.

Like they always say, it ain’t the scandal that gets you, it’s the coverup and the reaction. Chicagoist has a piece that includes links to the story that Illinois GOP leaders feel sold out by Ryan. I can see why they’d be pissed – they did the right thing and stood by their man on his word that there was nothing embarassing in the records, which was a flat lie. That’s what we should be focusing on, not the titillating salacious aspects of it but that he misled even his backers and the closest people to him. How exactly can we trust his honesty in office when he lies to the GOP during the election?

Mitch Wagner feels we should extend him tolerance on this. I think we should extend him tolerance on his sexual preferences, yes. I also think he should absolutely have the hammer dropped on him for proposing policy counter to his personal conduct, and for failing to tell the truth to even his own side in this election. These are the keys here – don’t bounce him because he’s a swinger, bounce him because he’s a lying hypocrite. Also, bounce him because his opponent is smarter, more qualified and wants better policy enacted in this country.

Note too that I’m not even mentioning who his ex-wife is. Everyone seems to be focusing on that because she is highly visible and that just makes it all the more salacious. I’m ignoring that aspect of the story because it is unimportant. It doesn’t matter who his wife was, only that he lied and that he is unwilling to grant others the tolerance that he himself relies upon.

WREK Play List

At this moment the headline on the WREK page is about their online playlist. This is a thing I’m highly proud of. When I was doing the automation system there, one of the things necessary to make it run was maintaining a database table keeping track of what things have been played. It was pretty trivial given that the table existed to create a web page that shows that information. A year or so later I hooked up a web interface to allow the live DJs to record their plays into the same table, which means that nowadays most of the spins are there, minus the evening specialty shows. I don’t know how much it is getting used but now listeners have this cool tool to go to when they hear a cool song (a likely occurrence on WREK). I know from being a DJ there, a large number of calls that you take are “Hey, I heard this monk chanting thing yesterday at 3 AM – what was that?” Giving folks the ability to do this for themselves not only frees up the DJ phone time a little, but with the lower barrier that means listeners can do it all the time and get better informed about the music they are enjoying. Infotopia! Don’t forget, you can also listen via streaming and subscribe to the RSS feed of newly programmed music. Whoo doggies!

Moist Ride

If I was to be riding my bike back and forth to the train each day, one day or another I was bound to get rained on. Well, today was my baptism of … water. It was sprinkling when I first left the train station, which turned into a full rain about halfway home. Even with that, it wasn’t so bad. Last week I only rode one day because every day it was supposed to rain and it never really rained when I’d have been travelling. Today it was “widely scattered showers” and of course it rained on my ass. Better to get over it sooner rather than later. Now I feel up to anything, bike commute wise. It does help the pedalling motivation when you are trying to get out of the rain. Today was the best time I’ve made yet.

Solitaire

One of my favorite books of the last few years, Kelley Eskridge’s
Solitaire, is out in paperback. Pick it up, it is a fantastic read. She skips all the predictable and sappy choices and consistently goes straight to gut-wrenching. It’s a remarkably assured book for a first novel. Dave’s highest recommendation.

Of course, Kelley had nothing to do with this, but look at the paperback cover side by side with that of Bruce Sterling’s Holy Fire. Wow.

Week 13

This week I was not down any weight, still 18 pounds down from baseline. I actually did get more activity last week, more stair climbing and bike riding. It would have been good if I could have been the even 20 pounds but I’ll take what I have. With any luck this will be one of those plateaus as I’m shifting proportions around and adding on a little lean tissue. Even though it is going to be itermittently rainy, I’m committed to riding the bike every day this week. We’ll see how that goes as far as the weight loss goes.

The Right Tools and the Right Touch

Yesterday we went for the first round of bike shopping for me. We looked at one bike we really liked at Turin Bikes in Evanston. It was a Specialized Crossroads (I don’t know if that link is to the exact bike but it is very similar to that.) I’m looking for a reasonably inexpensive hybrid that is good for the around town stuff but that wouldn’t be ridiculous if I decided to try for a 20 or 30 mile ride someday. This bike or a similar class is probably what I’ll get.

While we were there we bought floor pump, a Topeak Joe Blow (also not the identical model but similar.) It’s amazing how just being able to properly inflate the tires on our current bikes radically improved the ride of both. The crappy hand pump I was using just plain don’t cut it. Even my older Panasonic rode way better with full tires. That’s what I get for skimping on tools. We should have bought a pump like this years ago.