Feeds:
Posts
Comments

Favorite Skeptoid episodes

Skeptoid is an excellent podcast for a skeptical treatment of paranormal claims, conspiracy theories, alternative medicine, etc. Over the past 8 months or so I’ve listened to every episode up to and including #376, and I thought I would share my favorites. The most reward episodes have often been those challenging my own beliefs, since those open the door to learning something new.

Happy listening!

Fail2ban is useful for slowing down brute force attacks against SSH, and in the few days since I enabled it it’s become very clear that these attempts are happening all the time. I don’t want to disable password authentication for all users in case I find myself without my SSH keys, and even if I did it’s not impossible for SSH keys to be compromised. For the day when the walls are breached, I’ve put this in my /etc/ssh/sshrc:

IP="$(echo $SSH_CONNECTION | awk '{print $1}')"
KNOWN_IPS="$HOME/.ssh/known_ips"
if ! grep -Fqsx $IP $KNOWN_IPS; then
  echo $IP >> $KNOWN_IPS
  echo "$IP added to $KNOWN_IPS" | \
    mail -s "ssh $USER@$(hostname) from $IP" spam@foolip.org
fi

It sends me an email the first time a particular IP successfully logs in over SSH. (If you use this, make sure that mail is configured correctly first: dpkg-reconfigure exim4-config in Debian.)

Web hosting

About a month ago, I began looking for a new hosting solution for foolip.org, having started with a wardrobe computer in 2006 and never really having found a stable home. My needs are modest, so I went shopping for the cheapest possible shared hosting. I settled for JustHost, which popped up on many comparison sites and seemed to be good value for money, at $2.81/month including VAT.

JustHost isn’t terrible, but there were a few problems. The server (just44.justhost.com) seemed starved for memory and I was unable to work with my www.git because of it at one point. Another time I couldn’t log in over SSH for the better part of a day. Finally, on August 2, there were some major problems, with my site going up and down like a yo-yo. One of the first things I did was to point Pingdom at foolip.org to get some good uptime data. I have a public status page, where you can judge for yourself.

Wanting more control, I started to look for a VPS instead, and eventually settled on DigitalOcean, based on the location (Netherlands), technology (KVM) and price ($5/month, but counted hourly). As of August 6, foolip.org is hosted on a virtual machine running Debian and nginx. Having root access and doing things the hard way is great, it feels like having a wardrobe computer all over again. Time (and Pingdom) will tell if it’s robust or not, but so far I’m very happy. Also, JustHost will refund me for the remaining time, which is very good of them.

In closing, if I were to pick a Web hosting solution all over again and was not in a hurry, I would try to ignore individual reviews and claimed uptimes, and instead use Pingdom to monitor sites hosted using my candidate solutions before making a decision.

New GPG key

I’ve uploaded a new GPG key to various keyservers, fetch it manually or on the command line:

$ gpg --recv-keys 0xF75964F29DC6C210

Before creating the key, I took inspiration from Ubuntu and Christopher Wellons, arriving at this for my gpg.conf:

cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
personal-cipher-preferences AES256 AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712

The first half is in order to use the SHA-2 and AES instead of SHA-1 and CAST5, while the s2k settings are there to make brute force as expensive as possible in the event that my private key should be compromised.

I’m starting from scratch with my web of trust, so if you want to play key signing, let me know.

Chinese Diceware

I’ve been trying to come up with strong passwords since forever, and have failed to find a magic alternative to entropy. Recently, I took Diceware for a roll, but wasn’t entirely happy with passwords like “wn rare swung strop situs slept”—wn isn’t even a word, is it? I also tried the Swedish dictionary but wasn’t much happier.

How about Mandarin Chinese, written using pinyin? There are only around 400 pinyin syllables, but thousands of characters with different meanings, so I guessed that for a random sequence of syllables it should often be possible to come up with a somewhat meaningful phrase.

The kHanyuPinlu property from the Unihan database turned out to be an excellent source for character to syllable mapping, so I wrote syllables.py to reverse that mapping. The output is a list of 392 pinyin syllables with example characters in traditional and simplified Chinese.

Unfortunately, 392 is not a power of 6, so using real dice to generate the numbers is a bit complicated, albeit possible. Instead I wrote roll.py, which uses as few bytes as possible from /dev/random to roll a die with an arbitrary number of sides.

Using my list and my virtual D-392, here are the first 6-syllable pinyin phrases I generated, each with a memorable (?) Chinese phrase and a rough English translation.

  • yan kai bo ren se dai—眼開撥任色帶—eyes open, poke any ribbon
  • zui ku ba ge mei xu—最酷八個沒序—the coolest eight have no order
  • ban zhai dian die keng bao—搬宅殿爹吭抱—moving villa/palace, dad says hold (this)
  • you mu sa kang xu su—有母萨扛需速—(things) carried by mother Bodhisattva need speed

A native speaker would probably be able to come up with better phrases, but I think that I could remember any of these, with 最酷八個沒序 being the easiest. If this is a representative sample, I think the scheme works.

How about the entropy? With 392 syllables, each syllable contributes log2(392) = 8.6 bits, so these 6-syllable phrases have 51.6 bits of entropy, slightly better than a completely random 8-character alphanumeric password. English Diceware has 12.9 bits of entropy per word, so to get as much entropy as with a 6-word English phrase, a 9-syllable Chinese phrase is needed. The average word and syllable length are 4.2 and 3.2 respectively, so the average phrase lengths (including spaces) would be 30.2 for English and 36.8 for Chinese. (Removing spaces blindly will lose some entropy if the pinyin becomes ambiguous.)

Feel free to use/improve my lists and scripts, and never forget: the coolest eight have no order!

Mormor

Mormor dog ikväll…

Jag älskade verkligen att vara i Kålaboda när jag var liten. Sommaren 1986 kunde jag inte prata än, men jag följde gärna med mormor och morfar i lagården, som så många gånger senare under min uppväxt. Den sommaren filmade pappa, och lyckades få med mormor i några korta sekvenser. De här stillbilderna är från del 1 och 5 av Sommar i Kålaboda:

Britta & Folke i lagården

Britta & Folke i lagården

Lunch på gården

Lunch på gården

Sista gången som jag träffade mormor var i september, det känns inte så länge sen. Nu kommer jag aldrig att få träffa henne igen, kvar finns bara bilder, filmer och minnen. Lagården finns inte heller kvar, men jag minns tydligt hur gott det luktade i rummet med allt tunnbröd, tunnbröd som mormor hade bakat. Det är bara ett av många mormorsminnen.

Jag kommer att sakna dig, mormor…

Britta & Edison

Britta & Edison

Free will

My thoughts on Free Will by Sam Harris, cross-posted from Goodreads.

I had already enjoyed the 2012 talk and was a bit worried that a “book” this short couldn’t add much to it. It doesn’t, in fact, add much, but it was still worth my while to revisit the argument in a different medium.

The first of Harris’ arguments concerns experiments where the test subjects are asked to make a decision and record the time of the decision. Apparently, the decision can be predicted by brain activity before the test subject is aware of having made it, which Harris argues shows that our decisions are made for us by deeper processes. I know nothing about psychology or neurology, so I don’t know if the conclusion is sound, but I wish that Harris had spent a little more time exploring this. It makes no evolutionary sense for our consciousness to only act as a narrator for decisions already made, because it would be superfluous. What kinds of choices need to involve our consciousness? When the decision is made elsewhere, why does our consciousness pretends as if it were in charge? Is it possible, with self-control, to force certain decisions out of the dark, into the light of our conscious thought?

Second is the problem of regress. To quote:

My choices matter—and there are paths towards making wiser ones—but I cannot choose what I choose. And if it ever appears that I do—for instance, after going back between two options—I do not choose to choose what I choose. There is a regress here that always ends in darkness.

Or more succinctly:

We are not self-caused little gods.

I think this is compelling, but it is a little bit like the children’s game of “why why why.” Colloquially, we can account for why it snows without asking “why” all the way back to the origin of the universe. Perhaps a similar line can be drawn for inquiries into volition, that ends somewhere inside our heads?

Third, Harris says that self-introspection will reveal that the source of our thoughts and decisions are mysterious even to ourselves. Ever since I saw his talk I have tried to think about this, but cannot say I find it as obviously true as Harris does. I don’t know where my ideas and impulses come from, but if pressed I think I could attribute many of them to known external and internal sources, which are obviously not of my choosing, but still not mysterious. Some preferences, like tea or coffee, are mysterious, but it’s not mysterious why I prefer an ice tea over hot chocolate on a warm summer day.

Finally, Harris untangles free will from determinism. We don’t yet know for certain which kind of universe we inhabit, but there’s nothing about an indeterminate universe that would grant us free will. Conversely, compatibilism is the view that we can have free will even in a deterministic universe, even if Harris is rather dismissive of this. I should probably read Elbow Room: The Varieties of Free Will Worth Wanting to get a fair treatment of the subject.

In the end, the notion of free will is rather like the notion of god—ill-defined and with no supporting evidence. For now, I have no choice but to withhold belief.

Follow

Get every new post delivered to your Inbox.