Older blog entries for randombit (starting at number 8)

The More Things Change...

"Anyone who considers arithmetic methods of producing random digits is, of course, in a state of sin." - John von Neumann, 1951

On an Ubuntu forum I caught a reference to a C++ library called JUCE, which is one of those all-inclusive C++ libraries along the lines of POCO or GNU Common C++. One thing I noticed was that it includes a few cryptographic operations, including RSA key generation, so I decided to take a peek at the latest release as of this writing, 1.46.

Tracing through the code, we find the primes for the RSA keys are created by calling Primes::createProbablePrime, which generates a random starting point and then uses a sieve to find the nearest prime number. The random starting point is chosen on line 131 of juce_Primes.cpp, using BitArray::fillBitsRandomly. This function in turn calls Random::getSystemRandom() to actually get random data. So far so good.

From the name "getSystemRandom", I assumed this would in turn use an OS specific RNG like /dev/random on Linux/OS X or CryptGenRandom on Windows. So you can imagine my horror to find that JUCE's 'system RNG' is a linear congruential generator, seeded with the constant value 1:

static Random sysRand (1);

Random& Random::getSystemRandom() throw()
    return sysRand;

There are flaws at multiple levels here.

read more »

Syndicated 2008-12-05 16:54:47 from Jack Lloyd

Thanksgiving 2008 Recipe Wrapup

Amanda and I made Thanksgiving dinner pretty much from scratch this year, and happily everything turned out very well!

Honey Brined Turkey

I picked up a 10 lb turkey from Dipaolo turkey farm. Initially we had planned on brining the whole bird, using a recipe from epicurious, but we did not have a pan large enough to submerge the carcass. So the day before Thanksgiving I found myself dismembering a raw turkey, which is quite a bit more exhausting than carving it after cooking! Then again, how often do you have the chance to snap a turkey's spinal column with your bare hands? Opportunity of a lifetime, I'm telling ya.

We decided to brine the dark meat in the legs and wings, and bake the breast meat separately in citrus and rosemary. The brinng worked spectacularly well, easily the most tender flavorful turkey I have ever had, but sadly the breasts came out dry. At one point we had discussed wrapping them in prosciutto prior to baking to help keep them moist, but in the rush it was forgotten.

Bacon Apple Stuffing

A stuffing recipe with bacon and apples? OK! I went heavy on the thyme (from the windowbox plant) and sage. The bread (along with the beans and whatever else we did not get from Greenmarket) was from Fairway, the best-est grocery story in NYC). The only complaint I had with the stuffing was that the apple flavors were mostly lost. If I try this recipe again, I'll probably double the amount of apple and cut it into larger pieces, to help it survive the long bake time.

Sweet Potato Stuffed with Blue Cheese wrapped in HAM

While I was tending to the gravy, Amanda made stuffed sweet potatoes wrapped in prosciutto, based on a recipe from what we're eating. One factor we did not anticipate was that the potatoes did not really soften up much during their time in the oven, despite the claims of the recipe. We had pulled them out of the boiling water a bit ahead of them being completely finished, thinking they would soften further in the oven, but the potatoes that were not soft all the way through after boiling remained a bit tough post-bake.

String Beans and Bacon

Serious Eats had a recipe for string beans with bacon and chestnuts had sounded great, until we realized exactly how much work preparing chestnuts is. The recipe has using "bottled peeled roasted whole chestnuts", but being the DIY types we picked up whole fresh chestnuts from Greenmarket and set to work. How hard could it be? To prepare chestnuts, Joy of Cooking recommended cutting an X in the side of each nut and boiling them for 5 minutes. Then peel off the shells - which we found an incredibly time consuming task, and exhausting for the fingers! Now that the chestnuts are peeled, they can be cooked, which is done by boiling them (again) for 30-40 minutes, then baking them for an hour. We got about halfway through the shelling process and realized there was just no way we had the time to devote to doing this with so many other dishes still up in the air. So we aborted on the chestnuts, but the string beans were fresh and the bacon was good quality, so I think everyone was still happy with the results.

Sweet Potato Rolls

The rolls were made with mashed sweet potatoes, using a recipe from pinch my salt. These were a huge hit. I had been worried the sweet potato would dominate but instead it just gives a slight flavoring to the yeast rolls. The ones that were left unfrozen (but bagged) unfortunately turned moldy after only a few days, probably due to the egg and sugar. Fortunately I have at least half a dozen still in the freezer...

Sweet potato, pecan/date, and icebox pies

For desert we made sweet potato, pecan and date, and icebox pies. I was a bit dubious of the pie crust recipe thekitchn had, but for heavy pie fillings like these the extra density of the crust worked. (The Oreo crust of the icebox pie was pretty tasty too)

The cranberry sauce, gravy, and mashed potatoes were consumed without ever being photographed. Very sad.

So, was the meal worth 12+ hours of cooking over two days? Ummm... YES! But once a year seems about right to me.

Syndicated 2008-12-03 22:16:00 from Jack Lloyd

Switching to Pyblosxom, and a colophon

Until recently I had been using on bitbashing blosxom, a minimalist blog system which stores each entry as a flat file on disk. My existing workflow relies heavily on tools like emacs for editing and merging and monotone for revision control, and it is nice to have a blog system that plays well with these other tools, rather than using, say, a MySQL database as the storage layer and an AJAX widget as editor. However over time blosxom has seemed less and less maintained, and I started looking for alternatives.

Today I switched to pyblosxom, which started as a clone of blosxom, and still has much the same philosophy, but seems to have many advantages and useful features as compared to blosxom. A description of the upgrade process along with a site colophon are after the jump.

read more »

Syndicated 2008-11-21 00:53:31 from Jack Lloyd

Robot packs will hunt 'non-cooperative' humans

A new Pentagon project proposal for a "Multi-Robot Pursuit System" will allow soldiers and police to "search for and detect a non-cooperative human".

Syndicated 2008-10-25 19:46:21 from Jack Lloyd

The Life of A Yeast

This fall I've been learning how to bake bread. I like sourdough, so I've been learning how to make real sourdoughs using a starter. The starter is the nameless yeast colony that spends most of its life in an old salsa jar in the fridge. Mixing the starter with more flour and water, and letting the yeasts grow at room temperature, they eat and as a byproduct produce the small air pockets that you want for good texture in bread. After a while the jar the starter lives in gets encrusted with flour (the main food of a pet yeast), and I will move the starter into a new jar and wash out the old one.

I used to feel sorry for the yeasts who were left behind in the old jar, which were washed down the drain rather than moved to their new home. Then I realized that the ones that stay get to either be baked alive, or have a chance to reproduce so their offspring can be baked alive, whereas the ones that get washed down the drain escaped their captivity to have a chance, presumably, of reproducing in freedom somewhere out there and keeping their genes going through all eternity.

I wish the yeasts the best of luck out there.

Syndicated 2008-10-24 20:32:22 from Jack Lloyd

Interesting W3C Workshop - Security for Access to Device APIs

Thomas Roessler posted a call for papers for a W3 workshop on secure device access for web applications:

read more »

Syndicated 2008-10-12 18:25:24 from Jack Lloyd

Botan Used in Pirates of the Burning Sea

In the hey-cool category (at least for me), I am informed that my project Botan is being used by Flying Lab Software in their new MMORPG Pirates of the Burning Sea. I was told by their Directory of Community Relations that it is being used in their user authentication system.

I've even seen ads for it on Cartoon Network, which means now I've indirectly been on television! OMG

Syndicated 2008-10-10 16:25:14 from Jack Lloyd

Mexico drug plane used for US 'rendition' flights: report

I would like to see the original documents... this article doesn't even give the tail number.

Story via AFP:

MEXICO CITY (AFP) - A private jet that crash-landed almost one year ago in eastern Mexico carrying 3.3 tons of cocaine had previously been used for CIA "rendition" flights, a newspaper report said here Thursday, citing documents from the United States and the European Parliament.

The plane was carrying Colombian drugs for the fugitive leader of Mexico's Sinaloa cartel, Joaquin "Chapo" Guzman, when it crash-landed in the Yucatan peninsula on September 24, El Universal reported.

The daily said it had obtained documents from the United States and the European Parliament which "show that that plane flew several times to Guantanamo, Cuba, presumably to transfer terrorism suspects."

It said the European Parliament was investigating the private Grumman Gulfstream II, registered by the European Organization for the Safety of Air Navigation, for suspected use in CIA "rendition" flights in which prisoners are covertly transferred to a third country or US-run detention centers.

It also said the US Federal Aviation Administration's (FAA) logbook registered that the plane had traveled between US territory and the US military base in Guantanamo.

It said the FAA registered its last owner as Clyde O'Connor in Pompano Beach, Florida.

Syndicated 2008-09-07 14:51:55 from Jack Lloyd

Massive police raids on suspected protestors in Minneapolis

From Salon:

Protesters here in Minneapolis have been targeted by a series of highly intimidating, sweeping police raids across the city, involving teams of 25-30 officers in riot gear, with semi-automatic weapons drawn, entering homes of those suspected of planning protests, handcuffing and forcing them to lay on the floor, while law enforcement officers searched the homes, seizing computers, journals, and political pamphlets. Last night, members of the St. Paul police department and the Ramsey County sheriff's department handcuffed, photographed and detained dozens of people meeting at a public venue to plan a demonstration, charging them with no crime other than "fire code violations," and early this morning, the Sheriff's department sent teams of officers into at least four Minneapolis area homes where suspected protesters were staying.

Syndicated 2008-08-30 23:50:21 from Jack Lloyd

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!