Log in

No account? Create an account

qotd: seasons

[community profile] questionoftheday asks: What is your least favourite thing about each season?

My answer:

I'm not going to try to come up with something against spring and fall.

Boston summer: when it's hot and humid, obviously.

Boston winter: there's the usual cold and snow and ice, especially ice. And the short days, sun going down at 4pm because Boston should be in Atlantic time (which still would mean 5pm...) But my most unusual complaint is the sun *angle*: it's so low even at mid day, often in my eyes, and my summer hat wouldn't help even if temperatures were warm enough to wear it.

Getting extra sun from snow is an added 'bonus'. But yeah, the angle. Sun should not be in my eyes between 10 and 2.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/509777.html#comments


qotd: internet history

[community profile] questionoftheday asks: What is your internet history? What websites were you a part of that might not be around anymore, and do you have any fond memories of them?

My answer:

Got to college, was given a shell account with email and such. And talk/ytalk, I could communicate with friends across the country, for free! Like a long-distance phone call, but typing and free! Somehow found people purely online, too, chatting with some girl at an engineering college. Found Usenet, spending many years on the B5 newsgroups (I think I coined 'battlecrab' for Shadow ships) and rec.arts.sf.written. Mailing lists: extropians, cypherpunks, Julian May, Deryni (that might have been Usenet), Buffy.

Oh, and the early web, getting on with NCSA Mosaic, and Netscape Navigator, and I have web pages dating to 1995, if not earlier.

Early webcomics I forget the names of. Doctor Fun, User Friendly, Sluggy (still going!) Writing my own comic-scraper to generate a local page of updated comics, because RSS hadn't been invented yet.

A girlfriend found me via Orkut, I think. Was on that and Friendster before Facebook killed them. Technically am still on Livejournal, crossposting from here.

I sort of miss people *having* personal web pages. Or adding anything to mine.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/509628.html#comments


oil painting costs

I mentioned the Guild of Boston Artists. I found it Saturday by walking around Back Bay and going inside. One featured artist was there, and while I did ask a question about her art (it had a light quality reminiscent of pastels), I also asked the mundane question of how long it took to do a painting. Variable, but she went with an average of 25 hours, for the modest sizes displayed. That's for physical execution, like to copy an existing painting; design is a lot more.

Prices were also variable but I'll guess an average of $2500. So $100/hour, or $50/hour assuming double time for design (which would mean coming up with an artwork in under a week). Given the vagaries of freelance life, hardly unreasonable compensation on her end. I am unlikely to ever spend that much on a single work, though, and give thanks for prints.

Some other paintings in the galley were more; I think one was a bit short of $100,000. I forget if it was particularly large or detailed.

The website of another artist says she does oil portraits starting from $8,000, taking 5-8 sittings of 3 hours. At 24 hours, that's $333/hour. My first thoughts were unkind about her. My second thoughts were that if someone is willing and able to pay $8,000 on what amounts to a glorified photograph, it is practically her social or class duty to relieve them of their money.

As a side note, another gallery was right next door, just one artist working in acrylics and providing prints and printed clothing(!), but apparently "print to canvas" is also a thing, IIRC replicating the physical texture of the paint. Though maybe the texture comes from hand work.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/509418.html#comments


More Montreal observations

Belatedly, as I left three weeks ago.

* Many of the subway trains are this strange magical thing where the cars are hooked up like an articulated bus, and you can easily walk from one and of the whole train to the other without opening any doors. I am told this is standard for modern trains. Boston and NYC are not "modern".

* No ads on those new trains, or even space for them, except for a little electronic display next to the map.

* The greenhouses in the Botanical Garden are pretty neat, and membership is cheap -- CAN$20.50 one visit, and CAN$45 for a year's membership, I would totally get one if I lived there.

* It's not just the milk; all the grocery store cheese is labeled with the percentage of milkfat. Given the French roots, I don't know of this is more so you can avoid it or so you can seek it out.

* There were at least two bakeries, with fresh croissants, within 5-7 minute walk of where I was staying. OTOH at least one of the Large Supermarkets had rather meh bread selection.

* There was a macaronic and cheese restaurant, 'Macbar'. I had unkind thoughts about Quebec crossing French language and English cooking. This is the province whose special dish is fries with gravy and cheese curds.

* The steaks I bought from the markets came out pretty awesome.

* Canadian customs was a lot faster and more efficient than US. And somewhat friendlier. At least the Canadians didn't tell us they would confiscate a cell phone on sight. Entering the US we stood in line for over 10 minutes while "Agriculture" combed our bus thoroughly.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/509000.html#comments

missing modern art

Based on my limited experience in Modern Art museums and galleries, you would think no one was doing traditional oil paintings any more.


See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/508751.html#comments


style poll

I adopted it when first joining DW; it was the best intersection of stuff I wanted. I wasn't thrilled by it but at the time I figured DW was just a backup for my LJ and didn't to spend hours on styles.

I wonder how "anonymous" and "details results visible" will interact.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/508573.html#comments

old free will essay

That I probably wrote in 2004, despite my uncharacteristic lack of date[1].

Very short summary: when people talk philosophically about free will they think they mean something mysterious that isn't determinism or randomness, but when they talk practically about free will and moral responsibility, they really mean being able to be determined by the right factors (personal consequences and social approval and maybe moral ideology), and thus full material determinism requires little change in our normal behavior, though maybe more compassion for outliers.

Repost inspired by something I saw on a subscriber's page this morning.

[1] I got into the web in NCSA Mosaic days, with my oldest website dating to 1995 if not earlier. A lot of my pages have "Created" and "Modified" fields.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/508216.html#comments

Resolutions poll

Baby's first Dreamwidth poll!

Feel free to comment!

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/507969.html#comments


Dreamwidth, free speech, and cat owners

If Dreamwidth allows anything legal, what does that mean for "cat owners"?
[staff profile] denise chimes in.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/507884.html#comments


D&D gold cheaper than silver

An ancient Greek trireme (crew 200 plus some marines, so closest to an Expert Set Large Galley though meant for war) cost 6000-12,000 drachmae to build, and 6000 drachmae a month to pay crew. A drachma was 4.3 grams of silver and a good day's wage, so sort of like a silver piece except 1/10th the weight and maybe more valuable.

(Old D&D coins were 1/10th of a pound, or 45 grams. 3e went to 1/50th, or 9 grams. US quarters and nickels are about 5 grams.)

3e galleys cost 30,000 GP, plus 8,000 for a ram and castles. I'm not sure if ancient galleys had castles but they sure had rams. Ignoring the 8,000, and using 10,000 drachmae for a trireme for a round number, the D&D 3e galley takes 3x as many coins, which weigh twice as much, and are gold instead of silver. So 3e gold is 1/6 the value of Attic silver.

Older editions were even worse, but I don't know how many GP their galleys cost. Labyrinth Lord, which is a Basic/Expert clone, says 32,000 GP for a large galley with 180 rowers, and uses the 1/10 lb coins, so LL gold is 1/30th the value of Attic silver.

Granted the Expert set said of itself "like the Renaissance without printing press or gunpowder" and the Renaissance had seen a fair bit of inflation (I'm guessing new European mines in the 1300s, from price lists I've seen) and was about to see a lot more (American mines), but still...

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/507495.html#comments


Welcome to new subscribers

I hope the new users enjoy it here.

My journal is mostly bloggy: links, books I've read, thoughts about things. I don't grant access much nor post things that need it.

I use tags aggressively but never played with styles much; I crosspost to Livejournal, and that style is better at showing my tag cloud, and also has more 'memories' of posts I particularly liked. I should re-post some blasts from the past.

I'm into a bunch of fandoms, but these days that manifests as reading fics at AO3 or FF, or discussions at RPG.net. I'm in some communities here, but, ghost town.

Feel free to comment on things!

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/507258.html#comments


Facebook goes more puritanical

Not that I've seen many people posting erotic art or looking for dates on FB, but doing so is now in violation of their terms:

"We draw the line, however, when content facilitates, encourages or coordinates sexual encounters between adults."

Do not post content asking for "Sex chat or conversations"

"We also restrict sexually explicit language that may lead to solicitation because some audiences within our global community may be sensitive to this type of content"

Basically don't do anything that would offend the most sensitive country Facebook doesn't want to get blocked in.

Terms: https://www.facebook.com/communitystandards/sexual_solicitation

Article: https://www.pcmag.com/news/365330/new-facebook-policy-sparks-fears-of-sex-talk-crackdown

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/506592.html#comments



Playing with Google's traffic layer and finding that rush hour traffic moves at 7.5-15 mph.

Actually I haven't checked before 8:55 am yet, so it might be even worse earlier.

"Fastest route despite slowdown of 45 minutes... 53 minutes.. 75 minutes..."

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/506338.html#comments


password cleverness

I learned a neat trick this week, which I think I can explain to non-technical readers.

The problem: say you want to have data on the cloud, to be shared or synced across multiple machines, like laptop and phone, new laptop and work phone, etc. Data like managed passwords or bookmarks or hell, emails. Data you would like to keep secret. What to do?

Approach 1: log into a cloud service provider with your passphrase and upload your data. This is terrible, they can see your data, and even if they're mostly trustworthy, a bad employee or a hacker could make off with your bank passwords.

Approach 2: log into the provider with your passphrase, and upload your data encrypted with the passphrase. This is barely any better; with standard login mechanisms, the provider sees your passphrase, even if they ideally don't store it in a visible form[1], and could trivially use it to decrypt your data and make off with your bank passwords.

Approach 3: encrypt your data with a separate passphrase, and upload that encrypted data when you log in. This is solidly secure (assuming you chose strong passphrases). Many geeks like me probably do a manual equivalent, encrypting files with gpg and copying them remotely.[2] Only problem is, you need to manage two passphrases.

Approach 4: This is what I learned, and is the approach of Firefox Sync. Good presentation, and more technically gory presentation. But I'll give my own description.

The key idea is that you don't log in with your passphrase. Instead, a credential is made *from* the passphrase, via a one-way hash. (One-way meaning the passphrase cannot be recovered from the hash.) That is what is sent to the server and used for log in. Which leaves your passphrase free to encrypt the data you upload, which is now safe because the provider never sees your passphrase. You don't have to trust them[2]; even if they broadcast your files to the world, ideally your data is safely encrypted. The provider only stores [(login credential), (passphrase-encrypted data)]. But any client you log in from can download the data and decrypt it with the passphrase you entered locally.

Put another way, the secret of your passphrase can be used to generate multiple secrets, for login and encryption, that don't generate each other. So you get the security of Approach 3 with the convenience of Approach 2.

On the flip side, if you forget and have to reset your passphrase, your encrypted data has to be thrown away; no one can recover it. That's not a big deal for Sync, especially as any device that has a copy of your data can then upload it again.

There's a bunch of complexity to the actual Firefox Sync process, but that's the fundamental insight.


One bit of complexity is straightforward. Approach 4 as I described it means that if you change your passphrase, your data has to be re-encrypted, which could get annoying. So instead have your client, at sign-up, generate a strong random data encryption key. Use that to encrypt your data, and encrypt the key with your passphrase. Now the provider stores [(login credential), (passphrase-encrypted key), (key-encrypted data)]. Your data is still secure since the provider never sees your passphrase or the actual key. But if you change your passphrase, only the small (login credential) and (passphrase-encrypted key) have to change, not the arbitrarily large (key-encrypted data).


Other bits of complexity are less interesting, or even baffling. Firefox actually encrypts your data key not with the passphrase, but with another secret derived from the passphrase. There are long steps that make brute force attacks less feasible. The key is protected with XOR rather than some fancier encryption mechanism. And weirdest of all, instead of your browser generating a data key and sending the encrypted key to the server, what happens is that the server makes up some random number ( wrap(wrap(kB)) in the Firefox writeups ) from which the client derives the key. The math works out but it's a reversal of expected flow. My best guess is that they feel they can make better random numbers than the client, which might be true if they have good hardware randomness generators one their servers.

(Though I'm not sure if it really matters; seems like they could assign '0000...' to everyone, and the data keys would still differ based on people's passphrases.)


[1] Passwords are supposed to be stored salted (add some non-secret extra stuff to defeat various attacks) and digested/hashed. So someone who steals the password file can't see the actual passwords. Login means you present your password, it's salted and digested and compared to what's in the file, then your password is thrown away. Whether any particular Internet site follows that protocol is another matter, which is one reason you're told not to re-use passwords across sites.

[2] In theory open-source clients can be examined, so that they can be fully trusted. How many of us do that, though? Not me... My gut feels that a single-purpose program like gpg is easier to secure, to make sure it's never doing anything like opening a network connection while decrypted my data, compared to some client or web browser that does everything, so it would be harder to make sure it was only opening the right network connections and not secretly sending your data somewhere.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/505882.html#comments

rarebit cheese followup

I belatedly paid attention to the price on a second purchase: $9 for 6.7 ounces. Eek! $21.50/pound!

No wonder "buy components for a kitchen lunch" started seeming uncompetitive with "buy a cheap lunch out".

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/505616.html#comments


rarebit cheese

When I was a lad, one meal my parents made occasionally was Welsh rarebit, or 'rabbit', which I loved. Cheddar cheese melted with beer and mustard, poured over bread. I felt there was never enough cheese, nor had often enough.

As an adult, I haven't chased it too hard, and I never have beer in the house, though I have tried melted cheddar + mustard a few times. Still, I do like the flavor. Some years ago Trader Joe's had a month's special cheese that was "English ale cheddar with mustard", or so I have recorded in my diary. It tasted like rarebit. Alas it never re-appeared.

But I was shopping at Roche Bros last week, and found a cheese like it... or possibly the actual cheese, given how TJ rebrands things. Kilchurn Estate mustard & ale cheddar cheese. Tastes like I remember. No surviving price tag, so I can't tell you what it cost, but I'm charmed to know that I can have it again and again.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/505461.html#comments



Lost Indian history

Starhawk on calling-in culture

The Bible as Star Wars movies

Last night I heard Tom Lehrer was silenced by a libel suit; he denied it.

Discuss zoning for Thanksgiving! :p

How Pepperdine resists wildfires

Fansplaining on purity culture

Car crash statistics

Car speed and death risk

Chaucer writing on language change

Progress in treating peanut allergies

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/505342.html#comments


SCAish Thanksgiving

In Boston I used to go to vegetarian Thanksgivings organized by the acetarium crowd. That seems to have faded, but last year there was a filk Thanksgiving. Or maybe just a filk meeting near Thanksgiving with appropriate food, I forget. This year, my early attendance of SCA dance practice without being in SCA paid off again, as I went to something held by someone I know there. Twas fun. So much food, though with like 16 people the turkey got demolished and I didn't get as much dark meat as I wanted. (I could have taken a whole drumstick, as the last person served, but I didn't feel up to it.)

So many desserts, multiple kinds of pecan pie, super sweet brittle... "maple pie" which was like pie crust with maple goop in it.

I've never had a Thanksgiving side dish in my repertoire, and being in a new Airbnb place isn't good for being comfortable cooking, so I brought a couple packages of nice sausage. They didn't evaporate but did mostly go away, so that works.

So cold. My outfit apparently isn't proof against -10 C and wind. But soon it should be up to 10 C.

On the way home I missed Downtown Crossing due to re-reading Celebrimbor+Annatar fanfic. I found the Park to Downtown corridor hinted at on maps so I didn't have to go outside. It's kind of neat: the walls and pillars are painted orange and green, such that you mostly see orange if you're facing the Orange Line, and ditto for the Green. There's also a bit of Red on the Orange end which is weird -- Red actually is at both stations. And a wee bit of blue, for no good reason; maybe someone ran out of paint.

Back at home, I am sadly reminded that I can walk more quietly in boots than some adults do barefoot.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/505017.html#comments


Royal Mountain squirrels

Years ago I visited the Monterey Bay Aquarium, and I've told various people of my passing an empty lot of ground squirrels[1], luring one up a chain link fence with a peanut, dropping my trail mix, having four of them seemingly teleport to the sidewalk[2], and having one of them start climbing my leg, which I considered far too tame.

'Monterey' is "mountain-king" in Spanish.

Today I'm in Montreal, which is French for "royal mountain", more or less. I was walking through Parc la Fontaine, and observing very bold gray squirrels. I had no food, but that didn't stop them approaching and looking expectantly, where squirrels from my childhood in Chicago would have been much more cautious about putting distance or a tree trunk between us. I walked further, and found three perched on fence posts like statuary. Two descended and approached, getting even closer; I got a photo of one just inches from my foot[3]... right before it started climbing my leg I could feel its little claws through my jeans I yelled and shook my leg and it was gone.

[1] Squirrel-like rodents living in holes in the ground, anyway

[2] There was a hole in the bottom of the fence, but I did not perceive them moving. Suddenly, squirrels, one on my backpack.

[3] It turns out my attempt at such a photo was ruined by the leg climbing; I actually had a blurred photo of leaves.

See the comment count unavailable DW comments at https://mindstalk.dreamwidth.org/504798.html#comments


Damien Sullivan

Latest Month

February 2019



RSS Atom
Powered by LiveJournal.com
Designed by Lilia Ahner