I was reading some slides to check out what elementary things I might be missing in my PDF detection, when I came across this slide. I actually know a friend in college who coded like that.

("Whatever; you code like that too," he sulked.)

For the record: I like to keep my {s on the same line as my functions and conditionals, but I certainly appreciate the use of indentation and newlines for new blocks of code. Compact but clean.

PS: changing whitespaces is not a particularly effective way to obfuscate code. Just saying.

I just finished watching Babette's Feast, upon the recommendations of some foodies and a religious guy. I figured the movie would be about the age-old controversy between spiritual purity and carnal pleasure, but in truth I got something completely different out of it... Most memorably, my heart skipped a beat at the end of the movie, when the old spinster sisters find out that Babette was not only the famed chef from Cafe Anglais, but that she had spent her entire lottery winnings to prepare a feast for the villagers. "But you'll be poor for the rest of your life," one of them quietly protests.

An artist is never poor… Throughout the world sounds one long cry from the heart of the artist: Give me the chance to do my very best.

That's really been my heart at the turn of the new year. Looking back over the past year, I feel like I've made my peace about a lot of things. There are a lot of dreams and desires that I've laid to rest -- not out of disappointment, but with the quiet understanding that God has indeed given me great enjoyment of many skills, and that though I may not understand why I can't now utilize them, maybe someday there will be a window for me to enjoy them again. (I really wouldn't have understood that at a younger age.) Hopefully when that happens, I'll have a better appreciation and understanding of those gifts.

With that laid to rest, I then turned to my day job and made peace about the fact that my work there might always be undervalued, that I may never feel like I'm part of the team... but I'll learn what I can, take pride in doing the best that I can with the resources I've been given (and seek resources elsewhere), and maybe find a more agreeable fit, in the right place at the right time, someday.

There were too many days last year where I really did feel like I was living my life in quiet desperation. Every day that I come home depressed over work and its tenuous relationships, the one thing that has kept me sane is the act of creation -- whether it be small coding projects, or tending my little windowsill garden, or cooking with B. Knowing that I can still make something enjoyable, or knowing that my work is not the measure of my life, is hugely comforting. I think that's what hits me most about the quote from Babette's Feast. Every day, I need to find a little pocket of something by which I can say I've lived, even if it is small and unimportant to everyone else.

And above all, the one lesson that's stood out to me most from the past year is, everything has its season. (To everything, turn, turn, turn...)

Anyway. This year, I haven't drawn up new year resolutions so much as made some life markers. These are things I've known but have only now been unapologetically choosing to live by --

• I've made peace with a girlfriend I hadn't talked to in a long while. I pray the forgiveness will keep our friendship alive and vibrant.
• Keep in better touch with people who really deserve the better parts of me -- not the least of which is my extended family in Asia, but also my cousins in the States. Keep in touch as best I can, knowing that it may be frustrating.
• Figure out a plan for where I'm going in life, but keep it flexible in case something doesn't turn out.
• Believe that everything has its season. But I am here, now, and it is within my power to live well.

Started with one question and ended up taking a voyage.

I was trying to debug some of my file identification signatures recently when I hit a wall with objdump not being able to parse PE32+ executables. (Maybe they can now, but I need to recompile?) A day later, I suddenly remembered that I had hte installed on my box. Well, that made my day.

At least in the process I also got a running start on figuring out radare2 and reading a bunch of papers on automated disassembly.

Also, a note for anyone trying to run HT Editor on OS X and find that their Alt-key does not work properly, rendering the editor useless: check out this option under Terminal > Preferences...

the state of being

I'd written a really long and rambling blog entry exploring the various conversations I've had with others and through books of late, but then decided that maybe it'd be better to cut to the chase.

I'd been thinking a great deal about life and career (and how career fits into life, or defines it more often, within its 40+/hrs demands). In the midst of friends getting married and having babies (and friends who've not and feel somewhat at a loss, too), I've come to the realization that at this point, people expect me to know something... which is understandable, or else what good have I done in the past almost-decade since college?

Now that I'm this far removed from my college self, the "change the world" mentality feels a lot more hollow than it used to, and I've come to the realization that I don't need to live my life trying to help change anything or anyone or evangelizing -- I merely need to live out the values I believe (and prepare to take a hit, or sacrifice, if it comes down to it) and do proficiently the work that makes me truly happy. And no matter where I go from here -- or stay, even -- my own little life's purpose (for me) is nurturing life. That is what actually makes me truly happy. Being a gardener, being a cook, being a friend, being a teammate, being a mom (someday, I mean -- certainly not now). Just being. That makes me happy. In other words, I'm pretty much done with the 'long-suffering' for abstract philosophical/religious conflicts I'll never understand. I am simply choosing to be happy.

cronjobs and SSH

I've been trying to figure this out for the past week now. (Well, on and off -- I mean, I was in California for a week to attend my cousin's wedding, and as much as I tried, I simply couldn't help yielding to the call of the beach.) Anyway, I'm back at work now and trying to come up with new ways to debug this ish.

I'm trying to set up a cronjob that'd wget a file from the internets everyday and upload it to a server -- via SCP -- where my friend's processing script awaits. [SNIP: Long story about why my friend can't grab this file himself.] The scripting part to grab the file and SCP it to his server was easy to set up. The cronjob to run my script daily was also easy to set up, much to my delight. The automated SCP part, however, proved to be a headache. And as I've not actually seen anything helpful on the internets, I decided to record my process.

Here's the thing: I've been reading over and over again that rsync and ssh cronjobs require ssh keys with empty passphrases... which, as a security practitioner, I simply can't accept in my heart of hearts. I want ssh keys, with passphrases, and I want them usable only for my cronjob. No I don't want to rely on the physical security of my machine, and especially since my machine is one I frequently use to browse the net, I find it hard to believe that physical security is really the only threat I'd be facing.

I'm not going to cover the cronjob creation / verify-it-works process here, although I should mention that I didn't do any mumbo-jumbo other than using cronjob -e to create and edit my jobs (and cronjob -l to check what my jobs were). Anyone who needs help with this might find this useful.

I. Set up SSH keys to work passwordlessly (with a passphrase).

This part of the process is really all over the net, and there are many variations to these steps depending on the version of SSH, OS environment, etc.. (There is also a whole lot of fine advice for debugging issues, too.) For the sake of having a complete example set of instructions here...

On the client:

client:~ ev3$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ev3/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): **********************
Enter same passphrase again: **********************
Your identification has been saved in /home/ev3/.ssh/id_rsa.
Your public key has been saved in /home/ev3/.ssh/id_rsa.pub.
The key fingerprint is:
30:19:f0:4e:e3:24:16:19:fb:00:1c:59:f3:3c:5b:69 ev3@client.local
The key's randomart image is:
+--[ RSA 2048]----+
| .o+_+.          |
|  o.-B o .       |
|    ==% E =+     |
|   . O O .       |
|      = S.       |
|                 |
|                 |
|                 |
|                 |
+-----------------+
client:~ ev3$ ls .ssh/
id_rsa      id_rsa.pub  known_hosts
client:~ ev3$

So now the client has its private key at id_rsa and public key at id_rsa.pub. I've also entered my passphrase (represented in the form of asterisks; you won't see any asterisks, of course). Now to let the server know about the public key... If your client happens to have this handy dandy command, use:

client:~ ev3$ ssh-copy-id -i .ssh/id_rsa.pub ev3@server

which is pretty much the same as doing this on the client:

client:~ ev3$ scp .ssh/id_rsa.pub ev3@server:~/
Password:
id_rsa.pub                                    100%  397     0.4KB/s   00:00
server:~ ev3$ chmod 700 .ssh/; chmod 600 .ssh/id_rsa; chmod 644 .ssh/id_rsa.pub
client:~ ev3$ ssh ev3@server
Password:

and this on the server:

Last login: Mon Jul 10 22:52:42 2011 
server:~ ev3$ cat id_rsa.pub >> .ssh/authorized_keys ; rm id_rsa.pub
server:~ ev3$ chmod 700 .ssh/; chmod 644 .ssh/authorized_keys; chmod 644 .ssh/known_hosts

At this point, you should be able to log in without your password for server. You might need to type in your certificate's password the first time you SSH, but subsequent SSH logins should be all smooth, like this:

client:~ ev3$ ssh ev3@server
Last login: Tue Jul 12 00:07:27 2011 from client
server:~ ev3$

II. Maintaining a persistent passwordless log-in.

This was where I got stuck for a while. With this new capability, I was able to execute my script (say, script.sh in this example) by calling it directly from the commandline interface. But when the cronjob attempted to run, it failed. I poked around at some environment variables and turned on verbose mode in SSH and came away with some important observations:

1. The cronjob does not use my user account, although it sort of uses my environment (but not completely). This is important because when we did the chmod 700 .ssh/ on the client earlier, cronjob lacked the privilege to access the keys.
2. The cronjob also sought to ask for the passphrase to the key but lacked the interface to do so... Meaning, the cronjob couldn't access the stored passphrase necessary to access my key.

This is where ssh-agent comes in. It caches the login credentials per session but requires that the user 'unlock' the private key for use first. This allows me to use a password with my ssh certificate and have a passwordless login. (Why that is important to me, I don't know. I have these odd vague security compulsions not dissimilar to exercising or eating healthfully. It is just a "good idea.")

I happen to have had it already, but those who don't may wish to install it. I defer to this document here, which describes the process well: http://mah.everybody.org/docs/ssh