|
|
|
|
|
|
|
| Kaedrin Weblog | |
|
Sunday, October 31, 2004
MT Success! After a week of Movable Type installation and upgradation woes, I hath finally vanquished mine enemy and emerged victorious. My tale is long and breathtakingly boring, so I shall not curse thou with the banal details of my struggle without warning. But for posterity, and because some people may have the same problem as me, I shall recount my tale of woe and weary, as well as how my foul enemy was finally defeated. So las week I embarked on a quest to upgrade Movable Type to the new version. I also figured it would be a good idea to upgrade my database from the once preferred Berkeley db to MySQL. SixApart, the developers of MT, were thoughtful enough to provide a utility (mt-db2sql.cgi) that loads the data from Berkely db to MySQL, say thankya. However, after backing up all my data and following all necessary steps, I ran the script and was baffled by the response. "MySQL server has gone away," it said. Repeated attempts were to no avail. A helpful poster at the MT Support Forums found the error in the MySQL documentation. Said documentation seemed to indicate that this was a server timeout problem. I opened a support ticket with my host and they confirmed that "We do have some limits in place that restrict the amount of time queries can run for, or how much memory they may consume." At this point I almost despaired. This was about 3 days after the initial attempt, and my lack of progress was depressing. But, in my desperation, I set the script up to run again, and asked my host to run it for me, figuring that they would be able to run it as an admin (or otherwise get around the query limits on the server). My host graciously agreed, and ran the script for me. Checking the database with PHPMyAdmin, I could see that all the pertinent data was in the appropriate location. Victory is mine! Or so I thought. Overjoyed at finally completing the data load, I anxiously logged in to MT. Alas, it was not to be. I logged in, and saw that neither of my blogs was appearing. What foul devilry was this? I could see my profile information and the Activity Log, but I could not view (and thus, I could not edit) either blog. Even more frustrating, the MT System Stats box showed "Total Blogs: 2." This meant that MT was getting data from MySQL, but that not all of it was showing up. Again, I almost despaired. Subsequent posts to the MT Support Forum did not produce any results. For three days, I languished in agony, and in moments of weakness, I debated switching back to Berkeley db. But this morn, I decided to give the MT Support Forums one last check, and though no one had responeded to my pleading posts, I did find one post in another forum on another subject, which proved to be most helpful. In short, that post contained links to a few useful configuration utilities, including the glorious MT-Medic. After downloading, configuring, and installing MT-Medic, I saw that my Username in MT no longer had the correct permissions set. For whatever reason, mt-db2sql.cgi did not transfer over said permissions when it ran, and thus my Username did not have permission to see my blogs. MT-Medic allowed me to fix this problem quickly and easily. (I must also thank the Multiple Blog Suite for help in diagnosing the problem). With that demon slain, I was able to log in to MT and write this entry. Success was finally mine. I can finally post again, and upgrade MT-Blacklist so as to prevent massive comment spamming (apparently, spammers found a way to submit comments even during the period of limbo). So there you have it. If you're still reading this and wondering what the hell I'm blathering about, please accept my apologies, but I figured this post could be a help to others who will no doubt suffer from this problem in the future. Update: Well then, it seems my celebrating was a bit premature. It turns out that none of my templates made the switch, and so when I tried to publish this entry it didn't show up. So I switched back to Berkeley db, copy/pasted all of the templates into files, which I then imported into the MySQL version of MT, at which point I was able to publish this. Yes, so another helpful hint: Use the link this template to a file feature. Again, apologies to those who have no idea what I'm talking about... Again Update: It seems that in the conversion process, all of my entries lost their category associations. Odd. So the category archives might be acting funny until I can go back and recategorize everything. Given MT 3.x's new subcategory feature, this might not be a horrible thing, but still, another thing to be aware of... Posted by Mark on October 31, 2004 at 10:16 AM .:
link
| TrackBacks (0)
:. 
Sunday, October 24, 2004
Life & Art in Wartime Baghdad  Yet another Baghdad Journal from Steve Mumford. For those unfamiliar with Mumford's work, he is a New York artist who has gone to Iraq a number of times and posted a series of excellent articles about his travels. They usually provide a much different perspective on the happenings in Iraq than you're used to seeing in the media. In this latest installment he describes a run-in with the mehdi army (he meets them in a falafel place where one of them asks him, "Mister, you like Muqtada?" Talk about a loaded question!), among other less scary but still concerning anecdotes (this entry seems to portray a more dangerous Baghdad than previous entries), and as usual he has posted some excellent artwork. The art seems a little more detailed than usual, and he also posted a piece from Iraqi artist and friend Esam Pasha (pictured to the right) as well as some photographs of various friends and artwork. Very cool stuff. If you liked this installment, I've collected all of the Baghdad Journal entries here for easy access. Highly recommended reading.
MT Upgrade I'm in the process of doing some upgrades and maintenance to the site. I've just upgraded to Movable Type 3.121, which went pretty well. Some nice new functionality, and I'm glad it was available in a free version for people like me who only have one weblog with one author and don't post all that often. Next up is converting from Berkeley DB to MySQL. I actually tried this before I upgraded, but it keeps crapping out on me (I get this error, which I'm sure is a host thing, but they have yet to get back to me). Hopefully I'll get that resolved in the next few days, as I'm told that MySQL is much better in terms of performance. All of which is to say that you might experience some wierdness in comments and whatnot (wierdness as in not working, not people like myself making strange comments). Other site maintenance is afoot as well (believe it or not, this site is more than just a weblog), so keep an eye out... Update 10.26.04: Still no luck with converting to MySQL. I may have to stick with Berkeley for the time being. Anyway, comments were down for a good portion of the day today, and may be going down again soon. Also, for now, comments need to be approved before they show up. Sorry for any inconvenience.
Saturday, October 23, 2004
/.Stephenson The new Slashdot interview with Neal Stephenson is an unexpected treat. Not only are the questions great, but Stephenson's responses are witty and somewhat more profound (and much longer, as he had time to compose answers to some of the more difficult questions). As Nate points out, one of the more enlightening answers deals with the much rumored feud between Stephenson and William Gibson: I was doing a reading/signing at White Dwarf Books in Vancouver. Gibson stopped by to say hello and extended his hand as if to shake. But I remembered something Bruce Sterling had told me. For, at the time, Sterling and I had formed a pact to fight Gibson. Gibson had been regrown in a vat from scraps of DNA after Sterling had crashed an LNG tanker into Gibson's Stealth pleasure barge in the Straits of Juan de Fuca. During the regeneration process, telescoping Carbonite stilettos had been incorporated into Gibson's arms. Remembering this in the nick of time, I grabbed the signing table and flipped it up between us. Of course the Carbonite stilettos pierced it as if it were cork board, but this spoiled his aim long enough for me to whip my wakizashi out from between my shoulder blades and swing at his head. He deflected the blow with a force blast that sprained my wrist. The falling table knocked over a space heater and set fire to the store. Everyone else fled. Gibson and I dueled among blazing stacks of books for a while. Slowly I gained the upper hand, for, on defense, his Praying Mantis style was no match for my Flying Cloud technique. But I lost him behind a cloud of smoke. Then I had to get out of the place. The streets were crowded with his black-suited minions and I had to turn into a swarm of locusts and fly back to Seattle.Heh. Stephenson apparently fought Gibson two times after that, and the interview is worth reading just because of that answer... but the whole thing is worth reading, especially his answer regarding why genre and popular writers don't get the literary respect they deserve (or don't, depending on your point of view). [Thanks again to Nate for pointing this out to me, who, in my work induced haze, had missed it entirely] Update: Just for fun, I checked out Stephenson's homepage and found this picture of the entire Baroque Cycle manuscript: 
Again Update: Holy Crap! Stephenson t-shirts? And they look cool too! Why was I not informed? Damn you monkey research squad!
Sunday, October 17, 2004
Dark Tower & Adaptation This is yet another entry in a series of somewhat repetitive posts about Stephen King's Dark Tower series, particularly how it is going to end. Previous installments are here: [part 1 | part 2 | part 3] Spoilers Ahead: I've often felt that King doesn't know how to end his novels - it seems like he is just making it up as he goes along. It's a shame because he does come up with some pretty intriguing concepts, and he knows how to get you to turn the page, but as compelling as some of his ideas are, he often ends up backing himself into a corner. He sometimes manages to weasel his way out of it, but other times the ending is just unsatisfying. The Dark Tower series was different than his other work, though. It had a broader scope than his other books. It is an ambitious effort, telling the epic story of Roland, the last gunslinger, and his quest for the Dark Tower, and King has often described it as his opus. All along, though, I was bothered by the nagging suspicion that he didn't know how to end the series. It seemed like he was making it up as he went along, and that he was backing himself into a corner. He already did as much within the series, in the third volume called The Waste Lands, which he describes in the Author's Note thusly: I am well aware that some readers of The Waste Lands will be displeased that it has ended as it has, with so much unresolved. I am not terribly pleased to be leaving Roland and his companions in the not-so-tender care of Blaine the Mono myself, and although you are not obligated to believe me, I must nevertheless insist that I was as surprised by the conclusion to this third volume as some of my readers may be. Yet books which write themselves (as this one did, for the most part) must also be allowed to end themselves, and I can only assure you, Reader, that Roland and his band have come to one of the crucial border crossings in their story, and we must leave them here for a while at the customs station, answering questions and filling out forms.He had ended The Waste Lands with a cliffhanger, but didn't continue the story for a few years! But the new volume came, and resolve the cliffhanger it did. But in a sense, I could always tell that the story was leading somewhere, and there was always a nagging thought in the back of my mind about how he was going to end it (or even if he was going to end it). So when the new novels started coming out last year, I began noticing bits and pieces of the books which lead me to believe that I wasn't going to be happy with the ending. At times, it is difficult to shake the notion that King is overtly attempting to warn the reader that the ending isn't going to be satisfying. It is almost as if King realizes that he's written himself into a hole, and doesn't really know the way out, and is trying to subtly inform his audience that they may not like where it's going. I'm about 550 pages (out of 830, not including the Appendix) into the final volume of the series, aptly titled The Dark Tower. Steady as it goes, but I did want to mention something about one of King's questionable additions to the Dark Tower mythos: the inclusion of Stephen King himself. You see, Stephen King has written himself into the story. Personally, I found this to be a questionable move, but I must admit that I found those chapters that have Stephen King (the character) to be rather well done. I'm still not sure it was the wisest move, but it could certainly have been much worse and I've actually enjoyed some of the nuances that have come about because of that addition. The way in which he references himself, and the part his "character" plays in the story, reminded me of something... The movie Adaptation is based on an odd recursive concept: The screenwriter, Charlie Kaufman, was hired to write an adaptation of Susan Orlean's novel The Orchid Thief, but he found the task to be quite difficult and could not seem to make any progress. So instead of actually writing the adaptation, he writes a script about how he is having trouble writing the adaptation. The result is a strangely compelling and moving film. And it struck me that King, himself anxious that he would not be able to complete his beloved Dark Tower series, has instead written a story about how he is having trouble ending the series. Oh, it's not all about him. In fact, his "character" is actually quite a peripheral one, but every mention of his character seems to fit. And to be fair, as King has said, this stuff writes itself. For example, on page 144 of The Dark Tower, Roland's ka-tet discusses the writer: "If he wrote those things into the story," Eddie said, "it was long after we saw him in 1977."It must be a little cathartic for King, to be able to use his difficulties in writing the series in such a way, just as Charlie Kaufman was able to channel his frustration into something meaningful. Another quote, from pages 446-447, portrays the author thinking about writing the series: Going back to the tale of the Tower means swimming in deep water. Maybe drowning there. Yet he suddenly realizes standing here at this crossroads, that if he goes back early he will begin. He won't be able to help himself. ... He'll junk the current story, turn his back on the safety of land, and swim out into that dark water once again. He's done it four times before, but this time he'll have to swim all the way to the other side.To be honest, I'm not being very fair to King at all. I'm certainly reading a lot into them, but these last few books aren't bad, and I've really enjoyed reading them. I have a feeling that once the series is over, I'll look back on it with a grin on my face. I might even read the whole thing again. But I can't get over the feeling that there was something else, something better, that laid in store for Roland and his quest. It feels like King has lost something with these newer books. They lack the sweeping grandeur of the first four books. It no longer seems to be such an epic quest, but then, I'm not sure such greatness could be sustained. I wonder how I would feel if King never finished the series, just leaving it at book four? In closing, another quote, from page 447: "Resolution demands sacrifice," King says, and although no one hears but the birds and he has no idea what this means, he is not disturbed.
Sunday, October 10, 2004
Open Security and Full Disclosure A few weeks ago, I wrote about what the mainstream media could learn from Reflexive documentary filmmaking. Put simply, Reflexive Documentaries achieve a higher degree of objectivity by embracing and acknowledging their own biases and agenda. Ironically, by acknowledging their own subjectivity, these films are more objective and reliable. I felt that the media could learn from such a model. Interestingly enough, such concepts can be applied to wider scenarios concerning information dissemination, particularly security. Bruce Schneier has often written about such issues, and most of the information that follows is summarized from several of his articles, recent and old. The question with respect to computer security systems is this: Is publishing computer and network or software vulnerability information a good idea, or does it just help attackers? When such a vulnerability exists, it creates what Schneier calls a Window of Exposure in which the vulnerability can still be exploited. This window exists until the vulnerability is patched and installed. There are five key phases which define the size of the window: The goal is to minimize the impact of the vulnerability by reducing the window of exposure (the area under the curve in figure 1). There are two basic approaches: secrecy and full disclosure. The secrecy approach seeks to reduce the window of exposure by limiting public access to vulnerability information. In a different essay about network outages, Schneier gives a good summary of why secrecy doesn't work well: The argument that secrecy is good for security is naive, and always worth rebutting. Secrecy is only beneficial to security in limited circumstances, and certainly not with respect to vulnerability or reliability information. Secrets are fragile; once they're lost they're lost forever. Security that relies on secrecy is also fragile; once secrecy is lost there's no way to recover security. Trying to base security on secrecy is just plain bad design.Secrecy may work on paper, but in practice, keeping vulnerabilities secret removes motivation to fix the problem (it is possible that a company could utilize secrecy well, but it is unlikely that all companies would do so and it would be foolish to rely on such competency). The other method of reducing the window of exposure is to disclose all information about the vulnerablity publicly. Full Disclosure, as this method is called, seems counterintuitive, but Schneier explains: Proponents of secrecy ignore the security value of openness: public scrutiny is the only reliable way to improve security. Before software bugs were routinely published, software companies routinely denied their existence and wouldn't bother fixing them, believing in the security of secrecy.Ironically, publishing details about vulnerabilities leads to a more secure system. Of course, this isn't perfect. Obviously publishing vulnerabilities constitutes a short term danger, and can sometimes do more harm than good. But the alternative, secrecy, is worse. As Schneier is fond of saying, security is about tradeoffs. As I'm fond of saying, human beings don't so much solve problems as they trade one set of disadvantages for another (with the hope that the new set isn't quite as bad as the old). There is no solution here, only a less disadvantaged system. This is what makes advocating open security systems like full disclosure difficult. Opponents will always be able to point to its flaws, and secrecy advocates are good at exploiting the intuitive (but not necessarily correct) nature of their systems. Open security systems are just counter-intuitive, and there is a tendency to not want to increase risk in the short term (as things like full disclosure does). Unfortunately, that means that the long term danger increases, as there is less incentive to fix security problems. By the way, Schneier has started a blog. It appears to be made up of the same content that he normally releases monthly in the Crypto-Gram newsletter, but spread out over time. I think it will be interesting to see if Schneier starts responding to events in a more timely fashion, as that is one of the keys to the success of blogs (and it's something that I'm bad at, unless news breaks on a Sunday). Posted by Mark on October 10, 2004 at 11:56 AM .:
link
| TrackBacks (0)
:.
Sunday, October 03, 2004
Monkey Research Squad Strikes Again My crack squad of monkey researchers comes through again with a few interesting links:
Posted by Mark on October 03, 2004 at 02:44 PM .:
link
| TrackBacks (0)
:. |
Where am I?
This page contains entries posted to the Kaedrin Weblog in October 2004. Inside Weblog Archives Best Entries Fake Webcam email me Archives October 2004 Categories 2006 Movie Awards 2007 Movie Awards Administration Anime Arts & Letters Atari 2600 Best Entries Computers & Internet Culture Disgruntled, Freakish Reflections Harry Potter Hitchcock Humor Link Dump Lists Military Movies Music Neal Stephenson Philadelphia Film Festival 2006 Philadelphia Film Festival 2008 Politics Science & Technology Security & Intelligence The Dark Tower Uncategorized Video Games Weblogs  |
|
Copyright © 1999 - 2007 by Mark Ciocco.
|
Phase 1 is before the vulnerability is discovered. The vulnerability exists, but no one can exploit it. Phase 2 is after the vulnerability is discovered, but before it is announced. At that point only a few people know about the vulnerability, but no one knows to defend against it. Depending on who knows what, this could either be an enormous risk or no risk at all. During this phase, news about the vulnerability spreads -- either slowly, quickly, or not at all -- depending on who discovered the vulnerability. Of course, multiple people can make the same discovery at different times, so this can get very complicated.
