Chronicles of a tall guy

Recently (July 9-23), I spent some time in the UK. I've been a bit busy since then, and have not had time to write up my activities and post them. Anyway, I've got some time now, so I'm posting now :-). The primary reason I went to the UK was for the FLoC '10 conference (which was held in Edinburgh, Scotland), where I had a paper in CAV. There is more info (including the paper) on my school home page.

We spent a few days wandering around London, which is quite the tourist trap. I went and saw Abbey Road and walked across the zebra crossing, we went and saw the Eye and Tower of London, we saw the Sherlock Holmes museum, we went to Greenwich to sand on the prime meridian, and Windsor Castle. The world cup final (Spain vs. Holland) occurred, and we watched it in an English pub. Naturally, there were many other visits to pubs too... I had to get the full experience, you know ;-).

After London, we went to Edinburgh for the conference. We didn't do much sight seeing while the conference was in session, but we did eat quite a lot of food, including haggis at the fancy conference dinner where we got to here a bagpiper recite the Address to a Haggis before our meal.

After the conference, we spent a day touring Glasgow, a day touring Edinburgh, and a day touring the Scottish country side (including a boat ride across Loch Ness, but no Nessie sighting). It was a fun trip!

Aditya and I took lots and lots of photos, so enjoy! I stitched some panoramas together, and some of them turned out pretty good. Note that there are no thumbnails because the images are huge, and the thumbnail generation program crashes on them. You'll just have to download them (but do it on a computer with lots of RAM, as the images are ~25 MB each). Enjoy!

Last night I went to my first (but hopefully not last!) Primus show. The show itself was fantastic, Les Claypool is a fantastically weird and equally awesome bassist. I learned that Les is writing a new album with Primus to be released in 2011, which is awesome (there's a Meshuggah album due out then too, it's going to be a great year for music).

For those who are curious about the title: Primus' slogan is "Primus Sucks". It came to be when everyone kept commenting on how incredibly talented Les (and indeed, all the band members were): "hey, you're really good!". Eventually, Les started responding with "No, we suck", and their slogan was born. So, if you're a true Primus fan, you say "Hey man, Primus sucks!". It was chanted during the encore at the show last night.

Anyway, I get to cross another band off of my list. Woohoo!

Perhaps the most complicated part of the application in my recent post was the authentication with Gmail. Although my final method boils down to only a few lines of python, Google describes several different ways to authenticate (additionally, putting the username and password directly in the URL). I didn't like any of these options, as some seemed much too complicated for what I wanted to do, some didn't work, and some were too insecure. However, it turns out that the atom feed supports HTTP's basic access authentication. In python, this is fairly easy to do:

$ python
>>> import urllib2, base64
>>> username = "me@gmail.com"; password = "secret"
>>> url = "https://mail.google.com/mail/feed/atom/"
>>> req = urllib2.Request(url)
>>> authstr = base64.encodestring("%s:%s" % (username, password))[:-1]
>>> req.add_header("Authorization", "Basic " + authstr)
>>> urllib2.urlopen(req).read()

Note that the above also works for Google apps users you just have to stick "/a/example.com" in the appropriate spot in the URL. Hopefully this will help out someone else who is hopelessly bashing Google's servers with failed login attempts ;-)

Several years ago I discovered a fantastic system monitor named conky. Over the years I've been tweaking my .conkyrc and it has really evolved into a little command center all on it's own. However, I read my e-mail through a mutt, and thus to check it I have to open mutt and look and see if I have any new mail. This is often obnoxious, because I'll either forget to check and miss something until later, or I'll check a lot and not get any e-mail. Today it occurred to me "hey, computers are good at repetitive tasks!", so I decided to automatically check my e-mail and render the results in conky. I also have heard lots of noise about libnotify, and how wonderful it is, so I decided to use that as well. The result is a script which checks a user's Gmail (using a password stored in a keyring), updates conky, and shows a libnotify notification if necessary. It also supports querying of arbitrary Gmail labels, allowing you to display unread counts for other e-mail addresses you might possibly have mapped to your Gmail account.

You can get your own copy to play around with if you like. It's fairly well documented, but I'll answer any questions anyone has. The dependencies (at least on Ubuntu) are python-notify python-keyring and your favorite of: python-keyring-gnome or python-keyring-kwallet.

I've released it under a beerware style license, in hopes that someone, somewhere, might find it useful. Feedback is appreciated!

Unfortunately, the spam on my blog appears to have continued. Thus, I've implemented an anti-spam procedure in GTFO: the dreaded CAPTCHA. In the spirit of the framework, though, I've tried to make it pretty easy... all it requires is that you type the word 'orange' in to the form. This wouldn't be enough to fool human attackers, but I believe there's a number of years left in AI/NLP research before my blog will start being spammed again ;-). Sorry for the inconvenience, but I don't like logging in every morning to delete the spam.

In other news, I'm back from the UK. Lots of photos were taken (both by me and by others), and I'm sure I'll have those up soon.

The Tour de France started today! As I write this the prologue is going on (although none of the big names have gone yet, so we don't know who will lead tomorrow). Google is offering team HTC-Columbia's stats realtime in the tour via an API, so I may play around with that a bit (or at least collect the data... I've never looked at pro riders' stats before).

They also have a good explanation of power, and why it's an interesting metric. I really have no concept of what my power:weight ratio is (I've never ridden a bike with a trustable power meter), but it would be interesting to see what my power:weight was versus a pro. Some day when I'm rich I'll get a power meter :-)

Anyway, it's going to be an interesting tour. Will Vino ride for Contador? Will Basso win? Can Lance's monster of a team get a W? Who knows, but it'll be fun to watch over the next few weeks :)

In an interesting twist, you may have noticed that my blog received some spam posts the other day. This seems pretty amazing to me, since I wrote this page myself, and there is exactly one deployment of it (which is here). I can see writing spam bots for popular frameworks like Wordpress, Joomla, Drupal, etc. but this isn't exactly a popular framework ;-). The fact that I got spammed leads me to believe that spammers are applying some sort of machine learning techniques to figure out what looks like a comment form, and what doesn't. It never ceases to amaze me the lengths people will go to in order to spam.

How did I remove it? Well naturally I've been too lazy to code an admin interface (and why would I? I write the blog posts in vi). So, I had to fire up the sqlite driver (I use a database to store the comments) and manually delete them myself. If this keeps occurring, I'll probably try to build in some sort of simple spam filtering AI or at least an interface which makes it easy to delete the spam.

Either way, I'm flattered that people think my website is popular enough that they have to post their spam links on it ;-)

This weekend I went up to the observatory deck on the capitol, which was the first time I'd ever done that. I shot a panoramic with the camera on my phone. It's not a great camera, but the results turned out pretty well for a camera phone. If you're interested you can check out the original and a cropped version (warning: these images are huge -- around 25 MB -- and will probably take a while to load). Enjoy!

Oh, and the software I used to stitch together the photos was hugin. Not exactly an intuitive interface, but it works pretty well, and it has more buttons and whistles than I could ever want. If you know something about photo stitching that I don't (which is highly likely), I'm happy to furnish the originals for a better attempt.

One of the things I like best about living in downtown Madison is the farmer's market. It's very handy to be able to up, walk a few blocks and get stuff for breakfast, and come home and cook it. If you're ever in town, I highly recommend dropping by! They have all kinds of things there including a multitude of Wisconsin cheese :-).

Recently I ran into some strange behavior in gcc that caused some minor confusion for me for a few hours until I figured out exactly what was wrong. I'm going to attempt to explain it here, so that maybe someone else will benefit from my lack of understanding about how computers work :-). The problem was exacerbated by the fact that I am compiling a system which has literally thousands of compiler warnings, and without going through and fixing them, there's really no way to manually read them. Since gcc only warns (although I really think this should be an error), this is a miss-able thing that will cause problems if it is ignored. Our working example will be the following code:

#include <stdio.h>

class Foo
{
  public:
    Foo() {}
};

int main()
{
  printf("%s\n", Foo());
  return 0;
}

First, some background. C++ has things which C compilers (and libraries) don't understand, and one of them happens to be non-POD. POD stands for Plain Old Data, and it is basically things without constructors, destructors and methods (in the above example, Foo serves this purpose). printf() is what's known as a variadic function (i.e. a function which can take a variable number of arguments). In C, these functions are written using the stdargs.h header and associated macros. Naturally, the macros in stdargs.h know nothing about non-POD, and thus it is not valid to pass non-POD to a variadic function. What gcc does when you do, though, is rather strange. Consider the following terminal output:

tycho@mittens:~/playground$ g++ variadic.cpp -o variadic
variadic.cpp: In function 'int main()':
variadic.cpp:11: warning: cannot pass objects of non-POD type
'class Foo' through '...'; call will abort at runtime
variadic.cpp:11: warning: format '%s' expects type 'char*', but
argument 2 has type 'int'
tycho@mittens:~/playground$ ./variadic 
Illegal instruction

What's going on here? My first thought was that it was some 32/64-bit nuance that I didn't understand but it turns out that isn't the case. When gcc encounters a variadic function which has been passed non-POD, it generates a warning and a ud2 instruction in place of the call. If (like me) you're forced to ignore all compiler warnings due to the sheer number, you wouldn't see the above warning. Then when you run your binary, it crashes with SIGILL! Why does it crash? From the Intel x86 manual:

[ud2] Generates an invalid opcode. This instruction is provided for software testing to explicitly generate an invalid opcode. The opcode for this instruction is reserved for this purpose. Other than raising the invalid opcode exception, this instruction is the same as the NOP instruction. This instruction's operation is the same in non-64-bit modes and 64-bit mode.

So, the generated binary has a ud2 sitting in it, which guarantees that it will crash with a SIGILL. Why does gcc do this instead of aborting compilation? I have no idea, but it's good to know that this behavior exists so that if you come across it you don't have to spend several hours hunting down what's going on.

Lastly, I'd like to make a plug for IDAPro. I have used it fairly extensively while at UW, and it works very well. It handles large (300MB) binaries well (things are naturally slower, but it's not unbearable), and models the re-writing of static and dynamic linkers for a variety of formats very well. I used it to help me track down this bug.